display - HPE Support Center

HPE FlexNetwork MSR Router Series
Comware 7 Fundamentals Command Reference
Part number: 5998-8755
Software version: CMW710-E0407
Document version: 6W100-20160526
© Copyright 2016 Hewlett Packard Enterprise Development LP
The information contained herein is subject to change without notice. The only warranties for Hewlett Packard
Enterprise products and services are set forth in the express warranty statements accompanying such
products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett
Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.
Confidential computer software. Valid license from Hewlett Packard Enterprise required for possession, use, or
copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software
Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s
standard commercial license.
Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard
Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise
website.
Acknowledgments
Intel®, Itanium®, Pentium®, Intel Inside®, and the Intel Inside logo are trademarks of Intel Corporation in the
United States and other countries.
Microsoft® and Windows® are trademarks of the Microsoft group of companies.
Adobe® and Acrobat® are trademarks of Adobe Systems Incorporated.
Java and Oracle are registered trademarks of Oracle and/or its affiliates.
UNIX® is a registered trademark of The Open Group.
Contents
Basic CLI commands ········································································1 alias ································································································································· 1 display | { begin | exclude | include } ························································································ 2 display | by-linenum ············································································································· 3 display > ···························································································································· 4 display >> ·························································································································· 5 display alias ······················································································································· 6 display history-command ······································································································ 7 display history-command all ··································································································· 7 display hotkey····················································································································· 8 hotkey ······························································································································· 9 quit ································································································································· 10 repeat ····························································································································· 11 return ······························································································································ 12 screen-length disable ········································································································· 12 system-view ····················································································································· 13 RBAC commands ··········································································· 14 description ······················································································································· 14 display role ······················································································································ 14 display role feature ············································································································ 22 display role feature-group ···································································································· 25 feature ···························································································································· 27 interface policy deny ·········································································································· 28 permit interface ················································································································· 29 permit security-zone ··········································································································· 30 permit vlan ······················································································································· 32 permit vpn-instance ··········································································································· 33 role································································································································· 34 role default-role enable ······································································································· 35 role feature-group ·············································································································· 36 rule································································································································· 37 security-zone policy deny ···································································································· 41 super ······························································································································ 42 super authentication-mode ·································································································· 43 super default role ·············································································································· 44 super password ················································································································ 44 vlan policy deny ················································································································ 45 vpn-instance policy deny ····································································································· 46 Login management commands ························································· 48 activation-key ··················································································································· 48 authentication-mode ·········································································································· 50 auto-execute command ······································································································ 51 command accounting ········································································································· 52 command authorization ······································································································ 53 databits ··························································································································· 54 display line ······················································································································· 55 display telnet client ············································································································ 57 display user-interface ········································································································· 58 display users ···················································································································· 61 escape-key ······················································································································ 62 flow-control ······················································································································ 63 free line ··························································································································· 64 free user-interface ············································································································· 66 history-command max-size ·································································································· 69 idle-timeout ······················································································································ 69 i
ip alias ···························································································································· 70 line ································································································································· 71 line class ························································································································· 74 lock ································································································································ 76 lock-key··························································································································· 77 lock reauthentication ·········································································································· 78 parity ······························································································································ 78 protocol inbound ··············································································································· 79 redirect disconnect ············································································································ 81 redirect enable ·················································································································· 81 redirect listen-port·············································································································· 82 redirect passthrough ·········································································································· 83 redirect refuse-negotiation ··································································································· 83 redirect timeout ················································································································· 84 screen-length ··················································································································· 85 send ······························································································································· 85 set authentication password ································································································ 88 shell ······························································································································· 88 speed ····························································································································· 89 stopbit-error intolerance ······································································································ 90 stopbits ··························································································································· 91 telnet ······························································································································ 91 telnet client source············································································································· 92 telnet ipv6 ························································································································ 93 telnet server acl ················································································································ 94 telnet server dscp ·············································································································· 95 telnet server enable ··········································································································· 95 telnet server ipv6 acl ·········································································································· 96 telnet server ipv6 dscp ········································································································ 97 telnet server ipv6 port ········································································································· 97 telnet server port ··············································································································· 98 terminal type ···················································································································· 98 user-interface ··················································································································· 99 user-interface class ·········································································································· 102 user-role ························································································································ 104 FTP commands ··········································································· 106 FTP server commands ············································································································ 106 display ftp-server ············································································································· 106 display ftp-user ··············································································································· 107 free ftp user···················································································································· 107 free ftp user-ip ················································································································ 108 free ftp user-ip ipv6 ·········································································································· 108 ftp server acl ·················································································································· 109 ftp server dscp ················································································································ 110 ftp server enable ············································································································· 110 ftp server ipv6 dscp ·········································································································· 111 ftp server ssl-server-policy ································································································· 111 ftp timeout······················································································································ 112 FTP client commands ············································································································· 112 append·························································································································· 113 ascii······························································································································ 113 binary ··························································································································· 114 bye ······························································································································· 114 cd ································································································································ 115 cdup ····························································································································· 116 close····························································································································· 116 debug ··························································································································· 117 delete ··························································································································· 117 dir ································································································································ 118 disconnect ····················································································································· 119 display ftp client source ···································································································· 119 ii
ftp ································································································································ 120 ftp client ipv6 source ········································································································ 121 ftp client source··············································································································· 122 ftp ipv6 ·························································································································· 122 get ······························································································································· 123 help ······························································································································ 125 lcd ································································································································ 125 ls ································································································································· 126 mkdir ···························································································································· 127 newer ··························································································································· 128 open ····························································································································· 128 passive ························································································································· 129 put ······························································································································· 130 pwd ······························································································································ 131 quit ······························································································································· 131 reget ····························································································································· 132 rename ························································································································· 132 reset ····························································································································· 133 restart ··························································································································· 133 rhelp ····························································································································· 134 rmdir ····························································································································· 136 rstatus··························································································································· 136 status···························································································································· 138 system ·························································································································· 139 user ······························································································································ 139 verbose ························································································································· 140 ? ·································································································································· 141 TFTP commands ········································································· 142 tftp ······························································································································· 142 tftp client ipv6 source ······································································································· 143 tftp client source ·············································································································· 144 tftp ipv6 ························································································································· 145 tftp-server acl ················································································································· 146 tftp-server ipv6 acl ··········································································································· 147 File system management commands················································ 149 auto-copy destination-directory ··························································································· 150 auto-copy source-directory ································································································ 150 cd ································································································································ 151 copy ····························································································································· 152 delete ··························································································································· 155 dir ································································································································ 158 file prompt······················································································································ 160 fixdisk ··························································································································· 161 format ··························································································································· 161 gunzip ··························································································································· 162 gzip ······························································································································ 163 md5sum ························································································································ 163 mkdir ···························································································································· 164 more ····························································································································· 165 mount ··························································································································· 166 move ···························································································································· 167 pwd ······························································································································ 168 rename ························································································································· 168 reset recycle-bin·············································································································· 169 rmdir ····························································································································· 169 sha256sum ···················································································································· 170 tar create ······················································································································· 170 tar extract ······················································································································ 171 tar list···························································································································· 172 umount·························································································································· 173 iii
undelete ························································································································ 174 Configuration file management commands ········································ 176 archive configuration ········································································································ 176 archive configuration interval ····························································································· 177 archive configuration location ····························································································· 177 archive configuration max ································································································· 179 backup startup-configuration ······························································································ 180 configuration encrypt ········································································································ 181 configuration replace file ··································································································· 181 display archive configuration ······························································································ 182 display current-configuration ······························································································ 183 display current-configuration diff ························································································· 184 display default-configuration ······························································································ 186 display diff ····················································································································· 186 display saved-configuration ······························································································· 188 display startup ················································································································ 189 display this ····················································································································· 191 reset saved-configuration ·································································································· 192 restore startup-configuration ······························································································ 194 save ····························································································································· 196 startup saved-configuration ······························································································· 200 Software upgrade commands ························································· 202 boot-loader file ················································································································ 202 boot-loader update ·········································································································· 205 bootrom update··············································································································· 207 display boot-loader ·········································································································· 209 firmware update ·············································································································· 211 version auto-update enable ······························································································· 212 version check ignore ········································································································ 213 ISSU commands ·········································································· 215 display install active ········································································································· 215 display install backup ······································································································· 219 display install committed ··································································································· 221 display install inactive ······································································································· 223 display install ipe-info ······································································································· 224 display install job ············································································································· 224 display install log ············································································································· 225 display install package ······································································································ 226 display install rollback ······································································································· 228 display install which ········································································································· 228 display version comp-matrix ······························································································ 230 install abort ···················································································································· 235 install activate ················································································································· 236 install add ······················································································································ 241 install commit ················································································································· 242 install deactivate ············································································································· 243 install remove ················································································································· 244 install rollback to ············································································································· 245 install verify ···················································································································· 246 reset install log-history oldest ····························································································· 249 reset install rollback oldest ································································································ 249 Emergency shell commands ··························································· 250 copy ····························································································································· 250 delete ··························································································································· 251 dir ································································································································ 251 display copyright ············································································································· 253 display install package ······································································································ 253 display ip routing-table ······································································································ 254 iv
display ipv6 routing-table ·································································································· 255 display version ················································································································ 256 format ··························································································································· 256 ftp ································································································································ 257 mkdir ···························································································································· 257 more ····························································································································· 258 move ···························································································································· 258 ping ······························································································································ 259 ping ipv6························································································································ 260 pwd ······························································································································ 261 quit ······························································································································· 261 reboot ··························································································································· 261 reset ssh public-key ········································································································· 262 rmdir ····························································································································· 263 shutdown ······················································································································· 263 ssh2 ····························································································································· 264 system-view ··················································································································· 265 telnet ···························································································································· 265 tftp ······························································································································· 265 Automatic configuration commands ·················································· 267 autodeploy sms enable ····································································································· 267 autodeploy udisk enable ··································································································· 267 Security zone commands ······························································· 268 display security-zone ········································································································ 268 display zone-pair security ·································································································· 268 import interface ··············································································································· 269 security-zone ·················································································································· 270 security-zone intra-zone default permit ················································································· 270 zone-pair security ············································································································ 271 Device management commands ····················································· 273 card-mode ····················································································································· 273 clock datetime ················································································································ 275 clock protocol ················································································································· 276 clock summer-time ·········································································································· 277 clock timezone ················································································································ 278 command ······················································································································ 279 copyright-info enable ········································································································ 280 display alarm ·················································································································· 280 display clock··················································································································· 282 display copyright ············································································································· 283 display cpu-usage ··········································································································· 283 display cpu-usage configuration ························································································· 286 display cpu-usage history ·································································································· 287 display device ················································································································· 290 display device manuinfo ···································································································· 293 display device manuinfo fan ······························································································· 296 display device manuinfo power ··························································································· 297 display diagnostic-information ···························································································· 299 display environment ········································································································· 300 display fan ····················································································································· 302 display memory··············································································································· 303 display memory-threshold ································································································· 304 display power ················································································································· 306 display power-supply ········································································································ 307 display scheduler job ········································································································ 307 display scheduler logfile ···································································································· 308 display scheduler reboot ··································································································· 309 display scheduler schedule ································································································ 309 display system stable state ································································································ 310 v
display transceiver alarm ·································································································· 312 display transceiver diagnosis ····························································································· 314 display transceiver interface ······························································································ 315 display transceiver manuinfo ······························································································ 316 display version ················································································································ 317 display version-update-record ···························································································· 317 header ·························································································································· 318 job································································································································ 319 memory-threshold ··········································································································· 320 memory-threshold usage ·································································································· 323 monitor cpu-usage enable ································································································· 324 monitor cpu-usage interval ································································································ 325 monitor cpu-usage threshold ······························································································ 326 password-recovery enable ································································································ 327 power-supply off·············································································································· 327 power-supply on·············································································································· 328 power-supply policy enable ······························································································· 329 power-supply policy redundant ··························································································· 330 reboot ··························································································································· 331 remove·························································································································· 335 reset scheduler logfile ······································································································ 336 restore factory-default ······································································································ 336 scheduler job ·················································································································· 337 scheduler logfile size ········································································································ 338 scheduler reboot at ·········································································································· 338 scheduler reboot delay ····································································································· 339 scheduler schedule ·········································································································· 340 shutdown-interval ············································································································ 341 sysname························································································································ 342 time at··························································································································· 342 time once······················································································································· 343 time repeating················································································································· 344 usb disable ···················································································································· 346 user-role ························································································································ 346 Tcl commands ············································································· 348 cli ································································································································· 348 tclquit ···························································································································· 348 tclsh ····························································································································· 349 Python commands ········································································ 350 python··························································································································· 350 python filename ·············································································································· 350 Document conventions and icons ···················································· 352 Conventions ························································································································· 352 Network topology icons ··········································································································· 353 Support and other resources ·························································· 354 Accessing Hewlett Packard Enterprise Support ············································································ 354 Accessing updates ················································································································· 354 Websites ······················································································································· 355 Customer self repair········································································································· 355 Remote support ·············································································································· 355 Documentation feedback ·································································································· 355 Index ························································································· 357 vi
Basic CLI commands
alias
Use alias to configure a command alias.
Use undo alias to delete a command alias.
Syntax
alias alias command
undo alias alias
Default
The device has a set of system-defined command aliases, as listed in Table 1.
Table 1 System-defined command aliases
Command alias
Command or command keyword
access-list
acl
end
return
erase
delete
exit
quit
hostname
sysname
logging
info-center
no
undo
show
display
write
save
Views
System view
Predefined user roles
network-admin
Parameters
alias: Specifies an alias, a case-sensitive string of 1 to 20 characters. An alias cannot be alias or
contain spaces.
command: Specifies a command string. Make sure the command string meets the syntax
requirements.
Usage guidelines
System-defined command aliases cannot be deleted.
You can configure one or more aliases for a command or the starting keywords of commands. Then,
you can use the aliases to execute the command or commands. If the command or commands have
undo forms, you can also use the aliases to execute the undo command or commands.
For example, if you configure the alias shiprt for display ip routing-table, you can enter shiprt to
execute the display ip routing-table command. If you configure the alias ship for display ip, you
can use ship to execute all commands that start with display ip:
1
•
Enter ship routing-table to execute the display ip routing-table command.
•
Enter ship interface to execute the display ip interface command.
The command string can include up to nine parameters. Each parameter starts with the dollar sign ($)
and a sequence number in the range of 1 to 9. For example, you can configure the alias shinc for the
display ip $1 | include $2 command. Then, to execute the display ip routing-table | include
Static command, you only need to enter shinc routing-table Static. To execute the display ip
interface | include GigabitEthernet0/0/1 command, you only need to enter shinc interface
GigabitEthernet0/0/1.
Examples
# Configure the alias shiprt for the display ip routing-table command and verify the configuration.
<Sysname> system-view
[Sysname] alias shiprt display ip routing-table
[Sysname] shiprt
Destinations : 12
Routes : 12
Destination/Mask
Proto
Pre Cost
NextHop
Interface
0.0.0.0/32
Direct
0
0
127.0.0.1
InLoop0
3.3.3.3/32
Static
60
0
192.168.1.62
GE0/0
127.0.0.0/8
Direct
0
0
127.0.0.1
InLoop0
127.0.0.0/32
Direct
0
0
127.0.0.1
InLoop0
127.0.0.1/32
Direct
0
0
127.0.0.1
InLoop0
127.255.255.255/32 Direct
0
0
127.0.0.1
InLoop0
169.254.0.0/24
Direct
0
0
169.254.0.188
GE0/0
169.254.0.0/32
Direct
0
0
169.254.0.188
GE0/0
169.254.0.188/32
Direct
0
0
127.0.0.1
InLoop0
169.254.0.255/32
Direct
0
0
169.254.0.188
GE0/0
192.168.57.0/24
RIP
100 1
192.168.1.62
GE0/0
224.0.0.0/4
Direct
0
0
0.0.0.0
NULL0
224.0.0.0/24
Direct
0
0
0.0.0.0
NULL0
255.255.255.255/32 Direct
0
0
127.0.0.1
InLoop0
# Configure the alias shinc for display ip $1 | include $2.
[Sysname] alias shinc display ip $1 | include $2
# Use the alias shinc to display all static routes.
[Sysname] shinc routing-table Static
3.3.3.3/32
Static
60
0
192.168.1.62
GE0/0
192.168.1.62
GE0/0
# Use the alias shinc to display all RIP routes.
[Sysname] shinc routing-table RIP
192.168.57.0/24
RIP
100 1
Related commands
display alias
display | { begin | exclude | include }
Use display | { begin | exclude | include } to filter the output from a display command with a regular
expression.
Syntax
display command | { begin | exclude | include } regular-expression
2
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
command: Specifies the keywords and arguments of a display command. To display available
keywords and arguments, enter display ?.
begin: Displays the first line matching the specified regular expression and all subsequent lines.
exclude: Displays all lines not matching the specified regular expression.
include: Displays all lines matching the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Usage guidelines
Use the | { begin | exclude | include } regular-expression option with a display command to filter
the command output. For more information about regular expressions, see Fundamentals
Configuration Guide.
Examples
# Display the lines that contain vlan in the running configuration.
<Sysname> display current-configuration | include vlan
vlan 1
vlan 999
port access vlan 999
display | by-linenum
Use display | by-linenum to number each output line for a display command.
Syntax
display command | by-linenum
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
command: Specifies the keywords and arguments of a display command. To display available
keywords and arguments, enter display ?.
Usage guidelines
By numbering each output line from a display command, you can easily identify the lines of interest.
Each line number is displayed as a 5-character string and might be followed by a colon (:) or hyphen
(-). If you specify both | by-linenum and | begin regular-expression for a display command, a
hyphen is displayed for all lines that do not match the regular expression.
3
Examples
# Display VLAN 999 settings, with each output line identified by a number.
<Sysname> display vlan 999 | by-linenum
1:
VLAN ID: 999
2:
VLAN type: Static
3:
Route interface: Configured
4:
IPv4 address: 192.168.2.1
5:
IPv4 subnet mask: 255.255.255.0
6:
Description: For LAN Access
7:
Name: VLAN 0999
8:
Tagged ports:
9:
Untagged ports: None
None
10:
# Display the first line that begins with user-group in the running configuration and all of the
following lines.
<Sysname> display current-configuration | by-linenum begin user-group
114:
user-group system
115-
#
116-
return
display >
Use display > to save the output from a display command to a separate file.
Syntax
display command > filename
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
command: Specifies the keywords and arguments of a display command. To display available
keywords and arguments, enter display ?.
filename: Specifies the name of the file that is used to save the output, a string of 1 to 63 characters.
Usage guidelines
The display commands show the configuration, statistics, and states of the device. You can use the
display > command to save the output to a file.
If the specified file does not exist, the system creates the file and saves the output to the file. If the file
already exists, the system overwrites the file.
Examples
# Save VLAN 1 settings to a separate file named vlan.txt.
<Sysname> display vlan 1 > vlan.txt
# Check the content of the vlan.txt file.
<Sysname> more vlan.txt
4
VLAN ID: 1
VLAN type: Static
Route interface: Not configured
Description: VLAN 0001
Name: VLAN 0001
Tagged ports:
None
Untagged ports:
GigabitEthernet1/0/2
display >>
Use display >> to append the output from a display command to the end of a file.
Syntax
display command >> filename
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
command: Specifies the keywords and arguments of a display command. To display available
keywords and arguments, enter display ?.
filename: Specifies the name of the file that is used to save the output, a string of 1 to 63 characters.
Usage guidelines
The display commands show the configuration, statistics, and states of the device. You can use
display >> to save the output to a file.
If the specified file does not exist, the system creates the file and saves the output to the file. If the file
already exists, the system appends the output to the end of the file.
Examples
# Append the VLAN 999 settings to the end of the vlan.txt file.
<Sysname> display vlan 999 >> vlan.txt
<Sysname>
# Check the content of the vlan.txt file.
<Sysname> more vlan.txt
VLAN ID: 1
VLAN type: Static
Route interface: Not configured
Description: VLAN 0001
Name: VLAN 0001
Tagged ports:
None
Untagged ports:
GigabitEthernet1/0/2
VLAN ID: 999
VLAN type: Static
5
Route interface: Configured
IP address: 192.168.2.1
Subnet mask: 255.255.255.0
Description: For LAN Access
Name: VLAN 0999
Tagged ports:
None
Untagged ports:
GigabitEthernet1/0/1
display alias
Use display alias to display command aliases.
Syntax
display alias [ alias ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
alias: Specifies a command alias. If you do not specify this argument, the command displays all
command aliases.
Examples
# Display all command aliases.
<Sysname> display alias
Index
Alias
Command key
1
access-list
acl
2
end
return
3
erase
delete
4
exit
quit
5
hostname
sysname
6
logging
info-center
7
no
undo
8
shinc
display $1 | include $2
9
show
display
10
sirt
display ip routing-table
11
write
save
# Display the command alias shinc.
<Sysname> display alias shinc
Alias
Command key
shinc
display ip $1 | include $2
Related commands
alias
6
display history-command
Use display history-command to display all commands that are saved in the command history
buffer for the current CLI session.
Syntax
display history-command
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
The system automatically saves commands you have successfully executed to the command history
buffer for the current CLI session. You can view them and execute them again.
By default, the system can save up to 10 commands in the buffer. You can use the
history-command max-size command to change the buffer size. To buffer a new command when
the buffer is full, the system deletes the oldest command entry in the buffer.
All commands in the command history buffer for the current CLI session will be cleared when you log
out.
Examples
# Display all commands saved in the command history buffer for the current CLI session.
<Sysname> display history-command
system-view
vlan 2
quit
Related commands
history-command max-size
display history-command all
Use display history-command all to display all commands that are saved in the command history
buffer for all CLI sessions.
Syntax
display history-command all
Views
Any view
Predefined user roles
network-admin
Usage guidelines
The system automatically saves commands successfully executed by users to the command history
buffer for all CLI sessions. Users can view them but cannot recall them from the buffer.
Up to 1024 commands can be saved in the command history buffer. To buffer a new command when
the buffer is full, the system deletes the oldest command entry in the buffer.
7
A user logout does not cause the system to delete commands from the history buffer for all CLI
sessions.
Examples
# Display all commands saved in the command history buffer for all CLI sessions.
<Sysname> display history-command all
Date
Time
Terminal
03/16/2012 20:03:33 vty0
Ip
User
192.168.1.26
**
192.168.1.26
**
Cmd:dis his all
03/16/2012 20:03:29 vty0
Cmd:sys
Table 2 Command output
Field
Description
Date
Date when the command was executed.
Time
Time when the command was executed.
Terminal
User line used by the user.
Ip
IP address of the terminal used by the user.
User
Username used by the user.
Cmd
Command string entered by the user.
Related commands
display history-command
display hotkey
Use display hotkey to display hotkey information.
Syntax
display hotkey
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display hotkey information.
<Sysname> display hotkey
----------------- Hotkeys -----------------Defined command hotkeysCTRL_G display current-configuration
CTRL_L display ip routing-table
CTRL_O undo debugging all
-Undefined command hotkeys-
8
CTRL_T NULL
CTRL_U NULL
-System-reserved hotkeysCTRL_A
Move the cursor to the beginning of the line.
CTRL_B
Move the cursor one character to the left.
CTRL_C
Stop the current command.
CTRL_D
Erase the character at the cursor.
CTRL_E
Move the cursor to the end of the line.
CTRL_F
Move the cursor one character to the right.
CTRL_H
Erase the character to the left of the cursor.
CTRL_K
Abort the connection request.
CTRL_N
Display the next command in the history buffer.
CTRL_P
Display the previous command in the history buffer.
CTRL_R
Redisplay the current line.
CTRL_V
Paste text from the clipboard.
CTRL_W
Delete the word to the left of the cursor.
CTRL_X
Delete all characters from the beginning of the line to the cursor.
CTRL_Y
Delete all characters from the cursor to the end of the line.
CTRL_Z
Return to the User View.
CTRL_]
Kill incoming connection or redirect connection.
ESC_B
Move the cursor back one word.
ESC_D
Delete all characters from the cursor to the end of the word.
ESC_F
Move the cursor forward one word.
ESC_N
Move the cursor down a line.
ESC_P
Move the cursor up a line.
ESC_<
Move the cursor to the beginning of the clipboard.
ESC_>
Move the cursor to the end of the clipboard.
Related commands
hotkey
hotkey
Use hotkey to assign a command to a configurable hotkey.
Use undo hotkey to restore the default.
Syntax
hotkey { CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U } command
undo hotkey { CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U }
Default
•
Ctrl_G: display current-configuration (display the running configuration).
•
Ctrl_L: display ip routing-table (display the IPv4 routing table information).
•
Ctrl_O: undo debugging all (disable all debugging functions).
•
Ctrl_T: No command is assigned to this hotkey.
•
Ctrl_U: No command is assigned to this hotkey.
9
Views
System view
Predefined user roles
network-admin
Parameters
CTRL_G: Assigns a command to Ctrl+G.
CTRL_L: Assigns a command to Ctrl+L.
CTRL_O: Assigns a command to Ctrl+O.
CTRL_T: Assigns a command to Ctrl+T.
CTRL_U: Assigns a command to Ctrl+U.
command: Specifies the command to be assigned to the hotkey.
Usage guidelines
The system defines some hotkeys and provides five configurable command hotkeys. Pressing a
hotkey executes the command assigned to the hotkey.
To display system-defined and configurable hotkeys, use the display hotkey command.
Examples
# Assign the display tcp statistics command to hotkey Ctrl+T.
<Sysname> system-view
[Sysname] hotkey ctrl_t display tcp statistics
Related commands
display hotkey
quit
Use quit to return to the upper-level view.
Syntax
quit
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
Executing this command in user view disconnects you from the device.
Examples
# Return from GigabitEthernet 1/0/1 interface view to system view and then to user view.
[Sysname-GigabitEthernet1/0/1] quit
[Sysname] quit
<Sysname>
10
repeat
Use repeat to repeat commands in the command history buffer for the current CLI session.
Syntax
repeat [ number ] [ count times ] [ delay seconds ]
Views
Any view
Predefined user roles
network-admin
Parameters
number: Specifies the number of the most recently executed commands in the command history
buffer for the current CLI session that you want to execute. The value range is 1 to 10. The default is
1.
count times: Specifies the number of times that you want to execute the commands. The value
range is 0 to 4294967295. The default is 0. If you do not specify this option, the system keeps
executing the commands until you press the escape key to terminate the execution.
delay seconds: Specifies the time (in seconds) for the system to wait before executing the
commands again. The value range is 0 to 4294967295. The default is 1.
Usage guidelines
To repeat a command, first enter the view for the command. To repeat multiple commands, first enter
the view for the first command.
The repeat command executes commands in the order they were executed.
The system waits for your interaction when it repeats an interactive command.
Examples
# Configure the system to execute the two most recently executed commands (display cpu and
display clock) three times at an interval of 10 seconds.
<Sysname> repeat 2 count 3 delay 10
<Sysname> display cpu
Unit CPU usage:
33% in last 5 seconds
32% in last 1 minute
33% in last 5 minutes
<Sysname> display clock
12:20:08 UTC Thu 06/19/2014
<Sysname> display cpu
Unit CPU usage:
33% in last 5 seconds
32% in last 1 minute
33% in last 5 minutes
<Sysname> display clock
12:20:18 UTC Thu 06/19/2014
<Sysname> display cpu
Unit CPU usage:
11
33% in last 5 seconds
32% in last 1 minute
33% in last 5 minutes
<Sysname> display clock
12:20:28 UTC Thu 06/19/2014
Related commands
display history-command
escape-key
history-command max-size
return
Use return to return to user view from any other view.
Syntax
return
Views
Any view except user view
Predefined user roles
network-admin
network-operator
Usage guidelines
Pressing Ctrl+Z has the same effect as the return command.
Examples
# Return to user view from GigabitEthernet 1/0/1 interface view.
[Sysname-GigabitEthernet1/0/1] return
<Sysname>
screen-length disable
Use screen-length disable to disable pausing between screens of output for the current CLI
session.
Use undo screen-length disable to enable pausing between screens of output for the current CLI
session.
Syntax
screen-length disable
undo screen-length disable
Default
The default depends on the configuration of the screen-length command in user line view.
The following are the default settings for the screen-length command:
•
Pausing between screens of output.
•
Displaying up to 24 lines on a screen.
12
Views
User view
Predefined user roles
network-admin
Usage guidelines
If you disable pausing between screens of output, all output is displayed. The screen is refreshed
continuously until the final screen is displayed.
This command takes effect only for the current CLI session. When you are logged out, the default is
restored.
Examples
# Disable pausing between screens of output for the current CLI session.
<Sysname> screen-length disable
Related commands
screen-length
system-view
Use system-view to enter system view from user view.
Syntax
system-view
Views
User view
Predefined user roles
network-admin
network-operator
Examples
# Enter system view from user view.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname]
13
RBAC commands
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for
features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more
information about FIPS mode, see Security Configuration Guide.
description
Use description to configure a description for a user role for easy identification.
Use undo description to restore the default.
Syntax
description text
undo description
Default
A user role does not have a description.
Views
User role view
Predefined user roles
network-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 128 characters.
Examples
# Configure the description as labVIP for user role role1.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] description labVIP
Related commands
display role
role
display role
Use display role to display user role information.
Syntax
display role [ name role-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
14
Parameters
name role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters. If you do
not specify a user role name, the command displays information about all user roles, including the
predefined user roles.
Examples
# Display information about user role 123.
<Sysname> display role name 123
Role: 123
Description: new role
VLAN policy: deny
Permitted VLANs: 1 to 5, 7 to 8
Interface policy: deny
Permitted interfaces: GigabitEthernet1/0/1 to GigabitEthernet1/0/2, Vlan-interface1 to
Vlan-interface20
VPN instance policy: deny
Permitted VPN instances: vpn, vpn1, vpn2
Security zone policy: permit (default)
------------------------------------------------------------------Rule
Perm
Type
Scope
Entity
------------------------------------------------------------------1
permit RWX
feature-group abc
2
deny
feature
ldap
3
permit
command
system ; radius sc *
4
permit R--
xml-element
-
5
permit RW-
oid
1.2.1
-W-
R:Read W:Write X:Execute
# Display information about all user roles.
<Sysname> display role
Role: network-admin
Description: Predefined network admin role has access to all commands on the d
evice
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
------------------------------------------------------------------Rule
Perm
Type
Scope
Entity
------------------------------------------------------------------sys-1
permit
command
*
sys-2
permit RWX
web-menu
-
sys-3
permit RWX
xml-element
-
sys-4
deny
command
display security-logfile summary
sys-5
deny
command
system-view ; info-center securi
sys-6
deny
command
security-logfile save
sys-7
permit RW-
oid
1
ty-logfile directory *
R:Read W:Write X:Execute
15
Role: network-operator
Description: Predefined network operator role has access to all read commands
on the device
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
------------------------------------------------------------------Rule
Perm
Type
Scope
Entity
------------------------------------------------------------------sys-1
permit
command
display *
sys-2
permit
command
xml
sys-3
deny
command
display history-command all
sys-4
deny
command
display exception *
sys-5
deny
command
display cpu-usage configuration
*
sys-6
deny
command
display kernel exception *
sys-7
deny
command
display kernel deadloop *
sys-8
deny
command
display kernel starvation *
sys-9
deny
command
display kernel reboot *
sys-12
permit
command
system-view ; local-user *
sys-13
permit
command
system-view ; switchto *
sys-14
permit R--
web-menu
-
sys-15
permit R--
xml-element
-
sys-16
deny
command
display security-logfile summary
sys-17
deny
command
system-view ; info-center securi
sys-18
deny
command
security-logfile save
sys-19
permit R--
oid
1
ty-logfile directory *
R:Read W:Write X:Execute
Role: level-0
Description: Predefined level-0 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
------------------------------------------------------------------Rule
Perm
Type
Scope
Entity
------------------------------------------------------------------sys-1
permit
command
tracert *
sys-2
permit
command
telnet *
sys-3
permit
command
ping *
sys-4
permit
command
ssh2 *
sys-5
permit
command
super *
R:Read W:Write X:Execute
Role: level-1
16
Description: Predefined level-1 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
------------------------------------------------------------------Rule
Perm
Type
Scope
Entity
------------------------------------------------------------------sys-1
permit
command
tracert *
sys-2
permit
command
telnet *
sys-3
permit
command
ping *
sys-4
permit
command
ssh2 *
sys-5
permit
command
display *
sys-6
permit
command
super *
sys-7
deny
command
display history-command all
R:Read W:Write X:Execute
Role: level-2
Description: Predefined level-2 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
Role: level-3
Description: Predefined level-3 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
Role: level-4
Description: Predefined level-4 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
Role: level-5
Description: Predefined level-5 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
Role: level-6
Description: Predefined level-6 role
VLAN policy: permit (default)
17
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
Role: level-7
Description: Predefined level-7 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
Role: level-8
Description: Predefined level-8 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
Role: level-9
Description: Predefined level-9 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
------------------------------------------------------------------Rule
Perm
Type
Scope
Entity
------------------------------------------------------------------sys-1
permit RWX
feature
-
sys-2
deny
RWX
feature
device
sys-3
deny
RWX
feature
filesystem
sys-4
permit
command
display *
sys-5
deny
command
display history-command all
R:Read W:Write X:Execute
Role: level-10
Description: Predefined level-10 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
Role: level-11
Description: Predefined level-11 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
18
Role: level-12
Description: Predefined level-12 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
Role: level-13
Description: Predefined level-13 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
Role: level-14
Description: Predefined level-14 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
Role: level-15
Description: Predefined level-15 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
------------------------------------------------------------------Rule
Perm
Type
Scope
Entity
------------------------------------------------------------------sys-1
permit
command
*
sys-2
permit RWX
web-menu
-
sys-3
permit RWX
xml-element
-
sys-4
deny
command
display security-logfile summary
sys-5
deny
command
system-view ; info-center securi
ty-logfile directory *
sys-6
deny
command
security-logfile save
sys-7
permit RW-
oid
1
R:Read W:Write X:Execute
Role: security-audit
Description: Predefined security audit role only has access to commands for th
e security log administrator
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
-------------------------------------------------------------------
19
Rule
Perm
Type
Scope
Entity
------------------------------------------------------------------sys-1
deny
command
*
sys-2
permit
command
display security-logfile summary
sys-3
permit
command
system-view ; info-center securi
ty-logfile directory *
sys-4
permit
command
security-logfile save
sys-5
permit
command
cd *
sys-6
permit
command
copy *
sys-7
permit
command
delete *
sys-8
permit
command
dir *
sys-9
permit
command
mkdir *
sys-10
permit
command
more *
sys-11
permit
command
move *
sys-12
permit
command
rmdir *
sys-13
permit
command
pwd
sys-14
permit
command
rename *
sys-15
permit
command
undelete *
sys-16
permit
command
ftp *
sys-17
permit
command
sftp *
R:Read W:Write X:Execute
Role: guest-manager
Description: Predefined guest manager role can't access to commands
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
------------------------------------------------------------------Rule
Perm
Type
Scope
Entity
------------------------------------------------------------------sys-1
permit RWX
xml-element
useraccounts/approveguest/
sys-2
permit RWX
xml-element
useraccounts/exportguestaccount/
sys-3
permit RWX
xml-element
useraccounts/generateguestaccoun
sys-4
permit RWX
xml-element
useraccounts/guest/
sys-5
permit RWX
xml-element
useraccounts/guestconfigure/
sys-6
permit RWX
xml-element
useraccounts/importguestaccount/
sys-7
permit RWX
xml-element
useraccounts/exportguesttemplet/
sys-8
permit RWX
xml-element
rpc/
sys-9
deny
command
*
t/
R:Read W:Write X:Execute
20
Table 3 Command output
Field
Description
User role name.
Role
Predefined user role names:
•
network-admin.
•
network-operator.
•
level-n (where n represents an integer in the range of 0 to 15).
•
security-audit.
•
guest-manager.
Description
User role description.
VLAN policy
VLAN policy of the user role:
•
deny—Denies access to all VLANs except for permitted
VLANs.
•
permit (default)—Default VLAN policy, which enables the user
role to access all VLANs.
Permitted VLANs
VLANs accessible to the user role.
Interface policy
Interface policy of the user role:
•
deny—Denies access to all interfaces except for permitted
interfaces.
•
permit (default)—Default interface policy, which enables the
user role to access all interfaces.
Permitted interfaces
Interfaces accessible to the user role.
VPN instance policy
VPN instance policy of the user role:
•
deny—Denies access to all VPN instances except for
permitted VPNs.
•
permit (default)—Default VPN instance policy, which enables
the user role to access all VPN instances.
Permitted VPN instances
VPN instances accessible to the user role.
Security zone policy
Security zone policy of the user role:
•
deny—Denies access to all security zones except for permitted
security zones.
•
permit (default)—Default security zone policy, which enables
the user role to access all security zones.
Permitted security zones
Security zones accessible to the user role.
User role rule number.
Rule
A user role rule specifies access permissions for items, including
commands, feature-specific commands, Web menus, XML
elements, and MIB nodes.
Predefined user role rules are identified by sys-n, where n
represents an integer.
Perm
Access control type:
•
permit—User role has access to the specified items.
•
deny—User role does not have access to the specified items.
Type
Controlled type:
•
R—Read-only.
•
W—Write.
•
X—Execute.
21
Field
Description
Scope
Rule control scope:
•
command—Controls access to the command or commands,
as specified in the Entity field.
•
feature—Controls access to the commands of the feature, as
specified in the Entity field.
•
feature-group—Controls access to the commands of the
features in the feature group, as specified in the Entity field.
•
web-menu—Controls access to Web menus.
•
xml-element—Controls access to XML elements.
•
oid—Controls access to MIB nodes.
Entity
Command string, feature name, feature group, Web menu, XML
element, or OID specified in the user role rule:
•
An en dash (–) represents any feature.
•
An asterisk (*) represents zero or more characters.
Related commands
role
display role feature
Use display role feature to display features available in the system.
Syntax
display role feature [ name feature-name | verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
name feature-name: Specifies a feature by feature name. The feature-name argument represents
the feature name, and all letters must be in lower case.
verbose: Displays the commands of each feature.
Usage guidelines
If you do not specify any parameters, the command displays only the list of features available in the
system.
Examples
# Display the list of feature names.
<Sysname> display role feature
Feature: mpls
(MPLS-infrastructure related commands)
Feature: ldp
(LDP related commands)
Feature: te
(TE related commands)
Feature: ps
(PS related commands)
…
# Display the commands of each feature.
22
<Sysname> display role feature verbose
Feature: mpls
(MPLS-infrastructure related commands)
system-view ; mpls label *
(W)
system-view ; mpls lsr-id *
system-view ; mpls ttl *
(W)
(W)
system-view ; mpls statistics *
(W)
system-view ; interface *; mpls enable *
system-view ; interface *; mpls mtu *
system-view ; mpls bfd *
(W)
(W)
(W)
system-view ; snmp-agent trap enable mpls
display mpls interface *
display mpls label *
(W)
(R)
(R)
display mpls lsp *
(R)
display mpls nib *
(R)
display mpls nid *
(R)
display mpls summary *
(R)
display mpls tunnel *
(R)
display debugging mpls lsm
debugging mpls lsm *
(R)
(W)
reset mpls statistics *
(W)
system-view ; probe * ; display system internal mpls lsp-pending
system-view ; probe * ; display system internal mpls statistics
system-view ; static-lsp *
display mpls static-lsp *
(W)
(R)
…
# Display the commands of feature aaa.
<Sysname> display role feature name aaa
Feature: aaa
(AAA related commands)
system-view ; domain *
(W)
system-view ; header *
system-view ; aaa *
system-view ; ita *
display domain *
(W)
(W)
(W)
(R)
system-view ; user-group *
(W)
system-view ; local-user *
(W)
display local-user *
(R)
display user-group *
(R)
display debugging local-server
debugging local-server *
super *
(R)
(W)
(X)
display password-control *
reset password-control *
(R)
(W)
system-view ; password-control *
(W)
system-view ; local-user-import *
(W)
system-view ; local-user-export *
(W)
system-view ; local-guest *
reset local-guest *
(W)
(W)
local-guest send-email *
(W)
23
(R)
(R)
display local-guest *
(R)
Table 4 Command output (display role feature name aaa)
Field
Description
Feature
Displays the name and brief function description of the feature.
system-view ; domain *
All commands that start with the domain keyword in system view,
and all commands in ISP domain view.
system-view ; header *
All commands that start with the header keyword in system view.
system-view ; aaa *
All commands that start with the aaa keyword in system view.
system-view ; ita *
All commands that start with the ita keyword in system view.
display domain *
All commands that start with the display domain keywords in user
view.
system-view ; user-group *
All commands that start with the user-group keyword in system
view, and all commands in user group view.
system-view ; local-user *
All commands that start with the local-user keyword in system view,
and all commands in local user view.
display local-user *
All commands that start with the display local-user keywords in
user view.
display user-group *
All commands that start with the display user-group keywords in
user view.
display debugging local-server
All commands that start with the display debugging local-server
keywords in user view.
debugging local-server *
All commands that start with the debugging local-server keywords
in user view.
super *
All commands that start with the super keyword in user view.
display password-control *
All commands that start with the display password-control
keywords in user view.
reset password-control *
All commands that start with the reset password-control keywords
in user view.
system-view ; password-control *
All commands that start with the password-control keyword in
system view.
system-view ; local-user-import *
All commands that start with the local-user-import keyword in
system view.
system-view ; local-user-export *
All commands that start with the local-user-export keyword in
system view.
system-view ; local-guest *
All commands that start with the local-guest keyword in system
view.
reset local-guest *
All commands that start with the reset local-guest keywords in user
view.
local-guest send-email *
All commands that start with the local-guest send-email keywords
in user view.
display local-guest *
All commands that start with the display local-guest keywords in
user view.
(W)
Command type is Write. A write command configures the system.
(R)
Command type is Read. A read command displays configuration or
maintenance information.
24
Field
Description
(X)
Command type is Execute. An execute command executes a
specific function.
Related commands
feature
display role feature-group
Use display role feature-group to display feature group information.
Syntax
display role feature-group [ name feature-group-name ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
name feature-group-name: Specifies a feature group. The feature-group-name argument
represents the feature group name, a case-sensitive string of 1 to 31 characters. If you do not specify
a feature group, the command displays information about all feature groups.
verbose: Displays the commands of each feature in feature groups. If you do not specify this
keyword, the command displays only the feature lists of feature groups.
Usage guidelines
Feature groups L2 and L3 are predefined feature groups.
Examples
# Display the feature lists of feature groups.
<Sysname> display role feature-group
Feature group: L2
Feature: igmp-snooping
(IGMP-Snooping related commands)
Feature: mld-snooping
(MLD-Snooping related commands)
Feature: lacp
(LACP related commands)
Feature: stp
(STP related commands)
Feature: lldp
(LLDP related commands)
Feature: cfm
(CFM related commands)
Feature: loopbk-detect
(Loopback-detection related commands)
Feature: vlan
(Virtual LAN related commands)
Feature: evi
(EVI related commands)
Feature: oap
(OAP related commands)
Feature: ofp
(OFP related commands)
Feature: port-security
(Port-security related commands)
Feature group: L3
Feature: route
(Route management related commands)
Feature: usr
(Unicast static route related commands)
25
Feature: ospf
(Open Shortest Path First protocol related commands)
Feature: rip
(Routing Information Protocol related commands)
Feature: isis
(ISIS protocol related commands)
Feature: lisp
(LISP protocol related commands)
Feature: bgp
(Border Gateway Protocol related commands)
Feature: l3vpn
(Layer 3 Virtual Private Network related commands)
Feature: route-policy
(Routing Policy related commands)
Feature: mt
(Multiple-topology related commands)
Feature: multicast
(Multicast related commands)
Feature: pim
(Protocol Independent Multicast related commands)
Feature: igmp
(Internet Group Management Protocol related commands)
Feature: mld
(Multicast Listener Discovery related commands)
Feature: mcast-domain
(Multicast Domain related commands)
Feature: msdp
(Multicast Source Discovery Protocol related commands)
Feature: mip
(Moblie IP related commands)
# Display the commands in each feature group. For more information about the wildcards and marks
used in the command list, see Table 4.
<Sysname> display role feature-group verbose
Feature group: L2
Feature: igmp-snooping
(IGMP-Snooping related commands)
system-view ; igmp-snooping *
(W)
system-view ; vlan * ; igmp-snooping *
(W)
system-view ; interface * ; igmp-snooping *
display igmp-snooping *
(W)
(R)
display l2-multicast *
(R)
system-view ; probe ; display system internal l2-multicast *
reset igmp-snooping *
reset l2-multicast *
(R)
(W)
(W)
debugging igmp-snooping *
(W)
display debugging igmp-snooping *
(R)
system-view ; probe ; debugging system internal igmp-snooping *
Feature: mld-snooping
system-view ; mld-snooping *
(W)
system-view ; vlan * ; mld-snooping *
(W)
system-view ; interface * ; mld-snooping *
display mld-snooping *
(W)
(R)
display ipv6 l2-multicast *
(R)
system-view ; probe ; display system internal ipv6 l2-multicast *
reset mld-snooping *
(R)
(W)
reset ipv6 l2-multicast *
debugging mld-snooping *
(W)
(W)
display debugging mld-snooping *
(R)
system-view ; probe ; debugging system internal mld-snooping *
…
# Display the feature list of the L3 feature group.
<Sysname> display role feature-group name L3
Feature group: L3
Feature: route
(W)
(MLD-Snooping related commands)
(Route management related commands)
26
(W)
Feature: usr
(Unicast static route related commands)
Feature: ospf
(Open Shortest Path First protocol related commands)
Feature: rip
(Routing Information Protocol related commands)
Feature: isis
(ISIS protocol related commands)
Feature: lisp
(LISP protocol related commands)
Feature: bgp
(Border Gateway Protocol related commands)
Feature: l3vpn
(Layer 3 Virtual Private Network related commands)
Feature: route-policy
(Routing Policy related commands)
Feature: mt
(Multiple-topology related commands)
Feature: multicast
(Multicast related commands)
Feature: pim
(Protocol Independent Multicast related commands)
Feature: igmp
(Internet Group Management Protocol related commands)
Feature: mld
(Multicast Listener Discovery related commands)
Feature: mcast-domain
(Multicast Domain related commands)
Feature: msdp
(Multicast Source Discovery Protocol related commands)
Feature: mip
(Moblie IP related commands)
Related commands
feature
role feature-group
feature
Use feature to add a feature to a feature group.
Use undo feature to remove a feature from a feature group.
Syntax
feature feature-name
undo feature feature-name
Default
A user-defined feature group does not have any feature.
Views
Feature group view
Predefined user roles
network-admin
Parameters
feature-name: Specifies a feature name. You must enter the feature name in lower case.
Usage guidelines
Repeat the feature command to add multiple features to a feature group.
Examples
# Add the security features AAA and ACL to security group security-features.
<Sysname> system-view
[Sysname] role feature-group name security-features
[Sysname-featuregrp-security-features] feature aaa
[Sysname-featuregrp-security-features] feature acl
27
Related commands
display role feature
display role feature-group
role feature-group
interface policy deny
Use interface policy deny to enter user role interface policy view.
Use undo interface policy deny to restore the default.
Syntax
interface policy deny
undo interface policy deny
Default
A user role has access to all interfaces.
Views
User role view
Predefined user roles
network-admin
Usage guidelines
To restrict the interface access of a user role to a set of interfaces, perform the following tasks:
1.
Use interface policy deny to enter user role interface policy view.
2.
Use permit interface to specify accessible interfaces.
NOTE:
The interface policy deny command denies the access of the user role to all interfaces if the
permit interface command is not configured.
To configure an interface, make sure the interface is permitted by the user role interface policy in use.
You can perform the following tasks on an accessible interface:
•
Create, remove, or configure the interface.
•
Enter the interface view.
•
Specify the interface in feature commands.
The create and remove operations are available only for logical interfaces.
Any change to a user role interface policy takes effect only on users who log in with the user role after
the change.
Examples
# Enter user role interface policy view of role1, and deny role1 to access all interfaces.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] interface policy deny
[Sysname-role-role1-ifpolicy] quit
# Enter user role interface policy view of role1, and deny role1 to access all interfaces except for
GigabitEthernet 1/0/1 to GigabitEthernet 1/0/5.
<Sysname> system-view
28
[Sysname] role name role1
[Sysname-role-role1] interface policy deny
[Sysname-role-role1-ifpolicy] permit interface gigabitethernet 1/0/1 to gigabitethernet
1/0/5
Related commands
display role
permit interface
role
permit interface
Use permit interface to configure a list of interfaces accessible to a user role.
Use undo permit interface to disable the access of a user role to specific interfaces.
Syntax
permit interface interface-list
undo permit interface [ interface-list ]
Default
No permitted interfaces are configured in user role interface policy view.
Views
User role interface policy view
Predefined user roles
network-admin
Parameters
interface interface-list: Specifies a space-separated list of up to 10 interface items. Each interface
item specifies one interface in the interface-type interface-number form or a range of interfaces in the
interface-type interface-number to interface-type interface-number form. If you specify an interface
range, the end interface must meet the following requirements:
•
Be the same type as the start interface.
•
Have a higher interface number than the start interface.
Usage guidelines
To permit a user role to access an interface after you configure the interface policy deny command,
you must add the interface to the permitted interface list of the policy. With the user role, you can
perform the following tasks to the interfaces in the permitted interface list:
•
Create, remove, or configure the interfaces.
•
Enter the interface views.
•
Specify the interfaces in feature commands.
The create and remove operations are available only for logical interfaces.
You can repeat the permit interface command to add multiple permitted interfaces to a user role
interface policy.
The undo permit interface command removes the entire list of permitted interfaces if you do not
specify an interface.
Any change to a user role interface policy takes effect only on users who log in with the user role after
the change.
29
Examples
1.
Configure user role role1:
# Permit user role role1 to execute all commands available in interface view and VLAN view.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] rule 1 permit command system-view ; interface *
[Sysname-role-role1] rule 2 permit command system-view ; vlan *
# Permit the user role to access GigabitEthernet 1/0/1, and GigabitEthernet 1/0/5 to
GigabitEthernet 1/0/7.
[Sysname-role-role1] interface policy deny
[Sysname-role-role1-ifpolicy] permit interface gigabitethernet 1/0/1
gigabitethernet 1/0/5 to gigabitethernet 1/0/7
[Sysname-role-role1-ifpolicy] quit
[Sysname-role-role1] quit
2.
Verify that you cannot use the user role to work on any interfaces except for GigabitEthernet
1/0/1 and GigabitEthernet 1/0/5 to GigabitEthernet 1/0/7:
# Verify that you can enter GigabitEthernet 1/0/1 interface view.
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] quit
# Verify that you can assign GigabitEthernet 1/0/5 to VLAN 10. In this example, the user role
can access all VLANs because the default VLAN policy of the user role is used.
[Sysname] vlan 10
[Sysname-vlan10] port gigabitethernet 1/0/5
[Sysname-vlan10] quit
# Verify that you cannot enter GigabitEthernet 1/0/2 interface view.
[Sysname] interface gigabitethernet 1/0/2
Permission denied.
Related commands
display role
interface policy deny
role
permit security-zone
Use permit security-zone to configure a list of security zones accessible to a user role.
Use undo permit security-zone to remove the permission for a user role to access specific security
zones.
Syntax
permit security-zone security-zone-name&<1-10>
undo permit security-zone [ security-zone-name&<1-10> ]
Default
No permitted security zones are configured in user role security zone policy view.
Views
User role security zone policy view
30
Predefined user roles
network-admin
Parameters
security-zone-name&<1-10>: Specifies a space-separated list of up to 10 security zone names.
Each name is a case-sensitive string of 1 to 31 characters.
Usage guidelines
To permit a user role to access a security zone after you configure the security-zone policy deny
command, you must add the security zone to the permitted security zone list of the policy. With the
user role, you can perform the following tasks on the security zones in the permitted security zone
list:
•
Create, remove, or configure the security zones.
•
Enter the security zone views.
•
Specify the security zones in feature commands.
You can repeat the permit security-zone command to add multiple permitted security zones to a
user role security zone policy.
The undo permit security-zone command removes the entire list of permitted security zones if you
do not specify a security zone.
Any change to a user role security zone policy takes effect only on users who log in with the user role
after the change.
Examples
1.
Configure user role role1:
# Permit user role role1 to execute all commands available in system view.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] rule 1 permit command system-view ; *
# Permit the user role to access security zones trust and abc.
[Sysname-role-role1] security-zone policy deny
[Sysname-role-role1-zonepolicy] permit security-zone trust abc
[Sysname-role-role1-zonepolicy] quit
[Sysname-role-role1] quit
2.
Verify that you cannot use the user role to work on any security zones except for security zones
trust and abc:
# Verify that you can create security zone abc and enter security zone view.
[Sysname] security-zone name abc
[Sysname-security-zone-abc] quit
# Verify that you can create a zone pair with source security zone trust and destination zone
abc.
[Sysname] zone-pair security source trust destination abc
[Sysname-zone-pair-security-Trust-abc] quit
# Verify that you cannot create security zone local or enter the security zone view.
[Sysname] security-zone name local
Permission denied.
Related commands
display role
role
31
security-zone policy deny
permit vlan
Use permit vlan to configure a list of VLANs accessible to a user role.
Use undo permit vlan to remove the permission for a user role to access specific VLANs.
Syntax
permit vlan vlan-id-list
undo permit vlan [ vlan-id-list ]
Default
No permitted VLANs are configured in user role VLAN policy view.
Views
User role VLAN policy view
Predefined user roles
network-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each VLAN item specifies a
VLAN by VLAN ID or specifies a range of VLANs in the form of vlan-id1 to vlan-id2. The value range
for the VLAN IDs is 1 to 4094. If you specify a VLAN range, the value for the vlan-id2 argument must
be greater than the value for the vlan-id1 argument.
Usage guidelines
To permit a user role to access a VLAN after you configure the vlan policy deny command, you
must add the VLAN to the permitted VLAN list of the policy. With the user role, you can perform the
following tasks on the VLANs in the permitted VLAN list:
•
Create, remove, or configure the VLANs.
•
Enter the VLAN views.
•
Specify the VLANs in feature commands.
You can repeat the permit vlan command to add multiple permitted VLANs to a user role VLAN
policy.
The undo permit vlan command removes the entire list of permitted VLANs if you do not specify a
VLAN.
Any change to a user role VLAN policy takes effect only on users who log in with the user role after
the change.
Examples
1.
Configure user role role1:
# Permit user role role1 to execute all commands available in interface view and VLAN view.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] rule 1 permit command system-view ; interface *
[Sysname-role-role1] rule 2 permit command system-view ; vlan *
# Permit user role role1 to access VLANs 2, 4, and 50 to 100.
[Sysname-role-role1] vlan policy deny
[Sysname-role-role1-vlanpolicy] permit vlan 2 4 50 to 100
[Sysname-role-role1-vlanpolicy] quit
32
[Sysname-role-role1] quit
2.
Verify that you cannot use the user role to work on any VLANs except for VLANs 2, 4, and 50 to
100:
# Verify that you can create VLAN 100 and enter the VLAN view.
[Sysname] vlan 100
[Sysname-vlan100] quit
# Verify that you can add GigabitEthernet 1/0/1 to VLAN 100 as an access port.
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] port access vlan 100
[Sysname-GigabitEthernet1/0/1] quit
# Verify that you cannot create VLAN 101 or enter the VLAN view.
[Sysname] vlan 101
Permission denied.
Related commands
display role
role
vlan policy deny
permit vpn-instance
Use permit vpn-instance to configure a list of VPN instances accessible to a user role.
Use undo permit vpn-instance to disable the access of a user role to specific VPN instances.
Syntax
permit vpn-instance vpn-instance-name&<1-10>
undo permit vpn-instance [ vpn-instance-name&<1-10> ]
Default
No permitted VPN instances are configured in user role VPN instance policy.
Views
User role VPN instance policy view
Predefined user roles
network-admin
Parameters
vpn-instance-name&<1-10>: Specifies a space-separated list of up to 10 MPLS L3VPN instance
names. Each name is a case-sensitive string of 1 to 31 characters.
Usage guidelines
To permit a user role to access an MPLS L3VPN instance after you configure the vpn-instance
policy deny command, you must add the VPN instance to the permitted VPN instance list of the
policy. With the user role, you can perform the following tasks on the VPN instances in the permitted
VPN instance list:
•
Create, remove, or configure the VPN instances.
•
Enter the VPN instance views.
•
Specify the VPN instances in feature commands.
You can repeat the permit vpn-instance command to add multiple permitted MPLS L3VPN
instances to a user role VPN instance policy.
33
The undo permit vpn-instance command removes the entire list of permitted VPN instances if you
do not specify a VPN instance.
Any change to a user role VPN instance policy takes effect only on users who log in with the user role
after the change.
Examples
1.
Configure user role role1:
# Permit the user role to execute all commands available in system view and in the child views
of system view.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] rule 1 permit command system-view ; *
# Permit the user role to access VPN instance vpn1.
[Sysname-role-role1] vpn policy deny
[Sysname-role-role1-vpnpolicy] permit vpn-instance vpn1
[Sysname-role-role1-vpnpolicy] quit
[Sysname-role-role1] quit
2.
Verify that you cannot use the user role to work on any VPN instances except for vpn1:
# Verify that you can enter the view of VPN instance vpn1.
[Sysname] ip vpn-instance vpn1
[Sysname-vpn-instance-vpn1] quit
# Verify that you can specify the primary accounting server at 10.110.1.2 in the VPN instance
for RADIUS scheme radius1.
[Sysname] radius scheme radius1
[Sysname-radius-radius1] primary accounting 10.110.1.2 vpn-instance vpn1
[Sysname-radius-radius1] quit
# Verify that you cannot create VPN instance vpn2 or enter the VPN instance view.
[Sysname] ip vpn-instance vpn2
Permission denied.
Related commands
display role
role
vpn-instance policy deny
role
Use role to create a user role and enter its view, or enter the view of an existing user role.
Use undo role to delete a user role.
Syntax
role name role-name
undo role name role-name
Default
The system has the following predefined user roles: network-admin, network-operator, level-n
(where n represents an integer in the range of 0 to 15), security-audit, and guest-manager.
Views
System view
34
Predefined user roles
network-admin
Parameters
name role-name: Specifies a username. The role-name argument is a case-sensitive string of 1 to
63 characters.
Usage guidelines
You can create a maximum of 64 user roles in addition to the predefined user roles.
To change the permissions assigned to a user role, you must first enter the user role view.
You cannot delete the predefined user roles or change the permissions assigned to network-admin,
network-operator, level-15, security-audit, or guest-manager.
You cannot assign the security-audit user role to non-AAA authentication users.
Level-0 to level-14 users can modify their own permissions for all commands except for the display
history-command all command.
Examples
# Create a user role named role1 and enter its view.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1]
Related commands
display role
interface policy deny
rule
security-zone policy deny
vlan policy deny
vpn-instance policy deny
role default-role enable
Use role default-role enable to enable the default user role feature for remote AAA users.
Use undo role default-role enable to restore the default.
Syntax
role default-role enable [ role-name ]
undo role default-role enable
Default
The default user role feature is disabled. AAA users who do not have a user role cannot log in to the
device.
Views
System view
Predefined user roles
network-admin
35
Parameters
role-name: Specifies a user role by its name for the default user role. The user role must already
exist. The argument is a case-sensitive string of 1 to 63 characters. If you do not specify a user role,
the default user role is network-operator.
Usage guidelines
The default user role feature assigns the default user role to AAA-authenticated users if the
authentication server (local or remote) does not assign any user roles to the users. These users are
allowed to access the system with the default user role.
If AAA users have been assigned user roles, they log in with the user roles.
Examples
# Enable the default user role feature.
<Sysname> system-view
[Sysname] role default-role enable
Related commands
role
role feature-group
Use role feature-group to create a user role feature group and enter its view, or enter the view of an
existing user role feature group.
Use undo role feature-group to delete a user role feature group.
Syntax
role feature-group name feature-group-name
undo role feature-group name feature-group-name
Default
Two user role feature groups L2 and L3 exist.
Views
System view
Predefined user roles
network-admin
Parameters
name feature-group-name: Specifies a feature group name. The feature-group-name argument is a
case-sensitive string of 1 to 31 characters.
Usage guidelines
The L2 feature group includes all Layer 2 feature commands, and the L3 feature group includes all
Layer 3 feature commands. These predefined feature groups are not user configurable.
In addition to the predefined feature groups L2 and L3, you can create a maximum of 64 user role
feature groups.
After you create a user role feature group, you can use the display role feature command to display
the features available in the system. Then you can use the feature command to add features to the
feature group.
Examples
# Create a feature group named security-features and enter its view.
36
<Sysname> system-view
[Sysname] role feature-group name security-features
[Sysname-featuregrp-security-features]
Related commands
display role feature-group
display role feature
feature
rule
Use rule to create or change a user role rule for controlling command, Web menu, XML element, or
MIB node access.
Use undo rule to delete user role rules.
Syntax
rule number { deny | permit } { command command-string | { execute | read | write } * { feature
[ feature-name ] | feature-group feature-group-name | oid oid-string | web-menu [ web-string ] |
xml-element [ xml-string ] } }
undo rule { number | all }
Default
A user-defined user role does not have any rules and cannot access any commands, Web menus,
XML elements, or MIB nodes.
Views
User role view
Predefined user roles
network-admin
Parameters
number: Specifies a rule number in the range of 1 to 256.
deny: Denies access to the specified commands, Web menus, XML elements, or MIB nodes.
permit: Permits access to the specified commands, Web menus, XML elements, or MIB nodes.
command command-string: Specifies a command string. The command string can represent a
command or a group of commands. The command-string argument is a case-sensitive string of 1 to
128 characters, including the following characters:
•
The wildcard asterisk (*).
•
The delimiters space and tab.
•
All printable characters.
execute: Specifies the execute commands, Web menus, XML elements, or MIB nodes. An execute
command (for example, ping), Web menu, XML element, or MIB node executes a specific function
or program.
read: Specifies the read commands, Web menus, XML elements, or MIB nodes. A read command
(for example, display, dir, more, or pwd), Web menu, XML element, or MIB node displays
configuration or maintenance information.
write: Specifies the write commands, Web menus, XML elements, or MIB nodes. A write command
(for example, ssh server enable), Web menu, XML element, or MIB node configures the system.
37
feature [ feature-name ]: Specifies one or all features. The feature-name argument represents a
feature name. If you do not specify a feature name, you specify all the features in the system. When
you specify a feature, the feature name must be the same, including the case, as the name displayed
by the display role feature command.
feature-group feature-group-name: Specifies a user-defined or predefined feature group. The
feature-group-name argument represents the feature group name, a case-sensitive string of 1 to 31
characters. If the feature group has not been created, the rule takes effect after the group is created.
To display the feature groups that have been created, use the display role feature-group
command.
oid oid-string: Specifies an OID of a MIB node. The oid-string argument represents the OID, a
case-insensitive string of 1 to 255 characters. The OID is a dotted numeric string that uniquely
identifies the path from the root node to this node. For example, 1.3.6.1.4.1.25506.8.35.14.19.1.1.
web-menu [ web-string ]: Specifies a Web menu. The web-string argument represents the ID path of
the Web menu, a case-insensitive string of 1 to 255 characters. Use the forward slash (/) to separate
ID items, for example, M_DEVICE/I_BASIC_INFO/I_reboot. If you do not specify a Web menu, the
rule applies to all Web items. To verify the ID path of a Web menu, use the display web menu
command.
xml-element [ xml-string ]: Specifies an XML element. The xml-string argument represents the
XPath of the XML element, a case-insensitive string of 1 to 255 characters. Use the forward slash (/)
to separate Xpath items, for example, Interfaces/Index/Name. If you do not specify an XML element,
the rule applies to all XML elements.
all: Specifies all the user role rules.
Usage guidelines
You can define the following types of rules for different access control granularities:
•
Command rule—Controls access to a command or a set of commands that match a regular
expression.
•
Feature rule—Controls access to the commands of a feature by command type.
•
Feature group rule—Controls access to the commands of a group of features by command
type.
•
Web menu rule—Controls access to Web menus by menu type.
•
XML element rule—Controls access to XML elements by element type.
•
OID rule—Controls access to the specified MIB node and its child nodes by node type.
A user role can access the set of permitted commands, Web menus, XML elements, and MIB nodes
specified in the user role rules. User role rules include predefined (identified by sys-n) and
user-defined user role rules.
You can configure a maximum of 256 user-defined rules for a user role. The total number of
user-defined user role rules cannot exceed 1024.
Any rule modification, addition, or removal for a user role takes effect only on the users who log in
with the user role after the change.
Access to the file system commands is controlled by both the file system command rules and the file
system feature rule.
A command with output redirection to the file system is permitted only when the command type write
is assigned to the file system feature.
The following guidelines apply to non-OID rules:
•
If two user-defined rules of the same type conflict, the rule with the higher ID takes effect. For
example, a user role can use the tracert command but not the ping command if the user role
contains rules configured by using the following commands:
{
rule 1 permit command ping
{
rule 2 permit command tracert
38
{
•
rule 3 deny command ping
If a predefined user role rule and a user-defined user role rule conflict, the user-defined user
role rule takes effect.
The following guidelines apply to OID rules:
•
•
The system compares an OID with the OIDs specified in rules, and it uses the longest match
principle to select a rule for the OID. For example, a user role cannot access the MIB node with
OID 1.3.6.1.4.1.25506.141.3.0.1 if the user role contains rules configured by using the following
commands:
{
rule 1 permit read write oid 1.3.6
{
rule 2 deny read write oid 1.3.6.1.4.1
{
rule 3 permit read write oid 1.3.6.1.4
If the same OID is specified in multiple rules, the rule with the higher ID takes effect. For
example, a user role can access the MIB node with OID 1.3.6.1.4.1.25506.141.3.0.1 if the user
role contains rules configured by using the following commands:
{
rule 1 permit read write oid 1.3.6
{
rule 2 deny read write oid 1.3.6.1.4.1
{
rule 3 permit read write oid 1.3.6.1.4.1
When you specify a command string, follow the guidelines in Table 5.
Table 5 Command string configuration rules
Rule
Guidelines
Use a semicolon to separate the command of each view that you must
enter before you access a command or a set of commands. However,
do not use a semicolon to separate commands available in user view or
any view, for example, display and dir.
Each semicolon-separated segment must have a minimum of one
printable character.
Semicolon (;) is the delimiter.
To specify the commands in a view but not the commands in the view's
subviews, use a semicolon as the last printable character in the last
segment. To specify the commands in a view and the view's subviews,
the last printable character in the last segment must not be a semicolon.
For example, you must enter system view before you enter interface
view. To specify all commands starting with the ip keyword in any
interface view, you must use the "system ; interface * ; ip * ;" command
string.
For another example, the "system ; radius scheme * ;" command string
represents all commands that start with the radius scheme keywords in
system view. The "system ; radius scheme *" command string
represents all commands that start with the radius scheme keywords in
system view and all commands in RADIUS scheme view.
An asterisk represents zero or multiple characters.
In a non-last segment, you can use an asterisk only at the end of the
segment.
Asterisk (*) is the wildcard.
In the last segment, you can use an asterisk in any position of the
segment. If the asterisk appears at the beginning, you cannot specify a
printable character behind the asterisk.
For example, the "system ; *" command string represents all commands
available in system view and all subviews of the system view. The
"debugging * event" command string represents all event debugging
commands available in user view.
39
Rule
Keyword abbreviation is allowed.
To control the access to a
command, you must specify the
command immediately after the
view that has the command.
Do not include the vertical bar (|),
greater-than sign (>), or double
greater-than sign (>>) when you
specify display commands in a
user role command rule.
Guidelines
You can specify a keyword by entering the first few characters of the
keyword. Any command that starts with this character string matches
the rule.
For example, "rule 1 deny command dis arp source *" denies access to
the commands display arp source-mac interface and display arp
source-suppression.
To control access to a command, you must specify the command
immediately behind the view to which the command is assigned. The
rules that control command access for any subview do not apply to the
command.
For example, the "rule 1 deny command system ; interface * ; *"
command string disables access to any command that is assigned to
interface view. However, you can still execute the acl number
command in interface view, because this command is assigned to
system view rather than interface view. To disable access to this
command, use "rule 1 deny command system ; acl *;".
The system does not treat the redirect signs and the parameters that
follow the signs as part of command lines. However, in user role
command rules, these redirect signs and parameters are handled as
part of command lines. As a result, no rule that includes any of these
signs can find a match.
For example, "rule 1 permit command display debugging > log" can
never find a match. This is because the system has a display
debugging command but not a display debugging > log command.
Examples
# Permit user role role1 to execute the display acl command.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] rule 1 permit command display acl
# Permit user role role1 to execute all commands that start with the display keyword.
[Sysname-role-role1] rule 2 permit command display *
# Permit user role role1 to execute the radius scheme aaa command in system view and use all
commands assigned to RADIUS scheme view.
[Sysname-role-role1] rule 3 permit command system ; radius scheme aaa
# Deny the access of role1 to the read or write commands of all features.
[Sysname-role-role1] rule 4 deny read write feature
# Deny the access of role1 to the read commands of the aaa feature.
[Sysname-role-role1] rule 5 deny read feature aaa
# Permit role1 to access all read, write, and execute commands of feature group security-features.
[Sysname-role-role1] rule 6 permit read write execute feature-group security-features
# Permit role1 to access all read and write MIB nodes starting from the node with OID 1.1.2.
[Sysname-role-role1] rule 7 permit read write oid 1.1.2
Related commands
display role
display role feature
display role feature-group
display web menu
40
role
security-zone policy deny
Use security-zone policy deny to enter user role security zone policy view.
Use undo security-zone policy deny to restore the default.
Syntax
security-zone policy deny
undo security-zone policy deny
Default
A user role has access to all security zones.
Views
User role view
Predefined user roles
network-admin
Usage guidelines
To restrict the security zone access of a user role to a set of security zones, perform the following
tasks:
1.
Use security-zone policy deny to enter user role security zone policy view.
2.
Use permit security-zone to specify accessible security zones.
NOTE:
The security-zone policy deny command denies the access of the user role to all security zones if
the permit security-zone command is not configured.
To configure a security zone, make sure the zone is permitted by the user role security zone policy in
use. You can perform the following tasks on an accessible security zone:
•
Create, remove, or configure the security zone.
•
Enter the security zone view.
•
Specify the security zone in feature commands.
Any change to a user role security zone policy takes effect only on users who log in with the user role
after the change.
Examples
# Enter user role security zone policy view of role1, and deny the access of role1 to all security
zones.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] security-zone policy deny
[Sysname-role-role1-zonepolicy] quit
# Enter user role security zone policy view of role1, and deny the access of role1 to all security
zones except for security zones trust and abc.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] security-zone policy deny
[Sysname-role-role1-zonepolicy] permit security-zone trust abc
41
Related commands
display role
permit security-zone
role
super
Use super to obtain another user role without reconnecting to the device.
Syntax
super [ role-name ]
Views
User view
Predefined user roles
network-admin
Parameters
role-name: Specifies a user role, a case-sensitive string of 1 to 63 characters. The user role must
exist in the system. If you do not specify a user role, you obtain the default target user role which is
set by using the super default role command.
Usage guidelines
The obtained user role is a temporary user role, because this command is effective only on the
current login. The next time you are logged in with the user account, the original user role settings
take effect.
To enable a user to obtain another user role without reconnecting to the device, you must configure
user role authentication.
•
If no local password is configured in the local password authentication (local), a console or
AUX user can obtain the user role by either entering a string or not entering anything.
•
If no local password is configured in the local-then-remote authentication (local scheme), the
following rules apply:
{
{
A console, TTY, or VTY user performs remote authentication.
An AUX user can obtain user role authorization by either entering a string or not entering
anything.
Examples
# Obtain user role network-operator.
<Sysname> super network-operator
Password:
User privilege role is network-operator, and only those commands that authorized to the
role can be used.
Related commands
authentication super (Security Command Reference)
super authentication-mode
super password
42
super authentication-mode
Use super authentication-mode to set an authentication mode for temporary user role
authorization.
Use undo super authentication-mode to restore the default.
Syntax
super authentication-mode { local | scheme } *
undo super authentication-mode
Default
Local password authentication applies.
Views
System view
Predefined user roles
network-admin
Parameters
local: Enables local password authentication.
scheme: Enables remote AAA authentication.
Usage guidelines
For local password authentication, use the super password command to set a password.
For remote AAA authentication, set the username and password on the RADIUS or HWTACACS
server.
If you specify both local and scheme keywords, the keyword first entered in the command takes
precedence.
•
scheme local—Enables remote-then-local authentication mode. The device first performs AAA
authentication to obtain a temporary user role. Local password authentication is performed if
the remote HWTACACS or RADIUS server does not respond, or if the AAA configuration on the
device is invalid.
•
local scheme—Enables local-then-remote authentication mode. The device first performs
local password authentication. If no password is configured for the user role, the device
performs remote authentication.
For more information about AAA, see Security Configuration Guide.
Examples
# Enable local-only authentication for temporary user role authorization.
<Sysname> system-view
[Sysname] super authentication-mode local
# Enable remote-then-local authentication for temporary user role authorization.
<Sysname> system-view
[Sysname] super authentication-mode scheme local
Related commands
authentication super (Security Command Reference)
super password
43
super default role
Use super default role to specify the default target user role for temporary user role authorization.
Use undo super default role to restore the default.
Syntax
super default role role-name
undo super default role
Default
The default target user role is network-admin.
Views
System view
Predefined user roles
network-admin
Parameters
role-name: Specifies the name of the default target user role, a case-sensitive string of 1 to 63
characters. The user role must exist in the system.
Usage guidelines
The default target user role is applied to the super or super password command when you do not
specify a user role for the command.
Examples
# Specify the default target user role as network-operator for temporary user role authorization.
<Sysname> system-view
[Sysname] super default role network-operator
Related commands
super
super password
super password
Use super password to set a password for a user role.
Use undo super password to delete the password for a user role.
Syntax
In non-FIPS mode:
super password [ role role-name ] [ { hash | simple } string ]
undo super password [ role role-name ]
In FIPS mode:
super password [ role role-name ]
undo super password [ role role-name ]
Default
No password is set for a user role.
44
Views
System view
Predefined user roles
network-admin
Parameters
role role-name: Specifies a user role, a case-sensitive string of 1 to 63 characters. The user role
must exist in the system. If you do not specify a user role, the command sets a password for the
default target user role which is set by using the super default role command.
hash: Specifies a password in hashed form.
simple: Specifies a password in plaintext form. For security purposes, the password specified in
plaintext form will be stored in hashed form.
string: Specifies the password.
•
In non-FIPS mode, the plaintext form of the password is a case-sensitive string of 1 to 63
characters. The hashed form of the password is a case-sensitive string of 1 to 110 characters.
•
In FIPS mode, the password must be a case-sensitive plaintext string of 15 to 63 characters.
The string must contain four character types including digits, uppercase letters, lowercase
letters, and special characters.
Usage guidelines
If you do not specify any parameters, you specify a plaintext password in the interactive mode.
The FIPS mode supports only the interactive mode for setting a password.
Set a password if you configure local password authentication for temporary user role authorization.
It is a good practice to specify different passwords for different user roles.
Examples
# Set the password to 123456TESTplat&! in plaintext form for user role network-operator.
<Sysname> system-view
[Sysname] super password role network-operator simple 123456TESTplat&!
# Set the password to 123456TESTplat&! in the interactive mode for user role network-operator.
<Sysname> system-view
[Sysname] super password role network-operator
Password:
Confirm :
Updating user information. Please wait... ...
Related commands
super authentication-mode
super default role
vlan policy deny
Use vlan policy deny to enter user role VLAN policy view.
Use undo vlan policy deny to restore the default.
Syntax
vlan policy deny
undo vlan policy deny
45
Default
A user role has access to all VLANs.
Views
User role view
Predefined user roles
network-admin
Usage guidelines
To restrict the VLAN access of a user role to a set of VLANs, perform the following tasks:
1.
Use vlan policy deny to enter user role VLAN policy view.
2.
Use permit vlan to specify accessible VLANs.
NOTE:
The vlan policy deny command denies the access of the user role to all VLANs if the permit vlan
command is not configured.
To configure a VLAN, make sure the VLAN is permitted by the user role VLAN policy in use. You can
perform the following tasks on an accessible VLAN:
•
Create, remove, or configure the VLAN.
•
Enter the VLAN view.
•
Specify the VLAN in feature commands.
Any change to a user role VLAN policy takes effect only on users who log in with the user role after
the change.
Examples
# Enter user role VLAN policy view of role1, and deny the access of role1 to all VLANs.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] vlan policy deny
[Sysname-role-role1-vlanpolicy] quit
# Enter user role VLAN policy view of role1, and deny the access of role1 to all VLANs except for
VLANs 50 to 100.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] vlan policy deny
[Sysname-role-role1-vlanpolicy] permit vlan 50 to 100
Related commands
display role
permit vlan
role
vpn-instance policy deny
Use vpn-instance policy deny to enter user role VPN instance policy view.
Use undo vpn-instance policy deny to restore the default.
46
Syntax
vpn-instance policy deny
undo vpn-instance policy deny
Default
A user role has access to all VPN instances.
Views
User role view
Predefined user roles
network-admin
Usage guidelines
To restrict the VPN instance access of a user role to a set of VPN instances, perform the following
tasks:
1.
Use vpn-instance policy deny to enter user role VPN instance policy view.
2.
Use permit vpn-instance to specify accessible VPN instances.
NOTE:
The vpn-instance policy deny command denies the access of the user role to all VPN instances if
the permit vpn-instance command is not configured.
To configure a VPN instance, make sure the VPN instance is permitted by the user role VPN
instance policy in use. You can perform the following tasks on an accessible VPN instance:
•
Create, remove, or configure the VPN instance.
•
Enter the VPN instance view.
•
Specify the VPN instance in feature commands.
Any change to a user role VPN instance policy takes effect only on users who log in with the user role
after the change.
Examples
# Enter user role VPN instance policy view of role1, and deny the access of role1 to all VPN
instances.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] vpn-instance policy deny
[Sysname-role-role1-vpnpolicy] quit
# Enter user role VPN instance policy view of role1, and deny the access of role1 to all VPN
instances except for vpn2.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] vpn-instance policy deny
[Sysname-role-role1-vpnpolicy] permit vpn-instance vpn2
Related commands
display role
permit vpn-instance
role
47
Login management commands
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for
features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more
information about FIPS mode, see Security Configuration Guide.
Some login management commands are available in both user line view and user line class view. For
these commands, the device uses the following rules to determine the settings to be activated:
•
A setting in user line view applies only to the user line. A setting in user line class view applies to
all user lines of the class.
•
A non-default setting in either view takes precedence over a default setting in the other view. A
non-default setting in user line view takes precedence over a non-default setting in user line
class view.
activation-key
Use activation-key to set the terminal session activation key. Pressing this shortcut key starts a
terminal session.
Use undo activation-key to restore the default.
Syntax
activation-key key-string
undo activation-key
Default
The terminal session activation key is Enter.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
key-string: Specifies a shortcut key. It can be a character (case sensitive), or an ASCII code value in
the range of 0 to 127. For example, if you configure activation-key 1, the shortcut key is Ctrl+A. If
you configure activation-key a, the shortcut key is a. For information about ASCII code values of
individual characters, see the standard ASCII code chart. For information about ASCII code values
of combined keys that use the Ctrl key, see Table 6.
Usage guidelines
This command is not supported in VTY line view or VTY line class view.
This command takes effect immediately.
To display the current terminal session activation key, use the display current-configuration |
include activation-key command.
Table 6 ASCII code values for combined keys that use the Ctrl key
Combined key
ASCII code value
Ctrl+A
1
48
Combined key
ASCII code value
Ctrl+B
2
Ctrl+C
3
Ctrl+D
4
Ctrl+E
5
Ctrl+F
6
Ctrl+G
7
Ctrl+H
8
Ctrl+I
9
Ctrl+J
10
Ctrl_K
11
Ctrl_L
12
Ctrl+M
13
Ctrl+N
14
Ctrl+O
15
Ctrl+P
16
Ctrl+Q
17
Ctrl+R
18
Ctrl+S
19
Ctrl+T
20
Ctrl+U
21
Ctrl+V
22
Ctrl+W
23
Ctrl+X
24
Ctrl+Y
25
Ctrl+Z
26
Examples
# Configure character s as the terminal session activation key for console line 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] activation-key s
To verify the configuration:
1.
Exit the console session.
[Sysname-line-console0] return
<Sysname> quit
2.
Log in again through the console line.
The following message appears:
Press ENTER to get started.
3.
Press Enter.
49
Pressing Enter does not start a session.
4.
Press s.
A terminal session is started.
<Sysname>
authentication-mode
Use authentication-mode to set the authentication mode for a user line.
Use undo authentication-mode to restore the default.
Syntax
In non-FIPS mode:
authentication-mode { none | password | scheme }
undo authentication-mode
In FIPS mode:
authentication-mode scheme
undo authentication-mode
Default
In non-FIPS mode, the authentication mode is password for VTY and AUX lines, and none for
console and TTY lines.
In non-FIPS mode, the authentication mode is none for the AUX line.
In FIPS mode, the authentication mode is scheme.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
none: Disables authentication.
password: Performs local password authentication.
scheme: Performs AAA authentication. For more information about AAA, see Security Configuration
Guide.
Usage guidelines
When the authentication mode is none, a user can log in without authentication. To improve device
security, use the password or scheme authentication mode.
In VTY line view, this command is associated with the protocol inbound command. If you specify a
non-default value for one of the two commands, the other command uses the default setting,
regardless of the setting in VTY line class view.
An authentication mode change does not take effect for the current session. It takes effect for
subsequent login sessions.
Examples
# Enable the none authentication mode for VTY line 0.
<Sysname> system-view
50
[Sysname] line vty 0
[Sysname-line-vty0] authentication-mode none
# Enable password authentication for VTY line 0 and set the password to 321.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] authentication-mode password
[Sysname-line-vty0] set authentication password simple 321
# Enable scheme authentication for VTY line 0. Configure the local user 123 and set the password to
321. Assign the Telnet service and the user role network-admin to the user.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] authentication-mode scheme
[Sysname-line-vty0] quit
[Sysname] local-user 123
[Sysname-luser-manage-123] password simple 321
[Sysname-luser-manage-123] service-type telnet
[Sysname-luser-manage-123] authorization-attribute user-role network-admin
Related commands
set authentication password
auto-execute command
Use auto-execute command to specify the command to be automatically executed for a login user.
Use undo auto-execute command to restore the default.
Syntax
auto-execute command command
undo auto-execute command
Default
No command is specified to be automatically executed for a login user.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
command: Specifies the command to be automatically executed.
Usage guidelines
CAUTION:
After configuring this command for a user line, you might be unable to access the CLI through the
user line. Make sure you can access the CLI through a different user line before you configure this
command and save the configuration.
This command is not supported in console line view or console line class view.
51
This command is not supported in AUX line view or AUX line class view.
A configuration change made by this command does not take effect for the current session. It takes
effect for subsequent login sessions.
The device automatically executes the specified command when a user logs in through the user line.
If the command triggers another task, the device does not close the user connection until the task is
completed. If the command does not trigger any other tasks, the device closes the user connection
after the command is executed.
Typically, you configure the auto-execute command telnet X.X.X.X command so the device
redirects a Telnet user to the host at X.X.X.X. The connection to the device is closed when the user
terminates the Telnet connection to X.X.X.X.
Examples
# Configure the device to automatically execute the telnet 192.168.1.41 command when a user logs
in through VTY line 0.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] auto-execute command telnet 192.168.1.41
This action will lead to configuration failure through line-vty0. Are you sure?
[Y/N]:y
[Sysname-line-vty0]
# To verify the configuration, Telnet to the device (192.168.1.40).
The device automatically Telnets to 192.168.1.41. The following output is displayed on the
configuration terminal:
C:\> telnet 192.168.1.40
******************************************************************************
* Copyright (c) 2010-2016 Hewlett Packard Enterprise Development LP
*
* Without the owner's prior written consent,
*
* no decompiling or reverse-engineering shall be allowed.
*
******************************************************************************
<Sysname>
Trying 192.168.1.41 ...
Press CTRL+K to abort
Connected to 192.168.1.41 ...
******************************************************************************
* Copyright (c) 2010-2016 Hewlett Packard Enterprise Development LP
*
* Without the owner's prior written consent,
*
* no decompiling or reverse-engineering shall be allowed.
*
******************************************************************************
<Sysname.41>
This operation is the same as directly logging in to the device at 192.168.1.41 through Telnet. When
you close the Telnet connection to 192.168.1.41, the Telnet connection to 192.168.1.40 is closed at
the same time.
command accounting
Use command accounting to enable command accounting.
Use undo command accounting to disable command accounting.
52
Syntax
command accounting
undo command accounting
Default
Command accounting is disabled. The accounting server does not record executed commands.
Views
User line view
User line class view
Predefined user roles
network-admin
Usage guidelines
When command accounting is enabled but command authorization is not, every executed command
is recorded on the HWTACACS server.
When both command accounting and command authorization are enabled, only authorized
commands that are executed are recorded on the HWTACACS server.
Invalid commands are not recorded.
A configuration change made by this command does not take effect for the current session. It takes
effect for subsequent login sessions.
After you configure the command accounting command in user line class view, you cannot
configure the undo command accounting command in any user line views in the class.
Examples
# Enable command accounting for VTY line 0.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] command accounting
Related commands
accounting command (Security Command Reference)
command authorization
command authorization
Use command authorization to enable command authorization.
Use undo command authorization to disable command authorization.
Syntax
command authorization
undo command authorization
Default
Command authorization is disabled. Logged-in users can execute commands without authorization.
Views
User line view
User line class view
53
Predefined user roles
network-admin
Usage guidelines
When command authorization is enabled, a user can only use commands that are permitted by both
the AAA scheme and user role.
A configuration change made by this command does not take effect for the current session. It takes
effect for subsequent login sessions.
If you configure the command authorization command in user line class view, command
authorization is enabled for all user lines in the class. You cannot configure the undo command
authorization command in the view of a user line in the class.
Examples
# Enable command authorization for VTY line 0.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] command authorization
Related commands
authorization command (Security Command Reference)
command accounting
databits
Use databits to specify the number of data bits for a character.
Use undo databits to restore the default.
Syntax
databits { 5 | 6 | 7 | 8 }
undo databits
Default
Eight data bits are used for a character.
Views
User line view
Predefined user roles
network-admin
Parameters
5: Uses five data bits for a character. This keyword is available only for modem dial-in.
6: Uses six data bits for a character. This keyword is available only for modem dial-in.
7: Uses seven data bits for a character.
8: Uses eight data bits for a character.
Usage guidelines
This command is not supported in VTY line class view.
This setting must be the same as the setting on the configuration terminal.
54
Examples
# Configure AUX 0 to use seven data bits for a character.
<Sysname> system-view
[Sysname] line aux 0
[Sysname-line-aux0] databits 7
display line
Use display line to display user line information.
Syntax
display line [ number1 | { aux | console | tty | vty } number2 ] [ summary ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
number1: Specifies the absolute number of a user line.
The following matrix shows the value ranges for the number1 argument:
Hardware
Value range
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
0 to 384
MSR958(JH300A/JH301A)
0 to 384
MSR1002-4/1003-8S
0 to 384
MSR2003
0 to 705
MSR2004-24/2004-48
0 to 704
MSR3012/3024/3044/3064
0 to 1472
MSR4060/4080
0 to 9311
aux: Specifies the AUX line.
The following matrix shows the aux keyword and hardware compatibility:
Hardware
Keyword compatibility
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
No
MSR958(JH300A/JH301A)
No
MSR1002-4/1003-8S
Yes
MSR2003
Yes
MSR2004-24/2004-48
Yes
MSR3012/3024/3044/3064
Yes
MSR4060/4080
Yes
console: Specifies the console line.
55
The following matrix shows the console keyword and hardware compatibility:
Hardware
Keyword compatibility
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
Yes
MSR958(JH300A/JH301A)
Yes
MSR1002-4/1003-8S
No
MSR2003
No
MSR2004-24/2004-48
No
MSR3012/3024/3044/3064
No
MSR4060/4080
Yes
tty: Specifies the TTY line.
vty: Specifies the VTY line.
number2: Specifies the relative number of a user line.
The following matrix shows the value ranges for the number2 argument:
Hardware
Value ranges
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
•
•
•
console–0
tty–1 to 320
vty–0 to 63
MSR958(JH300A/JH301A)
•
•
•
console–0
tty–1 to 320
vty–0 to 63
MSR1002-4/1003-8S
•
•
•
aux–0
tty–1 to 320
vty–0 to 63
MSR2003
•
•
•
aux–0 to 1
tty–1 to 640
vty–0 to 63
MSR2004-24/2004-48
•
•
•
aux–0
tty–1 to 640
vty–0 to 63
MSR3012/3024/3044/3064
•
•
•
aux–0
tty–1 to 1408
vty–0 to 63
MSR4060/4080
•
•
•
•
aux–0 to 15
console–0 to 15
tty–1 to 9216
vty–0 to 63
summary: Displays summary information about user lines. If you do not specify this keyword, the
command displays detailed information.
Examples
# Display information about console line 0.
<Sysname> display line 0
Idx
Type
Tx/Rx
Modem Auth
Int
56
Location
+ 0
CON 0
9600
-
N
-
+
: Line is active.
F
: Line is active and in async mode.
Idx
: Absolute index of line.
0/0
Type : Type and relative index of line.
Auth : Login authentication mode.
Int
: Physical port of the line.
A
: Authentication use AAA.
N
: No authentication is required.
P
: Password authentication.
Table 7 Command output
Field
Description
Modem
Whether the modem allows calling in or out. By default, this attribute is not configured and
this field displays a hyphen (-).
Int
Physical port for the line. If there is no physical port for the line or the line is a console line,
this field displays a hyphen (-).
Physical position of the line, in the form slot number/CPU number. (Centralized devices.)
Location
Physical position of the line, in the form slot number/CPU number in standalone mode or
chassis number/slot number/CPU number in IRF mode.
# Display summary information about all user lines.
<Sysname> display line summary
Line type : [CON]
0:U
Line type : [AUX]
1:X
Line type : [VTY]
2:UXXX X
2 lines used.
(U)
5 lines not used.
(X)
Table 8 Command output
Fields
Description
number: Absolute number of the first user line in the user line class.
status: User line status. X is for unused and U is for used.
number:status
For example, if "2:UXXX X" is displayed, there are five user lines of the user line
class, which use the absolute numbers 2 through 6. User line 2 is in use, and the
other user lines are not.
display telnet client
Use display telnet client to display the packet source setting for the Telnet client.
Syntax
display telnet client
57
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the packet source setting for the Telnet client.
<Sysname> display telnet client
The source IP address is 1.1.1.1.
Related commands
telnet client source
display user-interface
Use display user-interface to display user line information.
Syntax
display user-interface [ number1 | { aux | console | tty | vty } number2 ] [ summary ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
number1: Specifies the absolute number of a user line.
The following matrix shows the value ranges for the number1 argument:
Hardware
Value range
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
0 to 384
MSR958(JH300A/JH301A)
0 to 384
MSR1002-4/1003-8S
0 to 384
MSR2003
0 to 705
MSR2004-24/2004-48
0 to 704
MSR3012/3024/3044/3064
0 to 1472
MSR4060/4080
0 to 9311
aux: Specifies the AUX line.
The following matrix shows the aux keyword and hardware compatibility:
Hardware
Keyword compatibility
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
No
MSR958(JH300A/JH301A)
No
58
Hardware
Keyword compatibility
MSR1002-4/1003-8S
Yes
MSR2003
Yes
MSR2004-24/2004-48
Yes
MSR3012/3024/3044/3064
Yes
MSR4060/4080
Yes
console: Specifies the console line.
The following matrix shows the console keyword and hardware compatibility:
Hardware
Keyword compatibility
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
Yes
MSR958(JH300A/JH301A)
Yes
MSR1002-4/1003-8S
No
MSR2003
No
MSR2004-24/2004-48
No
MSR3012/3024/3044/3064
No
MSR4060/4080
Yes
tty: Specifies the TTY line.
vty: Specifies the VTY line.
number2: Specifies the relative number of a user line.
The following matrix shows the value ranges for the number2 argument:
Hardware
Value ranges
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
•
•
•
console–0
tty–1 to 320
vty–0 to 63
MSR958(JH300A/JH301A)
•
•
•
console–0
tty–1 to 320
vty–0 to 63
MSR1002-4/1003-8S
•
•
•
aux–0
tty–1 to 320
vty–0 to 63
MSR2003
•
•
•
aux–0 to 1
tty–1 to 640
vty–0 to 63
MSR2004-24/2004-48
•
•
•
aux–0
tty–1 to 640
vty–0 to 63
MSR3012/3024/3044/3064
•
•
•
aux–0
tty–1 to 1408
vty–0 to 63
59
Hardware
Value ranges
MSR4060/4080
•
•
•
•
aux–0 to 15
console–0 to 15
tty–1 to 9216
vty–0 to 63
summary: Displays summary information about user lines. If you do not specify this keyword, the
detailed information is displayed.
Usage guidelines
This command is an older version reserved for backward compatibility purposes. It has the same
functionality and output as the display line command. As a best practice, use the display line
command.
Examples
# Display information about console line 0.
<Sysname> display user-interface 0
Idx
+ 0
Type
Tx/Rx
Modem Auth
Int
Location
CON 0
9600
-
-
0/0
N
+
: Line is active.
F
: Line is active and in async mode.
Idx
: Absolute index of line.
Type : Type and relative index of line.
Auth : Login authentication mode.
Int
: Physical port of the line.
A
: Authentication use AAA.
N
: No authentication is required.
P
: Password authentication.
Table 9 Command output
Field
Description
Modem
Whether the modem allows calling in or out. By default, this attribute is not configured and
this field displays a hyphen (-).
Int
Physical port for the line. If there is no physical port for the line or the line is a console line,
this field displays a hyphen (-).
Physical position of the line, in the form slot number/CPU number. (Centralized devices.)
Location
Physical position of the line, in the form slot number/CPU number in standalone mode or
chassis number/slot number/CPU number in IRF mode.
# Display summary information about all user lines.
<Sysname> display user-interface summary
Line type : [CON]
0:U
Line type : [AUX]
1:X
Line type : [VTY]
2:UXXX X
2 lines used.
(U)
5 lines not used.
(X)
60
Table 10 Command output
Fields
Description
number: Absolute number of the first user line in the user line class.
status: User line status. X is for unused and U is for used.
number:status
For example, if "2:UXXX X" is displayed, there are five user lines of the user line
class, which use the absolute numbers 2 through 6. User line 2 is in use, and the
other user lines are not.
display users
Use display users to display online CLI users.
Syntax
display users [ all ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Displays all user lines supported by the device.
Examples
# Display online user information.
<Sysname> display users
Idx
Line
Idle
Time
Pid
Type
10
VTY 0
00:10:49
Jun 11 11:27:32
320
TEL
+ 11
VTY 1
00:00:00
Jun 11 11:39:40
334
TEL
Following are more details.
VTY 0
:
Location: 192.168.1.12
VTY 1
:
Location: 192.168.1.26
+
: Current operation user.
F
: Current operation user works in async mode.
The output shows that two users have logged in to the device: one is using VTY line 0 and the other
(yourself) is using VTY line 1. Your IP address is 192.168.1.26.
Table 11 Command output
Field
Description
Idx
Absolute number of the user line.
Line
Type and relative number of the user line.
Idle
Time elapsed after the user's most recent input, in the hh:mm:ss format.
Time
Login time of the user.
61
Field
Description
Pid
Process ID of the user session.
Type
User type, such as Telnet, SSH, or PAD.
+
User line you are using.
Location
IP address of the user.
escape-key
Use escape-key to set the escape key.
Use undo escape-key to disable the escape key.
Syntax
escape-key { key-string | default }
undo escape-key
Default
The escape key is Ctrl+C.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
key-string: Specifies a shortcut key. It can be a character (case sensitive, except for d and D), or an
ASCII code value in the range of 0 to 127. For example, if you configure escape-key 1, the shortcut
key is Ctrl+A. If you configure escape-key a, the shortcut key is a. If you specify the character d or D
for this argument, the actual shortcut key is Ctrl+C. To use d or D as the shortcut key, you must
specify the ASCII code value of the character for this argument. For information about ASCII code
values of individual characters, see the standard ASCII code chart. For information about ASCII
code values of combined keys that use the Ctrl key, see Table 6.
default: Restores the default escape key Ctrl+C.
Usage guidelines
You can use this shortcut key to abort a command that is being executed. For example, you can
press this shortcut key to abort a ping or tracert command.
Whether a command can be aborted by Ctrl+C by default depends on the software implementation
of the command. For more information, see the usage guidelines for the command.
As a best practice, use a key sequence as the escape key. If you define a single character as the
escape key, pressing the key while a command is being executed stops the command. If no
command is being executed, pressing the key enters the character as a common character. If you
Telnet from the device to a remote device, pressing the key enters the character as a common
character on the remote device. The key acts as the escape key on the remote device only when the
following conditions are met:
•
You define the same character as the escape key on the remote device.
•
You press the key while a command is being executed on the remote device.
62
The undo escape-key command disables the current escape key. After you execute this command,
no escape key is available.
The setting in user line view takes effect immediately for the current session. The setting in user line
class view takes effect for login sessions that are established after the setting is configured.
To display the current escape key, use the display current-configuration | include escape-key
command.
Examples
# Define the character a as the escape key for console line 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] escape-key a
To verify the configuration:
1.
Ping IP address 192.168.1.49, specifying the -c keyword to set the number of ICMP echo
request packets to 20.
<Sysname> ping -c 20 192.168.1.49
PING 192.168.1.49: 56
data bytes, press a to break
Reply from 192.168.1.49: bytes=56 Sequence=1 ttl=255 time=3 ms
Reply from 192.168.1.49: bytes=56 Sequence=2 ttl=255 time=3 ms
2.
Press a.
The system aborts the command and returns to user view.
--- 192.168.1.49 ping statistics --2 packet(s) transmitted
2 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/3/3 ms
<Sysname>
flow-control
Use flow-control to configure the flow control mode.
Use undo flow-control to restore the default.
Syntax
flow-control { hardware | none | software }
flow-control hardware direction1 [ software direction2 ]
flow-control software direction1 [ hardware direction2 ]
undo flow-control
Default
Flow control is disabled.
Views
User line view
Predefined user roles
network-admin
Parameters
hardware: Performs hardware flow control.
63
none: Disables flow control.
software: Performs software flow control.
direction1, direction2: Specify the software flow control direction and hardware flow control direction.
•
in: Listens to flow control information from the remote device.
•
out: Sends flow control information to the remote device.
Usage guidelines
This command is not supported in VTY line view.
The device can perform flow control in either or both of the inbound and outbound directions. One
direction supports one flow control mode.
To specify the same flow control mode for the two directions, use the flow-control { hardware |
software | none } command.
To specify different flow control modes for the two directions, use the flow-control hardware
direction1 [ software direction2 ] or flow-control software direction1 [ hardware direction2 ]
command. If you do not specify the software direction2 or hardware direction2 option, the flow
control mode none applies to the direction represented by the option.
For two devices to communicate, make sure their flow control modes match.
Examples
# Configure hardware flow control in the inbound direction and disable flow control in the outbound
direction for console line 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] flow-control hardware in
# Configure hardware flow control in the inbound direction and software flow control in the outbound
direction for console line 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] flow-control hardware in software out
free line
Use free line to release a user line.
Syntax
free line { number1 | { aux | console | tty | vty } number2 }
Views
User view
Predefined user roles
network-admin
Parameters
number1: Specifies the absolute number of a user line.
The following matrix shows the value ranges for the number1 argument:
Hardware
Value range
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
0 to 384
MSR958(JH300A/JH301A)
0 to 384
64
Hardware
Value range
MSR1002-4/1003-8S
0 to 384
MSR2003
0 to 705
MSR2004-24/2004-48
0 to 704
MSR3012/3024/3044/3064
0 to 1472
MSR4060/4080
0 to 9311
aux: Specifies the AUX line.
The following matrix shows the aux keyword and hardware compatibility:
Hardware
Keyword compatibility
MSR958(JH300A/JH301A)
No
MSR1002-4/1003-8S
Yes
MSR2003
Yes
MSR2004-24/2004-48
Yes
MSR3012/3024/3044/3064
Yes
MSR4060/4080
Yes
console: Specifies the console line.
The following matrix shows the console keyword and hardware compatibility:
Hardware
Keyword compatibility
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
Yes
MSR958(JH300A/JH301A)
Yes
MSR1002-4/1003-8S
No
MSR2003
No
MSR2004-24/2004-48
No
MSR3012/3024/3044/3064
No
MSR4060/4080
Yes
tty: Specifies the TTY line.
vty: Specifies the VTY line.
number2: Specifies the relative number of a user line.
The following matrix shows the value ranges for the number2 argument:
Hardware
Value ranges
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
•
•
•
console–0
tty–1 to 320
vty–0 to 63
MSR958(JH300A/JH301A)
•
•
•
console–0
tty–1 to 320
vty–0 to 63
65
Hardware
Value ranges
MSR1002-4/1003-8S
•
•
•
aux–0
tty–1 to 320
vty–0 to 63
MSR2003
•
•
•
aux–0 to 1
tty–1 to 640
vty–0 to 63
MSR2004-24/2004-48
•
•
•
aux–0
tty–1 to 640
vty–0 to 63
MSR3012/3024/3044/3064
•
•
•
aux–0
tty–1 to 1408
vty–0 to 63
MSR4060/4080
•
•
•
•
aux–0 to 15
console–0 to 15
tty–1 to 9216
vty–0 to 63
Usage guidelines
This command does not release the line you are using.
Examples
# Display online users.
<Sysname> display users
Idx
Line
Idle
Time
Pid
Type
10
VTY 0
00:10:49
Jun 11 11:27:32
320
TEL
+ 11
VTY 1
00:00:00
Jun 11 11:39:40
334
TEL
Following are more details.
VTY 0
:
Location: 192.168.1.12
VTY 1
:
Location: 192.168.1.26
+
: Current operation user.
F
: Current operation user works in async mode.
# Release VTY line 1.
<Sysname> free line vty 1
Are you sure to free line vty1? [Y/N]:y
[OK]
free user-interface
Use free user-interface to release a user line.
Syntax
free user-interface { number1 | { aux | console | tty | vty } number2 }
Views
User view
66
Predefined user roles
network-admin
Parameters
number1: Specifies the absolute number of a user line.
The following matrix shows the value ranges for the number1 argument:
Hardware
Value range
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
0 to 384
MSR958(JH300A/JH301A)
0 to 384
MSR1002-4/1003-8S
0 to 384
MSR2003
0 to 705
MSR2004-24/2004-48
0 to 704
MSR3012/3024/3044/3064
0 to 1472
MSR4060/4080
0 to 9311
aux: Specifies the AUX line.
The following matrix shows the aux keyword and hardware compatibility:
Hardware
Keyword compatibility
MSR958(JH300A/JH301A)
No
MSR1002-4/1003-8S
Yes
MSR2003
Yes
MSR2004-24/2004-48
Yes
MSR3012/3024/3044/3064
Yes
MSR4060/4080
Yes
console: Specifies the console line.
The following matrix shows the console keyword and hardware compatibility:
Hardware
Keyword compatibility
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
Yes
MSR958(JH300A/JH301A)
Yes
MSR1002-4/1003-8S
No
MSR2003
No
MSR2004-24/2004-48
No
MSR3012/3024/3044/3064
No
MSR4060/4080
Yes
tty: Specifies the TTY line.
vty: Specifies the VTY line.
number2: Specifies the relative number of a user line.
67
The following matrix shows the value ranges for the number2 argument:
Hardware
Value ranges
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
•
•
•
console–0
tty–1 to 320
vty–0 to 63
MSR958(JH300A/JH301A)
•
•
•
console–0
tty–1 to 320
vty–0 to 63
MSR1002-4/1003-8S
•
•
•
aux–0
tty–1 to 320
vty–0 to 63
MSR2003
•
•
•
aux–0 to 1
tty–1 to 640
vty–0 to 63
MSR2004-24/2004-48
•
•
•
aux–0
tty–1 to 640
vty–0 to 63
MSR3012/3024/3044/3064
•
•
•
aux–0
tty–1 to 1408
vty–0 to 63
MSR4060/4080
•
•
•
•
aux–0 to 15
console–0 to 15
tty–1 to 9216
vty–0 to 63
Usage guidelines
This command does not release the line you are using.
This command is an older version reserved for backward compatibility purposes. It has the same
functionality and output as the free line command. As a best practice, use the free line command.
Examples
# Display online users.
<Sysname> display users
Idx
LINE
Idle
Time
Pid
Type
10
VTY 0
00:10:49
Jun 11 11:27:32
320
TEL
+ 11
VTY 1
00:00:00
Jun 11 11:39:40
334
TEL
Following are more details.
VTY 0
:
Location: 192.168.1.12
VTY 1
:
Location: 192.168.1.26
+
: Current operation user.
F
: Current operation user works in async mode.
# Release VTY line 1.
<Sysname> free user-interface vty 1
Are you sure to free line vty1? [Y/N]:y
[OK]
68
history-command max-size
Use history-command max-size to set the size of the command history buffer for a user line.
Use undo history-command max-size to restore the default.
Syntax
history-command max-size size-value
undo history-command max-size
Default
The command history buffer for a user line stores up to 10 history commands.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
size-value: Specifies the maximum number of history commands the buffer can store, in the range of
0 to 256.
Usage guidelines
Each user line uses a separate command history buffer to store commands successfully executed by
its user. The buffer size determines how many history commands the buffer can store.
To display history commands in the buffer for your session, press the up or down arrow key, or
execute the display history-command command. For more information about the command history
buffer, see Fundamentals Configuration Guide.
Terminating a CLI session clears the commands in the command history buffer.
The setting in user line view takes effect immediately for the current session. The setting in user line
class view takes effect for login sessions that are established after the setting is configured.
Examples
# Set the command history buffer size to 20 for the console line 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] history-command max-size 20
idle-timeout
Use idle-timeout to set the CLI connection idle-timeout timer.
Use undo idle-timeout to restore the default.
Syntax
idle-timeout minutes [ seconds ]
undo idle-timeout
Default
The CLI connection idle-timeout timer is 10 minutes.
69
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
minutes: Specifies the number of minutes, in the range of 0 to 35791.
seconds: Specifies the number of seconds, in the range of 0 to 59. The default is 0 seconds.
Usage guidelines
The system automatically terminates a user connection if no information interaction occurs on the
connection within the idle-timeout interval.
To disable the idle-timeout feature, execute the idle-timeout 0 command.
The setting in user line view takes effect immediately for the current session. The setting in user line
class view takes effect for login sessions that are established after the setting is configured.
Examples
# Set the CLI connection idle-timeout timer to 1 minute and 30 seconds for console line 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] idle-timeout 1 30
ip alias
Use ip alias to associate a Telnet redirect listening port with an IP address.
Use undo ip alias to restore the default.
Syntax
ip alias ip-address port-number
undo ip alias ip-address
Default
A Telnet redirect listening port is not associated with an IP address.
Views
System view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the IP address to be associated with the Telnet redirect listening port. The IP
address cannot be the address of an interface on the device, but can belong to the same subnet.
port-number: Specifies a Telnet redirect listening port number in the range of 2000 to 50000.
Usage guidelines
For a user to Telnet to a device through a Telnet redirect server, associate a Telnet redirect listening
port with an IP address of the redirect server. Then, the user only needs to specify the IP address for
the telnet command to Telnet to the destination device. If you do not configure the association, the
user must specify both the IP address and the Telnet redirect listening port number.
70
Examples
# Associate the Telnet redirect listening port 2000 with the IP address 1.1.1.1.
<Sysname> system-view
[Sysname] ip alias 1.1.1.1 2000
Related commands
display tcp (Layer 3—IP Services Command Reference)
redirect enable
redirect listen-port
line
Use line to enter one or multiple user line views.
Syntax
line { first-number1 [ last-number1 ] | { aux | console | tty | vty } first-number2 [ last-number2 ] }
Views
System view
Predefined user roles
network-admin
Parameters
first-number1: Specifies the absolute number of the first user line.
The following matrix shows the value ranges for the first-number1 argument:
Hardware
Value range
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
0 to 384
MSR958(JH300A/JH301A)
0 to 384
MSR1002-4/1003-8S
0 to 384
MSR2003
0 to 705
MSR2004-24/2004-48
0 to 704
MSR3012/3024/3044/3064
0 to 1472
MSR4060/4080
0 to 9311
last-number1: Specifies the absolute number of the last user line. This number cannot be smaller
than first-number1.
The following matrix shows the value ranges for the last-number1 argument:
Hardware
Value range
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
1 to 384
MSR958(JH300A/JH301A)
1 to 384
MSR1002-4/1003-8S
1 to 384
MSR2003
1 to 705
MSR2004-24/2004-48
1 to 704
71
Hardware
Value range
MSR3012/3024/3044/3064
1 to 1472
MSR4060/4080
1 to 9311
aux: Specifies the AUX line.
The following matrix shows the aux keyword and hardware compatibility:
Hardware
Keyword compatibility
MSR958(JH300A/JH301A)
No
MSR1002-4/1003-8S
Yes
MSR2003
Yes
MSR2004-24/2004-48
Yes
MSR3012/3024/3044/3064
Yes
MSR4060/4080
Yes
console: Specifies the console line.
The following matrix shows the console keyword and hardware compatibility:
Hardware
Keyword compatibility
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
Yes
MSR958(JH300A/JH301A)
Yes
MSR1002-4/1003-8S
No
MSR2003
No
MSR2004-24/2004-48
No
MSR3012/3024/3044/3064
No
MSR4060/4080
Yes
tty: Specifies the TTY line.
vty: Specifies the VTY line.
first-number2: Specifies the relative number of the first user line.
The following matrix shows the value ranges for the first-number2 argument:
Hardware
Value ranges
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
•
•
•
console–0
tty–1 to 320
vty–0 to 63
MSR958(JH300A/JH301A)
•
•
•
console–0
tty–1 to 320
vty–0 to 63
MSR1002-4/1003-8S
•
•
•
aux–0
tty–1 to 320
vty–0 to 63
72
Hardware
Value ranges
MSR2003
•
•
•
aux–0 to 1
tty–1 to 640
vty–0 to 63
MSR2004-24/2004-48
•
•
•
aux–0
tty–1 to 640
vty–0 to 63
MSR3012/3024/3044/3064
•
•
•
aux–0
tty–1 to 1408
vty–0 to 63
MSR4060/4080
•
•
•
•
aux–0 to 15
console–0 to 15
tty–1 to 9216
vty–0 to 63
last-number2: Specifies the relative number of the last user line. This number cannot be smaller than
first-number2.
The following matrix shows the value ranges for the last-number2 argument:
Hardware
Value ranges
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
•
•
•
console–0
tty–2 to 320
vty–1 to 63
MSR958(JH300A/JH301A)
•
•
•
console–0
tty–2 to 320
vty–1 to 63
MSR1002-4/1003-8S
•
•
•
aux–0
tty–2 to 320
vty–1 to 63
MSR2003
•
•
•
aux–1
tty–2 to 640
vty–2 to 63
MSR2004-24/2004-48
•
•
•
aux–0
tty–2 to 640
vty–1 to 63
MSR3012/3024/3044/3064
•
•
•
aux–0
tty–2 to 1408
vty–1 to 63
MSR4060/4080
•
•
•
•
aux–1 to 15
console–1 to 15
tty–2 to 9216
vty–1 to 63
Usage guidelines
To configure settings for a single user line, use this command to enter the user line view.
To configure the same settings for multiple user lines, use this command to enter multiple user line
views.
73
Examples
# Enter the view of console line 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0]
# Enter the views of VTY lines 0 to 4.
<Sysname> system-view
[Sysname] line vty 0 4
[Sysname-line-vty0-4]
Related commands
line class
line class
Use line class to enter user line class view.
Syntax
line class { aux | console | tty | vty }
Views
System view
Predefined user roles
network-admin
Parameters
aux: Specifies the AUX line class view.
The following matrix shows the aux keyword and hardware compatibility:
Hardware
Keyword compatibility
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
No
MSR958(JH300A/JH301A)
No
MSR1002-4/1003-8S
Yes
MSR2003
Yes
MSR2004-24/2004-48
Yes
MSR3012/3024/3044/3064
Yes
MSR4060/4080
Yes
console: Specifies the console line class view.
The following matrix shows the console keyword and hardware compatibility:
Hardware
Keyword compatibility
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
Yes
MSR958(JH300A/JH301A)
Yes
MSR1002-4/1003-8S
No
MSR2003
No
74
Hardware
Keyword compatibility
MSR2004-24/2004-48
No
MSR3012/3024/3044/3064
No
MSR4060/4080
Yes
tty: Specifies the TTY line class view.
vty: Specifies the VTY line class view.
Usage guidelines
To configure the same settings for all user lines of a line class, use this command to enter the user
line class view.
In user line class view, you can execute the following commands:
•
activation-key
•
auto-execute command
•
authentication-mode
•
command accounting
•
command authorization
•
escape-key
•
history-command max-size
•
idle-timeout
•
protocol inbound
•
screen-length
•
set authentication password
•
shell
•
terminal type
•
user-role
For commands that are available in both user line view and user line class view, the device uses the
following rules to determine the settings to be activated:
•
A setting in user line view applies only to the user line. A setting in user line class view applies to
all user lines of the class.
•
A non-default setting in either view takes precedence over a default setting in the other view. A
non-default setting in user line view takes precedence over a non-default setting in user line
class view.
•
A setting in user line class view does not take effect for current online users. It takes effect only
for new login users.
Examples
# Set the CLI connection idle-timeout timer to 15 minutes in VTY line class view.
<Sysname> system-view
[Sysname] line class vty
[Sysname-line-class-vty] idle-timeout 15
# In console line class view, configure the character s as the terminal session activation key.
<Sysname> system-view
[Sysname] line class console
[Sysname-line-class-console] activation-key s
[Sysname-line-class-console] quit
75
# In the view of console line 0, restore the default terminal session activation key.
[Sysname] line console 0
[Sysname-line-console0] undo activation-key
Alternatively, you can use the following command:
[Sysname-line-console0] activation-key 13
To verify the configuration:
1.
Exit the session on console line 0.
[Sysname-line-console0] return
<Sysname> quit
2.
Log in again through the user line.
The following message appears:
Press ENTER to get started.
3.
Press Enter.
Pressing Enter does not start a session.
4.
Enter s.
A terminal session is started.
<Sysname>
Related commands
line
lock
Use lock to lock the current user line and set the password for unlocking the line.
Syntax
lock
Default
The system does not lock any user lines.
Views
User view
Predefined user roles
network-admin
Usage guidelines
This command is not supported in FIPS mode.
This command locks the current user line to prevent unauthorized users from using the line. You
must set the password for unlocking the line as prompted. The user line is locked after you enter the
password and confirm the password.
To unlock the user line, press Enter and enter the password you set.
Examples
# Lock the current user line and set the password for unlocking the line.
<Sysname> lock
Please input password<1 to 16> to lock current line:
Password:
Again:
76
locked !
// The user line is locked. To unlock it, press Enter and enter the password:
Password:
<Sysname>
lock-key
Use lock-key to set the user line locking key. Pressing this shortcut key locks the current user line
and enables unlocking authentication.
Use undo lock-key to restore the default.
Syntax
lock-key key-string
undo lock-key
Default
No user line locking key is set.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
key-string: Specifies a shortcut key. It can be a character (case sensitive), or an ASCII code value in
the range of 0 to 127. For example, if you configure lock-key 1, the shortcut key is Ctrl+A. If you
configure lock-key a, the shortcut key is a. For information about ASCII code values of individual
characters, see the standard ASCII code chart. For information about ASCII code values of
combined keys that use the Ctrl key, see Table 6.
Usage guidelines
As a best practice, specify a combined key as the user line locking key. If you specify a single
character as the key, the character acts only as the user line locking key. You cannot type the
character for any commands, keywords, or arguments.
Pressing this shortcut key is equivalent to executing the lock reauthentication command.
This command takes effect immediately.
To display the current user line locking key, use the display current-configuration | include
lock-key command.
Examples
# Set the user line locking key to Ctrl+A for console line 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] lock-key 1
[Sysname-line-console0] quit
To verify the configuration:
1.
Press Ctrl+A.
[Sysname]
77
Please press Enter to unlock the screen.
2.
Press Enter and enter the login password.
Password:
[Sysname]
Related commands
lock reauthentication
lock reauthentication
Use lock reauthentication to lock the current user line and enable unlocking authentication.
Syntax
lock reauthentication
Default
The system does not lock any user lines or initiate reauthentication.
Views
Any view
Predefined user roles
network-admin
Usage guidelines
This command locks the current user line. To unlock the user line, you must press Enter and provide
the login password to pass reauthentication. If you have changed the login password after login, you
must provide the new password. If no login password is set, the system unlocks the user line after
you press Enter.
Examples
# Lock the current user line and enable unlocking authentication.
<Sysname> lock reauthentication
Please press Enter to unlock the screen.
// The user line is locked. To unlock it, press Enter and enter the login password:
Password:
<Sysname>
Related commands
lock-key
parity
Use parity to specify the parity.
Use undo parity to restore the default.
Syntax
parity { even | mark | none | odd | space }
78
undo parity
Default
The setting is none. No parity is used.
Views
User line view
Predefined user roles
network-admin
Parameters
even: Uses even parity.
mark: Uses mark parity.
none: Uses no parity.
odd: Uses odd parity.
space: Uses space parity.
Usage guidelines
This command is not supported in VTY line view.
The configuration terminal and the device must use the same parity.
Examples
# Configure the user line AUX 0 to use odd parity.
<Sysname> system-view
[Sysname] line aux 0
[Sysname-line-aux0] parity odd
protocol inbound
Use protocol inbound to specify the supported protocols.
Use undo protocol inbound to restore the default.
Syntax
In non-FIPS mode:
protocol inbound { all | pad | ssh | telnet }
undo protocol inbound
In FIPS mode:
protocol inbound ssh
undo protocol inbound
Default
In non-FIPS mode, all protocols are supported.
In FIPS mode, SSH is supported.
Views
VTY line view
VTY line class view
79
Predefined user roles
network-admin
Parameters
all: Supports all protocols.
pad: Supports PAD only.
ssh: Supports SSH only.
telnet: Supports Telnet only.
Usage guidelines
A configuration change in user line view does not take effect for the current session. It takes effect for
subsequent login sessions.
Before configuring a user line to support SSH, set the authentication mode to scheme for the user
line. For more information, see authentication-mode.
In VTY line view, this command is associated with the authentication-mode command. If you
specify a non-default value for one of the two commands, the other command uses the default
setting, regardless of the setting in VTY line class view.
Examples
# Enable user lines VTY 0 through VTY 4 to support only SSH.
<Sysname> system-view
[Sysname] line vty 0 4
[Sysname-line-vty0-4] authentication-mode scheme
[Sysname-line-vty0-4] protocol inbound ssh
# Enable SSH support and set the authentication mode to scheme in VTY line class view. Enable
user lines VTY 0 through VTY 4 to support all protocols and disable authentication for the user lines.
<Sysname> system-view
[Sysname] line class vty
[Sysname-line-class-vty] authentication-mode scheme
[Sysname-line-class-vty] protocol inbound ssh
[Sysname-line-class-vty] line vty 0 4
[Sysname-line-vty0-4] authentication-mode none
To verify the configuration:
1.
Telnet to the device.
<Client> telnet 192.168.1.241
Trying 192.168.1.241 ...
Press CTRL+K to abort
Connected to 192.168.1.241 ...
******************************************************************************
* Copyright (c) 2010-2016 Hewlett Packard Enterprise Development LP
*
* Without the owner's prior written consent,
*
* no decompiling or reverse-engineering shall be allowed.
*
******************************************************************************
<Server>
You are logged in without authentication.
2.
Display online CLI user information.
<Server> display users
80
Idx
+ 50
Line
Idle
Time
Pid
Type
VTY 0
00:00:00
Jan 17 15:29:27
189
TEL
Following are more details.
VTY 0
:
Location: 192.168.1.186
+
: Current operation user.
F
: Current operation user works in async mode.
The output shows that you are using VTY 0. The configuration in user line view is effective.
redirect disconnect
Use redirect disconnect to manually terminate redirected Telnet connections.
Syntax
redirect disconnect
Views
AUX line view
TTY line view
Predefined user roles
network-admin
Examples
# Manually terminate the redirected Telnet connection on TTY line 1.
<Sysname> system-view
[Sysname] line tty 1
[Sysname-line-tty1] redirect disconnect
redirect enable
Use redirect enable to enable Telnet redirect for a user line.
Use undo redirect enable to disable Telnet redirect for a user line.
Syntax
redirect enable
undo redirect enable
Default
Telnet redirect is disabled for a user line.
Views
AUX line view
TTY line view
Predefined user roles
network-admin
Usage guidelines
The redirect server feature allows Telnet users to Telnet to a destination device without knowing the
destination device's IP addresses. For more information, see Fundamentals Configuration Guide.
81
The user line connected to the destination device must use the same transmission rate and number
of stop bits as the destination device. To change the transmission rate for the user line, use the
speed command. To identify whether the user line and the destination device are using the same
number of stop bits, use the stopbit-error intolerance command. To change the number of stop bits,
use the stopbits command.
Examples
# Enable Telnet redirect for TTY line 7.
<Sysname> system-view
[Sysname] line tty 7
[Sysname-line-tty7] redirect enable
Related commands
display tcp (Layer 3—IP Services Command Reference)
redirect disconnect
redirect listen-port
telnet
redirect listen-port
Use redirect listen-port to specify a Telnet redirect listening port.
Use undo redirect listen-port to restore the default.
Syntax
redirect listen-port port-number
undo redirect listen-port
Default
The Telnet redirect listening port number is the absolute user line number plus 2000.
Views
AUX line view
TTY line view
Predefined user roles
network-admin
Parameters
port-number: Specifies the number of the Telnet redirect listening port, in the range of 2000 to 50000.
Usage guidelines
The device redirects only Telnet connection requests destined for the Telnet redirect listening port.
Examples
# Set the Telnet redirect listening port number to 3000.
<Sysname> system-view
[Sysname] line tty 1
[Sysname-line-tty1] redirect listen-port 3000
Related commands
display tcp (Layer 3—IP Services Command Reference)
redirect enable
82
redirect passthrough
Use redirect passthrough to enable the passthrough packet redirect mode.
Use undo redirect passthrough to restore the default.
Syntax
redirect passthrough
undo redirect passthrough
Default
The passthrough packet redirect mode is disabled. The Telnet redirect server processes packets as
dictated by the standard Telnet protocol before sending the packets to the destination device.
Views
AUX line view
TTY line view
Predefined user roles
network-admin
Usage guidelines
In passthrough mode, the Telnet redirect server forwards packets without processing the packets.
If the Telnet user and the destination device are not using the standard Telnet protocol, you must set
the packet redirect mode to passthrough on the redirect server.
Examples
# Enable the passthrough packet redirect mode for TTY line 1.
<Sysname> system-view
[Sysname] line tty 1
[Sysname-line-tty1] redirect passthrough
Related commands
redirect disconnect
redirect enable
redirect refuse-negotiation
Use redirect refuse-negotiation to disable Telnet option negotiation for Telnet redirect.
Use undo redirect refuse-negotiation to restore the default.
Syntax
redirect refuse-negotiation
undo redirect refuse-negotiation
Default
Telnet option negotiation is enabled.
Views
AUX line view
TTY line view
83
Predefined user roles
network-admin
Usage guidelines
When Telnet option negotiation is enabled, a Telnet option negotiation occurs during the redirect
connection establishment process.
Examples
# Disable Telnet option negotiation for Telnet redirect on TTY line 1.
<Sysname> system-view
[Sysname] line tty 1
[Sysname-line-tty1] redirect refuse-negotiation
Related commands
redirect enable
redirect timeout
Use redirect timeout to set the idle-timeout timer for the redirected Telnet connection.
Use undo redirect timeout to restore the default.
Syntax
redirect timeout time
undo redirect timeout
Default
The idle-timeout timer is 360 seconds.
Views
AUX line view
TTY line view
Predefined user roles
network-admin
Parameters
time: Specifies the idle-timeout timer in seconds. The value range is 30 to 86400. To disable the
timeout mechanism, set the timeout timer to 0.
Usage guidelines
If no data is received from a Telnet client before the timer expires, the user line terminates the
redirected connection.
Examples
# Set the idle-timeout timer to 200 seconds for the redirected Telnet connection.
<Sysname> system-view
[Sysname] line tty 1
[Sysname-line-tty1] redirect timeout 200
Related commands
redirect enable
84
screen-length
Use screen-length to set the maximum number of lines of command output to send to the terminal
at a time when the screen pausing feature is enabled.
Use undo screen-length to restore the default.
Syntax
screen-length screen-length
undo screen-length
Default
A maximum of 24 lines are sent.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
screen-length: Specifies the maximum number of lines to send, in the range of 0 to 512. To send
command output without pausing, set the number to 0 or execute the screen-length disable
command.
Usage guidelines
The number of lines that can be displayed on the terminal screen is restricted by both this setting and
the display specification of the terminal. For example, if this setting is 40, the device sends 40 lines to
the terminal at a time. If the terminal display specification is 24 lines, only the last 24 lines are
displayed on the terminal screen. To view the previous 16 lines, you must press PgUp.
To continue to display command output after a pause, press the space bar.
The setting in user line view takes effect immediately for the current session. The setting in user line
class view takes effect for login sessions that are established after the setting is configured.
Examples
# Set the maximum number of lines to send at a time to 30 for console line 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] screen-length 30
Related commands
screen-length disable
send
Use send to send messages to online login users.
Syntax
send { all | number1 | { aux | console | tty | vty } number2 }
Views
User view
85
Predefined user roles
network-admin
Parameters
all: Specifies all user lines.
number1: Specifies the absolute number of a user line.
The following matrix shows the value ranges for the number1 argument:
Hardware
Value range
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
0 to 384
MSR958(JH300A/JH301A)
0 to 384
MSR1002-4/1003-8S
0 to 384
MSR2003
0 to 705
MSR2004-24/2004-48
0 to 704
MSR3012/3024/3044/3064
0 to 1472
MSR4060/4080
0 to 9311
aux: Specifies the AUX line.
The following matrix shows the aux keyword and hardware compatibility:
Hardware
Keyword compatibility
MSR958(JH300A/JH301A)
No
MSR1002-4/1003-8S
Yes
MSR2003
Yes
MSR2004-24/2004-48
Yes
MSR3012/3024/3044/3064
Yes
MSR4060/4080
Yes
console: Specifies the console line.
The following matrix shows the console keyword and hardware compatibility:
Hardware
Keyword compatibility
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
Yes
MSR958(JH300A/JH301A)
Yes
MSR1002-4/1003-8S
No
MSR2003
No
MSR2004-24/2004-48
No
MSR3012/3024/3044/3064
No
MSR4060/4080
Yes
tty: Specifies the TTY line.
vty: Specifies the VTY line.
86
number2: Specifies the relative number of a user line.
The following matrix shows the value ranges for the number2 argument:
Hardware
Value ranges
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
•
•
•
console–0
tty–1 to 320
vty–0 to 63
MSR958(JH300A/JH301A)
•
•
•
console–0
tty–1 to 320
vty–0 to 63
MSR1002-4/1003-8S
•
•
•
aux–0
tty–1 to 320
vty–0 to 63
MSR2003
•
•
•
aux–0 to 1
tty–1 to 640
vty–0 to 63
MSR2004-24/2004-48
•
•
•
aux–0
tty–1 to 640
vty–0 to 63
MSR3012/3024/3044/3064
•
•
•
aux–0
tty–1 to 1408
vty–0 to 63
MSR4060/4080
•
•
•
•
aux–0 to 15
console–0 to 15
tty–1 to 9216
vty–0 to 63
Usage guidelines
You can use this command to send notifications to online users before performing an operation that
might affect other online users, for example, before rebooting the device.
To end a message, press Enter. To abort the send operation, press Ctrl+C.
Examples
# Send a notification to the user on VTY 1.
<Sysname> send vty 1
Input message, end with Enter; abort with CTRL+C:
Your attention, please. I will reboot the system in 3 minutes.
Send message? [Y/N]:y
The message should appear on the user's terminal screen as follows:
[Sysname]
***
***
***Message from vty0 to vty1
***
Your attention, please. I will reboot the system in 3 minutes.
87
set authentication password
Use set authentication password to set the password for local password authentication.
Use undo set authentication password to restore the default.
Syntax
set authentication password { hash | simple } string
undo set authentication password
Default
No password is set for local password authentication.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
hash: Specifies a password in hashed form.
simple: Sets a password in plaintext form. For security purposes, the password specified in plaintext
form will be stored in hashed form.
string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 16 characters. Its
hashed form is a case-sensitive string of 1 to 110 characters.
Usage guidelines
This command is not supported in FIPS mode.
This command is available in both user line view and user line class view. A non-default setting in
either view takes precedence over a default setting in the other view. A non-default setting in user
line view takes precedence over a non-default setting in user line class view.
A password change does not take effect for the current session. It takes effect for subsequent login
sessions.
Examples
# Set the password to hello for local password authentication on console line 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] authentication-mode password
[Sysname-line-console0] set authentication password simple hello
Related commands
authentication-mode
shell
Use shell to enable the terminal service for user lines.
Use undo shell to disable the terminal service for user lines.
Syntax
shell
88
undo shell
Default
The terminal service is enabled on all user lines.
Views
User line view
User line class view
Predefined user roles
network-admin
Usage guidelines
The undo shell command is not supported in console line view or console line class view.
The undo shell command is not supported in AUX line view or AUX line class view.
You cannot disable the terminal service on the user line you are using.
When the device acts as a Telnet or SSH server, you cannot configure the undo shell command.
If the undo shell command is configured in user line class view, you cannot configure the shell
command in the view of a user line in the class.
When terminal service is enabled, a user line can be used for device login. If the device is acting as
the redirect server, the user line can also be used for the redirect service. However, the user line can
be used for only one purpose at a time.
Examples
# Disable the terminal service for VTY lines VTY 0 through 4 so no user can log in to the device
through the user lines.
<Sysname> system-view
[Sysname] line vty 0 4
[Sysname-line-vty0-4] undo shell
Disable ui-vty0-4 , are you sure? [Y/N]:y
[Sysname-line-vty0-4]
speed
Use speed to set the transmission rate (also called the baud rate) on a user line.
Use undo speed to restore the default.
Syntax
speed speed-value
undo speed
Default
The transmission rate is 9600 bps on a user line.
Views
User line view
Predefined user roles
network-admin
89
Parameters
speed-value: Specifies the transmission rate in bps. Supported transmission rates depend on the
device model and configuration environment. The transmission rates for asynchronous serial
interfaces might include:
•
300 bps.
•
600 bps.
•
1200 bps.
•
2400 bps.
•
4800 bps.
•
9600 bps.
•
19200 bps.
•
38400 bps.
•
57600 bps.
•
115200 bps.
Usage guidelines
This command is not supported in VTY line view.
The configuration terminal and the device must be configured with the same transmission rate to
communicate.
Examples
# Set the transmission rate to 19200 bps for AUX line 0.
<Sysname> system-view
[Sysname] line aux 0
[Sysname-line-aux0] speed 19200
stopbit-error intolerance
Use stopbit-error intolerance to enable stop bit setting consistency detection.
Use undo stopbit-error intolerance to disable stop bit setting consistency detection.
Syntax
stopbit-error intolerance
undo stopbit-error intolerance
Default
Stop bit setting consistency detection is disabled.
Views
User line view
Predefined user roles
network-admin
Usage guidelines
This command is not supported in VTY line view.
When stop bit setting consistency detection is enabled, the device discards packets on the line if the
terminal is using a different stop bit setting than the line.
90
Examples
# Enable stop bit setting consistency detection for AUX line 0.
<Sysname> system-view
[Sysname] line aux 0
[Sysname-line-aux0] stopbit-error intolerance
stopbits
Use stopbits to specify the number of stop bits for a character.
Use undo stopbits to restore the default.
Syntax
stopbits { 1 | 1.5 | 2 }
undo stopbits
Default
One stop bit is used.
Views
User line view
Predefined user roles
network-admin
Parameters
1: Uses one stop bit.
1.5: Uses one and a half stop bits. The device does not support using one and a half stop bits. If you
specify this keyword, two stop bits are used.
2: Uses two stop bits.
Usage guidelines
This command is not supported in VTY line view.
The configuration terminal and the device must use the same number of stop bits to communicate.
Examples
# Set the number of stop bits to 1 for AUX line 0.
<Sysname> system-view
[Sysname] line aux 0
[Sysname-line-aux0] stopbits 1
telnet
Use telnet to Telnet to a host in an IPv4 network.
Syntax
telnet remote-host [ service-port ] [ vpn-instance vpn-instance-name ] [ source { interface
interface-type interface-number | ip ip-address } ] [ dscp dscp-value ]
Views
User view
91
Predefined user roles
network-admin
Parameters
remote-host: Specifies the IPv4 address or host name of a remote host. A host name can be a
case-insensitive string of 1 to 253 characters. Valid characters include letters, digits, hyphens (-),
underscores (_), and dots (.).
service-port: Specifies the TCP port number for the Telnet service on the remote host. The value
range is 0 to 65535 and the default is 23.
vpn-instance vpn-instance-name: Specifies the VPN instance to which the remote host belongs,
where vpn-instance-name is a case-sensitive string of 1 to 31 characters. If the remote host belongs
to the public network, do not specify this option.
source: Specifies a source IPv4 address or source interface for outgoing Telnet packets. If you do
not specify this option, the device uses the primary IPv4 address of the output interface for the route
to the server as the source address.
interface interface-type interface-number: Specifies the source interface. The primary IPv4 address
of the interface will be used as the source IPv4 address for outgoing Telnet packets.
ip ip-address: Specifies the source IPv4 address for outgoing Telnet packets.
dscp dscp-value: Specifies a DSCP value for outgoing Telnet packets. The value range is 0 to 63.
The default is 48.
Usage guidelines
This command is not supported in FIPS mode.
To terminate the current Telnet connection, press Ctrl+K or execute the quit command.
The source address or interface specified by this command is applied only to the Telnet connection
that is being established.
Examples
# Telnet to host 1.1.1.2, using 1.1.1.1 as the source IP address for outgoing Telnet packets.
<Sysname> telnet 1.1.1.2 source ip 1.1.1.1
Related commands
telnet client source
telnet client source
Use telnet client source to specify a source IPv4 address or source interface for the Telnet client to
use for outgoing Telnet packets.
Use undo telnet client source to restore the default.
Syntax
telnet client source { interface interface-type interface-number | ip ip-address }
undo telnet client source
Default
No source IPv4 address or source interface is specified. The Telnet client uses the primary IPv4
address of the output interface for the route to the server as the source IPv4 address.
Views
System view
92
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Specifies a source interface. The primary IPv4 address of
the interface will be used as the source IPv4 address for outgoing Telnet packets.
ip ip-address: Specifies a source IPv4 address.
Usage guidelines
This command is not supported in FIPS mode.
The setting configured by this command applies to all Telnet connections but has a lower
precedence than the source setting specified for the telnet command.
Examples
# Set the source IPv4 address to 1.1.1.1 for outgoing Telnet packets.
<Sysname> system-view
[Sysname] telnet client source ip 1.1.1.1
Related commands
display telnet client configuration
telnet ipv6
Use telnet ipv6 to Telnet to a host in an IPv6 network.
Syntax
telnet ipv6 remote-host [ -i interface-type interface-number ] [ port-number ] [ vpn-instance
vpn-instance-name ] [ source { interface interface-type interface-number | ipv6 ipv6-address } ]
[ dscp dscp-value ]
Views
User view
Predefined user roles
network-admin
Parameters
remote-host: Specifies the IPv6 address or host name of a remote host. A host name can be a
case-insensitive string of 1 to 253 characters. Valid characters include letters, digits, hyphens (-),
underscores (_), and dots (.).
-i interface-type interface-number: Specifies the interface for sending Telnet packets. This option is
required when the remote host address is a link-local address. When the server address is a global
unicast address, you cannot specify this option.
port-number: Specifies the TCP port number for the Telnet service on the remote host. The value
range is 0 to 65535 and the default is 23.
vpn-instance vpn-instance-name: Specifies the VPN instance to which the remote host belongs,
where vpn-instance-name is a case-sensitive string of 1 to 31 characters. If the remote host belongs
to the public network, do not specify this option.
source: Specifies a source IPv6 address or source interface for outgoing Telnet packets. If you do
not specify this option, the device uses the primary IPv6 address of the output interface for the route
to the server as the source address.
interface interface-type interface-number: Specifies the source interface. The primary IPv6 address
of the interface will be used as the source IPv6 address for outgoing Telnet packets.
93
ipv6 ipv6-address: Specifies the source IPv6 address for outgoing Telnet packets.
dscp dscp-value: Specifies a DSCP value for outgoing Telnet packets. The value range is 0 to 63.
The default is 48.
Usage guidelines
This command is not supported in FIPS mode.
To terminate the current Telnet connection, press Ctrl+K or execute the quit command.
Examples
# Telnet to the host at 5000::1.
<Sysname> telnet ipv6 5000::1
# Telnet to the host at 2000::1. Use 1000::1 as the source address for outgoing Telnet packets.
<Sysname> telnet ipv6 2000::1 source ipv6 1000::1
telnet server acl
Use telnet server acl to apply an ACL to filter Telnet logins.
Use undo telnet server acl to restore the default.
Syntax
telnet server acl [ mac ] acl-number
undo telnet server acl
Default
No ACL is used to filter Telnet logins.
Views
System view
Predefined user roles
network-admin
Parameters
mac: Specifies a Layer 2 ACL. To specify an ACL of a different type, do not specify this keyword.
acl-number: Specifies an ACL by its number. If you specify the mac keyword, the value range of this
argument is 4000 to 4999. If you do not specify the mac keyword, the value range of this argument is
2000 to 3999.
Usage guidelines
This command is not supported in FIPS mode.
This command does not take effect on existing Telnet connections.
You can specify an ACL that does not exist for this command. However, this command takes effect
only after you create the ACL and configure rules for the ACL.
If you execute this command multiple times, the most recent configuration takes effect.
For more information about ACL, see ACL and QoS Configuration Guide.
Examples
# Permit only the user at 1.1.1.1 to Telnet to the device.
<Sysname> system-view
[Sysname] acl basic 2001
[Sysname-acl-ipv4-basic-2001] rule permit source 1.1.1.1 0
94
[Sysname-acl-ipv4-basic-2001] quit
[Sysname] telnet server acl 2001
telnet server dscp
Use telnet server dscp to specify the DSCP value for IPv4 to use for Telnet packets sent to a Telnet
client.
Use undo telnet server dscp to restore the default.
Syntax
telnet server dscp dscp-value
undo telnet server dscp
Default
IPv4 uses the DSCP value 48 for Telnet packets sent to a Telnet client.
Views
System view
Predefined user roles
network-admin
Parameters
dscp-value: Specifies a DSCP value in the range of 0 to 63.
Usage guidelines
This command is not supported in FIPS mode.
The DSCP value is carried in the ToS field of an IPv4 packet to indicate the packet transmission
priority.
Examples
# Set the DSCP value for IPv4 to use for outgoing Telnet packets to 30 on a Telnet server.
<Sysname> system-view
[Sysname] telnet server dscp 30
telnet server enable
Use telnet server enable to enable the Telnet server.
Use undo telnet server enable to disable the Telnet server.
Syntax
telnet server enable
undo telnet server enable
Default
The Telnet server is disabled.
Views
System view
Predefined user roles
network-admin
95
Usage guidelines
This command is not supported in FIPS mode.
Users can Telnet to the device only when the Telnet server is enabled.
Examples
# Enable the Telnet server.
<Sysname> system-view
[Sysname] telnet server enable
telnet server ipv6 acl
Use telnet server ipv6 acl to apply an IPv6 ACL to filter IPv6 Telnet logins.
Use undo telnet server ipv6 acl to restore the default.
Syntax
telnet server ipv6 acl { ipv6 | mac } acl-number
undo telnet server ipv6 acl
Default
No IPv6 ACL is used to filter IPv6 Telnet logins.
Views
System view
Predefined user roles
network-admin
Parameters
ipv6: Specifies an IPv6 ACL.
mac: Specifies a Layer 2 ACL. To specify an ACL of a different type, do not specify this keyword.
acl-number: Specifies an ACL by its number. If you specify the ipv6 keyword, the value range of this
argument is 2000 to 3999. If you specify the mac keyword, the value range of this argument is 4000
to 4999.
Usage guidelines
This command is not supported in FIPS mode.
This command does not take effect on existing Telnet connections.
You can specify an ACL that does not exist for this command. However, this command takes effect
only after you create the ACL and configure rules for the ACL.
If you execute this command multiple times, the most recent configuration takes effect.
For more information about ACL, see ACL and QoS Configuration Guide.
Examples
# Permit only the user at 2000::1 to Telnet to the device.
<Sysname> system-view
[Sysname] acl ipv6 basic 2001
[Sysname-acl6-ipv6-basic-2001] rule permit source 2000::1 128
[Sysname-acl6-ipv6-basic-2001] quit
[Sysname] telnet server ipv6 acl ipv6 2001
96
telnet server ipv6 dscp
Use telnet server ipv6 dscp to specify the DSCP value for IPv6 to use for Telnet packets sent to a
Telnet client.
Use undo telnet server ipv6 dscp to restore the default.
Syntax
telnet server ipv6 dscp dscp-value
undo telnet server ipv6 dscp
Default
IPv6 uses the DSCP value 48 for Telnet packets sent to a Telnet client.
Views
System view
Predefined user roles
network-admin
Parameters
dscp-value: Specifies a DSCP value in the range of 0 to 63.
Usage guidelines
This command is not supported in FIPS mode.
The DSCP value is carried in the Traffic class field of an IPv6 packet to indicate the packet
transmission priority.
Examples
# Set the DSCP value for IPv6 to use for outgoing Telnet packets to 30 on a Telnet server.
<Sysname> system-view
[Sysname] telnet server ipv6 dscp 30
telnet server ipv6 port
Use telnet server ipv6 port to specify the IPv6 Telnet service port number.
Use undo telnet server ipv6 port to restore the default.
Syntax
telnet server ipv6 port port-number
undo telnet server ipv6 port
Default
The IPv6 Telnet service port number is 23.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
port-number: Specifies a port number. The value can be 23 or in the range of 1025 to 65535.
97
Usage guidelines
This command terminates all Telnet connections to the IPv6 Telnet server. To use the Telnet service,
you must reestablish Telnet connections.
Examples
# Set the IPv6 Telnet service port number to 1026.
<Sysname> system-view
[Sysname] telnet server ipv6 port 1026
telnet server port
Use telnet server port to specify the IPv4 Telnet service port number.
Use undo telnet server port to restore the default.
Syntax
telnet server port port-number
undo telnet server port
Default
The IPv4 Telnet service port number is 23.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
port-number: Specifies a port number. The value can be 23 or in the range of 1025 to 65535.
Usage guidelines
This command terminates all Telnet connections to the IPv4 Telnet server. To use the Telnet service,
you must reestablish Telnet connections.
Examples
# Set the IPv4 Telnet service port number to 1025.
<Sysname> system-view
[Sysname] telnet server port 1025
terminal type
Use terminal type to specify the terminal display type.
Use undo terminal type to restore the default.
Syntax
terminal type { ansi | vt100 }
undo terminal type
Default
The terminal display type is ANSI.
98
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
ansi: Specifies the ANSI type.
vt100: Specifies the VT100 type.
Usage guidelines
The device supports two terminal display types: ANSI and VT100. As a best practice, specify the
VT100 type on both the device and the configuration terminal. If either side uses the ANSI type, a
display problem might occur when a command line has more than 80 characters. For example, a
cursor positioning error might occur.
This command is available in both user line view and user line class view. A non-default setting in
either view takes precedence over a default setting in the other view. A non-default setting in user
line view takes precedence over a non-default setting in user line class view.
A terminal display type change does not take effect for the current session. It takes effect for
subsequent login sessions.
Examples
# Set the terminal display type to VT100.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] terminal type vt100
user-interface
Use user-interface to enter one or multiple user line views.
Syntax
user-interface { first-number1 [ last-number1 ] | { aux | console | tty | vty } first-number2
[ last-number2 ] }
Views
System view
Predefined user roles
network-admin
Parameters
first-number1: Specifies the absolute number of the first user line.
The following matrix shows the value ranges for the first-number1 argument:
Hardware
Value range
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
0 to 384
MSR958(JH300A/JH301A)
0 to 384
MSR1002-4/1003-8S
0 to 384
MSR2003
0 to 705
99
Hardware
Value range
MSR2004-24/2004-48
0 to 704
MSR3012/3024/3044/3064
0 to 1472
MSR4060/4080
0 to 9311
last-number1: Specifies the absolute number of the last user line. This number cannot be smaller
than first-number1.
The following matrix shows the value ranges for the last-number1 argument:
Hardware
Value range
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
1 to 384
MSR958(JH300A/JH301A)
1 to 384
MSR1002-4/1003-8S
1 to 384
MSR2003
1 to 705
MSR2004-24/2004-48
1 to 704
MSR3012/3024/3044/3064
1 to 1472
MSR4060/4080
1 to 9311
aux: Specifies the AUX line.
The following matrix shows the aux keyword and hardware compatibility:
Hardware
Keyword compatibility
MSR958(JH300A/JH301A)
No
MSR1002-4/1003-8S
Yes
MSR2003
Yes
MSR2004-24/2004-48
Yes
MSR3012/3024/3044/3064
Yes
MSR4060/4080
Yes
console: Specifies the console line.
The following matrix shows the console keyword and hardware compatibility:
Hardware
Keyword compatibility
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
Yes
MSR958(JH300A/JH301A)
Yes
MSR1002-4/1003-8S
No
MSR2003
No
MSR2004-24/2004-48
No
MSR3012/3024/3044/3064
No
MSR4060/4080
Yes
tty: Specifies the TTY line.
100
vty: Specifies the VTY line.
first-number2: Specifies the relative number of the first user line.
The following matrix shows the value ranges for the first-number2 argument:
Hardware
Value ranges
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
•
•
•
console–0
tty–1 to 320
vty–0 to 63
MSR958(JH300A/JH301A)
•
•
•
console–0
tty–1 to 320
vty–0 to 63
MSR1002-4/1003-8S
•
•
•
aux–0
tty–1 to 320
vty–0 to 63
MSR2003
•
•
•
aux–0 to 1
tty–1 to 640
vty–0 to 63
MSR2004-24/2004-48
•
•
•
aux–0
tty–1 to 640
vty–0 to 63
MSR3012/3024/3044/3064
•
•
•
aux–0
tty–1 to 1408
vty–0 to 63
MSR4060/4080
•
•
•
•
aux–0 to 15
console–0 to 15
tty–1 to 9216
vty–0 to 63
last-number2: Specifies the relative number of the last user line. This number cannot be smaller than
first-number2.
The following matrix shows the value ranges for the last-number2 argument:
Hardware
Value ranges
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
•
•
•
console–0
tty–2 to 320
vty–1 to 63
MSR958(JH300A/JH301A)
•
•
•
console–0
tty–2 to 320
vty–1 to 63
MSR1002-4/1003-8S
•
•
•
aux–0
tty–2 to 320
vty–1 to 63
MSR2003
•
•
•
aux–1
tty–2 to 640
vty–2 to 63
MSR2004-24/2004-48
•
•
•
aux–0
tty–2 to 640
vty–1 to 63
101
Hardware
Value ranges
MSR3012/3024/3044/3064
•
•
•
aux–0
tty–2 to 1408
vty–1 to 63
MSR4060/4080
•
•
•
•
aux–1 to 15
console–1 to 15
tty–2 to 9216
vty–1 to 63
Usage guidelines
This command is an older version reserved for backward compatibility purposes. It has the same
functionality and output as the line command. As a best practice, use the line command.
To configure settings for a single user line, use this command to enter the user line view.
To configure the same settings for multiple user lines, use this command to enter multiple user line
views.
Examples
# Enter the view of console line 0.
<Sysname> system-view
[Sysname] user-interface console 0
[Sysname-line-console0]
# Enter the views of VTY lines 0 to 4.
<Sysname> system-view
[Sysname] user-interface vty 0 4
[Sysname-line-vty0-4]
Related commands
user-interface class
user-interface class
Use user-interface class to enter user line class view.
Syntax
user-interface class { aux | console | tty | vty }
Views
System view
Predefined user roles
network-admin
Parameters
aux: Specifies the AUX line class view.
The following matrix shows the aux keyword and hardware compatibility:
Hardware
Keyword compatibility
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
No
MSR958(JH300A/JH301A)
No
102
Hardware
Keyword compatibility
MSR1002-4/1003-8S
Yes
MSR2003
Yes
MSR2004-24/2004-48
Yes
MSR3012/3024/3044/3064
Yes
MSR4060/4080
Yes
console: Specifies the console line class view.
The following matrix shows the console keyword and hardware compatibility:
Hardware
Keyword compatibility
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
Yes
MSR958(JH300A/JH301A)
Yes
MSR1002-4/1003-8S
No
MSR2003
No
MSR2004-24/2004-48
No
MSR3012/3024/3044/3064
No
MSR4060/4080
Yes
tty: Specifies the TTY line class view.
vty: Specifies the VTY line class view.
Usage guidelines
This command is an older version reserved for backward compatibility purposes. It has the same
functionality and output as the line class command. As a best practice, use the line class
command.
To configure the same settings for all user lines of a line class, you can use this command to enter
the user line class view.
The following commands are available in user line class view:
•
activation-key
•
auto-execute command
•
authentication-mode
•
command accounting
•
command authorization
•
escape-key
•
history-command max-size
•
idle-timeout
•
protocol inbound
•
screen-length
•
set authentication password
•
shell
•
terminal type
•
user-role
103
For commands that are available in both user line view and user line class view, the device uses the
following rules to determine the settings to be activated:
•
A setting in user line view applies only to the user line. A setting in user line class view applies to
all user lines of the class.
•
A non-default setting in either view takes precedence over a default setting in the other view. A
non-default setting in user line view takes precedence over a non-default setting in user line
class view.
•
A setting in user line class view does not take effect for current online users. It takes effect only
for new login users.
Examples
# Set the CLI connection idle-timeout timer to 15 minutes in VTY line class view.
<Sysname> system-view
[Sysname] user-interface class vty
[Sysname-line-class-vty] idle-timeout 15
# In console line class view, configure the character s as the terminal session activation key.
<Sysname> system-view
[Sysname] user-interface class console
[Sysname-line-class-console] activation-key s
[Sysname-line-class-console] quit
# In the view of console line 0, restore the default terminal session activation key.
[Sysname] user-interface console 0
[Sysname-line-console0] undo activation-key
Alternatively, you can use the following command:
[Sysname-line-console0] activation-key 13
To verify the configuration:
1.
Exit the session on console line 0.
[Sysname-line-console0] return
<Sysname> quit
2.
Log in again through the console line.
The following message appears:
Press ENTER to get started.
3.
Press Enter.
Pressing Enter does not start a session.
4.
Enter s.
A terminal session is started.
<Sysname>
Related commands
user-interface
user-role
Use user-role to assign a user role to a user line. The device assigns the user role to a user of the
line when the user logs in.
Use undo user-role to remove a user role or restore the default.
104
Syntax
user-role role-name
undo user-role [ role-name ]
Default
A console line user is assigned the network-admin user role. Users of other user lines are assigned
the network-operator user role.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters. The user role
can be user-defined or predefined. Available predefined user roles include network-admin,
network-operator, and level-0 to level-15. The predefined security-audit user role is available only in
local user view. If you do not specify this argument, the undo user-role command restores the
default user role.
Usage guidelines
This command is not supported in FIPS mode.
This command is available in both user line view and user line class view. A non-default setting in
either view takes precedence over a default setting in the other view. A non-default setting in user
line view takes precedence over a non-default setting in user line class view.
A user role change does not take effect for the current session. It takes effect for subsequent login
sessions.
You can assign up to 64 user roles to a user line.
For more information about user roles, see "Configuring RBAC."
Examples
# Assign the network-admin user role to AUX line 0.
<Sysname> system-view
[Sysname] line aux 0
[Sysname-line-aux0] user-role network-admin
105
FTP commands
Commands and descriptions for centralized devices apply to the following routers:
•
MSR1002-4/1003-8S.
•
MSR2003.
•
MSR2004-24/2004-48.
•
MSR3012/3024/3044/3064.
•
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A).
•
MSR958(JH300A/JH301A).
Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers.
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for
features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more
information about FIPS mode, see Security Configuration Guide.
FTP is not supported in FIPS mode.
FTP server commands
display ftp-server
Use display ftp-server to display FTP server configuration and status information.
Syntax
display ftp-server
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display FTP server configuration and status information.
<Sysname> display ftp-server
FTP server is running.
User count:
1
Idle-timeout timer (in minutes):
30
Table 12 Command output
Field
Description
User count
Number of the current logged-in users.
Idle-timeout timer (in minutes)
If no packet is exchanged between the FTP server and client during
this period, the FTP connection is closed.
Related commands
ftp server enable
106
ftp timeout
display ftp-user
Use display ftp-user to display detailed information about online FTP users.
Syntax
display ftp-user
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display detailed information about online FTP users.
<Sysname> display ftp-user
UserName
HostIP
Port
HomeDir
root
192.168.20.184
46539
flash:
A field value is wrapped if its length exceeds the limit. The segments are left justified.
The following are the length limits for fields:
•
UserName—10 characters.
•
HostIP—15 characters.
•
HomeDir—37 characters.
<Sysname> display ftp-user
UserName
HostIP
Port
HomeDir
user2
2000:2000:2000:
1499
flash:/user2
10001
flash:/123456789/123456789/123456789/
2000:2000:2000:
2000:2000
administra
100.100.100.100
tor
123456789/123456789/123456789/1234567
89/123456789
Table 13 Command output
Field
Description
UserName
Name of the user.
HostIP
IP address of the user.
Port
Port number of the user.
HomeDir
Authorized directory for the user.
free ftp user
Use free ftp user to manually release the FTP connections established by using a specific user
account.
107
Syntax
free ftp user username
Views
User view
Predefined user roles
network-admin
Parameters
username: Specifies a username. To display online FTP users, execute the display ftp-user
command.
Examples
# Release the FTP connections established by using the user account ftpuser.
<Sysname> free ftp user ftpuser
Are you sure to free FTP connection? [Y/N]:y
<Sysname>
free ftp user-ip
Use free ftp user-ip to manually release the FTP connections established from a specific IPv4
address.
Syntax
free ftp user-ip ip-address [ port port ]
Views
User view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the source IP address of an FTP connection. To view the source IP addresses
of FTP connections, execute the display ftp-user command.
port port: Specifies the source port of an FTP connection. To view the source ports of FTP
connections, execute the display ftp-user command.
Examples
# Release the FTP connections established from the IP address 192.168.20.184.
<Sysname> free ftp user-ip 192.168.20.184
Are you sure to free FTP connection? [Y/N]:y
<Sysname>
free ftp user-ip ipv6
Use free ftp user-ip ipv6 to manually release the FTP connections established from a specific IPv6
address.
Syntax
free ftp user-ip ipv6 ipv6-address [ port port ]
108
Views
User view
Predefined user roles
network-admin
Parameters
ipv6-address: Specifies the source IPv6 address of an FTP connection. To view the source IPv6
addresses of FTP connections, execute the display ftp-user command.
port port: Specifies the source port of an FTP connection. To view the source ports of FTP
connections, execute the display ftp-user command.
Examples
# Release the FTP connections established from IPv6 address 2000::154.
<Sysname> free ftp user-ip ipv6 2000::154
Are you sure to free FTP connection? [Y/N]:y
<Sysname>
ftp server acl
Use ftp server acl to use an ACL to control FTP clients' access to the FTP server.
Use undo ftp server acl to restore the default.
Syntax
ftp server acl { ipv4-acl-number | ipv6 ipv6-acl-number }
undo ftp server acl [ ipv6 ]
Default
No ACL is used to control FTP clients' access to the FTP server.
Views
System view
Predefined user roles
network-admin
Parameters
ipv4-acl-number: Specifies an IPv4 ACL number in the range of 2000 to 3999.
ipv6 ipv6-acl-number: Specifies an IPv6 ACL number in the range of 2000 to 3999.
Usage guidelines
You can use this command to permit only FTP requests from specific FTP clients. This configuration
takes effect only for FTP connections to be established. It does not impact existing FTP connections.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Use ACL 2001 to allow only client 1.1.1.1 to access the FTP server.
<Sysname> system-view
[Sysname] acl basic 2001
[Sysname-acl-ipv4-basic-2001] rule 0 permit source 1.1.1.1 0
[Sysname-acl-ipv4-basic-2001] rule 1 deny source any
[Sysname-acl-ipv4-basic-2001] quit
109
[Sysname] ftp server acl 2001
ftp server dscp
Use ftp server dscp to set the DSCP value for IPv4 to use for FTP packets sent to an FTP client.
Use undo ftp server dscp to restore the default.
Syntax
ftp server dscp dscp-value
undo ftp server dscp
Default
IPv4 uses the DSCP value 0 for FTP packets sent to an FTP client.
Views
System view
Predefined user roles
network-admin
Parameters
dscp-value: Specifies a DSCP value in the range of 0 to 63.
Usage guidelines
The DSCP value is carried in the ToS field of an IP packet to indicate the transmission priority of the
packet.
Examples
# Set the DSCP value for IPv4 to use for outgoing FTP packets to 30 on an FTP server.
<Sysname> system-view
[Sysname] ftp server dscp 30
ftp server enable
Use ftp server enable to enable the FTP server.
Use undo ftp server enable to disable the FTP server.
Syntax
ftp server enable
undo ftp server enable
Default
The FTP server is disabled.
Views
System view
Predefined user roles
network-admin
Examples
# Enable the FTP server.
<Sysname> system-view
110
[Sysname] ftp server enable
ftp server ipv6 dscp
Use ftp server ipv6 dscp to set the DSCP value for IPv6 to use for FTP packets sent to an FTP
client.
Use undo ftp server ipv6 dscp to restore the default.
Syntax
ftp server ipv6 dscp dscp-value
undo ftp server ipv6 dscp
Default
IPv6 uses the DSCP value 0 for FTP packets sent to an FTP client.
Views
System view
Predefined user roles
network-admin
Parameters
dscp-value: Specifies a DSCP value in the range of 0 to 63.
Usage guidelines
The DSCP value is carried in the Traffic class field of an IPv6 packet to indicate the transmission
priority of the packet.
Examples
# Set the DSCP value for IPv6 to use for outgoing FTP packets to 30 on an FTP server.
<Sysname> system-view
[Sysname] ftp server ipv6 dscp 30
ftp server ssl-server-policy
Use ftp server ssl-server-policy to associate an SSL server policy with the FTP server.
Use undo ftp server ssl-server-policy to restore the default.
Syntax
ftp server ssl-server-policy policy-name
undo ftp server ssl-server-policy
Default
No SSL server policy is associated with the FTP server.
Views
System view
Predefined user roles
network-admin
Parameters
policy-name: Specifies an SSL server policy by its name, a string of 1 to 31 characters.
111
Usage guidelines
After you associate an SSL server policy with the device, a client that supports SFTP will establish a
secure connection to the device to ensure data security.
Examples
# Associate the SSL server policy myssl with the FTP server.
<Sysname> system-view
[Sysname] ftp server ssl-server-policy myssl
Related commands
ftp server enable
ssl server-policy (Security Command Reference)
ftp timeout
Use ftp timeout to set the FTP connection idle-timeout timer.
Use undo ftp timeout to restore the default.
Syntax
ftp timeout minute
undo ftp timeout
Default
The FTP connection idle-timeout timer is 30 minutes.
Views
System view
Predefined user roles
network-admin
Parameters
minute: Specifies a time interval in the range of 1 to 35791 minutes.
Usage guidelines
If no data transfer occurs on an FTP connection within the idle-timeout interval, the FTP server
closes the FTP connection to release resources.
Examples
# Set the FTP connection idle-timeout timer to 36 minutes.
<Sysname> system-view
[Sysname] ftp timeout 36
FTP client commands
For FTP users to execute FTP client configuration commands, you must configure authorization
settings for users on the FTP server. Authorized operations include viewing the files in the working
directory, reading/downloading/uploading/renaming/removing files, and creating directories.
The FTP client commands in this section are supported by the device, but whether they can be
executed successfully depends on the FTP server.
The output in the examples of this section varies by FTP server type.
112
append
Use append to add the content of a file on the FTP client to a file on the FTP server.
Syntax
append localfile [ remotefile ]
Views
FTP client view
Predefined user roles
network-admin
Parameters
localfile: Specifies a file on the FTP client.
remotefile: Specifies a file on the FTP server.
Usage guidelines
You can perform this operation only after you log in to the FTP server.
Examples
# Append the content of the local a.txt file to the b.txt file on the FTP server.
ftp> append a.txt b.txt
local: a.txt remote: b.txt
150 Connecting to port 50190
226 File successfully transferred
1657 bytes sent in 0.000736 seconds (2.15 Mbyte/s)
ascii
Use ascii to set the file transfer mode to ASCII.
Syntax
ascii
Default
The file transfer mode is binary.
Views
FTP client view
Predefined user roles
network-admin
Usage guidelines
You can perform this operation only after you log in to the FTP server.
FTP transfers files in either of the following modes:
•
Binary mode—Transfers non-text files.
•
ASCII mode—Transfers text files.
When the device acts as the FTP server, the transfer mode is determined by the FTP client. When
the device acts as the FTP client, you can set the transfer mode. The transfer mode is binary by
default.
113
Examples
# Set the file transfer mode to ASCII.
ftp> ascii
200 TYPE is now ASCII
Related commands
binary
binary
Use binary to set the file transfer mode to binary, which is also called the flow mode.
Syntax
binary
Default
The file transfer mode is binary.
Views
FTP client view
Predefined user roles
network-admin
Usage guidelines
You can perform this operation only after you log in to the FTP server.
FTP transfers files in either of the following modes:
•
Binary mode—Transfers program file or pictures.
•
ASCII mode—Transfers text files.
When the device acts as the FTP server, the transfer mode is determined by the FTP client. When
the device acts as the FTP client, you can set the transfer mode. The default transfer mode is binary.
Examples
# Set the file transfer mode to binary.
ftp> binary
200 TYPE is now 8-bit binary
Related commands
ascii
bye
Use bye to terminate the connection to the FTP server and return to user view. If no connection is
established between the device and the FTP server, use this command to return to user view.
Syntax
bye
Views
FTP client view
Predefined user roles
network-admin
114
Examples
# Terminate the connection to the FTP server and return to user view.
ftp> bye
221-Goodbye. You uploaded 2 and downloaded 2 kbytes.
221 Logout.
<Sysname>
Related commands
quit
cd
Use cd to change the current working directory to another directory on the FTP server.
Syntax
cd { directory | .. | / }
Views
FTP client view
Predefined user roles
network-admin
Parameters
directory: Specifies the target directory. If the target directory does not exist, the cd command does
not change the current working directory.
..: Specifies the upper directory. Executing the cd .. command is the same as executing the cdup
command. If the current working directory is the FTP root directory, the cd .. command does not
change the current working directory.
/: Specifies the FTP root directory.
Usage guidelines
You can perform this operation only after you log in to the FTP server.
The directory that can be accessed must be authorized by the FTP server.
Examples
# Change the working directory to the subdirectory logfile of the current directory.
ftp> cd logfile
250 OK. Current directory is /logfile
# Change the working directory to the subdirectory folder of the FTP root directory.
ftp> cd /folder
250 OK. Current directory is /folder
# Change the working directory to the upper directory of the current directory.
ftp> cd ..
250 OK. Current directory is /
# Change the working directory to the FTP root directory.
ftp> cd /
250 OK. Current directory is /
Related commands
cdup
115
pwd
cdup
Use cdup to enter the upper directory of the FTP server.
Syntax
cdup
Views
FTP client view
Predefined user roles
network-admin
Usage guidelines
You can perform this operation only after you log in to the FTP server.
This command does not change the working directory if the current directory is the FTP root
directory.
Examples
# Change the working directory to the upper directory.
ftp> pwd
257 "/ftp/subdir" is your current location
ftp> cdup
250 OK. Current directory is /ftp
ftp> pwd
257 "/ftp" is your current location
Related commands
cd
pwd
close
Use close to terminate the connection to the FTP server without exiting FTP client view.
Syntax
close
Views
FTP client view
Predefined user roles
network-admin
Usage guidelines
You can perform this operation only after you log in to the FTP server.
Examples
# Terminate the connection to the FTP server without exiting the FTP client view.
ftp> close
221-Goodbye. You uploaded 0 and downloaded 0 kbytes.
116
221 Logout.
ftp>
Related commands
disconnect
debug
Use debug to enable or disable FTP client debugging.
Syntax
debug
Default
FTP client debugging is disabled.
Views
FTP client view
Predefined user roles
network-admin
Usage guidelines
When FTP client debugging is enabled, executing this command disables FTP client debugging.
When FTP client debugging is disabled, executing this command enables FTP client debugging.
Examples
# Enable and then disable FTP client debugging.
ftp> debug
Debugging on (debug=1).
ftp> debug
Debugging off (debug=0).
delete
Use delete to permanently delete a file from the FTP server.
Syntax
delete remotefile
Views
FTP client view
Predefined user roles
network-admin
Parameters
remotefile: Specifies a file on the FTP server.
Usage guidelines
You can perform this operation only after you log in to the FTP server.
To perform this operation, you must have delete permission on the FTP server.
117
Examples
# Delete file b.txt.
ftp> delete b.txt
250 Deleted b.txt
dir
Use dir to display detailed information about the files and subdirectories in the current directory on
the FTP server.
Use dir remotefile to display detailed information about a file or directory on the FTP server.
Use dir remotefile localfile to save detailed information about a file or directory on the FTP server to
a local file.
Syntax
dir [ remotefile [ localfile ] ]
Views
FTP client view
Predefined user roles
network-admin
Parameters
remotefile: Specifies a file or directory on the FTP server.
localfile: Specifies the name of the local file used to save the displayed information.
Usage guidelines
You can perform this operation only after you log in to the FTP server.
In FTP client view, executing the dir command is the same as executing the ls command.
Examples
# Display detailed information about the files and subdirectories in the current directory on the FTP
server.
ftp> dir
150 Connecting to port 50201
-rwxr-xr-x
1 0
0
-rwxr-xr-x
1 0
0
1481 Jul
7 15:36 a.txt
drwxr-xr-x
2 0
0
8192 Jul
2 14:33 diagfile
drwxr-xr-x
3 0
0
8192 Jul
7 15:21 ftp
-rwxr-xr-x
1 0
0
drwxr-xr-x
2 0
0
drwxr-xr-x
2 0
-rwxr-xr-x
1 0
-rwxr-xr-x
0 Sep 27
0 Sep 27
2010 base.bin
2010 kernel.bin
8192 Jul
5 09:15 logfile
0
8192 Jul
2 14:33 seclog
0
40808448 Jul
1 0
0
3050 Jul
7 12:26 startup.cfg
-rwxr-xr-x
1 0
0
54674 Jul
4 09:24 startup.mdb
-rwxr-xr-x
1 0
0
1481 Jul
2 14:33 simware-cmw710-sys
tem-a1801.bin
226 11 matches total
# Save detailed information about the file a.txt to s.txt.
ftp> dir a.txt s.txt
118
7 12:34 x.cfg
output to local-file: s.txt ? [Y/N]y
150 Connecting to port 50203
226-Glob: a.txt
# Display the content of the file s.txt.
ftp> bye
221-Goodbye. You uploaded 0 and downloaded 2 kbytes.
221 Logout.
<Sysname> more s.txt
-rwxr-xr-x
1 0
0
1481 Jul
7 12:34 a.txt
Related commands
ls
disconnect
Use disconnect to terminate the connection to the FTP server without exiting FTP client view.
Syntax
disconnect
Views
FTP client view
Predefined user roles
network-admin
Usage guidelines
You can perform this operation only after you log in to the FTP server.
Examples
# Terminate the connection to the FTP server without exiting the FTP client view.
ftp> disconnect
221-Goodbye. You uploaded 0 and downloaded 0 kbytes.
221 Logout.
ftp>
Related commands
close
display ftp client source
Use display ftp client source to display the source address settings on the FTP client.
Syntax
display ftp client source
Views
Any view
Predefined user roles
network-admin
network-operator
119
Examples
# Display the source address settings on the FTP client.
<Sysname> display ftp client source
The source IP address of the FTP client is 1.1.1.1.
The source IPv6 address of the FTP client is 2001::1.
ftp
Use ftp to log in to an FTP server and enter FTP client view.
Syntax
ftp [ ftp-server [ service-port ] [ vpn-instance vpn-instance-name ] [ dscp dscp-value | source
{ interface interface-type interface-number | ip source-ip-address } ] ] *
Views
User view
Predefined user roles
network-admin
Parameters
ftp-server: Specifies the IPv4 address or host name of an FTP server. A host name can be a
case-insensitive string of 1 to 253 characters. Valid characters for a host name include letters, digits,
hyphens (-), underscores (_), and dots (.).
service-port: Specifies the TCP port number of the FTP server, in the range of 0 to 65535. The
default is 21.
vpn-instance vpn-instance-name: Specifies the VPN instance to which the FTP server belongs. The
vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the FTP server
belongs to the public network, do not specify this option.
dscp dscp-value: Specifies the DSCP value for IPv4 to use in outgoing FTP packets to indicate the
packet transmission priority. The value range is 0 to 63. The default is 0.
source { interface interface-type interface-number | ip source-ip-address }: Specifies the source
address used to establish the FTP connection.
•
interface interface-type interface-number: Specifies an interface by its type and number. The
device will use the interface's primary IPv4 address as the source address. To establish the FTP
connection successfully, make sure the interface is up and has the primary IPv4 address
configured.
•
ip source-ip-address: Specifies an IPv4 address. To establish the FTP connection successfully,
make sure this address is the IPv4 address of an interface in up state on the device.
Usage guidelines
This command is only applicable to IPv4 networks.
If no parameters are specified, this command enters the FTP client view without logging in to an FTP
server.
If the server parameters are specified, you are prompted to enter the username and password for
logging in to the FTP server.
Examples
# Log in to the FTP server 192.168.0.211. Use the source IPv4 address of 192.168.0.212 for
outgoing FTP packets.
<Sysname>ftp 192.168.0.211 source ip 192.168.0.212
Press CTRL+C to abort.
120
Connected to 192.168.0.211 (192.168.0.211).
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User (192.168.0.211:(none)): abc
331 Give me your password, please
Password:
230 Logged in successfully
Remote system type is MSDOS.
ftp>
ftp client ipv6 source
Use ftp client ipv6 source to specify the source IPv6 address for FTP packets sent to an IPv6 FTP
server.
Use undo ftp client ipv6 source to restore the default.
Syntax
ftp client ipv6 source { interface interface-type interface-number | ipv6 source-ipv6-address }
undo ftp client ipv6 source
Default
No source address is specified for FTP packets sent to an IPv6 FTP server. The device selects a
source IPv6 address as defined in RFC 3484.
Views
System view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Specifies an interface by its type and number. The device
will use the interface's IPv6 address as the source address. For successful FTP packet transmission,
make sure the interface is up and is configured with an IPv6 address.
ipv6 source-ipv6-address: Specifies an IPv6 address. For successful FTP packet transmission,
make sure this address is the IPv6 address of an interface in up state on the device.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
The source address specified with the ftp ipv6 command takes precedence over the source address
specified with the ftp client ipv6 source command.
The source address specified with the ftp client ipv6 source command applies to all FTP
connections. The source address specified with the ftp ipv6 command applies only to the FTP
connection that is being established.
Examples
# Specify the source IPv6 address of 2000::1 for FTP packets sent to an IPv6 FTP server.
<Sysname> system–view
[Sysname] ftp client ipv6 source ipv6 2000::1
Related commands
ftp ipv6
121
ftp client source
Use ftp client source to specify the source IPv4 address for FTP packets sent to an IPv4 FTP
server.
Use undo ftp client source to restore the default.
Syntax
ftp client source { interface interface-type interface-number | ip source-ip-address }
undo ftp client source
Default
No source IPv4 address is specified for FTP packets sent to an IPv4 FTP server. The device uses the
primary IPv4 address of the output interface for the route to the server as the source address.
Views
System view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Specifies an interface by its type and number. The device
will use the interface's primary IPv4 address as the source address. For successful FTP packet
transmission, make sure the interface is up and has the primary IPv4 address configured.
ip source-ip-address: Specifies an IPv4 address. For successful FTP packet transmission, make
sure this address is the IPv4 address of an interface in up state on the device.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
The source address specified with the ftp command takes precedence over the source address
specified with the ftp client source command.
The source address specified with the ftp client source command applies to all FTP connections.
The source address specified with the ftp command applies only to the FTP connection that is being
established.
Examples
# Specify the source IPv4 address of 192.168.20.222 for FTP packets sent to an IPv4 FTP server.
<Sysname> system-view
[Sysname] ftp client source ip 192.168.20.222
Related commands
ftp
ftp ipv6
Use ftp ipv6 to log in to an FTP server and enter FTP client view.
Syntax
ftp ipv6 [ ftp-server [ service-port ] [ vpn-instance vpn-instance-name ] [ dscp dscp-value | source
{ ipv6 source-ipv6-address | interface interface-type interface-number } ] * [ -i interface-type
interface-number ] ]
122
Views
User view
Predefined user roles
network-admin
Parameters
ftp-server: Specifies the IPv6 address or host name of an FTP server. A host name can be a
case-insensitive string of 1 to 253 characters. Valid characters for a host name include letters, digits,
hyphens (-), underscores (_), and dots (.).
service-port: Specifies the TCP port number of the FTP server, in the range of 0 to 65535. The
default is 21.
dscp dscp-value: Specifies the DSCP value for IPv6 to use in outgoing FTP packets to indicate the
packet transmission priority. The value range is 0 to 63. The default is 0.
source { ipv6 source-ipv6-address | interface interface-type interface-number }: Specifies the
source address used to establish the FTP connection.
•
interface interface-type interface-number: Specifies an interface by its type and number. This
option can be used only when the TFTP server address is a link local address and the specified
output interface has a link local address. For information about link local addresses, see Layer
3—IP Services Configuration Guide.
•
ipv6 source-ipv6-address: Specifies an IPv6 address. To establish the FTP connection
successfully, make sure this address is the IPv6 address of an interface in up state on the
device.
vpn-instance vpn-instance-name: Specifies the VPN instance to which the FTP server belongs. The
vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the FTP server
belongs to the public network, do not specify this option.
-i interface-type interface-number: Specifies an output interface by its type and number. This option
can be used only when the FTP server address is a link local address and the specified output
interface has a link local address.
Usage guidelines
This command is only applicable to IPv6 networks.
If no parameters are specified, this command enters the FTP client view.
If the FTP server parameters are specified, you are prompted to enter the username and password
for logging in to the FTP server.
Examples
# Log in to the FTP server 2000::154.
<Sysname>ftp ipv6 2000::154
Press CTRL+C to abort.
Connected to 2000::154 (2000::154).
220 FTP service ready.
User (2000::154): root
331 Password required for root.
Password:
230 User logged in
Remote system type is HPE
get
Use get to download a file from the FTP server and save the file.
123
Syntax
get remotefile [ localfile ]
Views
FTP client view
Predefined user roles
network-admin
Parameters
remotefile: Specifies the file to be downloaded.
localfile: Specifies a name for the downloaded file. If you do not specify this argument, the system
uses the name of the source file.
Usage guidelines
You can perform this operation only after you log in to the FTP server.
To save the downloaded file to the working directory accessed by the ftp command, perform one of
the following tasks:
•
Execute the command without specifying the localfile argument.
•
Specify a file name without any path information for the localfile argument, for example, a.cfg.
To save the downloaded file to some other directory, you must specify a fully qualified file name for
the localfile argument, for example, flash:/subdirectory/a.cfg.
Examples
# Download a file to the local working directory. Save the file as b.txt.
ftp> get a.txt b.txt
local: b.txt remote: a.txt
150 Connecting to port 47457
226 File successfully transferred
1569 bytes received in 0.00527 seconds (290.6 kbyte/s)
# Download a file to a subdirectory of the local working directory. Save the file as b.txt.
ftp> get a.txt flash:/test/b.txt
local: flash:/test/b.txt remote: a.txt
150 Connecting to port 47457
226 File successfully transferred
1569 bytes received in 0.00527 seconds (290.6 kbyte/s)
# (Distributed devices in standalone mode.) Download a file to the root directory of the flash memory
on the standby MPU (in slot 1). Save the file as c.txt.
ftp> get a.txt slot1#flash:/c.txt
local: slot1#flash:/c.txt remote: a.txt
150 Connecting to port 47460
226 File successfully transferred
1569 bytes received in 0.0564 seconds (27.2 kbyte/s)
# (Centralized devices in IRF mode.) Download a file to the root directory of the flash memory on
member device 1. Save the file as c.txt.
ftp> get a.txt slot1#flash:/c.txt
local: slot1#flash:/c.txt remote: a.txt
150 Connecting to port 47460
226 File successfully transferred
1569 bytes received in 0.0564 seconds (27.2 kbyte/s)
124
# (Distributed devices in IRF mode.) Download a file to the root directory of the flash memory on the
MPU that resides in slot 1 of member device 1. Save the file as c.txt.
ftp> get a.txt chassis1#slot1#flash:/c.txt
local: chassis1#slot1#flash:/c.txt remote: a.txt
150 Connecting to port 47460
226 File successfully transferred
1569 bytes received in 0.0564 seconds (27.2 kbyte/s)
Related commands
put
help
Use help to display all commands supported by the FTP client.
Use help command-name to display the help information for a command.
Syntax
help [ command-name ]
Views
FTP client view
Predefined user roles
network-admin
Parameters
command-name: Specifies a command supported by the FTP client.
Usage guidelines
In FTP client view, executing the help command is the same as entering ?.
Examples
# Display all commands supported by the FTP client.
ftp> help
append
delete
ls
quit
rmdir
ascii
debug
mkdir
reget
status
binary
dir
newer
rstatus
system
bye
disconnect
open
rhelp
user
cd
get
passive
rename
verbose
cdup
help
put
reset
?
close
lcd
pwd
restart
# Display the help information for the dir command.
ftp> help dir
dir
list contents of remote directory
Related commands
?
lcd
Use lcd to display the local working directory of the FTP client.
125
Use lcd directory to change the local working directory of the FTP client to the specified directory.
Use lcd / to change the local working directory of the FTP client to the local root directory.
Syntax
lcd [ directory | / ]
Views
FTP client view
Predefined user roles
network-admin
Parameters
directory: Specifies a local directory of the FTP client. There must be a slash sign (/) before the name
of the storage medium, for example, /flash:/logfile.
/: Specifies the root directory of the FTP client.
Examples
# Display the local working directory.
ftp> lcd
Local directory now /flash:
# Change the local working directory to flash:/logfile.
ftp> lcd /flash:/logfile
Local directory now /flash:/logfile
ls
Use ls to display detailed information about the files and subdirectories in the current directory on the
FTP server.
Use ls remotefile to display detailed information about a file or directory on the FTP server.
Use ls remotefile localfile to save detailed information about a file or directory on the FTP server to a
local file.
Syntax
ls [ remotefile [ localfile ] ]
Views
FTP client view
Predefined user roles
network-admin
Parameters
remotefile: Specifies a file or directory on the FTP server.
localfile: Specifies the name of the local file used to save the displayed information.
Usage guidelines
You can perform this operation only after you log in to the FTP server.
In FTP client view, executing the ls command is the same as executing the dir command.
Examples
# Display detailed information about the files and subdirectories in the current directory on the FTP
server.
126
ftp> ls
150 Connecting to port 50201
-rwxr-xr-x
1 0
0
-rwxr-xr-x
1 0
0
1481 Jul
7 15:36 a.txt
drwxr-xr-x
2 0
0
8192 Jul
2 14:33 diagfile
drwxr-xr-x
3 0
0
8192 Jul
7 15:21 ftp
-rwxr-xr-x
1 0
0
drwxr-xr-x
2 0
0
drwxr-xr-x
2 0
-rwxr-xr-x
1 0
-rwxr-xr-x
0 Sep 27
0 Sep 27
2010 base.bin
2010 kernel.bin
8192 Jul
5 09:15 logfile
0
8192 Jul
2 14:33 seclog
0
40808448 Jul
1 0
0
3050 Jul
7 12:26 startup.cfg
-rwxr-xr-x
1 0
0
54674 Jul
4 09:24 startup.mdb
-rwxr-xr-x
1 0
0
1481 Jul
2 14:33 simware-cmw710-sys
tem-a1801.bin
7 12:34 x.cfg
226 11 matches total
# Save detailed information about the file a.txt to s.txt.
ftp> ls a.txt s.txt
output to local-file: s.txt ? [Y/N]y
150 Connecting to port 50203
226-Glob: s.txt
# Display the content of the file s.txt.
ftp> bye
221-Goodbye. You uploaded 0 and downloaded 2 kbytes.
221 Logout.
<Sysname> more s.txt
-rwxr-xr-x
1 0
0
1481 Jul
7 12:34 a.txt
Related commands
dir
mkdir
Use mkdir to create a subdirectory in the current directory on the FTP server.
Syntax
mkdir directory
Views
FTP client view
Predefined user roles
network-admin
Parameters
directory: Specifies the name for the directory to be created.
Usage guidelines
You can perform this operation only after you log in to the FTP server.
You must have permission to perform this operation on the FTP server.
127
Examples
# Create the subdirectory newdir in the current directory of the FTP server.
ftp> mkdir newdir
257 "newdir" : The directory was successfully created
newer
Use newer to update a local file by using a file on the FTP server.
Syntax
newer remotefile [ localfile ]
Views
FTP client view
Predefined user roles
network-admin
Parameters
remotefile: Specifies a file on the FTP server.
localfile: Specifies the local file to be updated.
Usage guidelines
You can perform this operation only after you log in to the FTP server.
If the local file does not exist, this command downloads the file from the FTP server and saves it
locally.
If the file on the FTP server is not newer than the local file, this command does not update the local
file.
Examples
# Update the local file with the file a.txt on the FTP server.
ftp> newer a.txt
local: a.txt remote: a.txt
150 Connecting to port 63513
226 File successfully transferred
1573 bytes received in 0.0293 seconds (52.3 kbyte/s)
open
Use open to log in to an FTP server from FTP client view.
Syntax
open server-address [ service-port ]
Views
FTP client view
Predefined user roles
network-admin
Parameters
server-address: Specifies the IPv4 address, IPv6 address, or host name of the FTP server.
128
service-port: Specifies the TCP port number of the FTP server, in the range of 0 to 65535. The
default is 21.
Usage guidelines
After you issue this command, the system will prompt you to enter the username and password.
After you log in to one FTP server, you must disconnect from the server before you can use the open
command to log in to another server.
Examples
# In FTP client view, log in to the FTP server 192.168.40.7.
<Sysname>ftp
ftp> open 192.168.40.7
Press CTRL+C to abort.
Connected to 192.168.40.7 (192.168.40.7).
220 FTP service ready.
User (192.168.40.7:(none)): root
331 Password required for root.
Password:
230 User logged in.
Remote system type is HPE.
ftp>
passive
Use passive to change the FTP operation mode.
Syntax
passive
Default
The FTP operation mode is passive.
Views
FTP client view
Predefined user roles
network-admin
Usage guidelines
FTP can operate in either of the following modes:
•
Active mode—The FTP server initiates the TCP connection.
•
Passive mode—The FTP client initiates the TCP connection.
When the FTP operation mode is passive, executing this command changes the mode to active.
When the FTP operation mode is active, executing this command changes the mode to passive.
This command is typically used together with a firewall to control FTP session establishment
between private network users and public network users.
Examples
# Change the FTP operation mode to passive.
ftp> passive
Passive mode on.
129
ftp> passive
Passive mode off.
put
Use put to upload a file from the FTP client to the FTP server.
Syntax
put localfile [ remotefile ]
Views
FTP client view
Predefined user roles
network-admin
Parameters
localfile: Specifies the local file to be uploaded.
remotefile: Specifies the name of the file for saving the uploaded file on the FTP server.
Usage guidelines
You can perform this operation only after you log in to the FTP server.
To upload a file in the current working directory, specify a file name without the path for the localfile
argument, for example, a.cfg.
To upload a file in some other directory, specify a fully qualified file name for the localfile argument,
for example, flash:/subdirectory/a.cfg.
Examples
# Upload a file from the local working directory to the FTP server. Save the file as b.txt.
ftp> put a.txt b.txt
local: a.txt remote: b.txt
150 Connecting to port 47461
226 File successfully transferred
1569 bytes sent in 0.000671 seconds (2.23 Mbyte/s)
# Upload a file from a subdirectory of the local working directory to the FTP server. Save the file as
b.txt.
ftp> put flash:/test/a.txt b.txt
local: flash:/test/a.txt remote: b.txt
150 Connecting to port 47461
226 File successfully transferred
1569 bytes sent in 0.000671 seconds (2.23 Mbyte/s)
# (Distributed devices in standalone mode.) Upload a file from the standby MPU (in slot 1) to the FTP
server. Save the file as b.txt.
ftp> put slot1#flash:/test/a.txt b.txt
local: slot1#flash:/test/a.txt remote: b.txt
150 Connecting to port 47461
226 File successfully transferred
1569 bytes sent in 0.000671 seconds (2.23 Mbyte/s)
# (Centralized devices in IRF mode.) Upload a file from member device 2 to the FTP server. Save the
file as b.txt.
ftp> put slot2#flash:/test/a.txt b.txt
130
local: slot2#flash:/test/a.txt remote: b.txt
150 Connecting to port 47461
226 File successfully transferred
1569 bytes sent in 0.000671 seconds (2.23 Mbyte/s)
# (Distributed devices in IRF mode.) Upload a file from a global standby MPU (in slot 1 of member
device 1) to the FTP server. Save the file as b.txt.
ftp> put chassis1#slot1#flash:/test/a.txt b.txt
local: chassis1#slot1#flash:/test/a.txt remote: b.txt
150 Connecting to port 47461
226 File successfully transferred
1569 bytes sent in 0.000671 seconds (2.23 Mbyte/s)
Related commands
get
pwd
Use pwd to display the currently accessed directory on the FTP server.
Syntax
pwd
Views
FTP client view
Predefined user roles
network-admin
Usage guidelines
You can perform this operation only after you log in to the FTP server.
Examples
# Display the currently accessed directory on the FTP server.
ftp> cd subdir
250 OK. Current directory is /subdir
ftp> pwd
257 "/subdir" is your current location
quit
Use quit to terminate the connection to the FTP server and return to user view.
Syntax
quit
Views
FTP client view
Predefined user roles
network-admin
Examples
# Terminate the connection to the FTP server and return to user view.
131
ftp> quit
221-Goodbye. You uploaded 0 and downloaded 0 kbytes.
221 Logout.
<Sysname>
Related commands
bye
reget
Use reget to get the missing part of a file from the FTP server.
Syntax
reget remotefile [ localfile ]
Views
FTP client view
Predefined user roles
network-admin
network-operator
Parameters
remotefile: Specifies a file on the FTP server.
localfile: Specifies a local file.
Usage guidelines
You can perform this operation only after you log in to the FTP server.
If a file download is not completed due to network or storage space problems, use this command to
get the part that has not been downloaded yet.
Examples
# Get the part of the s.bin file that has not been downloaded yet.
ftp> reget s.bin
local: s.bin remote: s.bin
350 Restarting at 1749706
150-Connecting to port 47429
150 38143.3 kbytes to download
226 File successfully transferred
39058742 bytes received in 66.2 seconds (576.1 kbyte/s)
rename
Use rename to rename a file.
Syntax
rename [ oldfilename [ newfilename ] ]
Views
FTP client view
132
Predefined user roles
network-admin
Parameters
oldfilename: Specifies the original file name.
newfilename: Specifies the new file name.
Usage guidelines
You can perform this operation only after you log in to the FTP server.
Examples
# Rename the file a.txt as b.txt.
•
Method 1:
ftp> rename
(from-name) a.txt
(to-name) b.txt
350 RNFR accepted - file exists, ready for destination
250 File successfully renamed or moved
•
Method 2:
ftp> rename a.txt
(to-name) b.txt
350 RNFR accepted - file exists, ready for destination
250 File successfully renamed or moved
•
Method 3:
ftp> rename a.txt b.txt
350 RNFR accepted - file exists, ready for destination
250 File successfully renamed or moved
reset
Use reset to clear the reply information received from the FTP server in the buffer.
Syntax
reset
Views
FTP client view
Predefined user roles
network-admin
Examples
# Clear the reply information received from the FTP server.
ftp> reset
restart
Use restart to specify the file retransmission offset.
Syntax
restart marker
133
Views
FTP client view
Predefined user roles
network-admin
Parameters
marker: Specifies the retransmission offset, in bytes.
Usage guidelines
The file retransmission starts from the (offset+1)th byte.
You can perform this operation only after you log in to the FTP server.
Support for this command depends on the FTP server.
Examples
# Set retransmission offset to 2 bytes and retransmit the file h.c. The file has 82 bytes in total.
ftp> restart 2
restarting at 2. execute get, put or append to initiate transfer
ftp> put h.c h.c
local: h.c remote: h.c
350 Restart position accepted (2).
150 Ok to send data.
226 File receive OK.
80 bytes sent in 0.000445 seconds (175.6 kbyte/s)
ftp> dir
150 Here comes the directory listing.
-rw-r--r--
1 0
0
80 Jul 18 02:58 h.c
rhelp
Use rhelp to display the FTP commands supported by the FTP server.
Use rhelp protocol-command to display the help information for an FTP command supported by the
FTP server.
Syntax
rhelp [ protocol-command ]
Views
FTP client view
Predefined user roles
network-admin
Parameters
protocol-command: Specifies an FTP command.
Usage guidelines
You can perform this operation only after you log in to the FTP server.
Examples
# Display the FTP-related commands supported by the FTP server.
ftp> rhelp
134
214-The following FTP commands are recognized
USER PASS NOOP QUIT SYST TYPE
HELP CWD
XCWD PWD
CDUP XCUP
XPWD LIST NLST MLSD PORT EPRT
PASV EPSV REST RETR STOR APPE
DELE MKD
XMKD RMD
XRMD ABOR
SIZE RNFR RNTO
214 UNIX Type: L8
Table 14 Command output
Field
Description
USER
Username, corresponding to the xx command in FTP client view.
PASS
Password.
NOOP
Null operation.
SYST
System parameters.
TYPE
Request type.
CWD
Changes the current working directory.
XCWD
Extended command with the meaning of CWD.
PWD
Prints the working directory.
CDUP
Changes the directory to the upper directory.
XCUP
Extended command with the meaning of CDUP.
XPWD
Extended command with the meaning of PWD.
LIST
Lists files.
NLST
Lists brief file description.
MLSD
Lists file content.
PORT
Active mode (IPv4).
EPRT
Active mode (IPv6).
PASV
Passive mode (IPv4).
EPSV
Passive mode (IPv6).
REST
Restarts.
RETR
Downloads files.
STOR
Uploads files.
APPE
Appends uploading.
DELE
Deletes files.
MKD
Creates folders.
XMKD
Extended command with the meaning of MKD.
RMD
Deletes folders.
XRMD
Extended command with the meaning of RMD.
ABOR
Aborts the transmission.
SIZE
Size of the transmission file.
135
Field
Description
RNFR
Original name.
RNTO
New name.
rmdir
Use rmdir to permanently delete a directory from the FTP server.
Syntax
rmdir directory
Views
FTP client view
Predefined user roles
network-admin
Parameters
directory: Specifies a directory on the FTP server.
Usage guidelines
You can perform this operation only after you log in to the FTP server.
To perform this operation, you must have delete permission on the FTP server.
Delete all files and subdirectories in a directory before you delete the directory. For more information
about how to delete files, see the delete command.
Executing the rmdir command does not delete the files of the specified directory from the recycle
bin.
Examples
# Delete the empty directory subdir1.
ftp>rmdir subdir1
250 The directory was successfully removed
Related commands
delete
rstatus
Use rstatus to display FTP server status.
Use rstatus remotefile to display detailed information about a directory or file on the FTP server.
Syntax
rstatus [ remotefile ]
Views
FTP client view
Predefined user roles
network-admin
136
Parameters
remotefile: Specifies a directory or file on the FTP server.
Usage guidelines
You can perform this operation only after you log in to the FTP server.
Support for this command depends on the FTP server.
Examples
# Display FTP server status.
ftp> rstatus
211-FTP server status:
Connected to 192.168.20.177
Logged in as root
TYPE: ASCII
No session bandwidth limit
Session timeout in seconds is 300
Control connection is plain text
Data connections will be plain text
At session startup, client count was 1
vsFTPd 2.0.6 - secure, fast, stable
211 End of status
Table 15 Command output
Filed
Description
211-FTP server status:
Beginning of the display of FTP server status, where
211 specifies the FTP command.
Connected to 192.168.20.177
IP address of the FTP client.
Logged in as root
Login username root.
TYPE: ASCII
File transfer mode ASCII.
Session timeout in seconds is 300
FTP connection idle-timeout interval is 300 seconds.
Control connection is plain text
Control connection type is plain text.
Data connections will be plain text
Data connection type is plain text.
At session startup, client count was 1
FTP connection number is 1.
vsFTPd 2.0.6 - secure, fast, stable
FTP version is 2.0.6.
211 End of status
End of the display of FTP server status.
# Display the file a.txt.
ftp> rstatus a.txt
213-Status follows:
-rw-r--r--
1 0
0
80 Jul 18 02:58 a.txt
213 End of status
Table 16 Command output
Field
Description
213-Status follows:
Beginning of the display of the file, where 213 specifies the FTP command.
137
Field
Description
-rw-r--r--
The first bit specifies the file type.
•
-—Common.
•
B—Block.
•
c—Character.
•
d—Directory.
•
l—Symbol connection file.
•
p—Pipe.
•
s—socket.
The second bit through the tenth bit are divided into three groups. Each
group contains three characters, representing the access permission of the
owner, group, and other users.
•
-—No permission.
•
r—Read permission.
•
w—Write permission.
•
x—Execution permission.
1
Number of connections.
0
Name of the file owner.
0
Group number of the file owner.
80
File size, in bytes.
Jul 18 02:58
Date and time when the file was most recently modified.
a.txt
File name.
213 End of status
End of the display of the file information.
status
Use status to display FTP status.
Syntax
status
Views
FTP client view
Predefined user roles
network-admin
Examples
# Display FTP status.
ftp> status
Connected to 192.168.1.56.
No proxy connection.
Not using any security mechanism.
Mode: stream; Type: ascii; Form: non-print; Structure: file
Verbose: on; Bell: off; Prompting: on; Globbing: off
Store unique: off; Receive unique: off
Case: off; CR stripping: on
Ntrans: off
138
Nmap: off
Hash mark printing: off; Use of PORT cmds: on
Table 17 Command output
Field
Description
Connected to 192.168.1.56.
IP address of the FTP server that is connected to the
FTP client.
Verbose: on; Bell: off; Prompting: on; Globbing: off
Displays debugging information.
Store unique: off; Receive unique: off
The name of the file on the FTP server is unique and
the name of the local file is unique.
Case: off; CR stripping: on
Does not support obtaining multiple files once and
deletes "\r" when downloading text files.
Ntrans: off
Does not use the input-output transmission table.
Nmap: off
The file name does not use the input-to-output
mapping template.
Hash mark printing: off; Use of PORT cmds: on
Does not end with a pound sign (#) and uses
"PORT" data transmission.
system
Use system to display the system information of the FTP server.
Syntax
system
Views
FTP client view
Predefined user roles
network-admin
Usage guidelines
You can perform this operation only after you log in to the FTP server.
Examples
# Display the system information of the FTP server.
ftp> system
5 UNIX Type: L8
user
Use user to initiate an FTP authentication on the current FTP connection.
Syntax
user username [ password ]
Views
FTP client view
Predefined user roles
network-admin
139
Parameters
username: Specifies the username.
password: Specifies the password.
Usage guidelines
If you tried to access an FTP server but failed to pass the authentication, you can use this command
to try again before the connection to the FTP server expires.
After you log in to an FTP server, you can initiate an FTP authentication to change to a new account.
By changing to a new account, you can get a different privilege without re-establishing the FTP
connection.
Make sure the specified username and password have been configured on the FTP server. If the
username or password is not configured, this command fails and the FTP connection is closed.
Examples
# After logging in to the FTP server, use the username ftp and password 123456 to log in again to
the FTP server.
•
Method 1:
ftp> user ftp 123456
331 Password required for ftp.
230 User logged in.
•
Method 2:
ftp> user ftp
331 Password required for ftp.
Password:
230 User logged in.
verbose
Use verbose to enable or disable the device to display detailed information about FTP operations.
Syntax
verbose
Default
The device displays detailed information about FTP operations.
Views
FTP client view
Predefined user roles
network-admin
Usage guidelines
This command affects only the current FTP session.
Examples
# Disable the device from displaying detailed information about FTP operations.
ftp> verbose
Verbose mode off.
# Execute the get command.
ftp> get a.cfg 1.cfg
140
# Enable the device to display detailed information about FTP operations.
ftp> verbose
Verbose mode on.
# Execute the get command.
ftp> get a.cfg 2.cfg
227 Entering Passive Mode (192,168,1,58,68,14)
150-Accepted data connection
150 The computer is your friend. Trust the computer
226 File successfully transferred
3796 bytes received in 0.00762 seconds (486.5 kbyte/s)
?
Use ? to display all commands supported by an FTP client.
Use ? command-name to display the help information for a command.
Syntax
? [ command-name ]
Views
FTP client view
Predefined user roles
network-admin
Parameters
command-name: Specifies a command supported by the FTP client.
Usage guidelines
In FTP client view, entering ? is the same as executing the help command.
Examples
# Display all commands supported by the FTP client.
ftp> ?
Commands may be abbreviated.
Commands are:
append
delete
ls
quit
rmdir
ascii
debug
mkdir
reget
status
binary
dir
newer
rstatus
system
bye
disconnect
open
rhelp
user
cd
get
passive
rename
verbose
cdup
help
put
reset
?
close
lcd
pwd
restart
# Display the help information for the dir command.
ftp> ? dir
dir
list contents of remote directory
Related commands
help
141
TFTP commands
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for
features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more
information about FIPS mode, see Security Configuration Guide.
TFTP is not supported in FIPS mode.
tftp
Use tftp to download a file from a TFTP server or upload a file to a TFTP server in an IPv4 network.
Syntax
tftp tftp-server { get | put | sget } source-filename [ destination-filename ] [ vpn-instance
vpn-instance-name ] [ dscp dscp-value | source { interface interface-type interface-number | ip
source-ip-address } ] *
Views
User view
Predefined user roles
network-admin
Parameters
tftp-server: Specifies the IPv4 address or host name of a TFTP server. The host name can be a
case-insensitive string of 1 to 253 characters and can contain only letters, digits, hyphens (-),
underscores (_), and dots (.).
get: Downloads a file and writes the file directly to the destination folder. If the destination folder
already has a file with the same name, the system deletes the existing file before starting the
download operation. The existing file is permanently deleted even if the download operation fails.
put: Uploads a file.
sget: Downloads a file and saves the file to memory before writing it to the destination folder. The
system starts to write the file to the destination folder only after the file is downloaded and saved to
memory successfully. If the destination folder already has a file with the same name, the system
overwrites the existing file. If the download or save-to-memory operation fails, the existing file in the
destination folder is not overwritten.
source-filename: Specifies the source file name, a case-insensitive string of 1 to 1 to 255 characters.
destination-filename: Specifies the destination file name, a case-insensitive string of 1 to 255
characters. If this argument is not specified, the file uses the source file name.
vpn-instance vpn-instance-name: Specifies the VPN instance to which the TFTP server belongs.
The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the TFTP server
belongs to the public network, do not specify this option.
dscp dscp-value: Specifies the DSCP value for IPv4 to use for outgoing TFTP packets to indicate the
packet transmission priority. The value range is 0 to 63. The default is 0.
source { interface interface-type interface-number | ip source-ip-address }: Specifies the source
address for outgoing TFTP packets. If you do not specify this option, the device uses the primary
IPv4 address of the output interface for the route to the TFTP server as the source address.
•
interface interface-type interface-number: Specifies an interface by its type and number. The
device will use the interface's primary IPv4 address as the source IPv4 address. For successful
TFTP packet transmission, make sure the interface is up and has the primary IPv4 address
configured.
142
•
ip source-ip-address: Specifies an IPv4 address. For successful TFTP packet transmission,
make sure this address is the IPv4 address of an interface in up state on the device.
Usage guidelines
The source address specified with the tftp command takes precedence over the source address
specified with the tftp client source command.
The source address specified with the tftp client source command applies to all TFTP connections.
The source address specified with the tftp command applies only to the current TFTP connection.
Examples
# Download the new.bin file from the TFTP server at 192.168.1.1 and save it as new.bin.
<Sysname> tftp 192.168.1.1 get new.bin
Press CTRL+C to abort.
% Total
100 13.9M
% Received % Xferd
100 13.9M
0
0
Average Speed
Time
Time
Time
Current
Dload
Total
Spent
Left
Speed
Upload
1206k
0
0:00:11
0:00:11
--:--:-- 1206k
Writing file...Done.
<System>
Table 18 Command output
Field
Description
%
Percentage of file transmission progress.
Total
Size of files to be transmitted, in bytes.
%
Percentage of received file size to total file size.
Received
Received file size, in bytes.
%
Percentage of sent file size to total file size.
Xferd
Sent file size, in bytes.
Average Dload
Average download speed, in bps.
Speed Upload
Average upload speed, in bps.
Writing file…
The system was writing the downloaded file to the storage medium.
This field is displayed only when the get or sget keyword is specified.
If the operation succeeded, this command displays Done at the end
of this field. If the operation failed, this command displays Failed.
Related commands
tftp client source
tftp client ipv6 source
Use tftp client ipv6 source to specify the source IPv6 address for TFTP packets sent to an IPv6
TFTP server.
Use undo tftp client ipv6 source to restore the default.
Syntax
tftp client ipv6 source { interface interface-type interface-number | ipv6 source-ipv6-address }
undo tftp client ipv6 source
143
Default
No source address is specified for TFTP packets sent to an IPv6 TFTP server. The device selects a
source IPv6 address as defined in RFC 3484.
Views
System view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Specifies an interface by its type and number. The device
will use the interface's IPv6 address as the source address. For successful TFTP packet
transmission, make sure the interface is up and is configured with an IPv6 address.
ipv6 source-ipv6-address: Specifies an IPv6 address . For successful TFTP packet transmission,
make sure this address is the IPv6 address of an interface in up state on the device.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
The source address specified with the tftp ipv6 command takes precedence over the source
address specified with the tftp client ipv6 source command.
The source address specified with the tftp client ipv6 source command applies to all TFTP
connections. The source address specified with the tftp ipv6 command applies only to the TFTP
connection that is being established.
Examples
# Specify the source IPv6 address of 2000::1 for TFTP packets sent to an IPv6 TFTP server.
<Sysname> system–view
[Sysname] tftp client ipv6 source ipv6 2000::1
Related commands
tftp ipv6
tftp client source
Use tftp client source to specify the source IPv4 address for TFTP packets sent to an IPv4 TFTP
server.
Use undo tftp client source to restore the default.
Syntax
tftp client source { interface interface-type interface-number | ip source-ip-address }
undo tftp client source
Default
No source IPv4 address is specified for TFTP packets sent to an IPv4 TFTP server. The device uses
the primary IPv4 address of the output interface for the route to the server as the source address.
Views
System view
Predefined user roles
network-admin
144
Parameters
interface interface-type interface-number: Specifies an interface by its type and number. The device
will use the interface's primary IPv4 address as the source address. For successful TFTP packet
transmission, make sure the interface is up and has the primary IPv4 address configured.
ip source-ip-address: Specifies an IPv4 address. For successful TFTP packet transmission, make
sure this address is the IPv4 address of an interface in up state on the device.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
The source address specified with the tftp command takes precedence over the source address
specified with the tftp client source command.
The source address specified with the tftp client source command applies to all TFTP connections.
The source address specified with the tftp command applies only to the TFTP connection that is
being established.
Examples
# Specify the source IP address of 192.168.20.222 for TFTP packets sent to an IPv6 TFTP server..
<Sysname> system-view
[Sysname] tftp client source ip 192.168.20.222
Related commands
tftp
tftp ipv6
Use tftp ipv6 to download a file from a TFTP server or upload a file to a TFTP server in an IPv6
network.
Syntax
tftp ipv6 tftp-server [ -i interface-type interface-number ] { get | put | sget } source-filename
[ destination-filename ] [ vpn-instance vpn-instance-name ] [ dscp dscp-value | source { interface
interface-type interface-number | ipv6 source-ipv6-address } ] *
Views
User view
Predefined user roles
network-admin
Parameters
tftp-server: Specifies the IPv6 address or host name of a TFTP server. The host name can be a
case-insensitive string of 1 to 253 characters and can contain only letters, digits, hyphens (-),
underscores (_), and dots (.).
-i interface-type interface-number: Specifies an output interface by its type and number. This option
can be used only when the TFTP server address is a link local address and the specified output
interface has a link local address. For information about link local addresses, see Layer 3—IP
Services Configuration Guide.
get: Downloads a file and writes the file directly to the destination folder. If the destination folder
already has a file with the same name, the system deletes the existing file before starting the
download operation. The existing file is permanently deleted even if the download operation fails.
put: Uploads a file.
sget: Downloads a file and saves the file to memory before writing it to the destination folder. The
system starts to write the file to the destination folder only after the file is downloaded and saved to
145
memory successfully. If the destination folder already has a file using the same name, the system
overwrites the existing file. If the download or save-to-memory operation fails, the existing file in the
destination folder is not overwritten.
source-file: Specifies the source file name, a case-insensitive string of 1 to 255 characters.
destination-file: Specifies the destination file name, a case-insensitive string of 1 to 255 characters. If
this argument is not specified, the file uses the source file name.
vpn-instance vpn-instance-name: Specifies the VPN instance to which the TFTP server belongs.
The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the TFTP server
belongs to the public network, do not specify this option.
dscp dscp-value: Specifies the DSCP value for IPv6 to use in outgoing TFTP packets to indicate the
packet transmission priority. The value range is 0 to 63. The default is 0.
source { interface interface-type interface-number | ipv6 source-ipv6-address }: Specifies the
source address for outgoing TFTP packets. If you do not specify this option, the device uses the
primary IPv6 address of the route for the route to the TFTP server as the source address.
•
interface interface-type interface-number: Specifies an interface by its type and number. The
device will use the interface's IPv6 address as the source IPv6 address. For successful TFTP
packet transmission, make sure the interface is up and is configured with an IPv6 address.
•
ipv6 source-ipv6-address: Specifies an IPv6 address. For successful TFTP packet
transmission, make sure this address is the IPv6 address of an interface in up state on the
device.
Usage guidelines
The source address specified with the tftp ipv6 command takes precedence over the source
address specified with the tftp client ipv6 source command.
The source address specified with the tftp client ipv6 source command applies to all TFTP
connections. The source address specified with the tftp ipv6 command applies only to the current
TFTP connection.
Examples
# Download the new.bin file from the TFTP server at 2001::1 and save it as new.bin.
<Sysname> tftp ipv6 2001::1 get new.bin new.bin
Press CTRL+C to abort.
% Total
100 13.9M
% Received % Xferd
100 13.9M
0
0
Average Speed
Time
Dload
Total
Upload
1206k
0
0:00:11
Time
Spent
0:00:11
Time
Current
Left
Speed
--:--:-- 1206k
Writing file...Done.
For more information about the command output, see Table 18.
tftp-server acl
Use tftp-server acl to use an ACL to control the device's access to TFTP servers in an IPv4 network.
Use undo tftp-server acl to restore the default.
Syntax
tftp-server acl acl-number
undo tftp-server acl
Default
No ACL is used to control the device's access to TFTP servers.
146
Views
System view
Predefined user roles
network-admin
Parameters
acl-number: Specifies the number of a basic ACL, in the range of 2000 to 2999.
Usage guidelines
You can use an ACL to deny or permit the device's access to specific TFTP servers.
Examples
# Allow the device to access only the TFTP server at 1.1.1.1.
<Sysname> system-view
[Sysname] acl basic 2000
[Sysname-acl-ipv4-basic-2000] rule permit source 1.1.1.1 0
[Sysname-acl-ipv4-basic-2000] quit
[Sysname] tftp-server acl 2000
tftp-server ipv6 acl
Use tftp-server ipv6 acl to use an ACL to control the device's access to TFTP servers in an IPv6
network.
Use undo tftp-server ipv6 acl to restore the default.
Syntax
tftp-server ipv6 acl ipv6-acl-number
undo tftp-server ipv6 acl
Default
No ACL is used to control the device's access to TFTP servers.
Views
System view
Predefined user roles
network-admin
Parameters
ipv6-acl-number: Specifies the number of a basic ACL, in the range of 2000 to 2999.
Usage guidelines
You can use an ACL to deny or permit the device's access to specific TFTP servers.
Examples
# Allow the device to access only the TFTP server at 2001::1.
<Sysname> System-view
[Sysname] acl ipv6 basic 2001
[Sysname-acl-ipv6-basic-2001] rule permit source 2001::1/128
[Sysname-acl-ipv6-basic-2001] quit
[Sysname] tftp-server ipv6 acl 2001
147
148
File system management commands
Commands and descriptions for centralized devices apply to the following routers:
•
MSR1002-4/1003-8S.
•
MSR2003.
•
MSR2004-24/2004-48.
•
MSR3012/3024/3044/3064.
•
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A).
•
MSR958(JH300A/JH301A).
Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers.
The following matrix shows the supported storage medium types:
Hardware
Supported storage medium types
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
•
•
•
Flash memory
USB disk
TF card
MSR958(JH300A/JH301A)
•
•
•
Flash memory
USB disk
TF card
MSR1002-4/1003-8S
•
•
Flash memory
USB disk
MSR2003
•
•
Flash memory
USB disk
MSR2004-24/2004-48
•
•
Flash memory
USB disk
MSR3012/3024/3044/3064
•
•
CF card
USB disk
MSR4060/4080
•
•
CF card
USB disk
IMPORTANT:
• Before managing storage media, file systems, directories, and files, make sure you know the
possible impact.
• A file or directory whose name starts with a dot character (.) is a hidden file or directory. To
prevent the system from hiding a file or directory, make sure the file or directory name does not
start with a dot character.
• Some system files and directories are hidden. For correct system operation and full functionality,
do not modify or delete hidden files or directories.
File system names, directory names, or file names must be compliant with the naming conventions.
For more information about the naming conventions and the methods for specifying the names, see
Fundamentals Configuration Guide.
Before you use the copy, delete, fixdisk, format, gunzip, gzip, mkdir, move, rename, rmdir, or
undelete command on a USB disk, make sure the disk is not write protected.
You cannot access a file system that is being formatted or repaired. To access a file system after it is
formatted or repaired, use one of the following methods:
149
•
Use the absolute path to specify a file or directory. For example, use the dir flash:/ command to
display the files and directories in the flash: file system.
•
Use the cd command to change the working directory to the root directory of the file system
before accessing a file or directory in the file system. For example, to display the files and
directories in the root directory of the flash: file system, perform the following tasks:
a. Use the cd flash:/ command to change the working directory to the root directory of the file
system.
b. Execute the dir command.
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for
features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more
information about FIPS mode, see Security Configuration Guide.
auto-copy destination-directory
Use auto-copy destination-directory to specify the destination directory for the automatic copying
feature.
Use undo auto-copy destination-directory to restore the default.
Syntax
auto-copy destination-directory destination-directory
undo auto-copy destination-directory
Default
No destination directory is specified for the automatic copying feature.
Views
System view
Predefined user roles
network-admin
Parameters
destination-directory: Specifies the destination directory for the automatic copying feature. This
directory must reside in a file system on the device.
Usage guidelines
The automatic copying feature automatically copies files from a hot-swappable storage medium to
the device when you connect the storage medium to the device. For this feature to operate correctly,
you must specify a source directory and a destination directory for the copy operation. All files in the
source directory will be copied to the destination directory.
Examples
# Specify the root directory of the flash: file system as the destination directory for automatic copying.
<Sysname> system-view
[Sysname] auto-copy destination-directory flash:
auto-copy source-directory
Use auto-copy source-directory to specify the source directory for the automatic copying feature.
Use undo auto-copy source-directory to restore the default.
Syntax
auto-copy source-directory source-directory
150
undo auto-copy source-directory
Default
No source directory is specified for the automatic copying feature.
Views
System view
Predefined user roles
network-admin
Parameters
source-directory: Specifies the source directory for the automatic copying feature. This directory
must reside on a hot-swappable storage medium.
Usage guidelines
The automatic copying feature automatically copies files from a hot-swappable storage medium to
the device when you connect the storage medium to the device. For this feature to operate correctly,
you must specify a source directory and a destination directory for the copy operation. All files in the
source directory will be copied to the destination directory.
Examples
# Specify the root directory of usba0: as the source directory for automatic copying.
<Sysname> system-view
[Sysname] auto-copy source-directory usba0:
cd
Use cd to change the working directory.
Syntax
cd { directory | .. }
Views
User view
Predefined user roles
network-admin
Parameters
directory: Specifies the destination directory.
..: Specifies the parent directory. If the working directory is the root directory, an error message
appears when you execute the cd .. command. No online help information is available for this
keyword.
Examples
# Access the test directory after logging in to the device.
<Sysname> cd test
# Change to the parent directory.
<Sysname> cd ..
# (Centralized devices in IRF mode.) Access the root directory of a file system on a subordinate
member after you log in to the master.
<Sysname> cd slot2#flash:/
151
# (Centralized devices in IRF mode.) Change back to the root directory of a file system on the
master.
<Sysname> cd flash:/
# (Distributed devices in standalone mode.) Access the root directory of a file system on the standby
MPU and then change to the test directory of a file system on the active MPU:
1.
Display the slot number of the standby MPU.
<Sysname> display device
Slot No.
Brd Type
Brd Status
Subslot Num
Sft Ver
Patch Ver
0
MPU-100
Master
0
xx
None
1
MPU-100
Standby
0
xx
None
2
SPU-300
Normal
0
xx
None
3
NONE
Absent
0
NONE
None
The output shows that the slot number of the standby MPU is 1.
2.
Access the root directory of a file system on the standby MPU.
<Sysname> cd slot1#cfa0:/
3.
Change to the test directory in the root directory of a file system on the active MPU.
<Sysname> cd cfa0:/test
# (Distributed devices in IRF mode.) Change the working directory from the global active MPU to a
global standby MPU and then change back to the global active MPU:
4.
Display the member IDs and slot numbers of all MPUs.
<Sysname> display irf
Member
Slot
Role
2
0
Standby 20
Priority
CPU-Mac
00e0-fc0f-8c0f
2
1
Standby 20
00e0-fc0f-8c1f
*+3
5
Master
20
00e0-fc0f-8c22
3
6
Standby 20
00e0-fc0f-8c32
-------------------------------------------------* indicates the device is the master.
+ indicates the device through which the user logs in.
The Bridge MAC of the IRF is: 00e0-fc00-0a00
Auto upgrade
: yes
Mac persistent
: 6 min
The output shows that the IRF fabric has two members and four MPUs.
{
{
5.
The global active MPU resides in slot 5 of member device 3.
The global standby MPUs reside in slot 0 and slot 1 of member device 2, and slot 6 of
member device 3.
Access the test directory in the root directory of a file system on the global active MPU.
<Sysname> cd cfa0:/test
6.
Change to the root directory of a file system on a global standby MPU.
<Sysname> cd chassis2#slot1#cfa0:/
7.
Change to the root directory of a file system on the global active MPU.
<Sysname> cd cfa0:/
copy
Use copy to copy a file.
152
Syntax
In non-FIPS mode:
copy source-file { dest-file | dest-directory } [ vpn-instance vpn-instance-name ] [ source interface
interface-type interface-number ]
In FIPS mode:
copy source-file { dest-file | dest-directory }
Views
User view
Predefined user roles
network-admin
Parameters
source-file: Specifies the name or URL of the file to be copied in non-FIPS mode, and specifies the
name of the file to be copied in FIPS mode. If the file resides on an FTP or TFTP server rather than
on the device, specify the URL of the file. Whether a URL is case sensitive depends on the server.
dest-file: Specifies the name or URL for the destination file in non-FIPS mode, and specifies the
name for the destination file in FIPS mode. To copy the source file to an FTP or TFTP server, specify
a URL. Whether a URL is case sensitive depends on the server.
dest-directory: Specifies the destination directory or URL in non-FIPS mode, and specifies the
destination directory in FIPS mode. To copy the source file to an FTP or TFTP server, specify a URL.
The device copies the source file to the destination location and saves the file with its original file
name. Whether a URL is case sensitive depends on the server.
vpn-instance vpn-instance-name: Specifies the VPN instance to which the destination FTP or TFTP
server belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If
the server belongs to the public network, do not specify this option.
source interface interface-type interface-number: Specifies the source interface used to connect to
the server. After you specify the source interface, the device uses the primary IP address of the
source interface as the source IP address for outgoing packets. If you do not specify this option, the
device uses the outgoing interface as the source interface.
Usage guidelines
In FIPS mode, you can only use the copy command to copy a local file and save it locally.
In non-FIPS mode, you can use the copy command to perform the following tasks:
•
Copy a local file and save it locally.
•
Copy a local file and save it to an FTP or TFTP server.
•
Copy a file from an FTP or TFTP server and save it locally.
To specify a file or directory, use the following guidelines:
Location
Name format
Remarks
On the device
Use the file name guidelines in
Fundamentals Configuration Guide.
N/A
153
Location
On an FTP
server
Name format
Remarks
Enter the URL in the format of
ftp://FTP
username[:password]@server
address[:port number]/file path[/file
name].
The username and password must be the same
as those configured on the FTP server. If the
server authenticates users only by the
username, you are not required to enter the
password.
For example, to use the username 1 and
password 1 and specify the startup.cfg file in the
authorized working directory on the FTP server
1.1.1.1, enter ftp://1:1@1.1.1.1/startup.cfg.
To specify an IPv6 address, enclose the IPv6
address in square brackets ([ ]), for example,
ftp://test:test@[2001::1]:21/test.cfg.
On a TFTP
server
Enter the URL in the format of
tftp://server address[:port
number]/file path[/file name].
For example, to specify the startup.cfg file in the
working directory on TFTP server 1.1.1.1, enter
the URL tftp://1.1.1.1/startup.cfg.
To enter an IPv6 address, enclose the IPv6
address in square brackets ([ ]), for example,
tftp://test:test@[2001::1]:21/test.cfg.
Examples
# Copy the test.cfg file in the current directory and save it to the current directory as
testbackup.cfg.
<Sysname> copy test.cfg testbackup.cfg
Copy flash:/test.cfg to flash:/testbackup.cfg? [Y/N]:y
Copying file flash:/test.cfg to flash:/testbackup.cfg...Done.
# Copy the 1.cfg file from the flash: file system's test directory to the CF card. Save the copy to the
testbackup directory as 1backup.cfg.
<Sysname> copy flash:/test/1.cfg cfa0:/testbackup/1backup.cfg
Copy flash:/test/1.cfg to cfa0:/testbackup/1backup.cfg? [Y/N]:y
Copying file flash:/test/1.cfg to cfa0:/testbackup/1backup.cfg...Done.
# Copy test.cfg from the working directory on the FTP server 1.1.1.1. Save the copy to the local
current directory as testbackup.cfg. The FTP username is user. The password is private.
<Sysname> copy ftp://user:private@1.1.1.1/test.cfg testbackup.cfg
Copy ftp://user:private@1.1.1.1/test.cfg to flash:/testbackup.cfg? [Y/N]:y
Copying file ftp://user:private@1.1.1.1/test.cfg to flash:/testbackup.cfg... Done.
# Copy test.cfg from the current directory. Save the copy to the working directory on the FTP server
1.1.1.1 as testbackup.cfg. The FTP username is user. The password is private.
<Sysname> copy test.cfg ftp://user:private@1.1.1.1/testbackup.cfg
Copy flash:/test.cfg to ftp://user:private@1.1.1.1/testbackup.cfg? [Y/N]:y
Copying file flash:/test.cfg to ftp://user:private@1.1.1.1/testbackup.cfg... Done.
# Copy test.cfg from the working directory on the TFTP server 1.1.1.1. Save the copy to the local
current directory as testbackup.cfg.
<Sysname> copy tftp://1.1.1.1/test.cfg testbackup.cfg
Copy tftp://1.1.1.1/test.cfg to flash:/testbackup.cfg? [Y/N]:y
Copying file tftp://1.1.1.1/test.cfg to flash:/testbackup.cfg... Done.
# Copy test.cfg from the current directory. Save the copy to the working directory on the TFTP server
1.1.1.1 as testbackup.cfg.
<Sysname> copy test.cfg tftp://1.1.1.1/testbackup.cfg
Copy flash:/test.cfg to tftp://1.1.1.1/testbackup.cfg? [Y/N]:y
Copying file flash:/test.cfg to tftp://1.1.1.1/testbackup.cfg... Done.
154
# Copy test.cfg from the working directory on the FTP server 1.1.1.1. Save the copy to the local
current directory as testbackup.cfg. The FTP username is user. The password is private. The FTP
server belongs to VPN instance vpn1.
<Sysname> copy ftp://user:private@1.1.1.1/test.cfg testbackup.cfg vpn-instance vpn1
Copy ftp://user:private@1.1.1.1/test.cfg to flash:/testbackup.cfg? [Y/N]:y
Copying file ftp://user:private@1.1.1.1/test.cfg to flash:/testbackup.cfg... Done.
# Copy test.cfg from the working directory on the TFTP server 1.1.1.1. Save the copy to the local
current directory as testbackup.cfg. The TFTP server belongs to VPN instance vpn1.
<Sysname> copy tftp://1.1.1.1/test.cfg testbackup.cfg vpn-instance vpn1
Copy tftp://1.1.1.1/test.cfg to flash:/testbackup.cfg? [Y/N]:y
Copying file tftp://1.1.1.1/test.cfg to flash:/testbackup.cfg... Done.
# Copy test.cfg from the working directory on the FTP server 2001::1. Save the copy to the local
current directory as testbackup.cfg. The FTP username is user. The password is private.
<Sysname> copy ftp://user:private@[2001::1]/test.cfg testbackup.cfg
Copy ftp://user:private@[2001::1]/test.cfg to flash:/testbackup.cfg? [Y/N]:y
Copying file ftp://user:private@[2001::1]/test.cfg to flash:/testbackup.cfg... Done.
# Copy test.cfg from the working directory on the TFTP server 2001::1. Save the copy to the local
current directory as testbackup.cfg.
<Sysname> copy tftp://[2001::1]/test.cfg testbackup.cfg
Copy tftp://[2001::1]/test.cfg to flash:/testbackup.cfg? [Y/N]:y
Copying file tftp://[2001::1]/test.cfg to flash:/testbackup.cfg... Done.
# (Centralized devices in IRF mode.) Copy a configuration file of the master to the root directory of a
file system on a subordinate member.
<Sysname> copy test.cfg slot2#flash:/
Copy flash:/test.cfg to slot2#flash:/test.cfg? [Y/N]:y
Copying file flash:/test.cfg to slot2#flash:/test.cfg...Done.
# (Distributed devices in standalone mode.) Copy a configuration file of the active MPU to the root
directory of a file system on the standby MPU.
<Sysname> copy test.cfg slot1#cfa0:/
Copy flash:/test.cfg to slot1#cfa0:/test.cfg? [Y/N]:y
Copying file flash:/test.cfg to slot1#cfa0:/test.cfg...Done.
# (Distributed devices in IRF mode.) Copy a configuration file of the global active MPU to the root
directory of a file system on a global standby MPU.
<Sysname> copy test.cfg chassis1#slot1#cfa0:/
Copy flash:/test.cfg to chassis1#slot1#cfa0:/test.cfg? [Y/N]:y
Copying file flash:/test.cfg to chassis1#slot1#cfa0:/test.cfg...Done.
# (Distributed devices in IRF mode.) Copy a configuration file of one global standby MPU to the root
directory of a file system on another global standby MPU.
<Sysname> copy chassis1#slot1#flash:/test.cfg chassis2#slot1#cfa0:/
Copy chassis1#slot1#flash:/test.cfg to chassis2#slot1#cfa0:/test.cfg? [Y/N]:y
Copying file chassis1#slot1#flash:/test.cfg to chassis2#slot1#cfa0:/test.cfg...Done.
delete
Use delete to delete a file.
Syntax
delete [ /unreserved ] file
155
Views
User view
Predefined user roles
network-admin
Parameters
/unreserved: Permanently deletes the specified file. If you do not specify this keyword, the
command moves the file to the recycle bin.
file: Specifies the name of the file to be deleted. Asterisks (*) are acceptable as wildcards. For
example, to remove files with the .txt extension in the current directory, enter delete *.txt.
Usage guidelines
Use the delete /unreserved file command with caution. You cannot restore a file that was deleted
with this command.
The delete file command (without /unreserved) moves the specified file to the recycle bin unless the
file system is running out of storage space..If the file system is running out of storage space. the file
is permanently deleted.
A file moved to the recycle bin can be restored by using the undelete command.
Do not use the delete command to delete files from the recycle bin. To delete files from the recycle
bin, use the reset recycle-bin command.
If you delete two files that have the same name from different directories, both files are retained in
the recycle bin. If you successively delete two files that have the same name from the same directory,
only the most recently deleted file is retained in the recycle bin.
Examples
# (Centralized devices in standalone mode.) Remove file 1.cfg from the current directory.
<Sysname> delete 1.cfg
Delete flash:/1.cfg? [Y/N]:y
Deleting file flash:/1.cfg...Done.
# (Centralized devices in standalone mode.) Permanently delete file 1.cfg from the current directory.
<Sysname> delete /unreserved 1.cfg
The file cannot be restored. Delete flash:/1.cfg? [Y/N]:y
Deleting the file permanently will take a long time. Please wait...
Deleting file flash:/1.cfg...Done.
# (Centralized devices in IRF mode.) Remove file 1.cfg from the current directory.
<Sysname> delete 1.cfg
Delete flash:/1.cfg? [Y/N]:y
Deleting file flash:/1.cfg...Done.
# (Centralized devices in IRF mode.) Permanently delete file 1.cfg from the root directory of a file
system on the master.
<Sysname> delete /unreserved 1.cfg
The file cannot be restored. Delete flash:/1.cfg? [Y/N]:y
Deleting the file permanently will take a long time. Please wait...
Deleting file flash:/1.cfg...Done.
# (Centralized devices in IRF mode.) Remove file 1.cfg from the root directory of a file system on a
subordinate member.
•
Method 1:
<Sysname> delete slot2#flash:/1.cfg
156
Delete slot2#flash:/1.cfg? [Y/N]:y
Deleting file delete slot2#flash:/1.cfg...Done.
•
Method 2:
<Sysname> cd slot2#flash:/
<Sysname> delete 1.cfg
Delete slot2#flash:/1.cfg? [Y/N]:y
Deleting file slot2#flash:/1.cfg...Done.
# (Distributed devices in standalone mode.) Remove file 1.cfg from the root directory of a file system
on the active MPU.
<Sysname> delete 1.cfg
Delete cfa0:/1.cfg? [Y/N]:y
Deleting file cfa0:/1.cfg...Done.
# (Distributed devices in standalone mode.) Permanently delete file 1.cfg from the root directory of a
file system on the active MPU.
<Sysname> delete /unreserved 1.cfg
The file cannot be restored. Delete cfa0:/1.cfg? [Y/N]:y
Deleting the file permanently will take a long time. Please wait...
Deleting file cfa0:/1.cfg...Done.
# (Distributed devices in standalone mode.) Remove file 1.cfg from the root directory of a file system
on the standby MPU (in slot 1).
•
Method 1:
<Sysname> delete slot1#cfa0:/1.cfg
Delete slot1#cfa0:/1.cfg? [Y/N]:y
Deleting file slot1#cfa0:/1.cfg...Done.
•
Method 2:
<Sysname> cd slot1#cfa0:/
<Sysname> delete 1.cfg
Delete slot1#cfa0:/1.cfg? [Y/N]:y
Deleting file slot1#cfa0:/1.cfg...Done.
# (Distributed devices in IRF mode.) Remove file 1.cfg from the root directory of a file system on the
global active MPU.
<Sysname> delete 1.cfg
Delete cfa0:/1.cfg? [Y/N]:y
Deleting file cfa0:/1.cfg...Done.
# (Distributed devices in IRF mode.) Permanently delete file 1.cfg from the root directory of a file
system on the global active MPU.
<Sysname> delete /unreserved 1.cfg
The file cannot be restored. Delete cfa0:/1.cfg? [Y/N]:y
Deleting the file permanently will take a long time. Please wait...
Deleting file cfa0:/1.cfg...Done.
# (Distributed devices in IRF mode.) Remove file 1.cfg from the root directory of a file system on a
global standby MPU.
•
Method 1:
<Sysname> delete chassis1#slot1#cfa0:/1.cfg
Delete chassis1#slot1#cfa0:/1.cfg? [Y/N]:y
Deleting file chassis1#slot1#cfa0:/1.cfg...Done.
•
Method 2:
157
<Sysname> cd chassis1#slot1#cfa0:/
<Sysname> delete 1.cfg
Delete chassis1#slot1#cfa0:/1.cfg? [Y/N]:y
Deleting file chassis1#slot1#cfa0:/1.cfg...Done.
Related commands
reset recycle-bin
undelete
dir
Use dir to display files or directories.
Syntax
dir [ /all ] [ file | directory | /all-filesystems ]
Views
User view
Predefined user roles
network-admin
Parameters
/all: Displays all files and directories in the current directory, visible or hidden. If you do not specify
this option, only visible files and directories are displayed.
file: Displays a specific file. This argument can use the asterisk (*) as a wildcard. For example, to
display files with the .txt extension in the current directory, enter dir *.txt.
directory: Displays a specific directory.
/all-filesystems: Displays files and directories in the root directories of all file systems on the device.
Usage guidelines
If no option is specified, the command displays all visible files and directories in the current directory.
The directory name of the recycle bin is .trash. To display files in the recycle bin, use either of the
following methods:
•
Execute the dir /all .trash command.
•
Execute the cd .trash command and then the dir command.
Examples
# (Centralized devices in standalone mode.) Display information about all files and directories in the
current directory.
<Sysname> dir /all
Directory of flash:/
...
# (Centralized devices in standalone mode.) Display files and directories in the root directories of all
file systems on the device.
<Sysname> dir /all-filesystems
Directory of flash:/
...
Directory of cfa0:/
...
158
# (Centralized devices in IRF mode.) Display information about all files and directories in the flash:
file system on the master.
<Sysname> dir /all
Directory of flash:/
...
# (Centralized devices in IRF mode.) Display files and directories in the root directories of all file
systems in the IRF fabric.
<Sysname> dir /all-filesystems
Directory of flash:/
...
Directory of slot1#flash:/
...
# (Centralized devices in IRF mode.) Display information about all files and directories in the flash:
file system of the subordinate member with the member ID 2.
<Sysname> cd slot2#flash:/
<Sysname> dir /all
Directory of slot2#flash:/
...
# (Distributed devices in standalone mode.) Display information about all files and directories in the
current directory.
<Sysname> dir /all
Directory of cfa0:/
...
# (Distributed devices in standalone mode.) Display files and directories in the root directories of all
file systems on the device.
<Sysname> dir /all-filesystems
Directory of cfa0:/
...
Directory of cfa0:/
...
Directory of slot7#cfa0:/
...
Directory of slot7#cfa0:/
...
# (Distributed devices in standalone mode.) Display information about all files and directories in a file
system of the standby MPU (in slot 1).
<Sysname> cd slot1#cfa0:/
<Sysname> dir /all
Directory of slot1#cfa0:/
...
# (Distributed devices in IRF mode.) Display information about all files and directories in a file system
of the global active MPU.
<Sysname> dir /all
Directory of cfa0:/
...
# (Distributed devices in IRF mode.) Display files and directories in the root directories of all file
systems in the IRF fabric.
159
<Sysname> dir /all-filesystems
Directory of cfa0:/
...
Directory of chassis1#slot1#cfa0:/
...
# (Distributed devices in IRF mode.) Display information about all files and directories in a file system
of a global standby MPU.
•
Method 1:
<Sysname> dir /all chassis1#slot1#cfa0:/
Directory of chassis1#slot1#cfa0:/
...
•
Method 2:
<Sysname> cd chassis1#slot1#cfa0:/
<Sysname> dir /all
Directory of chassis1#slot1#cfa0:/
...
Table 19 Command output
Field
Description
Directory of
Current directory.
0 -rwh
3144 Apr 26
2014 13:45:28 xx.xx
File or directory information:
•
0—File or directory number, which is automatically allocated by the
system.
•
-rwh—Attributes of the file or directory. The first character is the
directory indicator (d for directory and – for file). The second character
indicates whether the file or directory is readable (r for readable). The
third character indicates whether the file or directory is writable (w for
writable). The fourth character indicates whether the file or directory is
hidden (h for hidden, - for visible). Modifying, renaming, or deleting
hidden files might affect functions.
•
3144—File size in bytes. For a directory, a hyphen (-) is displayed.
•
Apr 26 2014 13:45:28—Last date and time when the file or directory
was modified.
•
xx.xx—File or directory name.
file prompt
Use file prompt to set the operation mode for files and directories.
Use undo file prompt to restore the default.
Syntax
file prompt { alert | quiet }
undo file prompt
Default
The operation mode is alert. The system prompts for confirmation when you perform a destructive
file or directory operation.
Views
System view
160
Predefined user roles
network-admin
Parameters
alert: Prompts for confirmation when a destructive file or directory operation is being performed.
quiet: Gives no confirmation prompt for file or directory operations.
Usage guidelines
In quiet mode, the system does not prompt for confirmation when a user performs a file or directory
operation. The alert mode provides an opportunity to cancel a disruptive operation.
Examples
# Set the file and directory operation mode to alert.
<Sysname> system-view
[Sysname] file prompt alert
fixdisk
Use fixdisk to check a file system for damage and repair any damage.
Syntax
fixdisk filesystem
Views
User view
Predefined user roles
network-admin
Parameters
filesystem: Specifies the name of a file system.
Usage guidelines
Use this command to fix a file system when space in the file system cannot be used or released.
You can repair a file system only when no other users are accessing the file system.
Examples
# Repair the flash: file system.
<Sysname> fixdisk flash:
Restoring flash: may take some time...
Restoring flash:...Done.
format
Use format to format a file system.
Syntax
format filesystem
Views
User view
161
Predefined user roles
network-admin
Parameters
filesystem: Specifies the name of a file system.
Usage guidelines
Formatting a file system permanently deletes all files in the file system. If a startup configuration file
exists in the file system, back it up if necessary.
You can format a file system only when no other users are accessing the medium.
Examples
# Format the flash: file system.
<Sysname> format flash:
All data on flash: will be lost, continue? [Y/N]:y
Formatting flash:... Done.
gunzip
Use gunzip to decompress a file.
Syntax
gunzip file
Views
User view
Predefined user roles
network-admin
Parameters
file: Specifies the name of the file to be decompressed. This argument must have .gz as the
extension.
Usage guidelines
This command deletes the specified file after decompressing it.
Examples
# Decompress file system.bin.gz:
1.
Before decompressing the file, you can display files whose names start with the system. string.
<Sysname> dir system.*
Directory of flash:
1 -rw-
20 Jun 14 2012 10:18:53
system.bin.gz
472972 KB total (472840 KB free)
2.
Decompress file system.bin.gz.
<Sysname> gunzip system.bin.gz
Decompressing file flash:/system.bin.gz..... Done.
3.
Verify the decompress operation.
<Sysname> dir system.*
Directory of flash:
162
1 -rw-
0 May 30 2012 11:42:25
system.bin
472972 KB total (472844 KB free)
gzip
Use gzip to compress a file.
Syntax
gzip file
Views
User view
Predefined user roles
network-admin
Parameters
file: Specifies the name of the file to be compressed. The compressed file will be saved to the file.gz
file.
Usage guidelines
This command deletes the specified file after compressing it.
Examples
# Compress file system.bin:
1.
Before compressing the file, you can display files whose names start with the system. string.
<Sysname> dir system.*
Directory of flash:
1 -rw-
0 May 30 2012 11:42:24
system.bin
472972 KB total (472844 KB free)
2.
Compress file system.bin.
<Sysname> gzip system.bin
Compressing file flash:/system.bin..... Done.
3.
Verify the compress operation.
<Sysname> dir system.*
Directory of flash:
1 -rw-
20 Jun 14 2012 10:18:53
system.bin.gz
472972 KB total (472840 KB free)
md5sum
Use md5sum to use the MD5 algorithm to calculate the digest of a file.
Syntax
md5sum file
163
Views
User view
Predefined user roles
network-admin
network-operator
Parameters
file: Specifies the name of a file.
Usage guidelines
You can use file digests to verify file integrity.
Examples
# Use the MD5 algorithm to calculate the digest of file system.bin.
<Sysname> md5sum system.bin
MD5 digest:
4f22b6190d151a167105df61c35f0917
mkdir
Use mkdir to create a directory.
Syntax
mkdir directory
Views
User view
Predefined user roles
network-admin
Parameters
directory: Specifies a directory.
Usage guidelines
The name of the directory to be created must be unique in the parent directory.
You can create a directory only in an existing directory. For example, to create the flash:/test/mytest
directory, make sure the test directory already exists.
Examples
# Create the test directory in the current directory.
<Sysname> mkdir test
Creating directory flash:/test... Done.
# Create the test/subtest directory in the current directory.
<Sysname> mkdir test/subtest
Creating directory flash:/test/subtest... Done.
# (Centralized devices in IRF mode.) Create the test directory in the root directory of the flash: file
system on a subordinate member.
<Sysname> mkdir slot2#flash:/test
Creating directory slot2#flash:/test... Done.
164
# (Distributed devices in standalone mode.) Create the test directory in the root directory of a file
system on the standby MPU (in slot 1).
<Sysname> mkdir slot1#cfa0:/test
Creating directory slot1#cfa0:/test... Done.
# (Distributed devices in IRF mode.) Create the test directory in the root directory of a file system on
the global active MPU.
<Sysname> mkdir test
Creating directory cfa0:/test... Done.
# (Distributed devices in IRF mode.) Create the test directory in the root directory of a file system on
a global standby MPU.
<Sysname> mkdir chassis2#slot1#cfa0:/test
Creating directory chassis2#slot1#cfa0:/test... Done.
more
Use more to display the contents of a text file.
Syntax
more file
Views
User view
Predefined user roles
network-admin
Parameters
file: Specifies the name of a file.
Examples
# Display the contents of the test.txt file.
<Sysname> more test.txt
Have a nice day.
# Display the contents of the testcfg.cfg file.
<Sysname> more testcfg.cfg
#
version 7.20, Beta 1201, Standard
#
sysname Sysname
#
vlan 2
#
return
<Sysname>
# (Centralized devices in IRF mode.) Display the contents of the testcfg.cfg file on a subordinate
member.
<Sysname> more slot2#flash:/testcfg.cfg
#
version 7.20, Release 0000
165
#
sysname Test
#
---- More ----
# (Distributed devices in standalone mode.) Display the contents of the testcfg.cfg file on the
standby MPU (in slot 1).
<Sysname> more slot1#cfa0:/testcfg.cfg
#
version 7.20, Release 0000
#
sysname Test
#
---- More ----
# (Distributed devices in IRF mode.) Display the contents of the testcfg.cfg file on the global active
MPU.
<Sysname> more testcfg.cfg
#
version 7.20, Release 0000
#
sysname Sysname
#
---- More ----
# (Distributed devices in IRF mode.) Display the contents of the testcfg.cfg file on a global standby
MPU.
<Sysname> more chassis2#slot1#cfa0:/testcfg.cfg
#
version 7.20, Release 0000
#
sysname Sysname
#
---- More ----
mount
Use mount to mount a file system.
Syntax
mount filesystem
Views
User view
Predefined user roles
network-admin
Parameters
filesystem: Specifies the name of a file system.
166
Usage guidelines
Generally, file systems on hot-swappable storage media are automatically mounted when the
storage media are connected to the device. If the system cannot recognize a file system, however,
you must mount the file system before you can access it.
To avoid file system corruption, do not perform the following tasks while the system is mounting a file
system:
•
Install or remove storage media.
•
Install or remove cards. (Distributed devices in standalone or IRF mode.)
•
Perform an active/standby switchover. (Distributed devices in standalone mode.)
•
Perform a switchover between the global active MPU and a global standby MPU. (Distributed
devices in IRF mode.)
•
Perform a master/subordinate switchover. (Centralized devices in IRF mode.)
Examples
# (Centralized devices in standalone mode.) Mount the file system on the CF card.
<Sysname> mount cfa0:
# (Centralized devices in IRF mode.) Mount the file system on the CF card of the master.
<Sysname> mount cfa0:
# (Centralized devices in IRF mode.) Mount the file system on the CF card of a subordinate member.
<Sysname> mount slot2#cfa0:
# (Distributed devices in standalone mode.) Mount the file system on the CF card of the active MPU.
<Sysname> mount cfa0:
# (Distributed devices in standalone mode.) Mount the file system on the CF card of the standby
MPU (in slot 1).
<Sysname> mount slot1#cfa0:
# (Distributed devices in IRF mode.) Mount the file system on the CF card of the global active MPU.
<Sysname> mount cfa0:
# (Distributed devices in IRF mode.) Mount the file system on the CF card of a global standby MPU.
<Sysname> mount chassis2#slot1#cfa0:
Related commands
umount
move
Use move to move a file.
Syntax
move source-file { dest-file | dest-directory }
Views
User view
Predefined user roles
network-admin
Parameters
source-file: Specifies the name of the source file.
dest-file: Specifies the name of the destination file.
167
dest-directory: Specifies the name of the destination directory.
Usage guidelines
If you specify a destination directory, the system moves the source file to the specified directory
without changing the file name.
Examples
# Move the flash:/test/sample.txt file to flash:/, and save it as 1.txt.
<Sysname> move test/sample.txt 1.txt
Move flash:/test/sample.txt to flash:/1.txt? [Y/N]:y
Moving file flash:/test/sample.txt to flash:/1.txt ...Done.
# Move the b.cfg file to directory test2.
<Sysname> move b.cfg test2
Move flash:/b.cfg to flash:/test2/b.cfg? [Y/N]:y
Moving file flash:/b.cfg to flash:/test2/b.cfg... Done.
pwd
Use pwd to display the working directory.
Syntax
pwd
Views
User view
Predefined user roles
network-admin
Examples
# Display the working directory.
<Sysname> pwd
flash:
rename
Use rename to rename a file or directory.
Syntax
rename { source-file | source-directory } { dest-file | dest-directory }
Views
User view
Predefined user roles
network-admin
Parameters
source-file: Specifies the name of the source file.
source-directory: Specifies the name of the source directory.
dest-file: Specifies the name of the destination file.
dest-directory: Specifies the name of the destination directory.
168
Usage guidelines
This command is not executed if the destination file or directory name is already used by an existing
file or directory in the working directory.
Examples
# Rename the copy.cfg file as test.cfg.
<Sysname> rename copy.cfg test.cfg
Rename flash:/copy.cfg as flash:/test.cfg? [Y/N]:y
Renaming flash:/copy.cfg as flash:/test.cfg... Done.
reset recycle-bin
Use reset recycle-bin to delete files from the recycle bin.
Syntax
reset recycle-bin [ /force ]
Views
User view
Predefined user roles
network-admin
Parameters
/force: Deletes all files in the recycle bin without prompting for confirmation. If you do not specify this
option, the command prompts you to confirm the deletion operation for each file.
Usage guidelines
The delete file command only moves a file to the recycle bin. To permanently delete the file, use the
reset recycle-bin command to delete the file from the recycle bin.
Examples
# Empty the recycle bin. (In this example there are two files in the recycle bin.)
<Sysname> reset recycle-bin
Clear flash:/a.cfg? [Y/N]:y
Clearing file flash:/a.cfg... Done.
Clear flash:/b.cfg? [Y/N]:y
Clearing file flash:/b.cfg... Done.
# Delete the b.cfg file from the recycle bin. (In this example there are two files in the recycle bin.)
<Sysname> reset recycle-bin
Clear flash:/a.cfg? [Y/N]:n
Clear flash:/b.cfg? [Y/N]:y
Clearing file flash:/b.cfg... Done.
Related commands
delete
rmdir
Use rmdir to delete a directory.
Syntax
rmdir directory
169
Views
User view
Predefined user roles
network-admin
Parameters
directory: Specifies a directory.
Usage guidelines
To delete a directory, you must delete all files and subdirectories in the directory permanently or
move them to the recycle bin. If you move them to the recycle bin, executing the rmdir command
permanently deletes them.
Examples
# Delete the subtest directory.
<Sysname>rmdir subtest/
Remove directory flash:/test/subtest and the files in the recycle-bin under this directory
will be deleted permanently. Continue? [Y/N]:y
Removing directory flash:/test/subtest... Done.
sha256sum
Use sha256sum to use the SHA-256 algorithm to calculate the digest of a file.
Syntax
sha256sum file
Views
User view
Predefined user roles
network-admin
Parameters
file: Specifies the name of a file.
Usage guidelines
You can use file digests to verify file integrity.
Examples
# Use the SHA-256 algorithm to calculate the digest of file system.bin.
<Sysname> sha256sum system.bin
SHA256 digest:
0851e0139f2770e87d01ee8c2995ca9e59a8f5f4062e99af14b141b1a36ca152
tar create
Use tar create to archive files and directories.
Syntax
tar create [ gz ] archive-file dest-file [ verbose ] source { source-file | source-directory }&<1-5>
170
Views
User view
Predefined user roles
network-admin
Parameters
gz: Uses gzip to compress the files and directories before archiving them. If you do not specify this
keyword, the command archives the files and directories without compressing them.
archive-file dest-file: Specifies the archive file name. If you specified the gz keyword, the suffix of
the archive file name must be .tar.gz. If you did not specify the gz keyword, the suffix of the archive
file name must be .tar.
verbose: Displays the names of the successfully archived files and directories. If you do not specify
this keyword, the command does not display the names of the successfully archived files and
directories.
source { source-file | source-directory }&<1-5>: Specifies the files and directories to be archived.
The argument can be a space-separated list of up to five items. Each item can be a file or directory
name.
Examples
# Archive files 1.cfg, 2.cfg, and directory test to file a.tar.
<Sysname> tar create archive-file a.tar source 1.cfg 2.cfg test
Creating archive flash:/a.tar Done.
# Compress and archive files 1.cfg, 2.cfg, and directory test to b.tar.gz.
<Sysname> tar create gz archive-file b.tar.gz source 1.cfg 2.cfg test
Creating archive flash:/b.tar.gz Done.
# Compress and archive files and directories, and display the successfully archived files and
directories.
<Sysname> tar create gz archive-file c.tar.gz verbose source 1.cfg 2.cfg test
1.cfg
2.cfg
test/
test/a.log
test/subtest/
test/subtest/aa.log
Related commands
tar extract
tar list
tar extract
Use tar extract to extract files and directories.
Syntax
tar extract archive-file file [ verbose ] [ screen | to directory ]
Views
User view
171
Predefined user roles
network-admin
Parameters
archive-file file: Specifies the archive file name. The suffix can be .tar or .tar.gz.
verbose: Displays the names of the successfully extracted files and directories.
screen: Displays the content of the extracted files and directories on the screen. The extracted files
are not saved.
to directory: Saves the extracted files and directories to a different directory. The directory argument
specifies the directory.
Usage guidelines
If you do not specify the screen keyword or the to directory option, the command saves the
extracted files and directories to the working directory.
The command saves the extracted files and directories by using their original names. If a file or
directory that has the same name as an extracted file or directory already exists in the destination
directory, the file or directory is overwritten.
Examples
# Extract files and directories from archive file a.tar.
<Sysname> tar extract archive-file a.tar
Extracting archive flash:/a.tar Done.
# Extract files and directories from archive file a.tar, and display the names of the successfully
extracted files and directories.
<Sysname> tar extract archive-file b.tar.gz verbose
1.cfg
2.cfg
test/
test/a.log
test/subtest/
test/subtest/aa.log
# Extract files and directories from archive file a.tar, and display the content of the files on the
screen.
<Sysname> tar extract archive-file c.tar.gz screen
#
version 7.1.055, Demo 2501008
#
sysname Sysname
#
...
Related commands
tar create
tar list
tar list
Use tar list to display the names of archived files and directories.
172
Syntax
tar list archive-file file
Views
User view
Predefined user roles
network-admin
Parameters
archive-file file: Specifies the archive file name. The suffix can be .tar or .tar.gz.
Examples
# Display the names of archived files and directories.
<Sysname> tar list archive-file a.tar
1.cfg
2.cfg
test/
test/a.log
test/subtest/
test/subtest/aa.log
Related commands
tar create
tar extract
umount
Use umount to unmount a file system.
Syntax
umount filesystem
Views
User view
Predefined user roles
network-admin
Parameters
filesystem: Specifies the name of a file system.
Usage guidelines
File systems on storage media are automatically mounted when storage media are connected to the
device. To remove a hot-swappable storage medium from the device, you must first unmount the file
system on the storage medium to disconnect the medium from the device. Removing a connected
hot-swappable storage medium might damage files on the storage medium or even the storage
medium.
You can unmount a file system only when no other users are accessing the file system.
To avoid file system corruption, do not perform the following tasks while the system is unmounting a
file system:
•
Install or remove storage media.
•
Install or remove cards. (Distributed devices in IRF or standalone mode.)
173
•
Perform an active/standby switchover. (Distributed devices in standalone mode.)
•
Perform a switchover between the global active MPU and a global standby MPU. (Distributed
devices in IRF mode.)
•
Perform a master/subordinate switchover. (Centralized devices in IRF mode.)
Examples
# (Centralized devices in standalone mode.) Unmount the file system on the CF card.
<Sysname> umount cfa0:
# (Centralized devices in IRF mode.) Unmount the file system on the CF card of the master.
<Sysname> umount cfa0:
# (Centralized devices in IRF mode.) Unmount the file system on the CF card of a subordinate
member.
<Sysname> umount slot2#cfa0:
# (Distributed devices in standalone mode.) Unmount the file system on the CF card of the active
MPU.
<Sysname> umount cfa0:
# (Distributed devices in standalone mode.) Unmount the file system on the CF card of the standby
MPU (in slot 5).
<Sysname> umount slot5#cfa0:
# (Distributed devices in IRF mode.) Unmount the file system on the CF card of the global active
MPU.
<Sysname> umount cfa0:
# (Distributed devices in IRF mode.) Unmount the file system on the CF card of a global standby
MPU.
<Sysname> umount chassis2#slot5#cfa0:
Related commands
mount
undelete
Use undelete to restore a file from the recycle bin.
Syntax
undelete file
Views
User view
Predefined user roles
network-admin
Parameters
file: Specifies the name of the file to be restored.
Usage guidelines
If a file with the same name already exists in the directory, the system prompts whether or not you
want to overwrite the existing file. If you enter Y, the existing file is overwritten. If you enter N, the
command is not executed.
174
Examples
# Restore the copy.cfg file, which was moved from the root directory of the flash: file system to the
recycle bin.
<Sysname>undelete copy.cfg
Undelete flash:/copy.cfg? [Y/N]:y
Undeleting file flash:/copy.cfg... Done.
# Restore the startup.cfg file, which was moved from the flash:/seclog directory to the recycle bin.
•
Method 1:
<Sysname>undelete seclog/startup.cfg
Undelete flash:/seclog/startup.cfg? [Y/N]:y
Undeleting file flash:/seclog/startup.cfg... Done.
<Sysname>
•
Method 2:
<Sysname> cd seclog
<Sysname> undelete startup.cfg
Undelete flash:/seclog/startup.cfg? [Y/N]:y
Undeleting file flash:/seclog/startup.cfg... Done.
175
Configuration file management
commands
Commands and descriptions for centralized devices apply to the following routers:
•
MSR1002-4/1003-8S.
•
MSR2003.
•
MSR2004-24/2004-48.
•
MSR3012/3024/3044/3064.
•
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A).
•
MSR958(JH300A/JH301A).
Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers.
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for
features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more
information about FIPS mode, see Security Configuration Guide.
archive configuration
Use archive configuration to manually archive the running configuration to the configuration
archive directory.
Syntax
archive configuration
Views
User view
Predefined user roles
network-admin
Usage guidelines
Before manually archiving the running configuration, you must use the archive configuration
location command to specify a directory and a name prefix for the configuration archives.
Configuration archive facilitates configuration rollback. It provides manual and automatic methods
for saving the running configuration as checkpoint references. For more information about the
archiving mechanism, see the section about configuration rollback in Fundamentals Configuration
Guide.
Examples
# Archive the running configuration.
<Sysname> archive configuration
Save the running configuration to an archive file. Continue? [Y/N]: Y
The archive configuration file myarchive_1.cfg is saved.
Related commands
archive configuration interval
archive configuration location
archive configuration max
display archive configuration
176
archive configuration interval
Use archive configuration interval to enable automatic running-configuration archiving and set the
archiving interval.
Use undo archive configuration interval to disable automatic running-configuration archiving.
Syntax
archive configuration interval interval
undo archive configuration interval
Default
The automatic running-configuration archiving feature is disabled.
Views
System view
Predefined user roles
network-admin
Parameters
interval: Specifies the interval for automatically saving the running configuration. The value range is
10 to 525600, in minutes.
Usage guidelines
Before enabling automatic configuration archiving, use the archive configuration location
command to specify the configuration archive directory and archive file name prefix.
Configuration archive is a feature that facilitates configuration rollback. It provides manual and
automatic methods for saving the running configuration.
Automatic configuration archiving enables the system to periodically save the running configuration
to the archive directory automatically. After the system finishes an automatic archive, it resets the
archiving interval timer. For more information about the archiving mechanism, see the section about
configuration rollback in Fundamentals Configuration Guide.
Change the archiving interval depending on the available storage space. The shorter the interval, the
more free storage space is required.
Examples
# Set the system to archive the running configuration every 60 minutes.
<Sysname> system-view
[Sysname] archive configuration interval 60
Archive files will be saved every 60 minutes.
Related commands
archive configuration
archive configuration location
archive configuration max
display archive configuration
archive configuration location
Use archive configuration location to set the directory and file name prefix for archiving the
running configuration.
177
Use undo archive configuration location to restore the default.
Syntax
archive configuration location directory filename-prefix filename-prefix
undo archive configuration location
Default
No configuration archive directory or configuration archive file name prefix is set.
Views
System view
Predefined user roles
network-admin
Parameters
directory: Specifies the name of a configuration archive directory, a case-insensitive string of 1 to 63
characters. The value for this argument must take the format storage-medium-name:/folder-name.
The directory must already exist on the active MPU. (Distributed devices in standalone mode.)
directory: Specifies the name of a configuration archive directory, a case-insensitive string of 1 to 63
characters. The value for this argument must take the format storage-medium-name:/folder-name.
The directory must already exist on the global active MPU. (Distributed devices in IRF mode.)
directory: Specifies the name of a configuration archive directory, a case-insensitive string of 1 to 63
characters. The value for this argument must take the format storage-medium-name:/folder-name.
The directory must already exist on the master. (Centralized devices in IRF mode.)
filename-prefix: Specifies a file name prefix for configuration archives, a case-insensitive string of 1
to 30 characters. Valid characters are letters, digits, underscores (_), and hyphens (-).
Usage guidelines
Before archiving the running configuration, either manually or automatically, you must set a directory
and file name prefix for configuration archives. When you create the configuration archive directory,
follow these restrictions and guidelines:
•
(Distributed devices in standalone or IRF mode.) In standalone mode, the configuration archive
feature saves the running configuration only on the active MPU. In IRF mode, the feature saves
the running configuration only on the global active MPU. To make sure the system can archive
running configuration after an active/standby or master/subordinate switchover, create the
configuration archive directory on all MPUs.
•
(Centralized devices in IRF mode.) In an IRF fabric, the configuration archive feature saves the
running configuration only on the master device. To make sure the system can archive the
running configuration after a master/subordinate switchover, create the directory on all IRF
members.
Configuration archives take the file name format prefix_serial number.cfg, for example,
20080620archive_1.cfg and 20080620archive_2.cfg. The serial number is automatically assigned
from 1 to 1000, increasing by 1. After the serial number reaches 1000, it restarts from 1.
After you change the file directory or file name prefix, or reboot the device, all of the following events
occur:
•
The old configuration archives are regarded as common configuration files.
•
The configuration archive counter is reset.
•
The display archive configuration command no longer displays the old configuration
archives.
•
The serial number for new configuration archives starts at 1.
178
The undo archive configuration location command removes the configuration archive directory
and file name prefix settings. The command also performs the following operations:
•
Disables the configuration archive feature (both manual and automatic methods).
•
Restores the default settings of the archive configuration interval and archive
configuration max commands.
•
Clears the configuration archive information displayed by using the display archive
configuration command.
Examples
# Set the configuration archive directory as flash:/archive and the archive file name prefix as
my_archive.
<Sysname> mkdir flash:/archive
Creating directory flash:/archive... Done.
<Sysname> system-view
[Sysname] archive configuration location flash:/archive filename-prefix my_archive
Related commands
archive configuration
archive configuration location
archive configuration max
display archive configuration
archive configuration max
Use archive configuration max to set the maximum number of configuration archives.
Use undo archive configuration max to restore the default.
Syntax
archive configuration max file-number
undo archive configuration max
Default
The maximum number is 5.
Views
System view
Predefined user roles
network-admin
Parameters
file-number: Specifies the maximum number of configuration archives that can be saved. The value
range is 1 to 10. Adjust the setting depending on the amount of storage space available.
Usage guidelines
Before you can set a limit on configuration archives, use the archive configuration location
command to specify a configuration archive directory and archive file name prefix.
After the maximum number of configuration archives is reached, the system deletes the oldest
archive for the new archive.
Changing the limit setting to a lower value does not cause immediate deletion of excess archives.
Instead, the configuration archive feature deletes the oldest n files when a new archive is manually or
automatically saved, where n = current archive count – new archive limit + 1. For example, seven
179
configuration archives have been saved before the archive limit is set to four. When saving a new
configuration archive, the system first deletes the oldest four (7 – 4 + 1) archives.
If you execute the undo archive configuration location command, the default archive limit is
restored.
Examples
# Set the maximum number of configuration archives to 10.
<Sysname> system-view
[Sysname] archive configuration max 10
Related commands
archive configuration
archive configuration location
archive configuration interval
display archive configuration
backup startup-configuration
Use backup startup-configuration to back up the main next-startup configuration file to a TFTP
server.
Syntax
backup startup-configuration to { ipv4-server | ipv6 ipv6-server } [ dest-filename ] [ vpn-instance
vpn-instance-name ]
Views
User view
Predefined user roles
network-admin
Parameters
ipv4-server: Specifies a TFTP server by its IPv4 address or host name. The host name is a
case-insensitive string of 1 to 253 characters. Valid characters include letters, digits, hyphens (-),
underscores (_), and dots (.).
ipv6 ipv6-server: Specifies a TFTP server by its IPv6 address or host name. The host name is a
case-insensitive string of 1 to 253 characters. Valid characters include letters, digits, hyphens (-),
underscores (_), and dots (.).
dest-filename: Specifies the target file name used for saving the file on the server. The file name
must use the .cfg extension. If you do not specify a target file name, the source file name is used.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a
case-sensitive string of 1 to 31 characters. If you do not specify an MPLS L3VPN instance, this
command backs up the main next-startup configuration file to a TFTP server in the public network.
Usage guidelines
This command is not supported in FIPS mode.
Examples
# Back up the main next-startup configuration file to the IPv4 TFTP server at 2.2.2.2 in the public
network, and set the target file name to 192-168-1-26.cfg.
<Sysname> backup startup-configuration to 2.2.2.2 192-168-1-26.cfg
Backup next startup-configuration file to 2.2.2.2, please wait…finished.
180
# Back up the main next-startup configuration file to the IPv4 TFTP server at 2.2.2.2 in the MPLS
L3VPN instance VPN1, and set the target file name to 192-168-1-26.cfg.
<Sysname> backup startup-configuration to 2.2.2.2 192-168-1-26.cfg vpn-instance VPN1
Backup next startup-configuration file to 2.2.2.2, please wait…finished.
# Back up the main next-startup configuration file to the IPv6 TFTP server at 2001::2 in the public
network, and set the target file name to 192-168-1-26.cfg.
<Sysname> backup startup-configuration to ipv6 2001::2 192-168-1-26.cfg
Backup next startup-configuration file to 2001::2, please wait…finished.
Related commands
restore startup-configuration
configuration encrypt
Use configuration encrypt to enable configuration encryption.
Use undo configuration encrypt to disable configuration encryption.
Syntax
configuration encrypt { private-key | public-key }
undo configuration encrypt
Default
Configuration encryption is disabled. The running configuration is saved to a configuration file
without encryption.
Views
System view
Predefined user roles
network-admin
Parameters
private-key: Encrypts configuration with a private key. All Hewlett Packard Enterprise devices
running Comware 7 software use the same private key.
public-key: Encrypts configuration with a public key. All Hewlett Packard Enterprise devices running
Comware 7 software use the same public key.
Usage guidelines
Configuration encryption enables the device to automatically encrypt a configuration file when saving
the running configuration to the file.
Only Hewlett Packard Enterprise devices running Comware 7 software can decrypt the encrypted
configuration file.
Examples
# Enable the public-key method for configuration encryption.
<Sysname> system-view
[Sysname] configuration encrypt public-key
configuration replace file
Use configuration replace file to perform configuration rollback.
181
Syntax
configuration replace file filename
Views
System view
Predefined user roles
network-admin
Parameters
filename: Specifies the name of the replacement configuration file suffixed with the .cfg extension for
configuration rollback. Excluding the .cfg extension, the file name is a case-insensitive string of 1 to
255 characters and can include path information. Valid characters include letters, digits, hyphens (-),
underscores (_), and dots (.). If the file path includes a folder name, the folder must already exist.
Usage guidelines
To replace the running configuration with the configuration in a configuration file without rebooting
the device, use the configuration rollback feature. This feature helps you revert to a previous
configuration state or adapt the running configuration to different network environments.
To ensure a successful rollback, follow these guidelines:
•
Make sure the replacement configuration file is created by using the configuration archive
feature or the save command on the device.
•
If the configuration file is not created on the device, make sure the command lines in the
configuration file are fully compatible with the device.
•
Make sure the replacement configuration file is not encrypted.
Examples
# Replace the running configuration with the configuration in the my_archive_1.cfg configuration
file.
<Sysname> system-view
[Sysname] configuration replace file my_archive_1.cfg
Current configuration will be lost, save current configuration? [Y/N]:n
Now replacing the current configuration. Please wait...
Succeeded in replacing current configuration with the file my_archive_1.cfg.
display archive configuration
Use display archive configuration to display configuration archive information.
Syntax
display archive configuration
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display configuration archive information.
<Sysname> display archive configuration
Location: flash:/archive
182
Filename prefix: my_archive
Archive interval in minutes: 120
Maximum number of archive files: 10
Saved archive files:
No. TimeStamp
FileName
1
Wed Oct 15 14:20:18 2015
my_archive_1.cfg
2
Wed Oct 15 14:33:10 2015
my_archive_2.cfg
# 3
Wed Oct 15 14:49:37 2015
my_archive_3.cfg
'#' indicates the most recent archive file.
Next archive file to be saved: my_archive_4.cfg
Table 20 Command output
Field
Description
Location
Absolute path of the directory for saving running-configuration
archives.
Filename prefix
File name prefix for configuration archives.
Archive interval in minutes
Interval (in minutes) for the system to automatically archive
the running configuration.
If automatic configuration saving is disabled, this field is not
available.
Maximum number of archive files
Maximum number of configuration archives that can be
saved.
Saved archive files
Configuration archives that have been saved.
TimeStamp
Time when the configuration archive was created.
Related commands
archive configuration
archive configuration interval
archive configuration location
archive configuration max
display current-configuration
Use display current-configuration to display the running configuration.
Syntax
display current-configuration [ configuration [ module-name ] | interface [ interface-type
[ interface-number ] ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
183
Parameters
configuration [ module-name ]: Displays feature configuration. The module-name argument
specifies a feature module. If you do not specify a feature module, the command displays all feature
settings you have made.
interface [ interface-type [ interface-number ] ]: Displays interface configuration, where the
interface-type argument represents the interface type and the interface-number argument
represents the interface number. If you do not specify the interface-type interface-number arguments,
the command displays the running configuration for all interfaces. If you specify only the
interface-type argument, the command displays the running configuration for all interfaces of this
type.
Usage guidelines
Use this command to verify the configuration you have made.
If the system has automatically changed the setting you have made for a parameter, this command
displays the effective setting instead of the configured one. An automatic change typically occurs
because of system restrictions.
This command does not display parameters that are using the default settings.
Examples
# Display local user configuration.
<Sysname> display current-configuration configuration local-user
#
local-user ftp
password hash
$h$6$Twd73mLrN8O2vvD5$Cz1vgdpR4KoTiRQNE9pg33gU14Br2p1VguczLSVyJLO2huV5Syx/LfDIf8ROLtV
ErJ/C31oq2rFtmNuyZf4STw==
service-type ftp
authorization-attribute user-role network-operator
#
local-user root
password hash
$h$6$Twd73mLrN8O2vvD5$Cz1vgdpR4KoTiRQNE9pg33gU14Br2p1VguczLSVyJLO2huV5Syx/LfDIf8ROLtV
ErJ/C31oq2rFtmNuyZf4STw==
service-type ssh telnet terminal
authorization-attribute user-role network-admin
#
return
# Display GigabitEthernet interface configuration.
<Sysname> display current-configuration interface gigabitethernet
#
interface GigabitEthernet1/0/1
port link-mode route
#
return
display current-configuration diff
Use display current-configuration diff to display the configuration differences between the
running configuration and the next-startup configuration file.
184
Syntax
display current-configuration diff
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
The system searches for the next-startup configuration file for comparison in the following order:
1.
The main next-startup configuration file.
2.
The backup next-startup configuration file if the main next-startup configuration file is
unavailable or corrupt.
If both the main and backup next-startup configuration files are unavailable or corrupt, the system
displays a message indicating that the next-startup configuration file does not exist.
Examples
# Display the configuration differences between the running configuration and the next-startup
configuration file.
<Sysname> display current-configuration diff
--- Startup configuration
+++ Current configuration
@@ -17,7 +17,9 @@
#
vlan 200
#
-vlan 300
+vlan 400
+#
+vlan 500
#
interface Aux2/0/0
#
<Sysname>
The output shows that the running configuration contains VLAN 400 and VLAN 500 while the
next-startup configuration file contains VLAN 300.
Table 21 Command output
Field
Description
•
---A
+++ B
•
A displays the source configuration for comparison, which can be
Startup configuration, Current configuration, or the name of the
source configuration file with its directory information.
B displays the target configuration for comparison, which can be
Current configuration, Startup configuration, or the name of the
target configuration file with its directory information.
185
Field
Description
@@ -linenumber1,number1
+linenumber2,number2 @@
Location summary for a command line difference:
•
-linenumber1,number1—A total number of number1 lines are
excerpted from line number linenumber1 in A. These lines contain a
command line difference.
•
+linenumber2,number2—A total number of number2 lines are
excerpted from line number linenumber2 in B. These lines contain a
command line difference.
cmd1
- cmd2
+ cmd3
cmd4
Command line difference:
•
cmd1 and cmd4 provide a context for locating the different command
lines.
•
- cmd2 indicates that A contains cmd2 but B does not.
•
+ cmd3 indicates that B contains cmd3 but A does not.
Related commands
display current-configuration
display diff
display saved-configuration
display default-configuration
Use display default-configuration to display the factory defaults.
Syntax
display default-configuration
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
The device is shipped with some basic settings called factory defaults. These default settings ensure
that the device can start up and run correctly when it does not have a startup configuration file or the
configuration file is corrupt.
Examples
# Display the factory defaults.
<Sysname> display default-configuration
display diff
Use display diff to display the configuration differences between two configuration files or between
a configuration file and the running configuration.
Syntax
display diff configfile file-name-s { configfile file-name-d | current-configuration |
startup-configuration }
display diff current-configuration { configfile file-name-d | startup-configuration }
186
display diff startup-configuration { configfile file-name-d | current-configuration }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
configfile file-name-s: Specifies the source configuration file for comparison.
configfile file-name-d: Specifies the target configuration file for comparison.
current-configuration: Specifies the running configuration. In the display diff
current-configuration command, this keyword specifies the source configuration for comparison. In
the display diff configfile file-name-s and display diff startup-configuration commands, this
keyword specifies the target configuration.
startup-configuration: Specifies the next-startup configuration file. In the display diff
startup-configuration command, this keyword specifies the source configuration file for
comparison. In the display diff configfile file-name-s and display diff current-configuration
commands, this keyword specifies the target configuration file.
Usage guidelines
If you specify the startup-configuration keyword, the system searches for the next-startup
configuration file for comparison in the following order:
1.
The main next-startup configuration file.
2.
The backup next-startup configuration file if the main next-startup configuration file is
unavailable or corrupt.
If both the main and backup next-startup configuration files are unavailable or corrupt, the system
displays a message indicating that the next-startup configuration file does not exist.
Examples
# Display the configuration differences between startup.cfg and test.cfg.
<Sysname> display diff configfile startup.cfg configfile test.cfg
--- flash:/startup.cfg
+++ flash:/test.cfg
@@ -17,7 +17,9 @@
#
vlan 200
#
-vlan 300
+vlan 400
+#
+vlan 500
#
interface Aux2/0/0
#
<Sysname>
The output shows that test.cfg contains VLAN 400 and VLAN 500 while startup.cfg contains VLAN
300.
# Display the configuration differences between the running configuration and the next-startup
configuration file.
187
<Sysname> display diff current-configuration startup-configuration
--- Current configuration
+++ Startup configuration
@@ -17,9 +17,7 @@
#
vlan 200
#
-vlan 400
-#
-vlan 500
+vlan 300
#
interface Aux2/0/0
#
<Sysname>
The output shows that the running configuration contains VLAN 400 and VLAN 500 while the
next-startup configuration file contains VLAN 300.
For the command output description, see Table 21.
Related commands
display current-configuration
display current-configuration diff
display saved-configuration
display saved-configuration
Use display saved-configuration to display the contents of the configuration file for the next
system startup.
Syntax
display saved-configuration
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
Use this command to verify that important settings have been saved to the configuration file for the
next system startup.
This command selects the configuration file to display in the following order:
1.
If the main startup configuration file is available, this command displays the contents of the main
startup configuration file.
2.
If only the backup startup configuration file is available, this command displays the contents of
the backup file.
3.
If both the main and backup startup configuration files are not available, this command does not
display anything.
188
Examples
# Display the contents of the configuration file for the next system startup.
<Sysname> display saved-configuration
#
version 1.00, Alpha 2009
#
sysname Sysname
#
ftp server enable
#
telnet server enable
#
domain default enable system
#
vlan 1
#
domain system
#
---- More ----
Related commands
reset saved-configuration
save
display startup
Use display startup to display the names of the current startup configuration file and the
next-startup configuration files.
Syntax
display startup
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
Current startup configuration file is the configuration file that has been loaded. Next-startup
configuration file is the configuration file used at the next startup.
(Distributed devices in standalone mode.) The standby MPU always uses the same current startup
configuration file as the active MPU. After an active/standby switchover, it is normal that the current
startup configuration files on the MPUs are displayed as NULL. This is because the new active MPU
continues to run with the running configuration rather than rebooting with a startup configuration file.
(Distributed devices in IRF mode.) The global standby MPUs always use the same current startup
configuration file as the global active MPU. After an active/standby switchover, it is normal that the
current startup configuration files on all MPUs are displayed as NULL. This is because the new
global active MPU continues to run with the running configuration rather than rebooting with a startup
configuration file.
189
(Centralized devices in IRF mode.) All IRF members use the same current startup configuration file
as the master. After a master/subordinate switchover, it is normal that the current startup
configuration files on all IRF members are displayed as NULL. This is because the new master
continues to run with the running configuration rather than rebooting with a startup configuration file.
Examples
# (Centralized devices in standalone mode.) Display names of the startup configuration files.
<Sysname> display startup
Current startup saved-configuration file: flash:/startup.cfg
Next main startup saved-configuration file: flash:/startup.cfg
Next backup startup saved-configuration file: NULL
Table 22 Command output
Field
Description
Current startup saved-configuration file
Configuration file that the device has started up with.
Next main startup saved-configuration file
Primary configuration file to be used at the next startup.
Next backup startup saved-configuration file
Backup configuration file to be used at the next startup.
# (Distributed devices in standalone mode/centralized devices in IRF mode.) Display names of the
startup configuration files.
<Sysname> display startup
MainBoard:
Current startup saved-configuration file: flash:/startup.cfg
Next main startup saved-configuration file: flash:/startup.cfg
Next backup startup saved-configuration file: NULL
Slot 1:
Current startup saved-configuration file: flash:/startup.cfg
Next main startup saved-configuration file: flash:/startup.cfg
Next backup startup saved-configuration file: NULL
Table 23 Command output
Field
MainBoard
Current startup saved-configuration file
Description
(Distributed devices in standalone mode.) Displays the
startup configuration files on the active MPU.
(Centralized devices in IRF mode.) Displays the startup
configuration files on the master device.
(Distributed devices in standalone mode.) Configuration file
that the active MPU has started up with.
(Centralized devices in IRF mode.) Configuration file that
the device has started up with.
Next main startup saved-configuration file
Primary startup configuration file to be used at the next
startup.
Next backup startup saved-configuration file
Backup startup configuration file to be used at the next
startup.
Slot n
(Distributed devices in standalone mode.) Displays the
startup configuration files on the MPU in slot n.
(Centralized devices in IRF mode.) Displays the startup
configuration files on member device n.
190
# (Distributed devices in IRF mode.) Display names of the startup configuration files.
<Sysname> display startup
MainBoard:
Current startup saved-configuration file: NULL
Next main startup saved-configuration file: flash:/startup.cfg
Next backup startup saved-configuration file: flash:/startup2.cfg
Chassis 2 Slot 0:
Current startup saved-configuration file: NULL
Next main startup saved-configuration file: flash:/startup.cfg
Next backup startup saved-configuration file: flash:/startup2.cfg
Table 24 Command output
Field
Description
MainBoard
Displays the startup configuration files on the IRF master
device.
Current startup saved-configuration file
Configuration file that the global active MPU has started up
with.
Next main startup saved-configuration file
Primary configuration file to be used at the next startup.
Next backup startup saved-configuration file
Backup configuration file to be used at the next startup.
(This file does not exist.)
If the specified next-startup configuration file has been
deleted, this comment appears next to the file name.
Chassis x Slot n
Displays the startup configuration files on the MPU in slot n
of IRF member x.
Related commands
startup saved-configuration
display this
Use display this to display the running configuration in the current view.
Syntax
display this
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
Use this command to verify the configuration you have made in a certain view.
This command does not display parameters that are using the default settings.
Some parameters can be successfully set even if their dependent features are not enabled. For
these parameters, this command displays their settings after the dependent features are enabled.
This command can be executed in any user line view to display the running configuration of all user
lines.
191
Examples
# Display the running configuration on the interface GigabitEthernet1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] display this
#
interface GigabitEthernet1/0/1
port link-mode route
#
return
# Display the running configuration on user lines.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] display this
#
line aux 0
user-role network-operator
#
line con 0
user-role network-admin
#
line vty 0 4
authentication-mode none
user-role network-admin
#
return
reset saved-configuration
Use reset saved-configuration to delete a next-startup configuration file.
Syntax
reset saved-configuration [ backup | main ]
Views
User view
Predefined user roles
network-admin
Parameters
backup: Specifies the backup next-startup configuration file.
main: Specifies the main next-startup configuration file.
192
Usage guidelines
CAUTION:
• (Centralized devices in standalone or IRF mode.) This command permanently deletes the
next-startup configuration file from the device in standalone mode or from all member devices on
an IRF fabric. Before performing this task, back up the file as needed.
• (Distributed devices in standalone or IRF mode.) This command permanently deletes the
next-startup configuration file from each MPU. Before performing this task, back up the file as
needed.
You can delete the main file, the backup file, or both.
To delete a file that is set as both main and backup next-startup configuration files, you must execute
both the reset saved-configuration backup command and the reset saved-configuration main
command. Using only one of the commands removes the specified file attribute instead of deleting
the file.
For example, if the reset saved-configuration backup command is executed, the backup
next-startup configuration file setting is set to NULL. However, the file is still used as the main file. To
delete the file, you must also execute the reset saved-configuration main command.
If you do not specify a configuration file attribute, the reset saved-configuration command deletes
the main next-startup configuration file.
Examples
# (Centralized devices in standalone mode.) Delete the main next-startup configuration file.
<Sysname> reset saved-configuration
The saved configuration file will be erased. Are you sure? [Y/N]:y
Configuration file in flash: is being cleared.
Please wait ...........
Configuration file is cleared.
# (Distributed devices in standalone mode.) Delete the main next-startup configuration file.
<Sysname> reset saved-configuration
The saved configuration file will be erased. Are you sure? [Y/N]:y
Configuration file in flash: is being cleared.
Please wait ...
..
MainBoard:
Configuration file is cleared.
Slot 1:
Erase next configuration file successfully
# (Centralized devices in IRF mode.) Delete the backup next-startup configuration file.
<Sysname> reset saved-configuration backup
The saved configuration file will be erased. Are you sure? [Y/N]:y
Configuration file in flash: is being cleared.
Please wait ...
..
MainBoard:
Configuration file is cleared.
Slot 2:
Erase next configuration file successfully
# (Distributed devices in IRF mode.) Delete the backup next-startup configuration file.
193
<Sysname> reset saved-configuration backup
The saved configuration file will be erased. Are you sure? [Y/N]:y
Configuration file in flash: is being cleared.
Please wait ...
..
MainBoard:
Configuration file is cleared.
Chassis 2 Slot 2:
Erase next configuration file successfully
Related commands
display saved-configuration
restore startup-configuration
Use restore startup-configuration to download a configuration file from a TFTP server and specify
it as the main next-startup configuration file.
Syntax
restore startup-configuration from { ipv4-server | ipv6 ipv6-server } src-filename [ vpn-instance
vpn-instance-name ]
Views
User view
Predefined user roles
network-admin
Parameters
ipv4-server: Specifies a TFTP server by its IPv4 address or host name. The host name is a
case-insensitive string of 1 to 253 characters. Valid characters include letters, digits, hyphens (-),
underscores (_), and dots (.).
ipv6 ipv6-server: Specifies a TFTP server by its IPv6 address or host name. The host name is a
case-insensitive string of 1 to 253 characters. Valid characters include letters, digits, hyphens (-),
underscores (_), and dots (.).
src-filename: Specifies the file name of the configuration file to be downloaded suffixed with the .cfg
extension. Excluding the .cfg extension, the file name is a case-insensitive string of 1 to 255
characters. Valid characters include letters, digits, hyphens (-), underscores (_), and dots (.).
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a
case-sensitive string of 1 to 31 characters. If you do not specify an MPLS L3VPN instance, this
command downloads a configuration file from a TFTP server in the public network.
Usage guidelines
This command is not supported in FIPS mode.
Before restoring the configuration file for the next startup, make sure the following requirements are
met:
•
The server is reachable.
•
The server is enabled with TFTP service.
•
You have read and write permissions to the server.
This command provides an easy method for configuration file restoration by automatically
performing all operations required for restoring the main next-startup configuration file.
194
Centralized devices in IRF mode:
This command downloads the configuration file to the root directory of the default storage medium on
each member device. If the default storage medium has been partitioned, the configuration file is
saved on the first partition.
Distributed devices in standalone or IRF mode:
This command downloads the configuration file to the root directory of the default storage medium on
each MPU. If the default storage medium has been partitioned, the configuration file is saved on the
first partition.
This command assumes that all MPUs use the same type of default storage medium. If a standby
MPU uses a different type of default storage medium than the active MPU, the command cannot
propagate the configuration file to the standby MPU. For example, the standby MPU uses a CF card,
but the active MPU uses a flash memory. In this situation, you must manually restore the next-startup
configuration file on the standby MPU.
Examples
# (Centralized devices in standalone mode.) Download the configuration file test.cfg from the IPv4
TFTP server at 2.2.2.2 in the public network, and specify the file as the main next-startup
configuration file.
<Sysname> restore startup-configuration from 2.2.2.2 test.cfg
Restoring the next startup-configuration file from 2.2.2.2. Please wait...finished.
# (Centralized devices in standalone mode.) Download the configuration file test.cfg from the IPv4
TFTP server at 2.2.2.2 in the MPLS L3VPN instance VPN1, and specify the file as the main
next-startup configuration file.
<Sysname> restore startup-configuration from 2.2.2.2 test.cfg vpn-instance VPN1
Restoring the next startup-configuration file from 2.2.2.2. Please wait...finished.
# (Centralized devices in standalone mode.) Download the configuration file test.cfg from the IPv6
TFTP server at 2001::2 in the public network, and specify the file as the main next-startup
configuration file.
<Sysname> restore startup-configuration from ipv6 2001::2 test.cfg
Restoring the next startup-configuration file from 2001::2. Please wait...finished.
# (Distributed devices in standalone mode.) Download the configuration file config.cfg from the IPv4
TFTP server at 2.2.2.2 in the public network, and specify the file as the main next-startup
configuration file.
<Sysname> restore startup-configuration from 2.2.2.2 config.cfg
Restoring the next startup-configuration file from 2.2.2.2. Please wait...finished.
Now restoring the next startup-configuration file from main board to backup board. Please
wait...finished.
# (Distributed devices in standalone mode.) Download the configuration file test.cfg from the IPv4
TFTP server at 2.2.2.2 in the MPLS L3VPN instance VPN1, and specify the file as the main
next-startup configuration file.
<Sysname> restore startup-configuration from 2.2.2.2 test.cfg vpn-instance VPN1
Restoring the next startup-configuration file from 2.2.2.2. Please wait...finished.
Now restoring the next startup-configuration file from main board to backup board. Please
wait...finished.
# (Distributed devices in standalone mode.) Download the configuration file test.cfg from the IPv6
TFTP server at 2001::2 in the public network, and specify the file as the main next-startup
configuration file.
<Sysname> restore startup-configuration from ipv6 2001::2 test.cfg
Restoring the next startup-configuration file from 2001::2. Please wait...finished.
Now restoring the next startup-configuration file from main board to backup board. Please
wait...finished.
195
# (Centralized devices in IRF mode.) Download the configuration file config.cfg from the IPv4 TFTP
server at 2.2.2.2 in the public network, and specify the file as the main next-startup configuration file.
<Sysname> restore startup-configuration from 2.2.2.2 config.cfg
Restoring the next startup-configuration file from 2.2.2.2. Please wait...finished.
Now restoring the next startup-configuration file from main board to backup board. Please
wait...finished.
# (Centralized devices in IRF mode.) Download the configuration file test.cfg from the IPv4 TFTP
server at 2.2.2.2 in the MPLS L3VPN instance VPN1, and specify the file as the main next-startup
configuration file.
<Sysname> restore startup-configuration from 2.2.2.2 test.cfg vpn-instance VPN1
Restoring the next startup-configuration file from 2.2.2.2. Please wait...finished.
Now restoring the next startup-configuration file from main board to backup board. Please
wait...finished.
# (Centralized devices in IRF mode.) Download the configuration file test.cfg from the IPv6 TFTP
server at 2001::2 in the public network, and specify the file as the main next-startup configuration file.
<Sysname> restore startup-configuration from ipv6 2001::2 test.cfg
Restoring the next startup-configuration file from 2001::2. Please wait...finished.
Now restoring the next startup-configuration file from main board to backup board. Please
wait...finished.
# (Distributed devices in IRF mode.) Download the configuration file config.cfg from the IPv4 TFTP
server at 2.2.2.2 in the public network, and specify the file as the main next-startup configuration file.
<Sysname> restore startup-configuration from 2.2.2.2 config.cfg
Restoring the next startup-configuration file from 2.2.2.2. Please wait...finished.
Now restoring the next startup-configuration file from main board to backup board. Please
wait...finished.
# (Distributed devices in IRF mode.) Download the configuration file test.cfg from the IPv4 TFTP
server at 2.2.2.2 in the MPLS L3VPN instance VPN1, and specify the file as the main next-startup
configuration file.
<Sysname> restore startup-configuration from 2.2.2.2 test.cfg vpn-instance VPN1
Restoring the next startup-configuration file from 2.2.2.2. Please wait...finished.
Now restoring the next startup-configuration file from main board to backup board. Please
wait...finished.
# (Distributed devices in IRF mode.) Download the configuration file test.cfg from the IPv6 TFTP
server at 2001::2 in the public network, and specify the file as the main next-startup configuration file.
<Sysname> restore startup-configuration from ipv6 2001::2 test.cfg
Restoring the next startup-configuration file from 2001::2. Please wait...finished.
Now restoring the next startup-configuration file from main board to backup board. Please
wait...finished.
Related commands
backup startup-configuration
save
Centralized devices in standalone mode:
Use save file-url to save the running configuration to a configuration file, without specifying the file as
a next-startup configuration file.
Use save [ safely ] [ backup | main ] [ force ] [ changed ] to save the running configuration to a file
in the root directory of the default storage medium. This command specifies the file as a next-startup
configuration file at the same time.
196
Centralized devices in IRF mode:
Use save file-url [ all | slot slot-number ] to save the running configuration to a configuration file,
without specifying the file as a next-startup configuration file.
Use save [ safely ] [ backup | main ] [ force ] [ changed ] to save the running configuration to a file
in the root directory of the default storage medium. This command applies to each member device
and specifies the file as a next-startup configuration file at the same time.
Distributed devices in standalone mode:
Use save file-url [ all | slot slot-number ] to save the running configuration to a configuration file,
without specifying the file as a next-startup configuration file.
Use save [ safely ] [ backup | main ] [ force ] [ changed ] to save the running configuration to a file
in the root directory of the default storage medium. This command applies to both the active and
standby MPUs. It specifies the file as a next-startup configuration file at the same time.
Distributed devices in IRF mode:
Use save file-url [ all | chassis chassis-number slot slot-number ] to save the running configuration
to a configuration file, without specifying the file as a next-startup configuration file.
Use save [ safely ] [ backup | main ] [ force ] [ changed ] to save the running configuration to a file
in the root directory of the default storage medium. This command applies to each MPU and
specifies the file as a next-startup configuration file at the same time.
Syntax
Centralized devices in standalone mode:
save file-url
save [ safely ] [ backup | main ] [ force ] [ changed ]
Distributed devices in standalone mode/centralized devices in IRF mode:
save file-url [ all | slot slot-number ]
save [ safely ] [ backup | main ] [ force ] [ changed ]
Distributed devices in IRF mode:
save file-url [ all | chassis chassis-number slot slot-number ]
save [ safely ] [ backup | main ] [ force ] [ changed ]
Views
Any view
Predefined user roles
network-admin
Parameters
file-url: Specifies a file path for saving the running configuration. The file name must use the .cfg
extension. Excluding the .cfg extension, the file name is a case-insensitive string of 1 to 255
characters. Valid characters include letters, digits, hyphens (-), underscores (_), and dots (.). If the
file path includes a folder name, the folder must already exist. (Centralized device in standalone
mode.)
file-url: Specifies a file path for saving the running configuration. The file name must use the .cfg
extension. Excluding the .cfg extension, the file name is a case-insensitive string of 1 to 255
characters. Valid characters include letters, digits, hyphens (-), underscores (_), and dots (.). If you
specify the all keyword or a member ID, the file path cannot include a member ID. If the file path
includes a folder name, the folder must already exist. (Centralized devices in IRF mode.)
file-url: Specifies a file path for saving the running configuration. The file name must use the .cfg
extension. Excluding the .cfg extension, the file name is a case-insensitive string of 1 to 255
197
characters. Valid characters include letters, digits, hyphens (-), underscores (_), and dots (.). If you
specify the all keyword or an MPU slot, the file path cannot include a chassis or slot number. If the file
path includes a folder name, the folder must already exist. (Distributed devices in standalone or IRF
mode.)
all: Saves the running configuration to both MPUs. If you do not specify this keyword or the slot
slot-number option, the command saves the running configuration only to the active MPU.
(Distributed devices in standalone mode.)
all: Saves the running configuration to all member devices. If you do not specify this keyword or the
slot slot-number option, the command saves the running configuration only to the master.
(Centralized device in IRF mode.)
all: Saves the running configuration to all MPUs. If you do not specify this keyword or the chassis
chassis-number slot slot-number option, the command saves the running configuration only to the
global active MPU in the IRF fabric. (Distributed devices in IRF mode.)
slot slot-number: Specifies the standby MPU by its slot number. If you do not specify the standby
MPU or the all keyword, this command saves the running configuration only to the active MPU.
(Distributed devices in standalone mode.)
slot slot-number: Specifies a subordinate device by its member ID. If you do not specify a
subordinate device or the all keyword, this command saves the running configuration only to the
master. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a standby MPU on an IRF member device. The
chassis-number argument represents the member ID of the IRF member device. The slot-number
argument represents the slot number of the standby MPU. If you do not specify a standby MPU or
the all keyword, this command saves the running configuration only to the global active MPU in the
IRF fabric. (Distributed devices in IRF mode.)
safely: Saves the configuration file in safe mode. If you do not specify this keyword, the device saves
the configuration file in fast mode. Safe mode is slower than fast mode, but more secure. As a best
practice, specify the safely keyword for the command.
backup: Saves the running configuration to a configuration file, and specifies the file as the backup
next-startup configuration file. If you do not specify this keyword or the main keyword, the command
specifies the saved file as the main next-startup configuration file.
main: Saves the running configuration to a configuration file, and specifies the file as the main
next-startup configuration file. If you do not specify this keyword or the backup keyword, the
command specifies the saved file as the main next-startup configuration file.
force: Saves the running configuration to the existing next-startup configuration file without
prompting for confirmation. If you do not specify this keyword, the system prompts you to confirm the
operation. If you do not confirm the operation within 30 seconds, the system automatically aborts the
operation. If you enter Y within the time limit, you can continue the save process and change the
target file name during the process.
changed: Overwrites the target configuration file with the running configuration if an inconsistency is
detected between the settings in the configuration file and the running configuration. The save
command does not take effect if no inconsistency is detected. If you do not specify this keyword, the
save command always overwrites the target configuration file with the running configuration.
Usage guidelines
If the file specified for the command does not exist, the system creates the file before saving the
configuration. If the file already exists, the system prompts you to confirm whether to overwrite the
file. If you choose to not overwrite the file, the system cancels the save operation.
If you do not specify the file-url option for the command, the command saves the running
configuration to an .mdb binary file as well as a .cfg text file. The two files use the same file name.
An .mdb file takes less time to load than a .cfg file.
If you specify the file-url option for the command, the command only saves the running configuration
to the specified .cfg file.
198
In safe mode, the system saves configuration in a temporary file and starts overwriting the target
next-startup configuration file after the save operation is complete. If a reboot, power failure, or out of
memory event occurs during the save operation, the next-startup configuration file is retained.
In fast mode, the device directly overwrites the target next-startup configuration file. If a reboot,
power failure, or out of memory event occurs during this process, all settings in the next-startup
configuration file are lost.
Examples
# Save the running configuration to the configuration file backup.cfg, without specifying the file as
the next-startup configuration file.
<Sysname> save backup.cfg
The current configuration will be saved to flash:/backup.cfg. Continue? [Y/N]:y
Now saving current configuration to the device.
Saving configuration
flash:/backup.cfg. Please wait...
Configuration is saved to flash successfully.
# Save the running configuration to the main next-startup configuration file without any confirmation
required.
<Sysname> save force
Validating file. Please wait....
Configuration is saved to device successfully.
# (Centralized devices in standalone mode.) Save the running configuration to a file in the root
directory of the default storage medium, and specify the file as the main next-startup configuration
file.
<Sysname> save
The current configuration will be written to the device. Are you sure? [Y/N]:y
Please input the file name(*.cfg)[flash:/backup.cfg]
(To leave the existing filename unchanged, press the enter key):test.cfg
Validating file. Please wait............
Configuration is saved to device successfully.
# (Distributed devices in standalone mode/centralized devices in IRF mode.) Save the running
configuration to a file in the root directory of the default storage medium, and specify the file as the
main next-startup configuration file.
<Sysname> save
The current configuration will be written to the device. Are you sure? [Y/N]:y
Please input the file name(*.cfg)[flash:/startup.cfg]
(To leave the existing filename unchanged, press the enter key):
Validating file. Please wait...
Saved the current configuration to mainboard device successfully.
Slot 1:
Save next configuration file successfully.
# (Distributed devices in IRF mode.) Save the running configuration to a file in the root directory of
the default storage medium, and specify the file as the main next-startup configuration file.
<Sysname> save
The current configuration will be written to the device. Are you sure? [Y/N]:y
Please input the file name(*.cfg)[flash:/startup.cfg]
(To leave the existing filename unchanged, press the enter key):
Validating file. Please wait...
Saved the current configuration to mainboard device successfully.
Chassis 1 Slot 1:
199
Save next configuration file successfully.
Related commands
display current-configuration
display saved-configuration
startup saved-configuration
Use startup saved-configuration to specify a file as a next-startup configuration file.
Use undo startup saved-configuration to set the system to start up with factory defaults at the next
startup.
Syntax
startup saved-configuration cfgfile [ backup | main ]
undo startup saved-configuration
Default
No next-startup configuration file is configured.
Views
User view
Predefined user roles
network-admin
Parameters
cfgfile: Specifies the name of a .cfg configuration file suffixed with the .cfg extension. Excluding
the .cfg extension, the file name is a case-insensitive string of 1 to 255 characters. Valid characters
include letters, digits, hyphens (-), underscores (_), and dots (.). This .cfg file must already exist in
the root directory of the default storage medium.
backup: Specifies the configuration file as the backup next-startup configuration file.
main: Specifies the configuration file as the main next-startup configuration file. This is the primary
configuration file that the device attempts to load at startup. If the loading attempt fails, the device
tries the backup next-startup configuration file.
Usage guidelines
CAUTION:
In an IRF fabric, use the undo startup saved-configuration command with caution. This
command can cause an IRF split after the IRF fabric or an IRF member reboots.
To successfully execute the startup saved-configuration command, make sure the following
conditions are met:
•
(Distributed devices in standalone or IRF mode.) The specified file already exists in the root
directory of the default storage medium on each MPU. The command applies to all MPUs. All
MPUs must use the same type of storage medium as the default storage medium. The default
storage medium is user configurable.
•
(Centralized devices in IRF mode.) The specified file already exists in the root directory of the
default storage medium on each member. On an IRF fabric, the command applies to all IRF
members.
If you do not specify either backup or main, the startup saved-configuration command specifies
the main next-startup configuration file.
200
Even though the main and backup next-startup configuration files can be the same one, specify them
as separate files for high availability.
The undo startup saved-configuration command changes the file attribute of the main and backup
next-startup configuration files to NULL. However, the command does not delete the two
configuration files.
You can also specify a configuration file as a next startup file when you use the save command to
save the running configuration to it.
Examples
# Specify the main next-startup configuration file.
<Sysname> startup saved-configuration testcfg.cfg
Please wait ....
... Done!
Related commands
display startup
201
Software upgrade commands
Commands and descriptions for centralized devices apply to the following routers:
•
MSR1002-4/1003-8S.
•
MSR2003.
•
MSR2004-24/2004-48.
•
MSR3012/3024/3044/3064.
•
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A).
•
MSR958(JH300A/JH301A).
Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers.
The router can start up from the built-in flash memory or the USB disk. As a best practice, store the
startup images in the built-in flash memory. If you store the startup images on the USB disk, do not
remove the USB disk during the startup process.
boot-loader file
Use boot-loader file to specify startup image files.
Syntax
Centralized devices in standalone mode:
boot-loader file boot boot-package system system-package [ feature feature-package&<1-30> ]
{ backup | main }
boot-loader file ipe-filename { backup | main }
Distributed devices in standalone mode/centralized devices in IRF mode:
boot-loader file boot boot-package system system-package [ feature feature-package&<1-30> ]
{ all | slot slot-number } { backup | main }
boot-loader file ipe-filename { all | slot slot-number } { backup | main }
Distributed devices in IRF mode:
boot-loader file boot boot-package system system-package [ feature feature-package&<1-30> ]
{ all | chassis chassis-number slot slot-number } { backup | main }
boot-loader file ipe-filename { all | chassis chassis-number slot slot-number } { backup | main }
Views
User view
Predefined user roles
network-admin
Parameters
boot boot-package: Specifies a .bin boot image file in the filesystemname/filename.bin format. The
file must be stored in the root directory of a file system on the device. The value string excluding the
file system location section (if any) can have a maximum of 63 characters. For more information
about specifying a file, see "Managing file systems."
system system-package: Specifies a .bin system image file in the filesystemname/filename.bin
format. The file must be stored in the root directory of a file system on the device. The value string
excluding the file system location section (if any) can have a maximum of 63 characters. For more
information about specifying a file, see "Managing file systems."
202
feature feature-package: Specifies a space-separated list of up to 30 .bin feature image files.
Specify each .bin file in the filesystemname/filename.bin format. The files must be stored in the root
directory of a file system on the device. The value string excluding the file system location section (if
any) can have a maximum of 63 characters. For more information about specifying a file, see
"Managing file systems."
ipe-filename: Specifies an .ipe image package file in the filesystemname/filename.ipe format. The
file must be stored in the root directory of a file system on the device. The
filesystemname:/filename.ipe section can have a maximum of 63 characters. For more information
about specifying a file, see "Managing file systems."
all: Specifies all hardware components to which the specified images apply. You can use this option
to upgrade all hardware components that run the same images.
slot slot-number: Specifies the slot number of an MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies the IRF member ID of a member device. (Centralized devices in IRF
mode.)
chassis chassis-number slot slot-number: Specifies an MPU in the IRF fabric. The chassis-number
argument represents the IRF member ID of the device that holds the MPU. The slot-number
argument represents the slot number of the MPU. (Distributed devices in IRF mode.)
backup: Specifies the files as backup startup image files. Backup images are used only when main
images are not available.
main: Specifies the files as main startup image files. The device always first attempts to start up with
main startup files.
Usage guidelines
Centralized devices in standalone mode:
To load the specified startup software images, you must reboot the system.
Before you specify startup image files, perform the following tasks:
•
Save the upgrade files to the root directory of the storage medium. If the storage medium is
partitioned, save the files to the root directory of the first partition.
•
If the specified software images require a license, register and activate a license for each image.
If a license-based software image lacks a license, the command execution result is as follows:
{
{
If .bin files are specified, the command cannot be executed.
If an .ipe file is specified, the command sets all images as startup images except for the
image that does not have a license.
For more information about licensing, see Fundamentals Configuration Guide.
The boot-loader file command overwrites the entire startup image list. To add new startup feature
images, specify all feature image files in the old startup image list, including feature image files. The
new startup image list will contain only the feature image files that are specified in the command.
Distributed devices in standalone or IRF mode/centralized devices in IRF mode:
To load the specified startup software images, you must reboot the system.
Before you specify startup image files, perform the following tasks:
•
Save the upgrade files to the root directory of any available storage medium. If the storage
medium is partitioned, save the files to the root directory of the first partition.
•
If the specified software images require a license, register and activate a license for each image.
If a license-based software image lacks a license, the command execution result is as follows:
{
{
If you specify .bin files, the command cannot be executed.
If you specify an .ipe file, the command sets all images as startup software images except
for the image that does not have a license.
For more information about licensing, see Fundamentals Configuration Guide.
203
If the upgrade images are not stored on the hardware in the slot you specified to upgrade, the system
automatically copies the images to that hardware. The destination directory is the root directory of
the storage medium on the hardware. If the destination root directory already contains a startup
image with the same name as an upgrade image, you must choose whether to overwrite the image.
The boot-loader file command overwrites the entire startup image list. To add new startup feature
images, specify all feature image files, including feature image files in the old startup image list. The
new startup image list will contain only the feature image files that are specified in the command.
Examples
# (Centralized devices in standalone mode.) Specify flash:/all.ipe as the main startup image file.
<Sysname> boot-loader file flash:/all.ipe main
Verifying the IPE file and the images............Done.
xx Switch images in IPE:
boot.bin
system.bin
This command will set the main startup software images. Continue? [Y/N]:Y
Add images to the device.
File flash:/boot.bin already exists on the device.
File flash:/system.bin already exists on the device.
Overwrite the existing files? [Y/N]:Y
Decompressing file boot.bin to flash:/boot.bin........................Done.
Decompressing file system.bin to flash:/system.bin...............................Done.
The images that have passed all examinations will be used as the main startup software
images at the next reboot on the device.
# (Centralized devices in standalone mode.) Specify flash:/boot.bin and flash:/system.bin as the
main startup boot and system image files.
<Sysname> boot-loader file boot flash:/boot.bin system flash:/system.bin main
This command will set the main startup software images. Continue? [Y/N]:y
The images that have passed all examinations will be used as the main startup software
images at the next reboot on the device.
# (Distributed devices in standalone mode.) Specify flash:/all.ipe as the main startup image file for
the MPU in slot 0.
<Sysname> boot-loader file flash:/all.ipe slot 0 main
Verifying the IPE file and the images............Done.
xx Switch images in IPE:
boot.bin
system.bin
This command will set the main startup software images. Continue? [Y/N]:Y
Add images to slot 0.
File flash:/boot.bin already exists on slot 0.
File flash:/system.bin already exists on slot 0.
Overwrite the existing files? [Y/N]:Y
Decompressing file boot.bin to flash:/boot.bin........................Done.
Decompressing file system.bin to flash:/system.bin...............................Done.
The images that have passed all examinations will be used as the main startup software
images at the next reboot on slot 0.
# (Centralized devices in IRF mode.) Specify flash:/all.ipe as the main startup image file for IRF
member device 1.
<Sysname> boot-loader file flash:/all.ipe slot 1 main
Verifying the IPE file and the images............Done.
204
xx Switch images in IPE:
boot.bin
system.bin
This command will set the main startup software images. Continue? [Y/N]:Y
Add images to slot 1.
File flash:/boot.bin already exists on slot 1.
File flash:/system.bin already exists on slot 1.
Overwrite the existing files? [Y/N]:Y
Decompressing file boot.bin to flash:/boot.bin........................Done.
Decompressing file system.bin to flash:/system.bin...............................Done.
The images that have passed all examinations will be used as the main startup software
images at the next reboot on slot 1.
# (Distributed devices in IRF mode.) Specify flash:/all.ipe as the main startup image file for the MPU
in slot 0 on IRF member device 1.
<Sysname> boot-loader file flash:/all.ipe chassis 1 slot 0 main
Verifying the IPE file and the images............Done.
xx Switch images in IPE:
boot.bin
system.bin
This command will set the main startup software images. Continue? [Y/N]:Y
Add images to chassis 1 slot 0.
File flash:/boot.bin already exists on chassis 1 slot 0.
File flash:/system.bin already exists on chassis 1 slot 0.
Overwrite the existing files? [Y/N]:Y
Decompressing file boot.bin to flash:/boot.bin........................Done.
Decompressing file system.bin to flash:/system.bin...............................Done.
The images that have passed all examinations will be used as the main startup software
images at the next reboot on chassis 1 slot 0.
Related commands
display boot-loader
boot-loader update
Distributed devices in standalone mode:
Use boot-loader update to synchronize startup images from the active MPU to the standby MPU.
Centralized devices in IRF mode:
Use boot-loader update to synchronize startup images from the master to a subordinate device.
Distributed devices in IRF mode:
Use boot-loader update to synchronize startup images from the global active MPU to a standby
MPU.
Syntax
Distributed devices in standalone mode/centralized devices in IRF mode:
boot-loader update { all | slot slot-number }
Distributed devices in IRF mode:
boot-loader update { all | chassis chassis-number slot slot-number }
205
Views
User view
Predefined user roles
network-admin
Parameters
all: Upgrades the standby MPU. (Distributed devices in standalone mode.)
all: Upgrades all the subordinate devices. (Centralized devices in IRF mode.)
all: Upgrades all standby MPUs in the IRF fabric. (Distributed devices in IRF mode.)
slot slot-number: Specifies the slot number of the standby MPU. (Distributed devices in standalone
mode.)
slot: Specifies the IRF member ID of a subordinate device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a standby MPU. The chassis-number
argument represents the IRF member ID of the device that holds the standby MPU. The slot-number
argument represents the slot number of the standby MPU. (Distributed devices in IRF mode.)
Usage guidelines
Distributed devices in standalone or IRF mode:
You can use this command to synchronize startup images after adding new MPUs.
If any of the startup software images require a license, register and activate a license for the image
on the new MPU before executing this command. Use the display license feature command to
verify the licensing state of software images.
The images used for synchronization are in the main or backup startup software images list instead
of the current software images list (see the display boot-loader command).
•
The main images list is used if the active MPU (in standalone mode) or global active MPU (in
IRF mode) started up with the main startup images.
•
The backup image list is used if the active MPU (in standalone mode) or global active MPU (in
IRF mode) started up with the main startup images.
The startup images synchronized to the standby MPU are set as main startup images, regardless of
whether the source startup images are main or backup.
If an ISSU patch installation or software upgrade has been performed, use the install commit
command to update the main startup images on the active MPU before software synchronization.
This command ensures startup image consistency between the active MPU and the standby MPU.
Startup image synchronization fails if any software image being synchronized is not available or is
corrupted.
Centralized devices in IRF mode:
You can use this command to synchronize startup images after adding new member devices.
If any of the startup software images require a license, register and activate a license for the image
on the new subordinate device before executing this command. Use the display license feature
command to verify the licensing state of software images.
The startup images synchronized to the subordinate device are set as main startup images,
regardless of whether the source startup images are main or backup.
•
If the master device has started up with main startup images, its main startup images are
synchronized to the subordinate device, regardless of whether any main startup image has
been respecified on the master device.
•
If the master device has started up with backup startup images, its backup startup images are
synchronized to the subordinate device, regardless of whether any backup startup image has
been respecified on the master device.
206
If an ISSU patch installation or software upgrade has been performed, use the install commit
command to update the set of main startup images on the master before software synchronization.
This command ensures startup image consistency between the master and the subordinate device.
Startup image synchronization fails if any software image being synchronized is not available or is
corrupted.
Examples
# (Distributed devices in standalone mode.) Synchronize startup images from the active MPU to the
standby MPU in slot 1.
<Sysname> boot-loader update slot 1
This command will update the specified standby MPU. Continue? [Y/N]:y
Updating. Please wait...
Copying main startup software images to slot 1. Please wait...
Done.
Setting copied images as main startup software images for slot 1...
Done.
Successfully updated the startup software images of slot 1.
# (Centralized devices in IRF mode.) Synchronize startup images from the master device to
subordinate device 2.
<Sysname> boot-loader update slot 2
This command will update the specified standby MPU. Continue? [Y/N]:y
Updating. Please wait...
Copying main startup software images to slot 2. Please wait...
Done.
Setting copied images as main startup software images for slot 2...
Done.
Successfully updated the startup software images of slot 2.
# (Distributed devices in IRF mode.) Synchronize startup images from the global active MPU to the
MPU in slot 1 on IRF member device 1.
<Sysname> boot-loader update chassis 1 slot 1
This command will update the specified standby MPU. Continue? [Y/N]:y
Updating. Please wait...
Copying main startup software images to chassis 1 slot 1. Please wait...
Done.
Setting copied images as main startup software images for chassis 1 slot 1...
Done.
Successfully updated the startup software images of chassis 1 slot 1.
Related commands
display boot-loader
install commit
bootrom update
Use bootrom update to load the Boot ROM image on the default storage medium to the Normal
area of Boot ROM.
Syntax
Centralized devices in standalone mode:
bootrom update file file-url slot slot-number-list
207
Distributed devices in standalone mode/centralized devices in IRF mode:
bootrom update file file-url slot slot-number-list [ subslot subslot-number-list ]
Distributed devices in IRF mode:
bootrom update file
subslot-number-list ]
file-url
chassis
chassis-number
slot
slot-number-list
[
subslot
Views
User view
Predefined user roles
network-admin
Parameters
file file-url: Specifies the file that contains the Boot ROM image. The file-url argument represents the
file name, a string of 1 to 63 characters.
slot slot-number-list: Specifies a space-separated list of up to seven slot number items. An item
specifies a card by its slot number or a range of cards in the form of start-slot-number to
end-slot-number. The end slot number must be equal to or greater than the start slot number.
(Centralized devices in standalone mode/distributed devices in standalone mode.)
slot slot-number-list: Specifies a space-separated list of up to seven slot number items. An item
specifies an IRF member device by its member ID or a range of IRF member devices in the form of
start-slot-number to end-slot-number. The end slot number must be equal to or greater than the start
slot number. (Centralized devices in IRF mode.)
chassis chassis-number: Specifies an IRF member device by its member ID. (Distributed devices in
IRF mode.)
slot slot-number-list: Specifies a space-separated list of up to seven slot number items. An item
specifies a card by its slot number or a range of cards in the form of start-slot-number to
end-slot-number on the specified IRF member device. The end slot number must be equal to or
greater than the start slot number. (Distributed devices in IRF mode.)
subslot subslot-number-list: Specifies a list of up to seven subslot number items. Each item
specifies a subcard by its subslot number or a range of subcards in the form of start-subslot-number
to end-subslot-number. If you do not specify a subcard, this command loads the Boot ROM image
for the base card.
Usage guidelines
The following matrix shows the command and hardware compatibility:
Hardware
Command compatibility
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
No
MSR958(JH300A/JH301A)
No
MSR1002-4/1003-8S
Yes
MSR2003
Yes
MSR2004-24/2004-48
Yes
MSR3012/3024/3044/3064
Yes
MSR4060/4080
Yes
Boot ROM images are contained in the .bin Comware boot image file. You can specify a Comware
boot image file in this command to upgrade the Boot ROMs in the system before you upgrade the
Comware images. If you do not upgrade Boot ROMs before upgrading Comware images, the system
automatically upgrades Boot ROMs as necessary when loading Comware images.
208
The new Boot ROM images take effect after you reboot the device.
Examples
# Use the file a.bin in the root directory of the flash memory to upgrade the Boot ROM image.
<Sysname> bootrom update file flash:/a.bin
This command will update the Boot ROM file on the specified board(s), Continue? [Y/N]:y
Now updating the Boot ROM, please wait...
.............Done.
Related commands
boot-loader file
display boot-loader
Use display boot-loader to display current software images and startup software images.
Syntax
Centralized devices in standalone mode:
display boot-loader
Distributed devices in standalone mode/centralized devices in IRF mode:
display boot-loader [ slot slot-number ]
Distributed devices in IRF mode:
display boot-loader [ chassis chassis-number [ slot slot-number ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies the slot number of an MPU. If you do not specify an MPU, this command
displays the software images on each MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies the member ID of an IRF member device. If you do not specify a member
device, this command displays the software images on each IRF member device. (Centralized
devices in IRF mode.)
chassis chassis-number [slot slot-number ]: Specifies an IRF member device or an MPU in an IRF
member device. The chassis-number argument represents the IRF member ID of the device. The
slot-number argument represents the slot number of the MPU on the device. If you do not specify an
IRF member device, this command displays the software images on each MPU in the IRF fabric. If
you specify an IRF member device without specifying an MPU, this command displays the software
images on each MPU on the specified member device. (Distributed devices in IRF mode.)
Examples
# (Centralized devices in standalone mode.) Display the current software images and startup
software images.
<Sysname> display boot-loader
Software images on the device:
Current software images:
flash:/boot.bin
209
flash:/system.bin
Main startup software images:
flash:/boot.bin
flash:/system.bin
Backup startup software images:
flash:/boot.bin
flash:/system.bin
# (Distributed devices in standalone mode/centralized devices in IRF mode.) Display the current
software images and startup software images.
<Sysname> display boot-loader
Software images on slot 0:
Current software images:
flash:/boot.bin
flash:/system.bin
Main startup software images:
flash:/boot.bin
flash:/system.bin
Backup startup software images:
flash:/boot.bin
flash:/system.bin
# (Distributed devices in IRF mode.) Display current software images and startup software images.
<Sysname> display boot-loader
Software images on chassis 0 slot 1:
Current software images:
flash:/boot.bin
flash:/system.bin
Main startup software images:
flash:/boot.bin
flash:/system.bin
Backup startup software images:
flash:/boot.bin
flash:/system.bin
Table 25 Command output
Field
Description
This field displays the Comware images on the MPU in the
specified slot. (Centralized devices in standalone mode.)
Software images on slot slot-number
This field displays the Comware images on the member device.
The slot number represents the device's IRF member ID.
(Centralized devices in IRF mode.)
Software images on chassis chassis-id
slot slot-number
This field displays the Comware images on the specified MPU.
The chassis ID represents the IRF member ID, and the slot
number represents the MPU's slot number. (Distributed
devices in IRF mode.)
Current software images
Comware images that have been loaded.
Main startup software images
Primary Comware images for the next startup.
Backup startup software images
Backup Comware images for the next startup.
210
Related commands
boot-loader file
firmware update
Use firmware update to upgrade firmware.
Syntax
Centralized devices in standalone mode:
firmware update slot slot-number { cpld cpld-number | cpu cpu-number | fpga fpga-number |
module module-number } file filename
Distributed devices in standalone mode/centralized devices in IRF mode:
firmware update slot slot-number subslot subslot-number { cpld cpld-number | cpu cpu-number |
fpga fpga-number | module module-number } file filename
Distributed devices in IRF mode:
firmware update chassis chassis-number slot slot-number subslot subslot-number { cpld
cpld-number | cpu cpu-number | fpga fpga-number | module module-number } file filename
Views
User view
Predefined user roles
network-admin
Parameters
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The
chassis-number argument represents the IRF member ID. The slot-number argument represents the
slot number of the card. (Distributed devices in IRF mode.)
slot slot-number: Specifies a card by its slot number. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device. The slot-number argument represents its IRF
member ID. (Centralized devices in IRF mode.)
subslot subslot-number: Specifies a subcard by its subslot number. If you do not specify a subcard,
the command upgrades firmware for all subcards on the base card.
cpld cpld-number: Specifies a complex programmable logical device (CPLD) by its number.
fpga fpga-number: Specifies a field programmable gate array (FPGA) by its number.
cpu cpu-number: Specifies a CPU by its number.
module module-number: Specifies a module by its number.
file filename: Specifies an upgrade file in the filesystemname/filename.extension format. The value
string excluding the file system location section (if any) can have a maximum of 63 characters. For
more information about specifying a file, see "Managing file systems."
Usage guidelines
The following matrix shows the command and hardware compatibility:
Hardware
Command
compatibility
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
No
MSR958(JH300A/JH301A)
No
211
Hardware
Command
compatibility
MSR1002-4/1003-8S
Yes
MSR2003
Yes
MSR2004-24/2004-48
Yes
MSR3012/3024/3044/3064
Yes
MSR4060/4080
Yes
Use this command to upgrade firmware that cannot be upgraded using the boot-loader command.
To complete the firmware upgrade, you must power cycle the card or subcard.
To power cycle a card or subcard, use one of the following methods:
•
Power cycle the device.
•
Remove and reinsert the card or subcard.
•
Execute the power-supply off command, and then execute the power-supply on command.
Examples
# (Centralized devices in standalone mode.) Upgrade CPLD 1.
<Sysname> firmware update cpld 1 file package.bin
Updating firmware for CPLD on the specified card or subcard. Continue?[Y/N]:y
Updating the firmware…
Please power cycle the card or subcard to activate the firmware.
# (Distributed devices in standalone mode.) Upgrade CPLD 1 in slot 1.
<Sysname> firmware update slot 1 cpld 1 file package.bin
Updating firmware for CPLD on the specified card or subcard. Continue?[Y/N]:y
Updating the firmware…
Please power cycle the card or subcard to activate the firmware.
# (Centralized devices in IRF mode.) Upgrade CPLD 1 on IRF member device 1.
<Sysname> firmware update slot 1 cpld 1 file package.bin
Updating firmware for CPLD on the specified card or subcard. Continue?[Y/N]:y
Updating the firmware…
Please power cycle the card or subcard to activate the firmware.
# (Distributed devices in IRF mode.) Upgrade CPLD 1 in slot 1 on IRF member device 1.
<Sysname> firmware update chassis 1 slot 1 cpld 1 file package.bin
Updating firmware for CPLD on the specified card or subcard. Continue?[Y/N]:y
Updating the firmware…
Please power cycle the card or subcard to activate the firmware.
version auto-update enable
Use version auto-update enable to enable software synchronization from active MPU to standby
MPU at startup.
Use undo version auto-update enable to disable this feature.
Syntax
version auto-update enable
undo version auto-update enable
212
Default
Software synchronization from active MPU to standby MPU is enabled. If software inconsistency is
detected at startup, the standby MPU loads the current software images of the active MPU.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command is available on distributed devices in standalone mode.
To make sure the standby MPU always runs the same software images as the active MPU, configure
both the version auto-update enable command and the undo version check ignore command.
The startup software version check feature examines the standby MPU's startup software images for
version inconsistency with the active MPU's current software images at startup. If their software
versions are different, the standby MPU copies the current software images of the active MPU,
specifies them as main startup software images, and reboots with these images.
To ensure a successful synchronization in a multiuser environment, make sure no one reboots or
swaps MPUs during the software synchronization process. You can configure the information center
to output the synchronization status to configuration terminals (see Network Management and
Monitoring Configuration Guide).
Examples
# Enable software auto-update for the standby MPU.
<Sysname> system-view
[Sysname] version auto-update enable
Related commands
version check ignore
version check ignore
Use version check ignore to disable startup software version check for the standby MPU at startup.
Use undo version check ignore to enable this feature.
Syntax
version check ignore
undo version check ignore
Default
The startup software images on the standby MPU are checked for version inconsistency with the
current software images on the active MPU.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command is available in standalone mode.
213
When the standby MPU starts up, this command disables the system to examine the standby MPU's
startup software images for version inconsistency with the active MPU's current software images.
The standby MPU can start up with a different software version than the active MPU.
As a best practice, use ISSU instead of this command to upgrade software, if possible. The startup
software version check feature might fail to work because the software versions of the MPUs are
incompatible.
To avoid anomalies, do not disable startup software version check for the standby MPU unless for
software upgrade.
To make sure the standby MPU always runs the same software images as the active MPU, configure
both the version auto-update enable command and the undo version check ignore command.
Examples
# Enable startup software version check for the standby MPU.
<Sysname> system-view
[Sysname] undo version check ignore
Related commands
version auto-update enable
214
ISSU commands
Commands and descriptions for centralized devices apply to the following routers:
•
MSR1002-4/1003-8S.
•
MSR2003.
•
MSR2004-24/2004-48.
•
MSR3012/3024/3044/3064.
•
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A).
•
MSR958(JH300A/JH301A).
Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers.
display install active
Use display install active to display active software images.
Syntax
Centralized devices in standalone mode:
display install active [ verbose ]
Distributed devices in standalone mode/centralized devices in IRF mode:
display install active [ slot slot-number ] [ verbose ]
Distributed devices in IRF mode:
display install active [ chassis chassis-number slot slot-number ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command
displays information for all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member
device, this command displays information for all IRF members. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The
chassis-number argument represents the member ID of the IRF member device. The slot-number
argument represents the slot number of the card. If you do not specify a card, this command displays
information for all cards. (Distributed devices in IRF mode.)
verbose: Displays detailed information. If you do not specify this keyword, the command displays
only image names.
Examples
# (Centralized devices in standalone mode.) Display active software images.
<Sysname> display install active
Active packages on the device:
flash:/boot.bin
215
flash:/system.bin
flash:/feature.bin
# (Distributed devices in standalone mode/centralized devices in IRF mode.) Display active software
images.
<Sysname> display install active
Active packages on slot 1:
flash:/boot.bin
flash:/system.bin
flash:/feature.bin
# (Distributed devices in IRF mode.) Display active software images.
<Sysname> display install active
Active packages on chassis 1 slot 1:
flash:/boot.bin
flash:/system.bin
flash:/feature.bin
# (Centralized devices in standalone mode.) Display detailed information about active software
images.
<Sysname> display install active verbose
Active packages on the device:
flash:/boot.bin
[Package]
Vendor: XXX
Product: xxxx
Service name: boot
Platform version: 7.1.022
Product version: Test 2201
Supported board: cen
[Component]
Component: boot
Description: boot package
flash:/system.bin
[Package]
Vendor: XXX
Product: xxxx
Service name: system
Platform version: 7.1.022
Product version: Test 2201
Supported board: cen
[Component]
Component: system
Description: system package
flash:/feature.bin
[Package]
Vendor: XXX
Product: xxxx
Service name: test
216
Platform version: 7.1.022
Product version: Test 2201
Supported board: cen
[Component]
Component: test
Description: test package
# (Distributed devices in standalone mode/centralized devices in IRF mode.) Display detailed
information about active software images.
<Sysname> display install active verbose
Active packages on slot 1:
flash:/boot.bin
[Package]
Vendor: XXX
Product: xxxx
Service name: boot
Platform version: 7.1.022
Product version: Test 2201
Supported board: mpu
[Component]
Component: boot
Description: boot package
flash:/system.bin
[Package]
Vendor: XXX
Product: xxxx
Service name: system
Platform version: 7.1.022
Product version: Test 2201
Supported board: mpu
[Component]
Component: system
Description: system package
flash:/feature.bin
[Package]
Vendor: XXX
Product: xxxx
Service name: test
Platform version: 7.1.022
Product version: Test 2201
Supported board: mpu
[Component]
Component: test
Description: test package
# (Distributed devices in IRF mode.) Display detailed information about active software images.
<Sysname> display install active verbose
Active packages on chassis 1 slot 1:
217
flash:/boot.bin
[Package]
Vendor: xxx
Product: xxxx
Service name: boot
Platform version: 7.1.022
Product version: Test 2201
Supported board: mpu
[Component]
Component: boot
Description: boot package
flash:/system.bin
[Package]
Vendor: xxx
Product: xxxx
Service name: system
Platform version: 7.1.022
Product version: Test 2201
Supported board: mpu
[Component]
Component: system
Description: system package
flash:/feature.bin
[Package]
Vendor: xxx
Product: xxxx
Service name: test
Platform version: 7.1.022
Product version: Test 2201
Supported board: mpu
[Component]
Component: test
Description: test package
Table 26 Command output
Field
Description
Active packages on the
device
Active software images on the device. (Centralized devices in standalone
mode.)
Active packages on slot n
Active software images on the card in the specified slot. (Distributed
devices in standalone mode.)
Active packages on slot n
Active software images on the specified member. The argument n indicates
the member ID of the member. (Centralized devices in IRF mode.)
Active packages on chassis
m slot n
Active software images on the card in the specified slot of the specified
member. (Distributed devices in IRF mode.)
[Package]
Detailed information about the software image.
218
Field
Description
Service name
Image type:
•
boot—Boot image.
•
system—System image.
•
boot patch—Patch image for the boot image.
•
system patch—Patch image for the system image.
•
Any other value indicates a feature image.
Supported board
Cards supported by the software image:
•
cen—Centralized device.
•
mpu—MPU.
•
lc—LPU.
[Component]
Information about components included in the image file.
Related commands
install active
display install backup
Use display install backup to display backup startup software images.
Syntax
Centralized devices in standalone mode:
display install backup [ verbose ]
Distributed devices in standalone mode/centralized devices in IRF mode:
display install backup [ slot slot-number ] [ verbose ]
Distributed devices in IRF mode:
display install backup [ chassis chassis-number slot slot-number ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command
displays information for all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member
device, this command displays information for all IRF members. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The
chassis-number argument represents the member ID of the IRF member device. The slot-number
argument represents the slot number of the card. If you do not specify a card, this command displays
information for all cards. (Distributed devices in IRF mode.)
verbose: Displays detailed information. If you do not specify this keyword, the command displays
only image names.
219
Usage guidelines
Backup startup images are used only when the main boot or system image is missing or corrupt. For
more information, see Fundamental Configuration Guide.
To modify the backup startup image list, you must use the boot-loader file command.
Examples
# (Centralized devices in standalone mode.) Display the backup startup software images.
<Sysname> display install backup
Backup startup software images on the device:
flash:/boot-a0201.bin
flash:/system-a0201.bin
# (Distributed devices in standalone mode/centralized devices in IRF mode.) Display the backup
startup software images.
<Sysname> display install backup
Backup startup software images on slot 1:
flash:/boot-a0201.bin
flash:/system-a0201.bin
# (Distributed devices in IRF mode.) Display the backup startup software images.
<Sysname> display install backup
Backup startup software images on chassis 1 slot 1:
flash:/boot-a0201.bin
flash:/system-a0201.bin
# Display detailed information about backup startup software images.
<Sysname> display install backup verbose
Backup startup software images on slot 1:
flash:/boot-a0201.bin
[Package]
Vendor: HPE
Product: xxxx
Service name: boot
Platform version: 7.1
Product version: Beta 1330
Supported board: mpu
[Component]
Component: boot
Description: boot package
flash:/system-a0201.bin
[Package]
Vendor: HPE
Product: xxxx
Service name: system
Platform version: 7.1
Product version: Beta 1330
Supported board: mr, lc, sfc
[Component]
Component: system
Description: system package
220
For information about the command output, see Table 26.
Related commands
boot-loader file
display install committed
display install committed
Use display install committed to display main startup software images.
Syntax
Centralized devices in standalone mode:
display install committed [ verbose ]
Distributed devices in standalone mode/centralized devices in IRF mode:
display install committed [ slot slot-number ] [ verbose ]
Distributed devices in IRF mode:
display install committed [ chassis chassis-number slot slot-number ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command
displays information for all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member
device, this command displays information for all member devices. (Centralized devices in IRF
mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The
chassis-number argument represents the member ID of the IRF member device. The slot-number
argument represents the slot number of the card. If you do not specify a card, this command displays
information for all cards. (Distributed devices in IRF mode.)
verbose: Displays detailed information. If you do not specify this keyword, the command displays
only image names.
Usage guidelines
Some install commands do not modify the main startup image list. For the software image changes
to take effect after reboot, you must execute the install commit command to update the main
startup image list with the image changes. You can use the display install committed command to
verify the operation results.
Both the install commit and boot-loader file commands modify the main startup software image
list.
Examples
# Display the main startup software images.
<Sysname> display install committed
Committed packages on slot 1:
flash:/boot-a0201.bin
221
flash:/system-a0201.bin
flash:/feature.bin
# Display detailed information about main startup software images.
<Sysname> display install committed verbose
Committed packages on slot 1:
flash:/boot-a0201.bin
[Package]
Vendor: HPE
Product: xxxx
Service name: boot
Platform version: 7.1
Product version: Beta 1330
Supported board: mr, lc, sfc
[Component]
Component: boot
Description: boot package
flash:/system-a0201.bin
[Package]
Vendor: HPE
Product: xxxx
Service name: system
Platform version: 7.1
Product version: Beta 1330
Supported board: mr, lc, sfc
[Component]
Component: system
Description: system package
flash:/ssh-feature.bin
[Package]
Vendor: HPE
Product: xxxx
Service name: ssh
Platform version: 7.1
Product version: Beta 1330
Supported board: mr, lc, sfc
[Component]
Component: ssh
Description: ssh package
For information about the command output, see Table 26.
Related commands
boot-loader file
display install backup
install commit
222
display install inactive
Use display install inactive to display inactive software images in the root directories of file
systems.
Syntax
Centralized devices in standalone mode:
display install inactive [ verbose ]
Distributed devices in standalone mode/centralized devices in IRF mode:
display install inactive [ slot slot-number ] [ verbose ]
Distributed devices in IRF mode:
display install inactive [ chassis chassis-number slot slot-number ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command
displays information for all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member
device, this command displays information for all member devices. (Centralized devices in IRF
mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The
chassis-number argument represents the member ID of the IRF member device. The slot-number
argument represents the slot number of the card. If you do not specify a card, this command displays
information for all cards. (Distributed devices in IRF mode.)
verbose: Displays detailed information. If you do not specify this keyword, the command displays
only image names.
Examples
# Display brief information about inactive software images in the root directories of the file systems.
<Sysname> display install inactive
Inactive packages on slot 1:
flash:/ssh-feature.bin
# Display detailed information about inactive software images in the root directories of the file
systems.
<Sysname> display install inactive verbose
Inactive packages on slot 1:
flash:/ssh-feature.bin
[Package]
Vendor: HPE
Product: XXXX
Service name: ssh
Platform version: 7.1
Product version: Beta 1330
Supported board: mr, lc, sfc
223
[Component]
Component: ssh
Description: ssh package
For information about the command output, see Table 26.
Related commands
install deactivate
display install ipe-info
Use display install ipe-info to display the software images included in an .ipe file.
Syntax
display install ipe-info ipe-filename
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ipe-filename: Specifies an .ipe file in the filesystemname/filename.ipe format. The file must be saved
in the root directory of a file system on the device. The value string excluding the file system location
section (if any) can have a maximum of 63 characters.
Examples
# Display information about the .ipe file flash:/test.ipe.
<Sysname> display install ipe-info flash:/test.ipe
Verifying the file flash:/test.ipe on the device................Done.
HPE Device images in IPE:
boot.bin
system.bin
Related commands
display install package
display install job
Use display install job to display ongoing ISSU activate, deactivate, and rollback operations.
Syntax
display install job
Views
Any view
Predefined user roles
network-admin
network-operator
224
Examples
# (Centralized devices in standalone mode.) Display ongoing ISSU activate, deactivate, and rollback
operations.
<Sysname> display install job
JobID:5
Action:install activate flash:/ssh-feature.bin on the device
The output shows that the device is executing the install activate flash:/ssh-feature.bin command.
# (Distributed devices in standalone mode/centralized devices in IRF mode.) Display ongoing ISSU
activate, deactivate, and rollback operations.
<Sysname> display install job
JobID:5
Action:install activate flash:/ssh-feature.bin on slot 1
The output shows that the device is executing the install activate flash:/ssh-feature.bin slot 1
command.
# (Distributed devices in IRF mode.) Display ongoing ISSU activate, deactivate, and rollback
operations.
<Sysname> display install job
JobID:5
Action:install activate flash:/ssh-feature.bin on chassis 1 slot 1
The output shows that the device is executing the install activate flash:/ssh-feature.bin chassis 1
slot 1 command.
display install log
Use display install log to display ISSU log information.
Syntax
display install log [ log-id ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
log-id: Specifies a log entry by its ID. If you do not specify this argument, the command displays all
ISSU log entries.
verbose: Displays detailed ISSU log information. If you do not specify this keyword, the command
displays brief ISSU log information.
Usage guidelines
The device creates one log entry for each ISSU operation to track the ISSU process and operation
result.
The ISSU log can contain a maximum of 50 entries. The latest entry overwrites the oldest entry if the
log is full.
Examples
# Display all ISSU log entries.
<Sysname> display install log
225
Install job 1 started by user root at 04/28/2001 08:39:29.
Job 1 completed successfully at 04/28/2001 08:39:30.
Install job 1 started by user root at 04/28/2001 08:39:29.
Install activate flash:/ssh.bin on slot 1
Job 1 completed successfully at 04/28/2001 08:39:30.
Install job 1 started by user root at 04/28/2001 08:39:29.
Job 1 completed successfully at 04/28/2001 08:39:30.
----------------------------------------------------------Install job 2 started by user root at 04/28/2001 08:40:29.
Job 2 completed successfully at 04/28/2001 08:40:30.
Install job 2 started by user root at 04/28/2001 08:40:29.
Install activate flash:/route.bin on slot 1
Job 2 completed successfully at 04/28/2001 08:40:30.
Install job 2 started by user root at 04/28/2001 08:40:29.
Job 2 completed successfully at 04/28/2001 08:40:30.
# Displays detailed information about ISSU log entry 1.
<Sysname> display install log 1 verbose
Install job 1 started by user root at 04/28/2001 08:39:29.
Job 1 completed successfully at 04/28/2001 08:39:30.
Install job 1 started by user root at 04/28/2001 08:39:29.
Install activate flash:/ssh.bin on slot 1
Job 1 completed successfully at 04/28/2001 08:39:30.
Install job 1 started by user root at 04/28/2001 08:39:29.
Job 1 completed successfully at 04/28/2001 08:39:30.
Detail of activating packages on slot 1.
Get upgrade policy successfully.
Detail of activating packages on slot 1.
Uncompress package to system successfully.
Remove files from system successfully.
Table 27 Command output
Field
Description
Detail of xxx
Detailed information about an ISSU operation.
Get upgrade policy
successfully.
Obtained the upgrade policy.
Uncompress package to
system successfully.
Decompressed the package successfully.
Remove files from system
successfully.
Deleted files from the system successfully.
Related commands
reset install log-history oldest
display install package
Use display install package to display software image file information.
226
Syntax
display install package { filename | all } [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
filename: Specifies a .bin file in the filesystemname/filename.bin format. The file must be saved in
the root directory of a file system on the device. The value string excluding the file system location
section (if any) can have a maximum of 63 characters.
all: Specifies all software image files in the root directories of the device's file systems. (Centralized
devices in standalone mode.)
all: Specifies all software image files in the root directories of the active MPU's file systems.
(Distributed devices in standalone mode.)
all: Specifies all software image files in the root directories of the master's file systems. (Centralized
devices in IRF mode.)
all: Specifies all software image files in the root directories of the file systems on the global active
MPU. (Distributed devices in IRF mode.)
verbose: Displays detailed information. If you do not specify this keyword, the command displays
only basic software image information.
Examples
# Display information about system.bin.
<Sysname> display install package flash:/system.bin
flash:/system.bin
[Package]
Vendor: HPE
Product: xxxx
Service name: system
Platform version: 7.1.022
Product version: Beta 1330
Supported board: mpu
# Display detailed information about system.bin.
<Sysname> display install package flash:/system.bin verbose
flash:/system.bin
[Package]
Vendor: HPE
Product: xxxx
Service name: system
Platform version: 7.1.022
Product version: Beta 1330
Supported board: mpu
[Component]
Component: system
Description: system package
227
For information about the command output, see Table 26.
display install rollback
Use display install rollback to display rollback point information.
Syntax
display install rollback [ point-id ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
point-id: Specifies a rollback point ID. If you do not specify a rollback point ID, the command displays
all rollback points.
Examples
# Display all rollback points.
<Sysname> display install rollback
Install rollback information 1 on slot 1:
Updating from flash:/route-1.bin
to flash:/route-2.bin.
Install rollback information 2 on slot 1:
Deactivating flash:/route-2.bin
The output shows that the device has two rollback points.
•
At rollback point 1, flash:/route-1.bin was upgraded to flash:/route-2.bin.
•
At rollback point 2, flash:/route-2.bin was deactivated.
Related commands
install rollback
reset install rollback oldest
display install which
Use display install which to display all software image files that include a specific component or
file.
Syntax
Centralized devices in standalone mode:
display install which { component name | file filename }
Distributed devices in standalone mode/centralized devices in IRF mode:
display install which { component name | file filename } [ slot slot-number ]
Distributed devices in IRF mode:
display install which { component name | file filename } [ chassis chassis-number slot
slot-number ]
228
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
component name: Specifies a component name.
file filename: Specifies a file in the filename.extension format, a case-insensitive string of up to 63
characters. It cannot contain path information.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command
displays information for all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member
device, this command displays information for all IRF members. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The
chassis-number argument represents the member ID of the IRF member device. The slot-number
argument represents the slot number of the card. If you do not specify a card, this command displays
information for all cards. (Distributed devices in IRF mode.)
Usage guidelines
A component is a collection of features. The features of a component are installed or uninstalled at
the same time.
When the system displays a component or file error, use this command to identify the relevant image
files before you make a software upgrade decision.
This command searches only the root directory of the storage medium.
Examples
# Display all software image files that include pkg_ctr.
<Sysname> display install which file pkg_ctr
Verifying the file flash:/system-d2601006.bin on slot 1..........................Done.
Found pkg_ctr in flash:/system-d2601006.bin on slot 1.
flash:/system-d2601006.bin
[Package]
Vendor: HPE
Product:XXXX
Service name: system
Platform version: 7.1.060
Product version: Demo 2601006
Supported board: mpu
Verifying the file flash:/boot-d2601007.bin on slot 1.....Done.
Table 28 Command output
Field
Description
Verifying the file
The system was verifying the validity of the file.
[Package]
Detailed information about the software image.
229
Field
Description
Service name
Image type:
•
boot—Boot image.
•
system—System image.
•
patch—Patch image.
•
Any other value indicates a feature image.
Supported board
Cards supported by the software image:
•
cen—Centralized device.
•
mpu—MPU.
•
lc—LPU.
display version comp-matrix
Use display version comp-matrix to display version compatibility information and identify the
recommended upgrade method.
Syntax
display version comp-matrix
display version comp-matrix file { boot filename | system filename | feature filename&<1-30> } *
display version comp-matrix file ipe ipe-filename
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
boot: Specifies a boot image file.
system: Specifies a system image file.
feature: Specifies feature image files. You can specify a space-separated list of up to 30 feature
image files.
filename: Specifies a .bin file in the filesystemname/filename.bin format. The file must be saved in
the root directory of the default file system (centralized device in standalone mode), active MPU
(distributed device in standalone mode), global active MPU (distributed device in IRF mode), or
master device (centralized device in IRF mode). This argument cannot contain slot or chassis
information and can have a maximum of 63 characters.
ipe ipe-filename: Specifies an .ipe file in the filesystemname/filename.ipe format. The file must be
saved in the root directory of a file system on the device (centralized device in standalone mode),
active MPU (distributed device in standalone mode), global active MPU (distributed device in IRF
mode), or master device (centralized device in IRF mode). This argument cannot contain slot or
chassis information and can have a maximum of 63 characters.
Usage guidelines
To display compatibility information for the running software images, do not specify any image files
for the command. If you specify the upgrade image files, the command displays the following
information:
•
Compatibility information for upgrade images.
230
•
Recommended ISSU methods for upgrading the running images to the upgrade images.
If one or more images are incompatible, the incompatible upgrade method applies. The entire
system needs to be rebooted during an incompatible upgrade.
Examples
# Display compatibility information for the running images.
<Sysname> display version comp-matrix
Boot image: flash:/cmw710-boot-a7122.bin
Version:
7.1.031
System image: flash:/cmw710-system-a7122.bin
Version:
V700R001B31D001
Version compatibility list:
V700R001B31D001
Version dependency boot list:
7.1.031
Feature image: flash:/cmw710-cfa-a7124.bin
Version:
V700R001B31D003
Version compatibility list:
V700R001B31D003
Version dependency system list:
V700R001B31D001
V700R001B31D002
# (Centralized devices in standalone mode.) Display compatibility information for upgrade images as
well as the recommended ISSU method. (In this example, the specified images are incompatible with
the running images.)
<Sysname> display version comp-matrix file boot flash:/boot-e2205.bin system
flash:/system-e2205.bin feature flash:/dhcp-e2205.re.bin
Verifying the file flash:/dhcp-e2205.re.bin on the device.....Done.
Verifying the file flash:/boot-e2205.bin on the device.....Done.
Verifying the file flash:/system-e2205.bin on the device.....Done.
Boot image: flash:/boot-e2205.bin
Version:
7.1.035
System image: flash:/system-e2205.bin
Version:
V200R001B02D012
Version compatibility list:
V200R001B02D012
Version dependency boot list:
7.1.035
Feature image: flash:/dhcp-e2205.re.bin
Version:
231
V200R001B02D012
Version compatibility list:
V200R001B02D012
Version dependency system list:
V200R001B02D012
V200R001B02D014
Incompatible upgrade.
# (Centralized devices in IRF mode.) Display compatibility information for upgrade images as well as
the recommended ISSU method. (In this example, the specified images are compatible with the
running images.)
<Sysname> display version comp-matrix file boot flash:/boot-e2205.bin system
flash:/system-e2205.bin feature flash:/dhcp-e2205.incom.bin
Verifying the file flash:/dhcp-e2205.incom.bin on slot 2.....Done.
Verifying the file flash:/boot-e2205.bin on slot 2.....Done.
Verifying the file flash:/system-e2205.bin on slot 2.....Done.
Boot image: flash:/boot-e2205.bin
Version:
7.1.035
System image: flash:/system-e2205.bin
Version:
V200R001B02D012
Version compatibility list:
V200R001B02D012
Version dependency boot list:
7.1.035
Feature image: flash:/dhcp-e2205.incom.bin
Version:
V200R001B02D014
Version compatibility list:
V200R001B02D014
Version dependency system list:
V200R001B02D012
V200R001B02D014
Slot
Upgrade Way
2
File Upgrade
# (Distributed devices in standalone mode.) Display compatibility information for a feature upgrade
image as well as the recommended ISSU methods. (In this example, the specified image is
compatible with the running images.)
<Sysname> display version comp-matrix file feature flash:/cmw710-cfa-a7125.bin
Verifying the file flash:/cmw710-cfa-a7125.bin on slot 0.....Done.
Feature image: flash:/cmw710-cfa-a7125.bin
Version:
V700R001B31D002
Version compatibility list:
V700R001B31D001
V700R001B31D002
232
Version dependency system list:
V700R001B31D001
V700R001B31D002
Slot
Upgrade Way
0
Service Upgrade
1
Service Upgrade
1.1
Service Upgrade
4
Service Upgrade
Influenced service according to following table on slot 0:
flash:/cmw710-cfa-a7125.bin
CFA
Influenced service according to following table on slot 4:
flash:/cmw710-cfa-a7125.bin
CFA
Influenced service according to following table on slot 1:
flash:/cmw710-cfa-a7125.bin
CFA
Influenced service according to following table on slot 1.1:
flash:/cmw710-cfa-a7125.bin
CFA
# (Distributed devices in IRF mode.) Display compatibility information for a feature upgrade image as
well as the recommended ISSU methods. (In this example, the specified image is compatible with
the running images.)
<Sysname> display version comp-matrix file feature flash:/cmw710-cfa-a7122.bin
Verifying the file flash:/cmw710-cfa-a7122.bin on chassis 1 slot 0.....Done.
Feature image: flash:/cmw710-cfa-a7122.bin
Version:
V700R001B31D002
Version compatibility list:
V700R001B31D001
V700R001B31D002
Version dependency system list:
V700R001B31D001
V700R001B31D002
Chassis
Slot
Upgrade Way
1
0
Service Upgrade
1
0.1
Service Upgrade
1
7
Service Upgrade
1
9
Service Upgrade
2
0
Service Upgrade
2
0.1
Service Upgrade
2
1
Service Upgrade
2
6
Service Upgrade
233
Influenced service according to following table on chassis 1 slot 0:
flash:/cmw710-cfa-a7122.bin
CFA
Influenced service according to following table on chassis 1 slot 7:
flash:/cmw710-cfa-a7122.bin
CFA
Influenced service according to following table on chassis 1 slot 9:
flash:/cmw710-cfa-a7122.bin
CFA
Influenced service according to following table on chassis 1 slot 0.1:
flash:/cmw710-cfa-a7122.bin
CFA
Influenced service according to following table on chassis 2 slot 0:
flash:/cmw710-cfa-a7122.bin
CFA
Influenced service according to following table on chassis 2 slot 1:
flash:/cmw710-cfa-a7122.bin
CFA
Influenced service according to following table on chassis 2 slot 6:
flash:/cmw710-cfa-a7122.bin
CFA
Influenced service according to following table on chassis 2 slot 0.1:
flash:/cmw710-cfa-a7122.bin
CFA
Table 29 Command output
Field
Description
Verifying the file
The system was verifying the validity of the file.
•
Version compatibility list
•
Under a system image, this field shows all system image versions that
are compatible with the system image.
Under a feature image, this field shows all feature image versions that
are compatible with the feature image.
Version dependency boot list
Boot image versions that support the system image. To install the system
image, you must install one of the boot image versions that are in the list.
Version dependency system
list
System image versions that support the feature image. To install the
feature image, you must install one of the system image versions that is in
the list.
Influenced service according
to following table
Services that will be affected by the upgrade.
Incompatible upgrade
You are upgrading the software to an incompatible version.
This field is displayed only for compatible versions.
234
Field
Description
Chassis
Member ID of the device in the IRF fabric. This field is displayed only for
compatible versions in IRF mode.
Slot
Upgrade Way
Slot number of the card. This field is displayed only for compatible versions.
(Distributed devices in standalone or IRF mode.)
Member ID of the device in the IRF fabric. This field is displayed only for
compatible versions. (Centralized devices in IRF mode.)
ISSU method to be used for a compatible version:
•
Service Upgrade.
•
File Upgrade.
•
ISSU Reboot.
•
Reboot.
This field is displayed only for compatible versions.
For more information about ISSU methods, see Fundamentals
Configuration Guide.
install abort
Use install abort to abort an ongoing ISSU operation.
Syntax
install abort [ job-id ]
Views
User view
Predefined user roles
network-admin
Parameters
job-id: Specifies the job ID of an ISSU operation. If you do not specify this argument, the command
aborts all ongoing software image activate and deactivate operations.
Usage guidelines
The system creates a software image management job each time you use the install activate,
install add, install commit, install deactivate, install remove, or install rollback to command.
Each job represents one command and is assigned a unique job ID. You can abort only ongoing
activate and deactivate operations.
When you abort an ongoing activate or deactivate operation, the system rolls back to the status it
was in before the operation was started.
To obtain the ID of a job, use the display install job command.
Examples
# Abort all ongoing ISSU operations.
<Sysname> install abort
Related commands
display install job
235
install activate
Use install activate to activate software images, or identify the ISSU method and the possible
impact on the device.
Syntax
Centralized devices in standalone mode:
install activate { boot filename | system filename | feature filename&<1-30> } * [ test ]
install activate patch filename
Distributed devices in standalone mode/centralized devices in IRF mode:
install activate { boot filename | system filename | feature filename&<1-30> } * slot slot-number
[ test ]
install activate patch filename { all | slot slot-number }
Distributed devices in IRF mode:
install activate { boot filename | system filename | feature filename&<1-30> } * chassis
chassis-number slot slot-number [ test ]
install activate patch filename { all | chassis chassis-number slot slot-number }
Views
User view
Predefined user roles
network-admin
Parameters
boot: Specifies a boot image file.
system: Specifies a system image file.
feature: Specifies feature image files. You can specify a space-separated list of up to 30 feature
image files.
patch: Specifies a patch image file.
filename: Specifies a .bin file in the filesystemname/filename.bin format. The file must be saved in
the root directory of a file system on the device. The value string excluding the file system location
section (if any) can have a maximum of 63 characters. (Centralized devices in standalone mode.)
filename: Specifies a .bin file in the filesystemname/filename.bin format. A boot, system, or feature
image file must be saved in the root directory of a file system on the device. A patch image file must
be saved in the root directory of a file system on the master (centralized device in IRF mode), active
MPU (distributed device in standalone mode), or global active MPU (distributed device in IRF mode).
The value string excluding the file system location section (if any) can have a maximum of 63
characters.
all: Specifies all cards. (Distributed devices in standalone mode.)
all: Specifies all member devices. (Centralized devices in IRF mode.)
all: Specifies all cards. (Distributed devices in IRF mode.)
slot slot-number: Specifies a card by its slot number. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. (Centralized devices in IRF
mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The
chassis-number argument represents the member ID of the IRF member device. The slot-number
argument represents the slot number of the card. (Distributed devices in IRF mode.)
236
test: Only identifies the ISSU method to be used for the upgrade. If you do not specify this keyword,
the command activates the specified software images.
Usage guidelines
Before you use this command to activate a software image, read the release notes to identify the
licensing requirements for the image. If the image requires a license, make sure the device has a
valid license installed for the image.
An image runs in memory immediately after it is activated. For an activated image to run after a
reboot, you must commit the software change by using the install commit command.
On a distributed device in standalone mode, follow these guidelines:
•
If you specify the active MPU, the command takes effect on the active MPU and all LPUs.
•
If you specify the standby MPU, the command takes effect only on the standby MPU.
•
If the specified files are not saved on the MPU to be upgraded, the command copies the images
to the MPU automatically.
On an IRF fabric of distributed devices, follow these guidelines:
•
If you specify the global active MPU, the command takes effect on the global active MPU and all
LPUs.
•
If you specify a standby MPU, the command takes effect on the standby MPU.
•
If the specified files are not saved on the MPU to be upgraded, the command copies the images
to the MPU automatically.
On an IRF fabric of centralized devices:
If you specify a subordinate member for the command, the command copies the images to the
subordinate member automatically.
On a multichassis IRF fabric:
At reboot, a subordinate device automatically synchronizes the master device's configuration and
status data. You must wait for the synchronization to complete before using the install activate
command on the subordinate device. To identify whether the synchronization is complete, use the
display system stable state command. The synchronization is complete if the System State field
displays Stable.
Examples
# (Centralized devices in standalone mode.) Identify the ISSU method for feature upgrade with
ssh2.bin and the upgrade impact on the device.
<Sysname> install activate feature flash:/ssh2.bin test
Verifying the file flash:/ssh2.bin on the device.....Done.
Upgrade summary according to following table:
flash:/ssh2.bin
Running Version
New Version
Beta 1330
Beta 1331
Upgrade Way: Service Upgrade
Influenced service according to following table:
flash:/ssh2.bin
SSH
IFMGR
CFA
LAGG
The output shows that a service upgrade is recommended. The SSH, IFMGR, CFA, and LAGG
modules will be rebooted during the upgrade.
237
# (Distributed devices in standalone mode.) Identify the ISSU method for feature upgrade with
ssh2.bin on the standby MPU (in slot 1) and the upgrade impact.
<Sysname> install activate feature flash:/ssh2.bin slot 1 test
Copying file flash:/ssh2.bin to slot1#flash:/ssh2.bin......Done.
Verifying the file flash:/ssh2.bin on slot 1.....Done.
Upgrade summary according to following table:
flash:/ssh2.bin
Running Version
New Version
Beta 1330
Beta 1331
Slot
Upgrade Way
1
Service Upgrade
Influenced service according to following table:
flash:/ssh2.bin
SSH
IFMGR
CFA
LAGG
The output shows that a service upgrade is recommended. The SSH, IFMGR, CFA, and LAGG
modules will be rebooted during the upgrade.
# (Centralized devices in IRF mode.) Identify the ISSU method for feature upgrade with ssh2.bin on
subordinate member 2 and the upgrade impact.
<Sysname> install activate feature flash:/ssh2.bin slot 2 test
Copying file flash:/ssh2.bin to slot2#flash:/ssh2.bin......Done.
Verifying the file flash:/ssh2.bin on slot 2.....Done.
Upgrade summary according to following table:
flash:/ssh2.bin
Running Version
New Version
Beta 1330
Beta 1331
Slot
Upgrade Way
2
Service Upgrade
Influenced service according to following table:
flash:/ssh2.bin
SSH
IFMGR
CFA
LAGG
The output shows that a service upgrade is recommended. The SSH, IFMGR, CFA, and LAGG
modules will be rebooted during the upgrade.
# (Distributed devices in IRF mode.) Identify the ISSU method for feature upgrade with ssh2.bin on
the global standby MPU in slot 1 of IRF member 1 and the upgrade impact.
<Sysname>install activate feature flash:/ssh2.bin chassis 1 slot 1 test
Copying file flash:/ssh2.bin to chassis1#slot1#flash:/ssh2.bin......Done.
Verifying the file flash:/ssh2.bin on chassis 1 slot 1.....Done.
Upgrade summary according to following table:
flash:/ssh2.bin
Running Version
New Version
Beta 1330
Beta 1331
238
Chassis
Slot
Upgrade Way
1
1
Service Upgrade
Influenced service according to following table:
flash:/ssh2.bin
SSH
IFMGR
CFA
LAGG
The output shows that a service upgrade is recommended. The SSH, IFMGR, CFA, and LAGG
modules will be rebooted during the upgrade.
# (Centralized devices in standalone mode.) Activate the system image in system.bin and the
feature images in feature.bin.
<Sysname> install activate system flash:/system.bin feature flash:/feature.bin
Verifying the file flash:/feature.bin on the device.....Done.
Verifying the file flash:/system.bin on the device.....Done.
Upgrade summary according to following table:
flash:/system.bin
Running Version
New Version
Beta 1330
Beta 1331
flash:/feature.bin
Running Version
New Version
NONE
Beta 1330
Upgrade Way: Service Upgrade
Upgrading software images to compatible versions. Continue? [Y/N]:y
This operation maybe take several minutes, please
wait.......................................................................Done.
# (Distributed devices in standalone mode.) Activate the system image in system.bin and the
feature images in feature.bin on the standby MPU (in slot 1).
<Sysname> install activate system flash:/system.bin feature flash:/feature.bin slot 1
Copying file flash:/system.bin to slot1#flash:/system.bin......Done.
Verifying the file flash:/system.bin on slot 1.....Done.
Copying file flash:/feature.bin to slot1#flash:/feature.bin......Done.
Verifying the file flash:/feature.bin on slot 1.....Done.
Verifying the file flash:/feature.bin on slot 1.....Done.
Verifying the file flash:/system.bin on slot 1.....Done.
Upgrade summary according to following table:
flash:/system.bin
Running Version
New Version
Beta 1330
Beta 1331
flash:/feature.bin
Running Version
New Version
None
Beta 1330
Slot
Upgrade Way
239
1
Service Upgrade
Upgrading software images to compatible versions. Continue? [Y/N]:y
This operation maybe take several minutes, please
wait.......................................................................Done.
# (Centralized devices in IRF mode.) Activate the system image in system.bin and the feature
images in feature.bin on member device 2.
<Sysname> install activate system flash:/system.bin feature flash:/feature.bin slot 2
Copying file flash:/system.bin to slot2#flash:/system.bin......Done.
Verifying the file flash:/system.bin on slot 2.....Done.
Copying file flash:/feature.bin to slot2#flash:/feature.bin......Done.
Verifying the file flash:/feature.bin on slot 2.....Done.
Upgrade summary according to following table:
flash:/system.bin
Running Version
New Version
Beta 1330
Beta 1331
flash:/feature.bin
Running Version
New Version
None
Beta 1330
Slot
Upgrade Way
2
Service Upgrade
Upgrading software images to compatible versions. Continue? [Y/N]:y
This operation maybe take several minutes, please
wait.......................................................................Done.
# (Distributed devices in IRF mode.) Activate the feature images in feature.bin on the global standby
MPU in slot 1 of IRF member 1.
<Sysname> install activate feature flash:/feature.bin chassis 1 slot 1
Copying file flash:/feature.bin to chassis1#slot1#flash:/feature.bin......Done.
Verifying the file flash:/feature.bin on chassis 1 slot 1.....Done.
Upgrade summary according to following table:
flash:/route-feature.bin
Running Version
New Version
None
Beta 1330
Chassis
Slot
Upgrade Way
1
1
Service Upgrade
Upgrading software images to compatible versions. Continue? [Y/N]:y
This operation maybe take several minutes, please
wait.......................................................................Done.
Table 30 Command output
Field
Description
Verifying the file
The system was verifying the validity of the file.
Upgrade summary according
to following table
Upgrade summary.
240
Field
Description
Running Version
Version number of the running software.
New Version
Version number of the new software.
Chassis
Slot
Upgrade Way
Member ID of the device in the IRF fabric.
This field is available only in IRF mode.
Number of the slot where the card resides. (Distributed devices in
standalone or IRF mode.)
Member ID of the device in the IRF fabric. (Centralized devices in IRF
mode.)
ISSU methods:
•
Service Upgrade.
•
File Upgrade.
•
ISSU Reboot.
•
Reboot.
This field is displayed only for an upgrade to a compatible version.
For more information about ISSU methods, see Fundamentals
Configuration Guide.
Influenced service according
to following table
Services influenced by the upgrade.
Related commands
display install active
install commit
install deactivate
install add
Use install add to decompress an .ipe file.
Syntax
install add ipe-filename filesystem
Views
User view
Predefined user roles
network-admin
Parameters
ipe-filename: Specifies an .ipe file in the filesystemname/filename.ipe format. The file must be saved
in the root directory of a file system on the device. The value string excluding the file system location
section (if any) can have a maximum of 63 characters.
filesystem: Specifies the destination file system for the software images in the filesystemname
format.
Usage guidelines
To use install commands for upgrade, you must use .bin image files. If the upgrade file is an .ipe file,
use this command to decompress the .ipe file before you start the upgrade.
241
To identify software images that are included in an .ipe file, use the display install ipe-info
command.
Examples
# Decompress all.ipe to the flash memory.
<Sysname> install add flash:/all.ipe flash:
Verifying the file flash:/all.ipe on the device...Done.
Decompressing file boot.bin to flash:/boot.bin.......................Done.
Decompressing file system.bin to
flash:/system.bin.................................Done.
install commit
Use install commit to commit software changes.
Syntax
install commit
Views
User view
Predefined user roles
network-admin
Usage guidelines
Before you use this command, read the release notes to identify software image licensing
requirements. Make sure the device has valid licenses for all license-based images.
This command modifies the main startup software image list to be the same as the current software
image list.
You must execute this command after using the following commands:
•
The install activate command in an incremental upgrade.
•
The install deactivate command.
•
The install rollback command.
In a reboot or ISSU reboot upgrade, the install activate command modifies both the current and
startup software image lists. You do not need to commit software changes.
Both the install commit and boot-loader file commands modify the main startup software image
list. To modify the backup startup image list or add inactive images as main startup images, however,
you must use the boot-loader file command.
For more information about main and backup startup software images, see Fundamental
Configuration Guide.
Examples
# Commit software changes.
<Sysname> install commit
This operation will take several minutes, please wait...........................Done.
Related commands
install activate
install deactivate
install rollback
242
install deactivate
Use install deactivate to deactivate feature images and patch images.
Syntax
Centralized devices in standalone mode:
install deactivate feature filename&<1-30>
install deactivate patch filename
Distributed devices in standalone mode/centralized devices in IRF mode:
install deactivate feature filename&<1-30> slot slot-number
install deactivate patch filename { all | slot slot-number }
Distributed devices in IRF mode:
install deactivate feature filename&<1-30> chassis chassis-number slot slot-number
install deactivate patch filename chassis chassis-number { all | slot slot-number }
Views
User view
Predefined user roles
network-admin
Parameters
feature: Specifies feature image files. You can specify a space-separated list of up to 30 feature
image files.
patch: Specifies a patch image file.
filename: Specifies a .bin file in the filesystemname/filename.bin format. The file must be saved in
the root directory of a file system on the device (centralized device in standalone mode) or on the
specified slot. This argument cannot contain slot or chassis information and can have a maximum of
63 characters.
all: Specifies all cards on which the specified patch image file has been activated. (Distributed
devices in standalone mode.)
all: Specifies all member devices on which the specified patch image file has been activated.
(Centralized devices in IRF mode.)
all: Specifies all cards on which the specified patch image file has been activated. (Distributed
devices in standalone mode.)
slot slot-number: Specifies a card by its slot number. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. (Centralized devices in IRF
mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The
chassis-number argument represents the member ID of the IRF member device. The slot-number
argument represents the slot number of the card. (Distributed devices in IRF mode.)
Usage guidelines
You can deactivate only active feature and patch images.
To prevent deactivated images from running after a reboot, you must commit the software changes
by using the install commit command.
At reboot, a subordinate device automatically synchronizes the master device's configuration and
status data. You must wait for the synchronization to complete before using the install deactivate
243
command on the subordinate device. To identify whether the synchronization is complete, use the
display system stable state command. The synchronization is complete if the System State field
displays Stable.
Examples
# (Centralized devices in standalone mode.) Deactivate the patch images in file route-patch.bin.
<Sysname> install deactivate patch flash:/route-patch.bin
# (Distributed devices in standalone mode.) Deactivate the patch images in route-patch.bin on slot
0.
<Sysname> install deactivate patch flash:/route-patch.bin slot 0
# (Centralized devices in IRF mode.) Deactivate the patch images in route-patch.bin on IRF
member 1.
<Sysname> install deactivate patch flash:/route-patch.bin slot 1
# (Distributed devices in IRF mode.) Deactivate the patch images in route-patch.bin on slot 0 of IRF
member 1.
<Sysname> install deactivate feature flash:/route-feature.bin chassis 1 slot 0
Related commands
display install active
display install inactive
install remove
Use install remove to delete an inactive software image file.
Syntax
Centralized devices in standalone mode:
install remove { filename | inactive }
Distributed devices in standalone mode/centralized devices in IRF mode:
install remove [ slot slot-number ] { filename | inactive }
Distributed devices in IRF mode:
install remove [ chassis chassis-number slot slot-number ] { filename | inactive }
Views
User view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command
deletes inactive software images from all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member
device, this command deletes inactive software images from all IRF members. (Centralized devices
in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The
chassis-number argument represents the member ID of the IRF member device. The slot-number
argument represents the slot number of the card. If you do not specify a card, this command deletes
inactive software images from all cards. (Distributed devices in IRF mode.)
244
filename: Specifies a .bin file in the filesystemname/filename.bin format. The file must be saved in
the root directory of a file system on the device (centralized device in standalone mode) or on the
specified slot. This argument cannot contain slot or chassis information, and can have a maximum of
63 characters.
inactive: Deletes all inactive software image files in the root directories of the specified file systems.
Usage guidelines
You can use this command only to delete inactive software image files that are saved in root
directories of file systems.
This command permanently deletes the image file from the device. You cannot use the install
rollback to command to revert the operation, or use the install abort command to abort the
operation.
Examples
# Delete the inactive software image file flash:/ssh-feature.bin.
<Sysname> install remove flash:/ssh-feature.bin
install rollback to
Use install rollback to to roll back the software to an earlier rollback point.
Syntax
install rollback to { point-id | original }
Views
User view
Predefined user roles
network-admin
Parameters
point-id: Specifies a rollback point ID. This option is supported only when there are two or more
rollback points. To identify available rollback points, use the display install rollback command.
original: Rolls back to the software images that were running before the ISSU.
Usage guidelines
The system creates a rollback point for each incremental upgrade performed through an activate or
deactivate operation. The rollback points are retained until any of the following events occur:
•
An ISSU reboot or reboot upgrade is performed.
•
The install commit command is executed.
After an ISSU reboot or reboot upgrade is performed, you can roll back the running software images
only to the status before any activate or deactivate operations were performed.
After a commit operation is performed, you cannot perform a rollback.
For a rollback to take effect after a reboot, you must perform a commit operation to update the main
startup software image list.
The device supports a maximum of 50 rollback points. The earliest rollback point is deleted if this
limit has been reached when a rollback point is created.
Patch images do not support rollback.
Examples
# Roll back the software to rollback point 1.
<Sysname>install rollback to 1
245
# Roll back the software to the original software versions and observe the change made by the
rollback.
<Sysname> display install active
Active packages on slot 1:
flash:/boot-a0201.bin
flash:/system-a0201.bin
flash:/ssh-feature-a0201.bin
<Sysname> display install rollback
Install rollback information 1 on slot 1:
Updating from no package
to flash:/ssh-feature-a0201.bin.
The output shows that currently three image files are active but only two of them are confirmed. The
image file flash:/ssh-feature-a0201.bin is not confirmed yet.
<Sysname> install rollback to original
<Sysname> display install active
Active packages on slot 1:
flash:/boot-a0201.bin
flash:/system-a0201.bin
<Sysname> display install committed
Committed packages on slot 1:
flash:/boot-a0201.bin
flash:/system-a0201.bin
The output shows the SSH feature has been rolled back to the original software version. The image
file flash:/ssh-feature-a0201.bin has been removed.
Related commands
display install rollback
install verify
Use install verify to verify the software change commit status, image integrity, and image
consistency.
Syntax
install verify
Views
User view
Predefined user roles
network-admin
Usage guidelines
To ensure a successful ISSU and make sure the system can start up and operate correctly after an
ISSU, execute this command to verify the following items:
•
Integrity—Verify that the boot, system, and feature images are integral.
•
Consistency—Verify that the same active images are running across the entire system.
•
Software commit status—Verify that the active images are committed as needed.
If a software image fails the verification, perform the following tasks to resolve the problem:
•
To ensure software integrity, download and install the software images again.
246
•
To guarantee software image consistency or change software commit status, use the install
activate, install deactivate, and install commit commands as appropriate.
Examples
# (Centralized devices in standalone mode.) Verify the software change confirmation status and
software image integrity and consistency.
<Sysname> install verify
Active packages on the device are the reference packages.
Packages will be compared with the reference packages.
This operation will take several minutes, please wait...
Verifying packages on the device:
Start to check active package completeness.
Verifying the file flash:/boot-a0101.bin on the device...........Done.
flash:/boot-a0101.bin verification successful.
Verifying the file flash:/system-a0101.bin on the device............Done.
flash:/system-a0101.bin verification successful.
Start to check active package consistency.
Active packages are consistent with committed packages on their own board.
Active packages are consistent with the reference packages.
Verification is done.
# (Distributed devices in standalone mode.) Verify the software change confirmation status and
software image integrity and consistency.
<Sysname> install verify
Active packages on slot 1 are the reference packages.
Packages will be compared with the reference packages.
This operation will take several minutes, please wait...
Verifying packages on slot 0:
Start to check active package completeness.
Verifying the file flash:/boot-a0101.bin on slot 0.....................Done.
flash:/boot-a0101.bin verification successful.
Verifying the file flash:/system-a0101.bin on slot 0.....................Done.
flash:/system-a0101.bin verification successful.
Start to check active package consistency.
Active packages are consistent with committed packages on their own board.
Active packages are consistent with the reference packages.
Verifying packages on slot 1:
Start to check active package completeness.
Verifying the file flash:/boot-a0101.bin on slot 1.....................Done.
flash:/boot-a0101.bin verification successful.
Verifying the file flash:/system-a0101.bin on slot 1.....................Done.
flash:/system-a0101.bin verification successful.
Start to check active package consistency.
Active packages are consistent with committed packages on their own board.
Active packages are consistent with the reference packages.
Verification is done.
# (Centralized devices in IRF mode.) Verify the software change confirmation status and software
image integrity and consistency.
<Sysname> install verify
Active packages on slot 1 are the reference packages.
247
Packages will be compared with the reference packages.
This operation will take several minutes, please wait...
Verifying packages on slot 1:
Start to check active package completeness.
Verifying the file flash:/boot-a0101.bin on slot 1.....................Done.
flash:/boot-a0101.bin verification successful.
Verifying the file flash:/system-a0101.bin on slot 1.....................Done.
flash:/system-a0101.bin verification successful.
Start to check active package consistency.
Active packages are consistent with committed packages on their own board.
Active packages are consistent with the reference packages.
Verifying packages on slot 2:
Start to check active package completeness.
Verifying the file flash:/boot-a0101.bin on slot 2.....................Done.
flash:/boot-a0101.bin verification successful.
Verifying the file flash:/system-a0101.bin on slot 2.....................Done.
flash:/system-a0101.bin verification successful.
Start to check active package consistency.
Active packages are consistent with committed packages on their own board.
Active packages are consistent with the reference packages.
Verification is done.
# (Distributed devices in IRF mode.) Verify the software change confirmation status and software
image integrity and consistency.
<Sysname> install verify
Active packages on slot 1 are the reference packages.
Packages will be compared with the reference packages.
This operation will take several minutes, please wait...
Verifying packages on chassis 1 slot 0:
Start to check active package completeness.
Verifying the file flash:/boot-a0101.bin on chassis 1 slot 0.....................Done.
flash:/boot-a0101.bin verification successful.
Verifying the file flash:/system-a0101.bin on chassis 1 slot 0.....................Done.
flash:/system-a0101.bin verification successful.
Start to check active package consistency.
Active packages are consistent with committed packages on their own board.
Active packages are consistent with the reference packages.
Verifying packages on chassis 1 slot 1:
Start to check active package completeness.
Verifying the file flash:/boot-a0101.bin on chassis 1 slot 1.....................Done.
flash:/boot-a0101.bin verification successful.
Verifying the file flash:/system-a0101.bin on chassis 1 slot 1.....................Done.
flash:/system-a0101.bin verification successful.
Start to check active package consistency.
Active packages are consistent with committed packages on their own board.
Active packages are consistent with the reference packages.
Verification is done.
248
reset install log-history oldest
Use reset install log-history oldest to clear ISSU log entries.
Syntax
reset install log-history oldest log-number
Views
User view
Predefined user roles
network-admin
Parameters
log-number: Specifies the number of ISSU log entries to be deleted.
Usage guidelines
This command clears the specified number of log entries, beginning with the oldest log entry.
Examples
# Clear the two oldest ISSU log entries.
<Sysname> reset install log-history oldest 2
Related commands
display install log
reset install rollback oldest
Use reset install rollback oldest to clear ISSU rollback points.
Syntax
reset install rollback oldest point-id
Views
User view
Predefined user roles
network-admin
Parameters
point-id: Specifies a rollback point by its ID.
Usage guidelines
This command clears the specified rollback point and all rollback points older than the specified
rollback point.
Examples
# Clear rollback point 2 and all rollback points older than rollback point 2.
<Sysname> reset install rollback oldest 2
Related commands
display install rollback
249
Emergency shell commands
Commands and descriptions for centralized devices apply to the following routers:
•
MSR1002-4/1003-8S.
•
MSR2003.
•
MSR2004-24/2004-48.
•
MSR3012/3024/3044/3064.
•
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A).
•
MSR958(JH300A/JH301A).
Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers.
File system names, directory names, or file names must be compliant with the naming conventions.
For more information about the naming conventions and the methods for specifying the names, see
Fundamentals Configuration Guide.
Unless otherwise stated, a file or directory name argument in this chapter must contain the file
system name. The path information might contain multiple levels of directories, each of which can
have 1 to 255 characters. The file name alone (without the path information) can include 1 to 255
characters. The entire argument, including the file system name, the path information, and the file
name, can have 1 to 511 characters. (Centralized devices in standalone mode.)
Unless otherwise stated, a file or directory name argument in this document must contain the storage
medium and cannot contain slot information. The path information might contain multiple levels of
directories, each of which can have 1 to 255 characters. The file name alone (without the path
information) can have 1 to 255 characters. The entire argument, including the file system name, the
path information, and the file name, can have 1 to 511 characters. (Distributed devices in standalone
mode/centralized devices in IRF mode.)
Unless otherwise stated, a file or directory name argument in this document must contain the file
system name and cannot contain chassis or slot information. The path information might contain
multiple levels of directories, each of which can have 1 to 255 characters. The file name alone
(without the path information) can have 1 to 255 characters. The entire argument, including the file
system name, the path information, and the file name, can include 1 to 511 characters. (Distributed
devices in IRF mode.)
copy
Use copy to copy a file.
Syntax
copy fileurl-source fileurl-dest
Views
User view
Parameters
fileurl-source: Specifies the file to be copied.
fileurl-dest: Specifies the destination file or directory. If you specify a destination directory, the system
uses the name of the source file as the file name.
Usage guidelines
If the destination file already exists, the system prompts whether or not to overwrite it. If you enter Y,
the existing file is overwritten. If you enter N, the command is not executed.
250
Examples
# Copy the file flash:/test.cfg. Save the copy to the file flash:/testbackup.cfg.
<boot> copy flash:/test.cfg flash:/testbackup.cfg
Copy flash:/test.cfg to flash:/testbackup.cfg?[Y/N]:y
Start to copy flash:/test.cfg to flash:/testbackup.cfg...Done.
# Copy the file flash:/test.cfg and save the copy to the file flash:/testbackup.cfg. Overwrite the
existing file that has the same name as the destination file.
<boot> copy flash:/test.cfg flash:/testbackup.cfg
Copy flash:/test.cfg to flash:/testbackup.cfg?[Y/N]:y
flash:/testbackup.cfg already exists. Overwrite it?[Y/N]:y
Start to copy flash:/test.cfg to flash:/testbackup.cfg...Done.
delete
Use delete to permanently delete a file.
Syntax
delete file-url
Views
User view
Parameters
file-url: Specifies the file to be deleted.
Examples
# Delete the tt.cfg file from the current directory.
<boot> delete flash:/tt.cfg
Delete flash:/tt.cfg? [Y/N]:y
Deleting the file permanently will take a long time. Please wait...
Start to delete flash:/tt.cfg...Done.
dir
Use dir to display files or directories.
Syntax
dir [ /all ] [ file-url ]
Views
User view
Parameters
/all: Displays both hidden and non-hidden files and subdirectories.
file-url: Specifies a file or directory.
Usage guidelines
Task
Command
Remarks
Display all non-hidden files and
subdirectories in the current directory.
dir
N/A
251
Task
Command
Remarks
Display all files and subdirectories in the
current directory.
dir /all
N/A
Display all non-hidden files and
subdirectories in a directory.
dir file-url
Specify a directory for the
file-url argument.
Display all files and subdirectories in a
directory.
dir /all file-url
Specify a directory for the
file-url argument.
Display a file.
dir file-url
Specify a file for the file-url
argument.
Examples
# Display information about all files and directories in the system.
<boot> dir /all
Directory of flash:
0
drw-
-
Jan 01 2012 00:06:09
01
1
drw-
-
Sep 15 2012 04:03:14
pki
2
drw-
-
Jan 01 2012 00:04:07
test
3
drw-
-
Aug 26 2012 02:48:00
license
4
drw-
-
Nov 05 2012 06:45:07
logfile
5
-rwh
20
Oct 20 2012 09:09:52
.snmpboots
6
drw-
-
Nov 05 2012 05:56:22
diagfile
7
drwh
-
Aug 20 2012 09:23:48
.trash
8
-rw-
816
Aug 20 2012 06:15:00
ifindex.dat
9
-rw-
3231
Aug 31 2012 09:01:41
startup.cfg
10
-rw-
60620
Aug 31 2012 09:01:43
startup.mdb
11
drw-
-
Sep 30 2012 04:43:24
versionInfo
12
drw-
-
Nov 05 2012 05:56:22
seclog
13
-rwh
18
Aug 20 2012 09:09:34
.pathfile
14
-rw-
11238400
Aug 30 2012 11:06:53
boot-t2301001.bin
15
-rw-
0
Aug 31 2012 05:04:40
lauth.dat
16
-rw-
4383
Oct 20 2012 06:15:00
test.cfg
61440 KB total (11108 KB free)
# Display all unhidden files and directories in the system.
<boot> dir
Directory of flash:
0
drw-
-
Jan 01 2012 00:06:09
01
1
drw-
-
Sep 15 2012 04:03:14
pki
2
drw-
-
Jan 01 2012 00:04:07
test
3
drw-
-
Aug 26 2012 02:48:00
license
4
drw-
-
Nov 05 2012 06:45:07
logfile
5
drw-
-
Nov 05 2012 05:56:22
diagfile
6
-rw-
816
Aug 20 2012 06:15:00
ifindex.dat
7
-rw-
3231
Aug 31 2012 09:01:41
startup.cfg
8
-rw-
60620
Aug 31 2012 09:01:43
startup.mdb
9
drw-
-
Sep 30 2012 04:43:24
versionInfo
10
drw-
-
Nov 05 2012 05:56:22
seclog
252
11
-rw-
11238400
Aug 30 2012 11:06:53
boot-t2301001.bin
12
-rw-
0
Aug 31 2012 05:04:40
lauth.dat
13
-rw-
4383
Aug 20 2012 06:15:00
test.cfg
61440 KB total (11108 KB free)
# Display information about the startup.cfg file.
<boot> dir flash:/startup.cfg
Directory of flash:
0
-rw-
3231
Aug 31 2012 09:01:41
startup.cfg
61440 KB total (11108 KB free)
Table 31 Command output
Field
Description
Directory of
Current directory.
0
-rw3231 Aug 31
2012 09:01:41 startup.cfg
Information about a file or directory:
•
0—Index number, automatically assigned by the system.
•
-rw-—Attributes of the file or directory. The first character is the
directory indicator (d for directory and - for file). The second character
indicates whether the file or directory is readable (r for readable). The
third character indicates whether the file or directory is writable (w for
writable). The last character indicates whether the file or directory is
hidden (h for hidden and - for visible).
•
3231—Size of the file, in bytes. For a directory, the value of this field is
a hyphen (-).
•
Aug 31 2012 09:01:41—Time when the file was most recently
modified.
•
startup.cfg—Name of the file or directory.
61440 KB total (11108 KB
free)
Total size of the storage medium and size of the free space, in kilobytes.
display copyright
Use display copyright to display copyright information.
Syntax
display copyright
Views
Any view
Examples
# Display copyright information.
<boot> display copyright
...
display install package
Use display install package to display information about a software package.
253
Syntax
display install package package
Views
Any view
Parameters
package: Specifies a .bin file in the filesystemname/filename.bin format, for example, flash:/a.bin.
The file must be saved in the root directory of a file system on the device. The value string is case
insensitive and can have a maximum of 63 characters.
Examples
# Display information about the system.bin software package.
<boot> display install package flash:/system.bin
flash:/system.bin
[Package]
Vendor: HPE
Product: MSR20
Service name: system
Platform version: 7.1
Product version: ESS 0401L13
Supported board: MSR2003
[Component]
Component: Comware system
Description: system package
Table 32 Command output
Field
Description
Product
Product name.
Service name
Type of the service package:
•
boot—Boot image.
•
system—System image.
•
patch—Patch package.
If the value of this field is not boot, system, or patch, the service packet is a feature
package.
Platform version
Platform version number.
Product version
Product version number. You determine whether the version of a system image
matches that of a boot image by checking the value of this field.
Supported board
Types of cards that the software package supports:
•
MSR958, MSR954,MSR2003 MSR2004-24, MSR2004-48, MSR2012, MSR3024
MSR3044, or MSR3064—The device is a centralized device.
•
MPU-100—The card is an MPU.
•
SPU-100, SPU-200, or SPU-300—The card is an LPU.
[Component]
Information about the components of the software package.
display ip routing-table
Use display ip routing-table to display IPv4 routing information.
254
Syntax
display ip routing-table
Views
Any view
Examples
# Display IPv4 routing information.
<boot> display ip routing-table
Kernel IP routing table
Destination
Gateway
Genmask
Flags Metric Ref
Use Iface
192.168.116.0
*
255.255.255.0
U
0
0
0 m-eth0
default
192.168.116.1
0.0.0.0
UG
0
0
0 m-eth0
Table 33 Command output
Field
Description
Kernel IP routing table
IPv4 routing information.
Destination
Destination address. For the default route, the value of this field is default.
Gateway
Gateway address. If no gateway is needed, the value of this field is an
asterisk (*).
Genmask
Subnet mask. For the default route, the value of this field is 0.0.0.0.
Flags
Flags:
•
A—The route was learned from a route advertisement.
•
C—The route is a cached route used to fast forward packets.
•
D—The route is the default route learned through neighbor discovery.
•
G—The route is a gateway route.
•
H—The route is a host route.
•
U—The route can be used.
Metric
Cost of the route.
Ref
Number of times the route has been referenced by other route entries.
Use
Number of times the route has been matched.
Iface
Outbound interface.
display ipv6 routing-table
Use display ipv6 routing-table to display IPv6 routing information.
Syntax
display ipv6 routing-table
Views
Any view
Examples
# Display IPv6 routing information.
<boot> display ipv6 routing-table
Kernel IPv6 routing table
Destination
Next Hop
255
Flags Metric Ref
Use Iface
::1/128
U
::
0
0
1 lo
FE80::201:2FF:FE03:406/128
U
0
0
::
1 lo
FE80::/64
U
::
256
0
0 m-eth0
FF02::1:2/128
UC
0
FF02::1:2
2888
0 m-eth0
FF00::/8
U
::
256
0
0 m-eth0
Table 34 Command output
Field
Description
Kernel IPv6 routing table
IPv6 routing information.
Flags
Flags:
•
A—The route was learned from a route advertisement.
•
C—The route is a cached route used to fast forward
packets.
•
D—The route is the default route learned through
neighbor discovery.
•
G—The route is a gateway route.
•
H—The route is a host route.
•
U—The route can be used.
Metric
Cost of the route.
Ref
Number of times the route has been referenced by other route
entries.
Use
Number of times the route has been matched.
Iface
Outbound interface. If it is a loopback interface, the value of
this field is lo.
display version
Use display version to display boot image version information.
Syntax
display version
Views
Any view
Examples
# Display boot image version information.
<boot> display version
…
format
Use format to format a file system.
256
Syntax
format filesystem
Views
User view
Parameters
filesystem: Specifies a file system.
Usage guidelines
Use this command with caution. This command permanently deletes all files and directories from the
file system, including the startup image files and startup configuration files. The deleted files and
directories cannot be restored. Without startup images, the device cannot reboot.
Examples
# Format the flash: file system.
<boot> format flash:
All data on flash: will be lost, continue?[Y/N]:y
Formatting flash:… Done.
ftp
Use ftp to access an FTP server.
Syntax
ftp { server-ipv4-address | ipv6 server-ipv6-address } { get remote-file local-file | put local-file
remote-file }
Views
User view
Parameters
server-ipv4-address: Specifies the IPv4 address of the FTP server.
server-ipv6-address: Specifies the IPv6 address of the FTP server.
get remote-file local-file: Downloads a file from the FTP server. The remote-file argument indicates
the file to be downloaded. The local-file argument indicates the name for the downloaded file.
put local-file remote-file: Uploads a file to the FTP server. The local-file argument indicates the file to
be uploaded. The remote-file argument indicates the name for the uploaded file.
Usage guidelines
If the traffic is heavy and the file transfer speed is low, you can press Ctrl+C to abort the transfer and
try again later.
Examples
# Log in to FTP server 192.168.1.100. Download the 111.txt file and save it to a local file named
222.txt.
<boot> ftp 192.168.1.100 get 111.txt flash:/222.txt
User: test
Password: ***
mkdir
Use mkdir to create a directory.
257
Syntax
mkdir directory
Views
User view
Parameters
directory: Specifies a directory.
Usage guidelines
You can create a directory only in an existing directory. For example, to create the flash:/test/mytest
directory, the directory test must already exist.
The name of the directory to be created must be unique in the parent directory.
Examples
# Create a directory named test in the root directory of the flash: file system.
<boot> mkdir flash:/test
Directory flash:/test created.
# Create a directory named subtest in the flash:/test directory.
<boot> mkdir flash:/test/subtest
Directory flash:/test/subtest created.
Related commands
dir
rmdir
more
Use more to display the contents of a file.
Syntax
more file-url
Views
User view
Parameters
file-url: Specifies a file.
Examples
# Display the contents of the file test.txt.
<boot> more flash:/test.txt
Have a nice day.
move
Use move to move a file.
Syntax
move fileurl-source fileurl-dest
Views
User view
258
Parameters
fileurl-source: Specifies the name of the file to be moved, a case-insensitive string of 1 to 63
characters.
fileurl-dest: Specifies the name of the destination file or directory, a case-insensitive string of 1 to 63
characters.
Usage guidelines
If a file in the destination directory is using the destination file name, the system prompts whether or
not to overwrite the existing file. If you enter Y, the existing file is overwritten. If you enter N, the
command is not executed.
Examples
# Move the config.cfg file to the flash:/test directory.
<boot>move flash:/config.cfg flash:/test/
Move flash:/config.cfg to flash:/test/config.cfg?[Y/N]:y
<boot> dir flash:/test
Directory of flash:/test
0
-rw-
77065
Oct 20 1939 06:15:02
test.mdb
61440 KB total (11108 KB free)
ping
Use ping to check the connectivity to an IPv4 address.
Syntax
ping [ -c count | -s size ] * ip-address
Views
Any view
Parameters
-c count: Specifies the number of ICMP echo requests to send, in the range of 1 to 2147483647. The
default is 5.
-s size: Specifies the length (in bytes) of each ICMP echo request, in the range of 20 to 8100. The
default is 56.
ip-address: Specifies the IPv4 address of the destination in dotted decimal notation.
Usage guidelines
When you execute the ping command, the device sends ICMP echo requests to the destination. You
can press Ctrl+C to abort the ping operation.
Examples
# Check the connectivity to the destination 1.2.1.1.
<boot> ping 1.2.1.1
PING 1.2.1.1 (1.2.1.1): 56 data bytes
56 bytes from 1.2.1.1: seq=0 ttl=128 time=2.243 ms
56 bytes from 1.2.1.1: seq=1 ttl=128 time=0.717 ms
56 bytes from 1.2.1.1: seq=2 ttl=128 time=0.891 ms
56 bytes from 1.2.1.1: seq=3 ttl=128 time=0.745 ms
56 bytes from 1.2.1.1: seq=4 ttl=128 time=0.911 ms
--- 1.2.1.1 ping statistics ---
259
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.717/1.101/2.243 ms
Table 35 Command output
Field
Description
PING 1.2.1.1 (1.2.1.1)
Checking the connectivity to the device at 1.2.1.1.
56 data bytes
Number of data bytes in each ICMP echo request.
Received an ICMP reply from the device at 1.2.1.1.
56 bytes from 1.2.1.1: seq=0 ttl=128
time=2.243 ms
Fields of the reply:
•
bytes—Number of data bytes in the ICMP reply.
•
seq—Sequence number of the reply. You can examine the
sequence numbers of replies to determine whether packets
are missing, disordered, or duplicated.
•
ttl—TTL value in the ICMP reply.
•
time—Response time.
--- 1.2.1.1 ping statistics ---
Statistics for packets sent and received during the ping operation.
5 packets transmitted
Number of ICMP echo requests sent.
5 packets received
Number of ICMP echo replies received.
0% packet loss
Percentage of echo requests that failed to be echoed back.
round-trip min/avg/max =
0.717/1.101/2.243 ms
Minimum/average/maximum response time, in milliseconds.
ping ipv6
Use ping ipv6 to check the connectivity to an IPv6 address.
Syntax
ping ipv6 [ -c count | -s size ] * ipv6-address
Views
Any view
Parameters
-c count: Specifies the number of ICMPv6 echo requests to send, in the range of 1 to 2147483647.
The default is 5.
-s size: Specifies the length (in bytes) of each ICMPv6 echo request, in the range of 20 to 8100. The
default is 56.
Ipv6-address: Specifies the IPv6 address of the destination.
Usage guidelines
When you execute the ping ipv6 command, the device sends ICMPv6 echo requests to the
destination. You can press Ctrl+C to abort the ping operation.
Examples
# Check the connectivity to the destination 2001::2.
<boot> ping ipv6 2001::2
ping ipv6 2001::2
PING 2001::2 (2001::2): 56 data bytes
56 bytes from 2001::2: seq=0 ttl=64 time=5.420 ms
260
56 bytes from 2001::2: seq=1 ttl=64 time=1.140 ms
56 bytes from 2001::2: seq=2 ttl=64 time=2.027 ms
56 bytes from 2001::2: seq=3 ttl=64 time=0.887 ms
56 bytes from 2001::2: seq=4 ttl=64 time=0.791 ms
--- 2001::2 ping statistics --5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.791/2.053/5.420 ms
For information about the fields, see Table 35.
pwd
Use pwd to display the working directory.
Syntax
pwd
Views
User view
Examples
# Display the working directory.
<boot> pwd
flash:
quit
Use quit to return to the upper-level view.
Syntax
quit
Views
System view
Management Ethernet interface view
Examples
# Return from management Ethernet interface view to user view.
[boot-m-eth0] quit
[boot] quit
<boot>
reboot
Use the reboot command to reboot the device. (Centralized devices in standalone mode.)
Use the reboot command to reboot the current MPU. (Distributed devices in standalone or IRF
mode.)
Use reboot to reboot the current member device. (Centralized devices in IRF mode.)
Syntax
reboot
261
Views
User view
Examples
# (Centralized devices in standalone mode.) Reboot the device.
<boot> reboot
# (Distributed devices in standalone or IRF mode.) Reboot the current MPU.
<boot> reboot
# (Centralized devices in IRF mode.) Reboot the current member device.
<boot> reboot
reset ssh public-key
Use reset ssh public-key to delete all SSH server public keys saved on the device.
Syntax
reset ssh public-key
Views
User view
Usage guidelines
The first time you use the ssh2 command to connect to an SSH server, the device saves the server's
public key locally. The device can then use the public key to authenticate the server when you
connect to the server from the device again. If the server changes its public key, the public keys will
not match anymore and you cannot connect to the server. To solve this problem, use this command
to delete all SSH server public keys saved on the device.
Examples
# Delete all SSH server public keys saved on the device.
<boot> ssh2 192.168.1.59
login as:client001
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@
WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
83:2d:b6:90:4a:1b:0e:c1:ea:af:09:3a:65:09:8a:b3.
Please contact your system administrator.
RSA host key for 192.168.1.59 has changed and you have requested strict checking
.
Host key verification failed.
<boot> reset ssh public-key
<boot> ssh2 192.168.1.59
login as:client001
The authenticity of host '192.168.1.59 (192.168.1.59)' can't be established.
RSA key fingerprint is 83:2d:b6:90:4a:1b:0e:c1:ea:af:09:3a:65:09:8a:b3.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.59' (RSA) to the list of known hosts.
262
client001@192.168.1.59's password:
******************************************************************************
* Copyright (c) 2010-2016 Hewlett Packard Enterprise Development LP
*
* Without the owner's prior written consent,
*
* no decompiling or reverse-engineering shall be allowed.
*
******************************************************************************
<Sysname.59>
rmdir
Use rmdir to delete an existing directory.
Syntax
rmdir directory
Views
User view
Parameters
directory: Specifies the directory to be deleted.
Usage guidelines
To delete a directory, first delete the files and subdirectories in the directory. To delete files, use the
delete command.
Examples
# Delete the mydir directory.
<boot> rmdir flash:/mydir
Remove directory flash:/mydir?[Y/N]:y
Directory flash:/1 removed.
Related commands
delete
dir
mkdir
shutdown
Use shutdown to shut down the management Ethernet interface.
Use undo shutdown to bring up the management Ethernet interface.
Syntax
shutdown
undo shutdown
Default
The management Ethernet interface is up.
Views
Management Ethernet interface view
263
Usage guidelines
When the management Ethernet interface is not operating correctly, you can shut it down and then
bring it up.
Examples
# Shut down the management Ethernet interface.
<boot> system-view
[boot] interface m-eth0
[boot-m-eth0] shutdown
# Bring up the management Ethernet interface.
[boot-m-eth0] undo shutdown
ssh2
Use ssh2 to log in to an SSH server.
Syntax
ssh2 { server-ipv4-address | ipv6 server-ipv6-address }
Views
User view
Parameters
server-ipv4-address: Specifies the IPv4 address of the SSH server in dotted decimal notation.
ipv6 server-ipv6-address: Specifies the IPv6 address of the SSH server.
Usage guidelines
If the SSH server does not respond, you can press Ctrl+C to abort the login attempt and try again
later.
Examples
# Connect to the SSH server 192.168.1.59 for the first time.
<boot> ssh2 192.168.1.59
login as:client001
The authenticity of host '192.168.1.59 (192.168.1.59)' can't be established.
RSA key fingerprint is 3d:ee:1f:f9:81:be:4f:aa:42:88:1c:ab:81:4e:95:6f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.59' (RSA) to the list of known hosts.
client001@192.168.1.59's password:
******************************************************************************
* Copyright (c) 2010-2016 Hewlett Packard Enterprise Development LP
*
* Without the owner's prior written consent,
*
* no decompiling or reverse-engineering shall be allowed.
*
******************************************************************************
<Syaname.59>
# Connect to the SSH server 192.168.1.59 for the second time.
<boot> ssh2 192.168.1.59
login as:client001
client001@192.168.1.59's password:
264
******************************************************************************
* Copyright (c) 2010-2016 Hewlett Packard Enterprise Development LP
*
* Without the owner's prior written consent,
*
* no decompiling or reverse-engineering shall be allowed.
*
******************************************************************************
<Syaname.59>
system-view
Use system-view to enter system view from user view.
Syntax
system-view
Views
User view
Examples
# Enter system view from user view.
<boot> system-view
[boot]
Related commands
quit
telnet
Use telnet to log in to a Telnet server.
Syntax
telnet { server-ipv4-address | ipv6 server-ipv6-address }
Views
User view
Parameters
server-ipv4-address: Specifies the IPv4 address of the Telnet server in dotted decimal notation.
server-ipv6-address: Specifies the IPv6 address of the Telnet server.
Usage guidelines
If the Telnet server does not respond, you can press Ctrl+K to abort the login attempt and try again
later.
Examples
# Log in to the Telnet server 192.168.100.1.
<boot> telnet 192.168.100.1
tftp
Use tftp to access to a TFTP server.
265
Syntax
tftp server-ipv4-address { get remote-file local-file | put local-file remote-file }
tftp ipv6 server-ipv6-address { get remote-file local-file | put local-file remote-file }
Views
User view
Parameters
server-ipv4-address: Specifies the IPv4 address of the TFTP server in dotted decimal notation.
server-ipv6-address: Specifies the IPv6 address of the TFTP server.
get remote-file local-file: Downloads a file from the TFTP server. The remote-file argument indicates
the file to be downloaded. The local-file argument indicates the name for the downloaded file.
put local-file remote-file: Uploads a file to the TFTP server. The local-file argument indicates the file
to be uploaded. The remote-file argument indicates the name for the uploaded file.
Usage guidelines
If the traffic is heavy and the file transfer speed is low, you can press Ctrl+C to abort the transfer and
try again later.
Examples
# Download the 111.txt file from the TFTP server 192.168.1.100, and save the copy to a local file
named 222.txt.
<boot> tftp 192.168.1.100 get 111.txt flash:/222.txt
# Upload the startup configuration file named startup.cfg to the TFTP server 192.168.1.100.
<boot> tftp 192.168.1.100 put flash:/startup.cfg startup.cfg
266
Automatic configuration commands
autodeploy sms enable
Use autodeploy sms enable to enable SMS-based automatic configuration.
Use undo autodeploy sms enable to disable SMS-based automatic configuration.
Syntax
autodeploy sms enable
undo autodeploy sms enable
Default
SMS-based automatic configuration is enabled.
Views
System view
Predefined user roles
network-admin
Examples
# Disable SMS-based automatic configuration.
<Sysname> system-view
[Sysname] undo autodeploy sms enable
autodeploy udisk enable
Use autodeploy udisk enable to enable USB-based automatic configuration.
Use undo autodeploy udisk enable to disable USB-based automatic configuration.
Syntax
autodeploy udisk enable
undo autodeploy udisk enable
Default
USB-based automatic configuration is enabled.
Views
System view
Predefined user roles
network-admin
Examples
# Disable USB-based automatic configuration.
<Sysname> system-view
[Sysname] undo autodeploy udisk enable
267
Security zone commands
display security-zone
Use display security-zone to display security zone information.
Syntax
display security-zone [ name zone-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
name zone-name: Specifies the security zone name, a case-insensitive string of 1 to 31 characters.
If you do not specify this option, the command displays all security zones, including system-defined
and user-defined security zones.
Usage guidelines
When displaying all security zones, the command uses the following order:
1.
System-defined security zones.
2.
User-defined security zones in alphabetical order of security zone names.
Examples
# Display information about the security zone myZone.
<Sysname> display security-zone name myZone
Name: myZone
Members:
GigabitEthernet1/0/3
GigabitEthernet1/0/4
Table 36 Command output
Field
Description
Name
Security zone name.
Members
Members in the security zone:
•
Type and number of a Layer 3 interface.
•
None. If a security zone does not have any members, this field displays None.
display zone-pair security
Use display zone-pair security to display all zone pairs.
Syntax
display zone-pair security
268
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display all zone pairs.
<Sysname> display zone-pair security
Source zone
Destination zone
DMZ
Local
Trust
Local
import interface
Use import interface to add Layer 3 interfaces to a security zone, including Layer 3 Ethernet
interfaces, Layer 3 Ethernet subinterfaces, and other types of Layer 3 logical interfaces.
Use undo import interface to remove Layer 3 interfaces from a security zone.
Syntax
import interface layer3-interface-type layer3-interface-number
undo import interface layer3-interface-type layer3-interface-number
Default
A security zone does not have any Layer 3 interface members.
Views
Security zone view
Predefined user roles
network-admin
Parameters
interface layer3-interface-type layer3-interface-number: Specifies a Layer 3 interface by its type and
number.
Usage guidelines
You cannot add any members to the system-defined security zone Local. You can add members to
the other system-defined security zones.
To add multiple Layer 3 interfaces to a security zone, execute this command multiple times.
A Layer 3 interface can belong to only one security zone. To move a Layer 3 interface from one
security zone to another security zone, perform the following tasks:
•
Use the undo import interface command to remove the interface from the current security
zone.
•
Use the import interface command to add the interface to the new security zone.
Examples
# Add Layer 3 Ethernet interface GigabitEthernet 1/0/1 to the security zone Trust.
<Sysname> system-view
[Sysname] security-zone name trust
[Sysname-security-zone-trust] import interface gigabitethernet 1/0/1
269
security-zone
Use security-zone to create a security zone and enter its view, or enter the view of an existing
security zone.
Use undo security-zone to delete a security zone.
Syntax
security-zone name zone-name
undo security-zone name zone-name
Default
No security zone exists.
Views
System view
Predefined user roles
network-admin
Parameters
name zone-name: Specifies the security zone name, a case-insensitive string of 1 to 31 characters.
It cannot contain hyphens (-).
Usage guidelines
The device provides the following system-defined security zones: Local, Trust, DMZ, Management,
and Untrust. These security zones are created automatically by the system when one of following
events occurs:
•
The first command for creating a security zone is executed.
•
The first command for creating an object policy is executed.
•
The first command for entering the view of a system-defined security zone is executed.
System-defined security zones cannot be deleted.
You can use this command multiple times to create multiple security zones.
Deleting a security zone also deletes the following items:
•
All zone pairs that use the security zone as the source or destination security zone.
•
All object policy applications on the zone pairs.
Examples
# Create the security zone zonetest and enter security zone view.
<Sysname> system-view
[Sysname] security-zone name zonetest
[Sysname-security-zone-zonetest]
Related commands
display security-zone
import interface
security-zone intra-zone default permit
Use security-zone intra-zone default permit to set the default action to permit for packets
exchanged between interfaces in the same security zone.
270
Use undo security-zone intra-zone default permit to restore the default.
Syntax
security-zone intra-zone default permit
undo security-zone intra-zone default permit
Default
The default action is deny for packets exchanged between interfaces in the same security zone.
Views
System view
Predefined user roles
network-admin
Usage guidelines
The default action is used when no zone pair is configured from the security zone to the security
zone itself.
Examples
# Set the default action to permit for packets exchanged between interfaces in the same security
zone.
<Sysname> system-view
[Sysname] security-zone intra-zone default permit
zone-pair security
Use zone-pair security to create a zone pair and enter its view, or enter the view of an existing zone
pair.
Use undo zone-pair security to delete a zone pair.
Syntax
zone-pair security source { source-zone-name | any } destination { destination-zone-name | any }
undo zone-pair security source { source-zone-name | any } destination { destination-zone-name
| any }
Default
No zone pair exists.
Views
System view
Predefined user roles
network-admin
Parameters
source source-zone-name: Specifies the name of the source security zone, a case-insensitive string
of 1 to 31 characters. This security zone must already exist.
destination destination-zone-name: Specifies the name of the destination security zone, a
case-insensitive string of 1 to 31 characters. This security zone must already exist.
any: Specifies any security zone.
271
Usage guidelines
A zone pair has a source security zone and a destination security zone. The device examines
received first data packets and uses zone pairs to identify data flows.
A zone pair defined by using the zone-pair security source any destination any command
matches all packets from one security zone to another security zone.
After you apply security policies to zone pairs, the device processes data flows based on security
policies.
•
If a packet matches a zone pair between specific security zones, the device processes the
packet by using the security policies applied to the zone pair.
•
If a packet does not match any zone pair between specific security zones, the device identifies
whether a zone pair is defined by using the zone-pair security source any destination any
command.
{
{
If the zone pair is defined, the device processes the packet by using the security policies
applied to the zone pair.
If the zone pair is not defined, the device discards the packet.
Security policies include packet filtering policies, ASPF policies, and object policies. For more
information about packet filtering policies, see ACL and QoS Configuration Guide. For more
information about ASPF and object policies, see Security Configuration Guide.
Deleting a zone pair deletes all object policy applications on the zone pair.
Examples
# Create a zone pair with the source security zone Trust and destination zone Untrust.
<Sysname> system-view
[Sysname] zone-pair security source trust destination untrust
[Sysname-zone-pair-security-Trust-Untrust]
Related commands
display zone-pair security
272
Device management commands
Commands and descriptions for centralized devices apply to the following routers:
•
MSR1002-4/1003-8S.
•
MSR2003.
•
MSR2004-24/2004-48.
•
MSR3012/3024/3044/3064.
•
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A).
•
MSR958(JH300A/JH301A).
Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers.
card-mode
Use card-mode to set the operating mode for an interface card.
Syntax
Centralized devices in standalone mode:
card-mode slot slot-number mode-name
Distributed devices in standalone mode/centralized devices in IRF mode:
card-mode slot slot-number subslot subslot-number mode-name
Distributed devices in IRF mode:
card-mode chassis chassis-number slot slot-number subslot subslot-number mode-name
Views
System view
Predefined user roles
network-admin
Parameters
chassis chassis-number: Specifies an IRF member device by its member ID. (Distributed devices in
IRF mode.)
slot slot-number: Specifies a subcard by its slot number. (Centralized devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. (Centralized devices in IRF
mode.)
slot slot-number: Specifies a card by its slot number. (Distributed devices in standalone or IRF
mode.)
subslot subslot-number: Specifies a subcard by its subslot number.
mode-name: Specifies an operating mode. The following shows all operating mode values:
•
atm: Specifies the ATM mode. All interfaces on the interface card act as ATM interfaces.
•
auto: Specifies the auto negotiation mode. The interface card operates in ATM or EFM mode,
depending on the negotiation result.
•
e: Specifies the E mode. All interfaces on the interface card act as CPOS E3-E1 interfaces.
•
e1: Specifies the E1 mode. All interfaces on the interface card act as CPOS E1 interfaces.
•
e3: Specifies the E3 mode. All interfaces on the interface card act as CPOS E3 interfaces.
273
•
e-cpos: Specifies the E-CPOS mode. All interfaces on the interface card act as 2.5 Gbps
CPOS interfaces.
•
efm: Specifies the EFM mode. All interfaces on the interface card act as EFM interfaces.
•
ipsec: Specifies the IPsec mode.
•
oc-12: Specifies the OC-12c/STM-4c mode (622 Mbps). All interfaces on the interface card act
as 622 Mbps CPOS interfaces.
•
oc-12-atm: Specifies the oc-12-atm mode. All interfaces on the interface card act as ATM
interfaces.
•
oc-12-pos: Specifies the oc-12-pos mode. All interfaces on the interface card act as POS
interfaces.
•
oc-3: Specifies the OC-3c/STM-1c mode (155 Mbps). All interfaces on the interface card act as
155 Mbps CPOS interfaces.
•
oc-3-atm: Specifies the oc-3-atm mode. All interfaces on the interface card act as ATM
interfaces.
•
oc-3-pos: Specifies the oc-3-pos mode. All interfaces on the interface card act as POS
interfaces.
•
pos: Specifies the POS mode. All interfaces on the interface card act as POS interfaces.
•
ssl: Specifies the SSL mode.
•
t: Specifies the T mode. All interfaces on the interface card act as CPOS T3-T1 interfaces.
•
t1: Specifies the T1 mode. All interfaces on the interface card act as CPOS T1 interfaces.
•
t3: Specifies the T3 mode. All interfaces on the interface card act as CPOS T3 interfaces.
Usage guidelines
The following matrix shows the command and hardware compatibility:
Hardware
Command compatibility
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
No
MSR958(JH300A/JH301A)
No
MSR1002-4/1003-8S
Yes
MSR2003
Yes
MSR2004-24/2004-48
Yes
MSR3012/3024/3044/3064
Yes
MSR4060/4080
Yes
You must perform one of the following tasks to activate the new operating mode:
•
Hot swap the interface card if the interface card supports hot swapping.
•
Restart the device.
For more information about interface types, see Interface Configuration Guide.
Examples
# (Centralized devices in standalone mode.) Set the operating mode to E3 for the interface card in
slot 2.
<Sysname> system-view
[Sysname] card-mode slot 2 e3
Please reboot or hot-swap the board or card (if supported) to make the configuration take
effect.
274
# (Distributed devices in standalone mode.) Set the operating mode to E3 for the subcard in subslot
1 of interface card 2.
<Sysname> system-view
[Sysname] card-mode slot 2 subslot 1 e3
Please reboot or hot-swap the board or card (if supported) to make the configuration take
effect.
# (Distributed devices in IRF mode.) Set the operating mode to E3 for the subcard in subslot 1 on
interface card 2 of member device 1.
<Sysname> system-view
[Sysname] card-mode chassis 1 slot 2 subslot 1 e3
Please reboot or hot-swap the board or card (if supported) to make the configuration take
effect.
# Set the operating mode to EFM for the ATM interface card in slot 0.
<Sysname> system-view
[Sysname] card-mode slot 0 efm
Please reboot or hot-swap the board or card (if supported) to make the configuration take
effect.
clock datetime
Use clock datetime to set the system time.
Syntax
clock datetime time date
Views
User view
Predefined user roles
network-admin
Parameters
time: Specifies a time in the hh:mm:ss format. The value range for hh is 0 to 23. The value range for
mm is 0 to 59. The value range for ss is 0 to 59. The leading zero in a segment can be omitted. If the
seconds segment is 0 (hh:mm:00), you can omit it. If both the minutes and seconds segments are 0
(hh:00:00), you can omit both of the segments. For example, to specify 08:00:00, you can enter 8.
date: Specifies a date in the MM/DD/YYYY or YYYY/MM/DD format. The value range for YYYY is
2000 to 2035. The value range for MM is 1 to 12. The value range for DD varies by month.
Usage guidelines
Correct system time is essential to network management and communication. You must configure
the system time correctly before you run the device on the network.
For the device to use the local system time, execute the clock protocol none command and this
command in turn. The specified system time takes effect immediately. Then, the device uses the
clock signals generated by its built-in crystal oscillator to maintain the system time.
If you set the time zone or daylight saving time after you configure this command, the device
recalculates the system time. To view the system time, use the display clock command.
Examples
# Set the system time to 08:08:08 01/01/2015.
<Sysname> clock datetime 8:8:8 1/1/2015
# Set the system time to 08:10:00 01/01/2015.
275
<Sysname> clock datetime 8:10 2015/1/1
Related commands
clock protocol
clock summer-time
clock timezone
display clock
clock protocol
Use clock protocol to specify the system time source.
Use undo clock protocol to restore the default.
Syntax
clock protocol { none | ntp}
undo clock protocol
Default
The device uses the NTP time source.
Views
System view
Predefined user roles
network-admin
Parameters
none: Uses the system time set by using the clock datetime command.
ntp: Uses NTP to obtain the UTC time. You must configure NTP correctly. For more information
about NTP and NTP configuration, see Network Management and Monitoring Configuration Guide.
Usage guidelines
Correct system time is essential to network management and communication. You must configure
the system time correctly before you run the device on the network.
The device can use the locally set system time, or obtain the UTC time from an NTP source and
calculate the system time.
•
If you configure the clock protocol none and clock datetime commands in turn, the device
uses the locally set system time. The device then uses the clock signals generated by its built-in
crystal oscillator to maintain the system time.
•
If you configure the clock protocol { none | ntp } command, the device obtains the UTC time
through NTP and calculates the system time. The device then periodically synchronizes the
UTC time and recalculates the system time. For more information about NTP, see Network
Management and Monitoring Configuration Guide.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Configure the device to use the local UTC time.
<Sysname> system-view
[Sysname] clock protocol none
276
clock summer-time
Use clock summer-time to set the daylight saving time.
Use undo clock summer-time to restore the default.
Syntax
clock summer-time name start-time start-date end-time end-date add-time
undo clock summer-time
Default
The daylight saving time is not set.
Views
System view
Predefined user roles
network-admin
Parameters
name: Specifies a name for the daylight saving time schedule, a case-sensitive string of 1 to 32
characters.
start-time: Specifies the start time in the hh:mm:ss format. The value range for hh is 0 to 23. The
value range for mm is 0 to 59. The value range for ss is 0 to 59. The leading zero in a segment can be
omitted. If the seconds segment is 0 (hh:mm:00), you can omit it. If both the minutes and seconds
segments are 0 (hh:00:00), you can omit both of the segments. For example, to specify 08:00:00,
you can enter 8.
start-date: Specifies the start date in one of the following formats:
•
MM/DD. The value range for MM is 1 to 12. The value range for DD varies by month.
•
month week day, where:
{
month—Takes January, February, March, April, May, June, July, August, September,
October, November or December.
{
week—Represents week of the month. It takes first, second, third, fourth, fifth, or last.
{
day—Takes Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, or Saturday.
end-time: Specifies the end time in the hh:mm:ss format. The value range for hh is 0 to 23. The value
range for mm is 0 to 59. The value range for ss is 0 to 59. The leading zero in a segment can be
omitted. If the seconds segment is 0 (hh:mm:00), you can omit it. If both the minutes and seconds
segments are 0 (hh:00:00), you can omit both of the segments. For example, to specify 08:00:00,
you can enter 8.
end-date: Specifies the end date in one of the following formats:
•
MM/DD. The value range for MM is 1 to 12. The value range for DD varies by month.
•
month week day, where:
{
month—Takes January, February, March, April, May, June, July, August, September,
October, November or December.
{
week—Represents week of the month. It takes first, second, third, fourth, fifth, or last.
{
day—Takes Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, or Saturday.
add-time: Specifies the time to be added to the standard time, in the hh:mm:ss format. The value
range for hh is 0 to 23. The value range for mm is 0 to 59. The value range for ss is 0 to 59. The
leading zero in a segment can be omitted. If the seconds segment is 0 (hh:mm:00), you can omit it. If
both the minutes and seconds segments are 0 (hh:00:00), you can omit both of the segments. For
example, to specify 08:00:00, you can enter 8.
277
Usage guidelines
Correct system time is essential to network management and communication. You must configure
the system time correctly before you run the device on the network.
After you set the daylight saving time, the device recalculates the system time. To view the system
time, use the display clock command
Make sure all devices on the network are using the same daylight saving time as the local time.
Examples
# Set the system time ahead 1 hour for the period between 06:00:00 on 08/01 and 06:00:00 on
09/01.
<Sysname> system-view
[Sysname] clock summer-time PDT 6 08/01 6 09/01 1
Related commands
clock datetime
clock timezone
display clock
clock timezone
Use clock timezone to set the local time zone.
Use undo clock timezone to restore the default.
Syntax
clock timezone zone-name { add | minus } zone-offset
undo clock timezone
Default
The local time zone is not set.
Views
System view
Predefined user roles
network-admin
Parameters
zone-name: Specifies a time zone by its name, a case-sensitive string of 1 to 32 characters.
add: Adds an offset to the UTC time or local system time.
minus: Decreases the UTC time or local system time by an offset.
zone-offset: Specifies an offset, in the hh:mm:ss format. The value range for hh is 0 to 23. The value
range for mm is 0 to 59. The value range for ss is 0 to 59. The leading zero in a segment can be
omitted. If the seconds segment is 0 (hh:mm:00), you can omit it. If both the minutes and seconds
segments are 0 (hh:00:00), you can omit both of the segments. For example, to specify 08:00:00,
you can enter 8.
Usage guidelines
Correct system time is essential to network management and communication. You must configure
the system time correctly before you run the device on the network.
After you set the time zone, the device recalculates the system time. To view the system time, use
the display clock command.
278
Make sure all devices on the network are using the same time zone as the local time.
Examples
# Set the name of the local time zone to Z5, and add 5 hours to the UTC time.
<Sysname> system-view
[Sysname] clock timezone Z5 add 5
Related commands
clock datetime
clock summer-time
display clock
command
Use command to assign a command to a job.
Use undo command to revoke a command.
Syntax
command id command
undo command id
Default
No command is assigned to a job.
Views
Job view
Predefined user roles
network-admin
Parameters
id: Specifies an ID for the command, in the range of 0 to 4294967295. A command ID uniquely
identifies a command in a job. Commands in a job are executed in ascending order of their command
IDs.
command: Specifies the command to be assigned to the job.
Usage guidelines
To assign a command (command A) to a job, you must first assign the job the command or
commands for entering the view of command A.
If you specify the ID of an existing command for another command, the existing command is
replaced.
Make sure all commands in a schedule are compliant to the command syntax. The system does not
examine the syntax when you assign a command to a job.
If a command requires a yes or no answer, the system always assumes that a Y or Yes is entered. If
a command requires a character string input, the system assumes that either the default character
string (if any) or a null string is entered.
A job cannot contain the telnet, ftp, ssh2, or monitor process command.
Examples
# Assign commands to the backupconfig job to back up the configuration file startup.cfg to the
TFTP server at 192.168.100.11.
<Sysname> system-view
279
[Sysname] scheduler job backupconfig
[Sysname-job-backupconfig] command 2 tftp 192.168.100.11 put flash:/startup.cfg
backup.cfg
# Assign commands to the shutdownGE job to shut down GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] scheduler job shutdownGE
[Sysname-job-shutdownGE] command 1 system-view
[Sysname-job-shutdownGE] command 2 interface gigabitethernet 1/0/1
[Sysname-job-shutdownGE] command 3 shutdown
Related commands
scheduler job
copyright-info enable
Use copyright-info enable to enable copyright statement display.
Use undo copyright-info enable to disable copyright statement display.
Syntax
copyright-info enable
undo copyright-info enable
Default
Copyright statement display is enabled.
Views
System view
Predefined user roles
network-admin
Examples
# Enable copyright statement display.
<Sysname> system-view
[Sysname] copyright-info enable
The device will display the following statement when a user logs in:
******************************************************************************
* Copyright (c) 2010-2016 Hewlett Packard Enterprise Development LP
*
* Without the owner's prior written consent,
*
* no decompiling or reverse-engineering shall be allowed.
*
******************************************************************************
display alarm
Use display alarm to display alarm information.
Syntax
Distributed devices in standalone mode/centralized devices in standalone or IRF mode:
display alarm [ slot slot-number ]
Distributed devices in IRF mode:
280
display alarm [ chassis chassis-number slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies the entire device. The value is fixed at 0. (Centralized devices in
standalone mode.)
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command
displays alarm information for all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member
device, this command displays alarm information for all IRF member devices. (Centralized devices in
IRF mode)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The
chassis-number argument represents the member ID of the IRF member device. The slot-number
argument represents the slot number of the card. If you do not specify a card, this command displays
alarm information for all cards. (Distributed devices in IRF mode.)
Examples
# (Centralized devices in standalone mode.) Display alarm information.
<Sysname> display alarm
Slot CPU Level
Info
0
faulty
0
ERROR
Table 37 Command output
Field
Description
Slot
If the alarm was generated by a card in a slot, this field displays 0. If the alarm was
generated by the chassis, this field displays a hyphen (-).
Level
Alarm severity. Possible values include ERROR, WARNING, NOTICE, and INFO, in
descending order.
Detailed alarm information:
•
faulty—The card is starting up or faulty.
Info
•
Fan n is absent—The specified fan is absent.
# (Distributed devices in standalone mode/centralized devices in IRF mode.) Display alarm
information.
<Sysname> display alarm
Slot CPU Level
Info
2
0
ERROR
faulty
5
0
ERROR
faulty
8
1
ERROR
faulty
281
Table 38 Command output
Field
Description
Slot number of the card with an alarm. If the value is a hyphen (-), the alarm was
generated by the chassis. (Distributed devices in standalone mode.)
Slot
IRF member ID of the device with an alarm. If the value is a hyphen (-), the alarm was
generated by the chassis. (Centralized devices in IRF mode.)
Level
Alarm severity. Possible values include ERROR, WARNING, NOTICE, and INFO, in
descending order.
Info
Detailed alarm information:
•
faulty—The card is starting up or faulty.
•
Fan n is absent—The specified fan is absent.
•
Power n is absent—The specified power supply is absent.
•
The temperature of sensor n exceeds the lower limit—The temperature of
the specified sensor is lower than the low-temperature threshold.
•
The temperature of sensor n exceeds the upper limit—The temperature of
the specified sensor is higher than the high-temperature warning threshold.
# (Distributed devices in IRF mode.) Display alarm information.
<Sysname> display alarm
Chassis
Slot
CPU
Level
Info
1
6
0
ERROR
Fan 2 is absent.
1
6
0
ERROR
Power 2 is absent.
1
6
1
ERROR
The board in slot 10 is faulty.
2
3
1
WARNING
The temperature of sensor 3 exceeds the lower limit.
Table 39 Command output
Field
Description
Chassis
Member ID of the IRF member device with an alarm.
Slot
Slot number of the card.
Level
Alarm severity. Possible values include ERROR, WARNING, NOTICE, and
INFO, in descending order.
Info
Detailed alarm information:
•
faulty—The card is starting up or faulty.
•
Fan n is absent—The specified fan is absent.
•
Power n is absent—The specified power supply is absent.
•
The temperature of sensor n exceeds the lower limit—The
temperature of the specified sensor is lower than the low-temperature
threshold.
•
The temperature of sensor n exceeds the upper limit—The
temperature of the specified sensor is higher than the high-temperature
warning threshold.
display clock
Use display clock to display the system time, date, local time zone, and daylight saving time.
Syntax
display clock
282
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the system time and date when the local time zone is not specified.
<Sysname> display clock
10:09:00 UTC Fri 03/16/2012
# Display the system time and date when the local time zone Z5 is specified.
<Sysname> display clock
15:10:00 Z5 Fri 03/16/2012
Time Zone : Z5 add 05:00:00
# Display the system time and date when the local time zone Z5 and daylight saving time PDT are
specified.
<Sysname> display clock
15:11:00 Z5 Fri 03/16/2012
Time Zone : Z5 add 05:00:00
Summer Time : PDT 06:00:00 08/01 06:00:00 09/01 01:00:00
Related commands
clock datetime
clock timezone
clock summer-time
display copyright
Use display copyright to display the copyright statement, including software and hardware
copyright statements, and software license information.
Syntax
display copyright
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the copyright statement.
<Sysname> display copyright
display cpu-usage
Use display cpu-usage to display the current CPU usage statistics.
283
Syntax
Centralized devices in standalone mode:
display cpu-usage [ summary ]
Distributed devices in standalone mode/centralized devices in IRF mode:
display cpu-usage [ summary ] [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
display cpu-usage [ summary ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
summary: Displays CPU usage statistics in table form. If you do not specify this keyword, the
command displays CPU usage statistics in text form.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command
displays the CPU usage statistics for all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member
device, this command displays CPU usage statistics for all member devices. (Centralized devices in
IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The
chassis-number argument represents the member ID of the IRF member device. The slot-number
argument represents the slot number of the card. If you do not specify a card, this command displays
CPU usage statistics for all cards. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed
devices in IRF or standalone mode.)
Usage guidelines
This command displays the average CPU usage values during the last 5-second, 1-minute, and
5-minute intervals.
Examples
# (Centralized devices in standalone mode.) Display the current CPU usage statistics in text form.
<Sysname> display cpu-usage
Unit CPU usage:
1% in last 5 seconds
1% in last 1 minute
1% in last 5 minutes
# (Centralized devices in standalone mode.) Display the current CPU usage statistics in table form.
<Sysname> display cpu-usage
CPU
Last 5 sec
Last 1 min
Last 5 min
0
2%
2%
10%
# (Distributed devices in standalone mode.) Display the current CPU usage statistics in text form.
<Sysname> display cpu-usage
Slot 0 CPU 0 CPU usage:
1% in last 5 seconds
284
0% in last 1 minute
0% in last 5 minutes
Slot 1 CPU 0 CPU usage:
1% in last 5 seconds
1% in last 1 minute
1% in last 5 minutes
# (Distributed devices in standalone mode.) Display the current CPU usage statistics in table form.
<Sysname> display cpu-usage
Slot CPU
Last 5 sec
Last 1 min
Last 5 min
0
0
22%
54%
44%
1
0
17%
29%
28%
# (Centralized devices in IRF mode.) Display the current CPU usage statistics for all member
devices in text form.
<Sysname> display cpu-usage
Slot 1 CPU 0 CPU usage:
6% in last 5 seconds
10% in last 1 minute
5% in last 5 minutes
Slot 2 CPU 0 CPU usage:
5% in last 5 seconds
8% in last 1 minute
5% in last 5 minutes
# (Centralized devices in IRF mode.) Display the current CPU usage statistics for all member
devices in table form.
<Sysname> display cpu-usage
Slot CPU
Last 5 sec
Last 1 min
Last 5 min
1
0
22%
54%
44%
2
0
17%
29%
28%
# (Distributed devices in IRF mode.) Display the current CPU usage statistics for all cards in text
form.
<Sysname> display cpu-usage
Chassis 1 Slot 0 CPU 0 CPU usage:
9% in last 5 seconds
8% in last 1 minute
8% in last 5 minutes
Chassis 1 Slot 1 CPU 0 CPU usage:
5% in last 5 seconds
4% in last 1 minute
4% in last 5 minutes
Chassis 2 Slot 0 CPU 0 CPU usage:
6% in last 5 seconds
6% in last 1 minute
6% in last 5 minutes
Chassis 2 Slot 1 CPU 0 CPU usage:
6% in last 5 seconds
6% in last 1 minute
6% in last 5 minutes
285
# (Distributed devices in IRF mode.) Display the current CPU usage statistics for all cards in table
form.
<Sysname> display cpu-usage
Chassis Slot CPU
Last 5 sec
Last 1 min
Last 5 min
1
0
0
6%
5%
8%
1
1
0
5%
4%
4%
2
0
0
6%
6%
8%
2
1
0
6%
6%
6%
Table 40 Command output
Field
Description
Unit CPU usage
CPU usage statistics. (Centralized devices in standalone mode.)
Chassis
Member ID of the IRF member device. (Distributed devices in IRF
mode.)
Slot
CPU
x% in last 5 seconds
Last 5 sec
y% in last 1 minute
Last 1 min
z% in last 5 minutes
Last 5 min
Member ID of the IRF member device. (Centralized devices in IRF
mode.)
Slot number of the card. (Distributed devices in IRF or standalone
mode.)
Number of the CPU.
Average CPU usage during the last 5-second interval.
Average CPU usage during the last 1-minute interval.
Average CPU usage during the last 5-minute interval.
Slot x CPU y CPU usage
Usage statistics for CPU y of the card in slot x. (Distributed devices in
standalone mode.)
Slot x CPU y CPU usage
Usage statistics for CPU y of member device x. (Centralized devices in
IRF mode.)
Chassis x Slot y CPU z CPU
usage
Usage statistics for CPU z of the card in slot y on member device x.
(Distributed devices in IRF mode.)
display cpu-usage configuration
Use display cpu-usage configuration to display CPU usage monitoring settings.
Syntax
Centralized devices in standalone mode:
display cpu-usage configuration
Distributed devices in standalone mode/centralized devices in IRF mode:
display cpu-usage configuration [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
display cpu-usage configuration [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
Any view
286
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command
displays the CPU usage monitoring settings for the active MPU. (Distributed devices in standalone
mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member
device, this command displays the CPU usage monitoring settings for the master device.
(Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The
chassis-number argument represents the member ID of the IRF member device. The slot-number
argument represents the slot number of the card. If you do not specify a card, this command displays
the CPU usage monitoring settings for the global active MPU. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed
devices in IRF or standalone mode.)
Examples
# Display the CPU usage monitoring settings.
<Sysname> display cpu-usage configuration
CPU usage monitor is enabled.
Current monitor interval is 60 seconds.
Current monitor threshold is 90%.
Related commands
monitor cpu-usage enable
monitor cpu-usage interval
monitor cpu-usage threshold
display cpu-usage history
Use display cpu-usage history to display the historical CPU usage statistics in a coordinate
system.
Syntax
Centralized devices in standalone mode:
display cpu-usage history [ job job-id ]
Distributed devices in standalone mode/centralized devices in IRF mode:
display cpu-usage history [ job job-id ] [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
display cpu-usage history [ job job-id ] [ chassis chassis-number slot slot-number [ cpu
cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
287
Parameters
job job-id: Specifies a process by its ID. If you do not specify a process, this command displays the
statistics for the entire system's CPU usage (the total CPU usage of all processes). To view the IDs
and names of the running processes, use the display process command. For more information, see
Network Management and Monitoring Configuration Guide.
slot slot-number: Specifies a card by its slot number. If you specify a process but do not specify a
card, this command displays the statistics for the process on the active MPU. If you do not specify
any options, this command displays the statistics for all processes on all cards. (Distributed devices
in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you specify a process but do
not specify a member device, this command displays the statistics for the process on the master
device. If you do not specify any options, this command displays the statistics for all processes on all
member devices. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The
chassis-number argument represents the member ID of the IRF member device. The slot-number
argument represents the slot number of the card. If you specify a process but do not specify a card,
this command displays the statistics for the process on the global active MPU. If you do not specify
any options, this command displays the statistics for all processes on all cards. (Distributed devices
in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. If you specify a process but do not specify a CPU,
this command displays the statistics for the default CPU. If you do not specify a process or CPU, this
command displays the historical statistics for all CPUs. (Centralized devices in IRF mode/distributed
devices in IRF or standalone mode.)
Usage guidelines
After CPU usage monitoring is enabled, the system regularly samples CPU usage and saves the
samples to the history record buffer. This command displays the most recent 60 samples in a
coordinate system as follows:
•
The vertical axis represents the CPU usage. If a statistic is not a multiple of the usage step, it is
rounded up or down to the closest multiple of the usage step. For example, if the CPU usage
step is 5%, the statistic 53% is rounded up to 55%, and the statistic 52% is rounded down to
50%.
•
The horizontal axis represents the time.
•
Pound signs (#) indicate the CPU usage. The value on the vertical axis for the topmost pound
sign at a specific time represents the CPU usage at that time.
Examples
# Display the historical CPU usage statistics for the entire system.
<Sysname> display cpu-usage history
100%|
95%|
90%|
85%|
80%|
75%|
70%|
65%|
60%|
55%|
50%|
45%|
40%|
288
35%|
30%|
25%|
20%|
15%|
#
10%|
###
5%|
#
########
-----------------------------------------------------------10
20
30
40
50
60
(minutes)
cpu-usage (Chassis 1 slot 0 CPU 0) last 60 minutes (SYSTEM)
The output shows the following items:
•
Process name. The name SYSTEM represents the entire system.
•
CPU that is holding the process: CPU 0 in slot 0 of member device 1.
•
Historical CPU usage statistics for the entire system during the last 60 minutes.
{
12 minutes ago: Approximately 5%.
{
13 minutes ago: Approximately 10%.
{
14 minutes ago: Approximately 15%.
{
15 minutes ago: Approximately 10%.
{
16 and 17 minutes ago: Approximately 5%.
{
18 minutes ago: Approximately 10%.
{
19 minutes ago: Approximately 5%.
{
Other time: 2% or lower than 2%.
# Display the historical CPU usage statistics for process 1.
<Sysname> display cpu-usage history job 1
100%|
95%|
90%|
85%|
80%|
75%|
70%|
65%|
60%|
55%|
50%|
45%|
40%|
35%|
30%|
25%|
20%|
15%|
10%|
5%|
#
-----------------------------------------------------------10
20
30
40
50
60
(minutes)
cpu-usage (Chassis 1 slot 0 CPU 0) last 60 minutes (scmd)
289
The output shows the following items:
•
Process name, which is scmd. A process name in a pair of square brackets ([ ]) represents a
kernel process.
•
CPU that is holding the process: CPU 0 in slot 0 of member device 1.
•
Historical CPU usage statistics for process 1 in the last 60 minutes.
{
20 minutes ago: Approximately 5%.
{
Other time: 2% or lower than 2%.
Related commands
monitor cpu-usage enable
monitor cpu-usage interval
display device
Use display device to display device information.
Syntax
Centralized devices in standalone mode:
display device [ cf-card | usb ] [ slot slot-number | verbose ]
Distributed devices in standalone mode/centralized devices in IRF mode:
display device [ cf-card | usb ] [ slot slot-number [ subslot subslot-number ] | verbose ]
Distributed devices in IRF mode:
display device [ cf-card | usb ] [ chassis chassis-number [ slot slot-number [ subslot
subslot-number ] ] | verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
cf-card: Specifies the CF cards.
The following matrix shows the cf-card keyword and hardware compatibility:
Hardware
Keyword compatibility
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
No
MSR958(JH300A/JH301A)
No
MSR1002-4/1003-8S
No
MSR2003
No
MSR2004-24/2004-48
No
MSR3012/3024/3044/3064
Yes
MSR4060/4080
Yes
usb: Specifies the device connected to the USB interface.
290
chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify a
member device, this command displays hardware information for all member devices. (Distributed
devices in IRF mode.)
slot slot-number: Specifies a subcard by its slot number. (Centralized devices in standalone mode.)
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command
displays hardware information for all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member
device, this command displays hardware information for all member devices. (Centralized devices in
IRF mode.)
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command
displays device information for all cards. (Distributed devices in IRF mode.)
subslot subslot-number: Specifies a subcard by its subslot number. If you do not specify a subcard,
this command does not display information about any subcards.
verbose: Displays detailed hardware information. If you do not specify this keyword, this command
displays brief information.
Usage guidelines
If you do not specify the cf-card and usb keywords, this command displays information about cards
on the device.
Examples
# (Centralized devices in standalone mode.) Display device information.
<Sysname>display device
Slot No.
Board Type
Status
Primary
SubSlots
---------------------------------------------------------------------------1
MPU
Normal
Master
4
Table 41 Command output
Field
Description
Slot No.
Slot number of the card.
Board Type
Hardware type of the card.
Status
Card status:
•
Illegal—The card is not operating correctly.
•
Normal—The card is operating correctly.
Max Ports
Maximum number of physical ports that the card supports.
# (Distributed devices in standalone mode.) Display device information.
<Sysname> display device
Slot No.
Brd Type
Brd Status
Subslot Num
Sft Ver
Patch Ver
0
MPU-100
Standby
0
AAAAAA-0000
None
1
MPU-100
Master
0
AAAAAA-0000
None
2
SPU-300
Normal
0
AAAAAA-0000
None
3
NONE
Absent
0
NONE
None
The output shows that the device has two MPUs and one interface card. The standby MPU is in slot
0, the active MPU is in slot 1, and the interface card is in slot 2.
291
Table 42 Command output
Field
Description
Slot No.
Slot number of the card.
Brd Type
Hardware type of the card.
Brd Status
Card status:
•
Standby—The card is the standby MPU.
•
Master—The card is the active MPU.
•
Absent—The slot is not installed with a card.
•
Fault—The card is faulty and cannot start up.
•
Normal—The card is an interface card and is operating correctly.
Subslot Num
Maximum number of subcards that the card supports.
Sft Ver
Software version of the card.
Patch Ver
Patch version of the card.
# (Centralized devices in IRF mode.) Display device information about all IRF member devices in the
IRF fabric.
<Sysname> display device
Slot No.
Board Type
Status
Primary
SubSlots
1
MPU
Normal
Master
12
2
MPU
Normal
Standby
12
The output shows that the IRF fabric has two member devices, and each member has 28 Ethernet
interfaces and two 10-GE physical IRF ports.
Table 43 Command output
Field
Description
Slot No.
Member ID of the IRF member device.
Board Type
Hardware type of the IRF member device
Status
Status of the IRF member device:
•
Normal—The IRF member device is operating correctly.
•
Illegal—The IRF member device is not identified.
Primary
Role of the IRF member device:
•
Master—The member device is the active MPU.
•
Standby—The member device is the standby MPU.
•
Loading—The member device is loading the system startup software.
SubSlots
Maximum number of subcards that the member device supports.
# (Distributed devices in IRF mode.) Display device information about all IRF member devices.
<Sysname> display device
Chassis
Slot Type
State
Subslot
Soft Ver
Patch Ver
1
0
MPU-100
Master
0
AAAAAA-0000
None
1
1
NONE
Absent
0
NONE
None
1
2
SPU-300
Normal
0
AAAAAA-0000
None
1
3
NONE
Absent
0
NONE
None
1
4
SPU-300
Normal
0
AAAAAA-0000
None
2
0
MPU-100
Standby
0
AAAAAA-0000
None
2
1
MPU-100
Standby
0
AAAAAA-0000
None
292
2
2
SPU-300
Normal
0
AAAAAA-0000
None
The output shows that the IRF fabric has two member devices (with the member IDs 1 and 2). The
card in slot 0 on member device 1 is the global active MPU. The cards in slot 0 and slot 1 on member
device 2 are global standby MPUs.
Table 44 Command output
Field
Description
Chassis
Member ID of the IRF member device.
Slot
Number of the slot where the card on the IRF member device resides.
Type
Card type.
State
Card status:
•
Absent—No card is inserted in the slot.
•
Master—The card is the global active MPU.
•
Standby—The card is a global standby MPU.
•
Normal—The card is an interface card and is operating correctly.
•
Fault—The card is faulty.
Subslot
Maximum number of subcards that the card supports.
Soft Ver
Software version of the card.
Patch Ver
Patch version of the card. If no patch is installed, the value of this field is None.
display device manuinfo
Use display device manuinfo to display electronic label information for the device.
Syntax
Centralized devices in standalone mode:
display device manuinfo [ slot slot-number ]
Distributed devices in standalone mode/centralized devices in IRF mode:
display device manuinfo [ slot slot-number [ subslot subslot-number ] ]
Distributed devices in IRF mode:
display device manuinfo
subslot-number ] ] ]
[
chassis
chassis-number
[
slot
slot-number
[
subslot
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify a
member device, this command displays electronic label information for all member devices.
(Distributed devices in IRF mode.)
slot slot-number: Specifies a subcard by its subslot number. If you do not specify a subcard, this
command does not display electronic label information for subcards. (Centralized devices in
standalone mode.)
293
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command
displays electronic label information for all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command
displays electronic label information for all cards. (Distributed devices in IRF mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member
device, this command displays electronic label information for all member devices. (Centralized
devices in IRF mode.)
subslot subslot-number: Specifies a subcard by its subslot number. If you do not specify a subcard,
this command does not display information about any subcards.
Usage guidelines
An electronic label is a profile of a device or card. It contains the permanent configuration, including
the serial number, manufacturing date, MAC address, and vendor name. The data is written to the
storage component during debugging or testing. This command displays only part of the electronic
label information.
Examples
# (Centralized devices in standalone mode.) Display electronic label information for the device.
<Sysname> display device manuinfo
Slot 0
DEVICE_NAME
: MSR2003
DEVICE_SERIAL_NUMBER : xxxx
MAC_ADDRESS
: 000F-E26A-58EA
MANUFACTURING_DATE
: 2012-11-10
VENDOR_NAME
: HPE
Slot 1
The card does not support manufacture information.
# (Distributed devices in standalone mode.) Display electronic label information for the device.
<Sysname> display device manuinfo
Slot 0 CPU 0:
subslot 0
DEVICE_NAME
: RT-MPU-100
DEVICE_SERIAL_NUMBER : 210231A1UXB133000076
MAC_ADDRESS
: 0CDA-41B2-9F95
MANUFACTURING_DATE
: 2013-03-10
VENDOR_NAME
: HPE
PRODUCT ID
: RT-MPU-100
Slot 1 CPU 0:
subslot 0
DEVICE_NAME
: RT-MPU-100
DEVICE_SERIAL_NUMBER : 210231A1UXB133000072
MAC_ADDRESS
: 0CDA-41B2-9FA1
MANUFACTURING_DATE
: 2013-03-10
VENDOR_NAME
: HPE
PRODUCT ID
: RT-MPU-100
Slot 2 CPU 0:
subslot 0
DEVICE_NAME
: RT-MPU-100
DEVICE_SERIAL_NUMBER : 210231A1UXA129000001
MAC_ADDRESS
: 000F-E212-3458
294
MANUFACTURING_DATE
: 2012-09-15
VENDOR_NAME
: HPE
PRODUCT ID
: RT-MPU-100
# (Centralized devices in IRF mode.) Display electronic label information for the device.
<Sysname> display device manuinfo
Slot 1 CPU 0:
DEVICE_NAME
: MSR2003
DEVICE_SERIAL_NUMBER : 210235A0W8B133000041
MAC_ADDRESS
: 0CDA-41B2-1E31
MANUFACTURING_DATE
: 2013-03-06
VENDOR_NAME
: HPE
Slot 2 CPU 0:
DEVICE_NAME
: MSR 36-40b
DEVICE_SERIAL_NUMBER : 210235A252A079000140
MAC_ADDRESS
: 000F-E269-46D1
MANUFACTURING_DATE
: 2012-09-26
VENDOR_NAME
: HPE
Table 45 Command output
Field
Description
Slot number of the card and number of the CPU. (Distributed devices in
standalone mode.)
Slot 1 CPU 0
Member ID of the device and number of the CPU. (Centralized devices in
IRF mode.)
DEVICE_NAME
Device name.
DEVICE_SERIAL_NUMBER
Serial number.
MAC_ADDRESS
MAC address.
MANUFACTURING_DATE
Manufacturing date.
VENDOR_NAME
Vendor name.
# (Distributed devices in IRF mode.) Display electronic label information for the device.
<Sysname> display device manuinfo
Chassis 1 slot 0 CPU 0:
DEVICE_NAME
: LSQ1MPUA0
DEVICE_SERIAL_NUMBER : 210231A73SA07B000108
MAC_ADDRESS
: 000F-E26A-58ED
MANUFACTURING_DATE
: 2012-11-9
VENDOR_NAME
: HPE
Chassis 1 slot 1 CPU 0:
DEVICE_NAME
: LSQ1MPUA0
DEVICE_SERIAL_NUMBER : 210231A73SA07B000075
MAC_ADDRESS
: 000F-E26A-581B
MANUFACTURING_DATE
: 2012-11-10
VENDOR_NAME
: HPE
Chassis 1 slot 2 CPU 0:
DEVICE_NAME
: LSQ1T24XGSC0
295
DEVICE_SERIAL_NUMBER : 210231A76VX081000020
MAC_ADDRESS
: No
MANUFACTURING_DATE
: 2012-12-2
VENDOR_NAME
: HPE
Table 46 Command output
Field
Description
Chassis 1
IRF member device 1.
Slot 0 CPU 0
Information about CPU 0 on the card in slot 0.
DEVICE_NAME
Device name.
DEVICE_SERIAL_NUMBER
Serial number.
MAC_ADDRESS
MAC address.
MANUFACTURING_DATE
Manufacturing date.
VENDOR_NAME
Vendor name.
display device manuinfo fan
Use display device manuinfo fan to display electronic label information for a fan.
Syntax
Distributed devices in standalone mode/centralized devices in standalone mode :
display device manuinfo fan fan-id
Centralized devices in IRF mode:
display device manuinfo slot slot-number fan fan-id
Distributed devices in IRF mode:
display device manuinfo chassis chassis-number fan fan-id
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID. (Centralized devices in IRF
mode.)
chassis chassis-number: Specifies an IRF member device by its member ID. (Distributed devices in
IRF mode.)
fan-id: Specifies a fan by its ID.
Usage guidelines
The following matrix shows the command and hardware compatibility:
Hardware
Command compatibility
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
No
296
Hardware
Command compatibility
MSR958(JH300A/JH301A)
No
MSR1002-4/1003-8S
No
MSR2003
No
MSR2004-24/2004-48
No
MSR3012/3024/3044/3064
No
MSR4060/4080
Yes
Examples
# (Distributed devices in standalone mode/centralized devices in standalone mode.) Display
electronic label information for fan 2.
<Sysname> display device manuinfo fan 2
Fan 2:
DEVICE_NAME
: fan
DEVICE_SERIAL_NUMBER : 210235A36L1234567890
MAC_ADDRESS
: NONE
MANUFACTURING_DATE
: 2010-01-20
VENDOR_NAME
: HPE
# (Distributed devices in IRF mode.) Display electronic label information for fan 2 on IRF member
device 1.
<Sysname> display device manuinfo chassis 1 fan 2
Chassis 1:
Fan 2:
DEVICE_NAME
: fan2
DEVICE_SERIAL_NUMBER
: 210235A36L1234567891
MAC_ADDRESS
: NONE
MANUFACTURING_DATE
: 2010-01-20
VENDOR_NAME
: HPE
display device manuinfo power
Use display device manuinfo power to display electronic label information for a power supply.
Syntax
Distributed devices in standalone mode/centralized devices in standalone mode:
display device manuinfo power power-id
Centralized devices in IRF mode:
display device manuinfo slot slot-number power power-id
Distributed devices in IRF mode:
display device manuinfo chassis chassis-number power power-id
Views
Any view
Predefined user roles
network-admin
297
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID. (Centralized devices in IRF
mode.)
chassis chassis-number: Specifies an IRF member device by its member ID. (Distributed devices in
IRF mode.)
power-id: Specifies a power supply by its ID.
The following matrix shows the power-id argument and hardware compatibility:
Hardware
Argument compatibility
Value
range
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
No
N/A
MSR958(JH300A/JH301A)
No
N/A
MSR1002-4/1003-8S
No
N/A
MSR2003
Yes
1
MSR2004-24/2004-48
Yes
1 to 2
MSR3012/3024/3044/3064
Yes
1
MSR4060/4080
Yes
1 to 2
Usage guidelines
The following matrix shows the command and hardware compatibility:
Hardware
Command compatibility
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
No
MSR958(JH300A/JH301A)
No
MSR1002-4/1003-8S
No
MSR2003
Yes
MSR2004-24/2004-48
Yes
MSR3012/3024/3044/3064
Yes
MSR4060/4080
Yes
Examples
# (Distributed devices in standalone mode/centralized devices in standalone mode.) Display
electronic label information for power supply 2.
<Sysname> display device manuinfo power 2
Power 2:
DEVICE_NAME
: power
DEVICE_SERIAL_NUMBER : 210235A36L1234567890
MAC_ADDRESS
: NONE
MANUFACTURING_DATE
: 2010-01-20
VENDOR_NAME
: HPE
# (Centralized devices in IRF mode.) Display electronic label information for power supply 2 on IRF
member device 1.
<Sysname> display device manuinfo slot 1 power 2
298
Slot 1:
Power 2:
DEVICE_NAME
: power
DEVICE_SERIAL_NUMBER : 210235A36L1234567890
MAC_ADDRESS
: NONE
MANUFACTURING_DATE
: 2010-01-20
VENDOR_NAME
: HPE
# (Distributed devices in IRF mode.) Display electronic label information for power supply 2 on IRF
member device 1.
<Sysname> display device manuinfo chassis 1 power 2
Chassis 1:
Power 2:
DEVICE_NAME
: power2
DEVICE_SERIAL_NUMBER
: 210235A36L1234567891
MAC_ADDRESS
: NONE
MANUFACTURING_DATE
: 2010-01-20
VENDOR_NAME
: HPE
display diagnostic-information
Use display diagnostic-information to display or save operating information for features and
hardware modules.
Syntax
display diagnostic-information [ hardware | infrastructure | l2 | l3 | service ] [ filename ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
hardware: Specifies hardware-related operating information.
infrastructure: Specifies operating information for the fundamental features.
l2: Specifies operating information for the Layer 2 features.
l3: Specifies operating information for the Layer 3 features.
service: Specifies operating information for Layer 4 and upper-layer features.
filename: Saves the information to a file. The filename argument must use the .tar.gz suffix.
Usage guidelines
You can use one of the following methods to collect operating statistics for diagnostics and
troubleshooting:
•
Use separate display commands to collect operating information feature by feature or module
by module.
•
Use the display diagnostic-information command to collect operating information for multiple
or all features and hardware modules.
The display diagnostic-information command does not support the |, >, and >> options.
299
If you do not specify any feature parameters, this command displays or saves the operating
information for all features and modules.
The file used to save the information is automatically compressed to save storage space. To view the
file content:
1.
Use the tar extract command to extract the file.
2.
Use the more command to view the file content.
Examples
# Display the operating information for all features and modules.
<Sysname> display diagnostic-information
Save or display diagnostic information (Y=save, N=display)? [Y/N]:n
===============================================
===============display clock===============
14:03:55 UTC Thu 01/05/2012
=================================================
===============display version===============
...
# Save the operating information for all features and modules to file test.tar.gz.
•
Method 1: Specify the filename in interactive mode.
<Sysname> display diagnostic-information
Save or display diagnostic information (Y=save, N=display)? [Y/N]:y
Please input the file name(*.tar.gz)[flash:/diag.tar.gz]: test.tar.gz
Diagnostic information is outputting to flash:/test.tar.gz.
Please wait...
•
Method 2: Specify the filename for the command.
<Sysname> display diagnostic-information test.tar.gz
Diagnostic information is outputting to flash:/test.tar.gz.
Please wait...
Related commands
more
tar extract
display environment
Use display environment to display temperature information, including the temperature thresholds
and the current temperature values.
Syntax
Centralized devices in standalone mode:
display environment
Distributed devices in standalone mode:
display environment [ slot slot-number ]
Centralized devices in IRF mode:
display environment [ slot slot-number ]
Distributed devices in IRF mode:
display environment [ chassis chassis-number [ slot slot-number] ]
300
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify a
member device, this command displays temperature information for all member devices. (Distributed
devices in IRF mode.)
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command
displays information for all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command
displays temperature information for all cards. (Distributed devices in IRF mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member
device, this command displays temperature information for all member devices. (Centralized devices
in IRF mode.)
Usage guidelines
The following matrix shows the command and hardware compatibility:
Hardware
Command compatibility
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
No
MSR958(JH300A/JH301A)
No
MSR1002-4/1003-8S
Yes
MSR2003
Yes
MSR2004-24/2004-48
Yes
MSR3012/3024/3044/3064
Yes
MSR4060/4080
Yes
Examples
# (Centralized devices in standalone mode.) Display information about all temperature sensors on
the device.
<Sysname> display environment
Slot Subslot Sensor
ID Temperature LowerLimit WarningLimit AlarmLimit
---------------------------------------------------------------------0
0
inflow
1
31
-7
53
61
0
0
hotspot 1
37
0
57
65
# (Distributed devices in standalone mode.) Display information about all temperature sensors on
the device.
<Sysname> display environment
Slot Subslot
Sensor
ID Temperature LowerLimit WarningLimit AlarmLimit
----------------------------------------------------------------------0
0
hotspot 1
40
0
60
70
1
0
hotspot 1
41
0
60
70
2
0
inflow
1
37
0
60
70
2
0
hotspot 1
43
0
65
75
301
# (Distributed devices in IRF mode.) Display information about all temperature sensors in the IRF
fabric.
<Sysname> display environment
System temperature information (degree centigrade):
----------------------------------------------------------------------------Chassis Slot Subslot Sensor ID Temperature LowerLimit WarningLimit AlarmLimit
----------------------------------------------------------------------------1
0
0
hotspot1
38
0
60
70
1
1
0
hotspot1
40
0
60
70
1
2
0
inflow 1
36
-5
55
65
1
2
0
hotspot1
44
0
65
75
2
0
0
hotspot1
38
0
60
70
2
1
0
hotspot1
39
0
60
70
2
2
0
inflow 1
34
-5
55
65
2
2
0
hotspot1
43
0
65
75
Table 47 Command output
Field
Description
Chassis
Member ID of the IRF member device.
sensor
Temperature sensor:
•
hotspot—Hotspot sensor.
•
inflow—Air inlet sensor.
•
outflow—Air outlet sensor.
Slot
A number in this field indicates a device. (Centralized devices in standalone mode.)
Slot
A number in this field indicates a card. (Distributed devices in standalone mode.)
Slot
A number in this field indicates an IRF member device. (Centralized devices in IRF
mode.)
Slot
A number in this field indicates a sensor on the frame or fan tray of an IRF member
device. (Distributed devices in IRF mode.)
Subslot
Subslot number.
Temperature
Current temperature.
LowerLimit
Lower temperature limit.
WarningLimit
Warning temperature threshold.
AlarmLimit
Alarming temperature threshold.
display fan
Use display fan to display fan operating status information.
Syntax
Distributed devices in standalone mode/centralized devices in standalone mode:
display fan [ fan-id ]
Centralized devices in IRF mode:
display fan [ slot slot-number [ fan-id ] ]
Distributed devices in IRF mode:
302
display fan [ chassis chassis-number [ fan-id ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member
device, this command displays fan operating status information for all member devices. (Centralized
devices in IRF mode.)
chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify a
member device, this command displays fan operating status information for all member devices.
(Distributed devices in IRF mode.)
fan-id: Specifies a fan by its ID. If you do not specify a fan, this command displays operating status
information for all fans at the specified position.
Examples
# Display the operating states of all fans.
<Sysname> display fan
display memory
Use display memory to display memory usage information.
Syntax
Centralized devices in standalone mode:
display memory [ summary ]
Distributed devices in standalone mode/centralized devices in IRF mode:
display memory [ summary ] [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
display memory [ summary ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
summary: Displays brief information about memory usage. If you do not specify this keyword, the
command displays detailed information about memory usage.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command
displays memory usage for all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member
device, this command displays memory usage for all member devices. (Centralized devices in IRF
mode.)
303
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The
chassis-number argument represents the member ID of the IRF member device. The slot-number
argument represents the slot number of the card. If you do not specify a card, this command displays
memory usage for all MPUs. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed
devices in IRF or standalone mode.)
Examples
# Display detailed memory usage information.
<Sysname> display memory
The statistics about memory is measured in KB:
Slot 0:
Total
Used
Free
Shared
Buffers
Cached
FreeRatio
507980
154896
353084
0
488
54488
69.5%
-/+ Buffers/Cache:
99920
408060
Mem:
Swap:
0
0
0
Table 48 Command output
Field
Description
Chassis
Member ID of the IRF member device. (Distributed devices in IRF mode.)
Slot
This field specifies the entire device. The value of this field is fixed at 0. (Centralized
devices in standalone mode .)
Member ID of the IRF member device. (Centralized devices in IRF mode.)
Slot number of the card. (Distributed devices in IRF or standalone mode.)
CPU
Number of the CPU.
Mem
Memory usage information.
Total size of the physical memory space that can be allocated.
Total
The memory space is virtually divided into two parts. Part 1 is solely used for kernel
code, kernel management, and ISSU functions. Part 2 can be allocated and used
for such tasks as running service modules and storing files. The size of part 2
equals the total size minus the size of part 1.
Used
Used physical memory.
Free
Free physical memory.
Shared
Physical memory shared by processes.
Buffers
Physical memory used for buffers.
Cached
Caches
FreeRatio
-/+ Buffers/Cache
Swap
Physical memory used for caches.
Free memory ratio.
-/+ Buffers/Cache:used = Mem:Used – Mem:Buffers – Mem:Cached, which
indicates the physical memory used by applications.
-/+ Buffers/Cache:free = Mem:Free + Mem:Buffers + Mem:Cached, which indicates
the physical memory available for applications.
Swap memory.
display memory-threshold
Use display memory-threshold to display memory alarm thresholds and statistics.
304
Syntax
Centralized devices in standalone mode:
display memory-threshold
Distributed devices in standalone mode/centralized devices in IRF mode:
display memory-threshold [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
display memory-threshold [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command
displays the memory usage thresholds and statistics for the active MPU. (Distributed devices in
standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member
device, this command displays the memory usage thresholds and statistics for the master device.
(Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The
chassis-number argument represents the member ID of the IRF member device. The slot-number
argument represents the slot number of the card. If you do not specify a card, this command displays
the memory usage thresholds and statistics for the global active MPU. (Distributed devices in IRF
mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed
devices in IRF or standalone mode.)
Usage guidelines
For more information about memory usage notifications, see log information containing
MEM_EXCEED_THRESHOLD or MEM_BELOW_THRESHOLD.
Examples
# Display memory alarm thresholds and statistics.
<Sysname> display memory-threshold
Memory usage threshold: 100%
Free memory threshold:
Minor: 64M
Severe: 48M
Critical: 32M
Normal: 96M
Current memory state: Normal
Event statistics:
[Back to normal state]
First notification: 2012-5-15 09:21:35.546
Latest notification: 2012-5-15 09:21:35.546
Total number of notifications sent: 1
[Enter minor low-memory state]
First notification at: 2012-5-15 09:07:05.941
305
Latest notification at: 2012-5-15 09:07:05.941
Total number of notifications sent: 1
[Back to minor low-memory state]
First notification at: 0.0
Latest notification at: 0.0
Total number of notifications sent: 0
[Enter severe low-memory state]
First notification at: 0.0
Latest notification at: 0.0
Total number of notifications sent: 0
[Back to severe low-memory state]
First notification at: 0.0
Latest notification at: 0.0
Total number of notifications sent: 0
[Enter critical low-memory state]
First notification at: 0.0
Latest notification at: 0.0
Total number of notifications sent: 0
display power
Use display power to display power supply information.
Syntax
Distributed devices in standalone mode/centralized devices in standalone mode:
display power [ power-id ]
Centralized devices in IRF mode:
display power [ slot slot-number [ power-id ] ]
Distributed devices in IRF mode:
display power [ chassis chassis-number [ power-id ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member
device, this command displays power supply information for all member devices. (Centralized
devices in IRF mode.)
chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify a
member device, this command displays power supply information for all member devices.
(Distributed devices in IRF mode.)
power-id: Specifies a power supply by its ID. If you do not specify a power supply, this command
displays information about all power supplies at the specified position.
Examples
# Display power supply information.
306
<Sysname> display power
display power-supply
Use display power-supply to display power supply information.
Syntax
Distributed devices in standalone mode/centralized devices in standalone mode:
display power-supply [ verbose ]
Centralized devices in IRF mode:
display power-supply [ slot slot-number ] [ verbose ]
Distributed devices in IRF mode:
display power-supply [ chassis chassis-number ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member
device, this command displays power supply information for all member devices. (Centralized
devices in IRF mode.)
chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify a
member device, this command displays power supply information for all member devices.
(Distributed devices in IRF mode.)
verbose: Displays detailed power supply information. If you do not specify this keyword, this
command displays the brief information.
Examples
# Display detailed power supply information.
<Sysname> display power-supply verbose
display scheduler job
Use display scheduler job to display job configuration information.
Syntax
display scheduler job [ job-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
307
Parameters
job-name: Specifies a job by its name, a case-sensitive string of 1 to 47 characters. If you do not
specify a job, this command displays configuration information for all jobs.
Examples
# Display configuration information for all jobs.
<Sysname> display scheduler job
Job name: saveconfig
copy startup.cfg backup.cfg
Job name: backupconfig
Job name: creat-VLAN100
system-view
vlan 100
// The output shows that the device has three jobs: the first has one command, the second does not
have any commands, and the third has two commands. Jobs are separated by blank lines.
display scheduler logfile
Use display scheduler logfile to display job execution log information.
Syntax
display scheduler logfile
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display job execution log information.
<Sysname> display scheduler logfile
Logfile Size: 1902 Bytes.
Job name
: shutdown
Schedule name
: shutdown
Execution time
: Tue Dec 27 10:44:42 2011
Completion time : Tue Dec 27 10:44:47 2011
--------------------------------- Job output ----------------------------------<Sysname>system-view
System View: return to User View with Ctrl+Z.
[Sysname]interface rang gigabitethernet 1/0/1 to gigabitethernet 1/0/3
[Sysname-if-range]shutdown
Table 49 Command output
Field
Description
Logfile Size
Size of the log file, in bytes.
308
Field
Description
Schedule name
Schedule to which the job belongs.
Execution time
Time when the job was started.
Completion time
Time when the job was completed. If the job has never been executed or the job does
not have any commands, this field is blank.
Job output
Commands in the job and their output.
Related commands
reset scheduler logfile
display scheduler reboot
Use display scheduler reboot to display the automatic reboot schedule.
Syntax
display scheduler reboot
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the automatic reboot schedule.
<Sysname> display scheduler reboot
System will reboot at 16:32:00 05/23/2011 (in 1 hours and 39 minutes).
Related commands
scheduler reboot at
scheduler reboot delay
display scheduler schedule
Use display scheduler schedule to display schedule information.
Syntax
display scheduler schedule [ schedule-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
schedule-name: Specifies a schedule by its name, a case-sensitive string of 1 to 47 characters. If
you do not specify a schedule, this command displays information about all schedules.
309
Examples
# Display information about all schedules.
<Sysname> display scheduler schedule
Schedule name
: shutdown
Schedule type
: Run once after 0 hours 2 minutes
Start time
: Tue Dec 27 10:44:42 2011
Last execution time
: Tue Dec 27 10:44:42 2011
Last completion time : Tue Dec 27 10:44:47 2011
Execution counts
: 1
----------------------------------------------------------------------Job name
Last execution status
shutdown
Successful
Table 50 Command output
Field
Description
Schedule type
Execution time setting of the schedule. If no execution time is specified, this field is not
displayed.
Start time
Time to execute the schedule for the first time. If no execution time is specified, this
field is not displayed.
Last execution
time
Last time when the schedule was executed. If no execution time is specified, this field
is not displayed. If the schedule has never been executed, "Yet to be executed" is
displayed for this field.
Last completion
time
Last time when the schedule was completed. If no execution time is specified, this field
is not displayed.
Execution counts
Number of times the schedule has been executed. If the schedule has never been
executed, this field is not displayed.
Job name
Name of a job under the schedule.
Last execution
status
Result of the most recent execution:
•
Successful.
•
Failed.
•
Waiting—The device is executing the schedule and the job is waiting to be
executed.
•
In process—The job is being executed.
•
-NA-—The execution time has not arrived yet.
To view information about whether the commands in the job has been executed and
the execution results, execute the display scheduler logfile command.
display system stable state
Use display system stable state to display system stability and status information.
Syntax
display system stable state
Views
Any view
Predefined user roles
network-admin
310
network-operator
Examples
# (Centralized devices in standalone mode.) Display system stability and status information.
<Sysname> display system stable state
System state
: Stable
Role
State
Active
Stable
# (Distributed devices in standalone mode.) Display system stability and status information.
<Sysname> display system stable state
System state
: Not ready
Redundancy state: Not ready
Slot
CPU
Role
State
0
0
Active
Stable
* 1
0
Standby
Service starting
# (Centralized devices in IRF mode.) Display system stability and status information.
<Sysname> display system stable state
System state
: Not ready
Redundancy state: Not ready
Slot
CPU
Role
State
1
0
Active
Stable
* 2
0
Standby
HA batch backup
# (Distributed devices in IRF mode.) Display system stability and status information.
<Sysname> display system stable state
System state
: Not ready
Redundancy state: Stable
Chassis
Slot
CPU
Role
State
1
1
0
Active
Stable
1
2
0
Standby
Stable
1
3
0
Other
Stable
* 1
3
1
Other
Kernel initiating
Table 51 Command output
Field
Description
System state
System status:
•
Stable—The system is operating stably.
•
Not ready—The system is not operating stably. You cannot perform an ISSU
when the system is in this state.
Redundancy state
System redundancy status:
•
Stable—Both MPUs are operating stably. You can perform a switchover.
•
No redundance—The system has only one MPU and the MPU is operating
stably. You cannot perform a switchover.
•
Not ready—The system is not operating stably. You cannot perform a
switchover.
Role
Role of the card in the system:
•
Active—The card is the active MPU.
•
Standby—The card is the standby MPU.
•
Other—The card is not an MPU.
311
Field
Description
State
Card status:
•
Stable—The card is operating stably.
•
Board inserted—The card has just been installed.
•
Kernel initiating—Card kernel is being initialized.
•
Service starting—Services are starting.
•
Service stopping—Services are stopping.
•
HA batch backup—An HA batch backup is going on.
•
Interface data batch backup—An interface data batch backup is in progress.
*
The object is not operating stably.
Related commands
display device
display ha service-group (High Availability Command Reference)
display system interval process status (Device management probe commands)
display transceiver alarm
Use display transceiver alarm to display transceiver alarms.
Syntax
display transceiver alarm interface { interface [ interface-type interface-number ] | controller
cpos [ cpos-number ] }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface [ interface-type interface-number ]: Specifies an interface by its type and number. If no
interface is specified, this command displays the alarms present on every transceiver module.
cpos [ cpos-number ]: Specifies a CPOS interface by its number. If no CPOS interface is specified,
this command displays the alarms present on all CPOS interfaces.
Usage guidelines
Table 52 shows the common transceiver alarm components. If no error occurs, "None" is displayed.
Table 52 Common transceiver alarm components
Field
Description
SFP/SFP+/GBIC/SFF:
RX
Receive
TX
Transmit
power
Optical power
Temp
Temperature
QSFP+:
312
Field
Description
RX
Receive
TX
Transmit
power
Optical power
Temp
Temperature
CFP:
RX
Receive
TX
Transmit
power
Optical power
Temp
Temperature
REFCLK
Reference clock
XFP:
RX
Receive
TX
Transmit
power
Optical power
Temp
Temperature
APD
Avalanche photo diode
TEC
Thermoelectric cooler
XENPAK:
RX
Receive
TX
Transmit
power
Optical power
Temp
Temperature
WIS
WAN interface sublayer
PMA/PMD
Physical medium attachment/physical medium dependent
PCS
Physical coding sublayer
PHY XS
PHY extended sublayer
Examples
# Display the alarms present on the transceiver module in interface GigabitEthernet 1/0/1.
<Sysname> display transceiver alarm interface gigabitethernet 1/0/1
GigabitEthernet1/0/1 transceiver current alarm information:
RX loss of signal
RX power low
Table 53 Command output
Field
Description
transceiver current alarm information
Alarms present on the transceiver module.
RX loss of signal
Received signals are lost.
RX power low
Received power is low.
313
display transceiver diagnosis
Use display transceiver diagnosis to display the current values of the digital diagnosis parameters
on transceiver modules.
Syntax
display transceiver diagnosis interface { interface [ interface-type interface-number ] | controller
cpos [ cpos-number ] }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface [ interface-type interface-number ]: Specifies an interface by its type and number. If no
interface is specified, this command displays the current values of the digital diagnosis parameters
on every transceiver module.
cpos [ cpos-number ]: Specifies a CPOS interface by its number. If no CPOS interface is specified,
this command displays the current values of the digital diagnosis parameters on all CPOS interfaces.
Usage guidelines
This command cannot display information about some transceiver modules.
Examples
# Display the current values of the digital diagnosis parameters on the transceiver module in
interface GigabitEthernet 1/0/1.
<Sysname> display transceiver diagnosis interface gigabitethernet 1/0/1
GigabitEthernet1/0/1 transceiver diagnostic information:
Current diagnostic parameters:
Temp(°C)
Voltage(V)
Bias(mA)
RX power(dBm)
TX power(dBm)
36
3.31
6.13
-35.64
-5.19
Alarm thresholds:
Temp(°C)
Voltage(V)
Bias(mA)
RX power(dBM)
TX power(dBM)
High
50
3.55
1.44
-10.00
5.00
Low
30
3.01
1.01
-30.00
0.00
Table 54 Command output
Field
Description
transceiver diagnostic information
Digital diagnosis information for the transceiver module in the
interface.
Temp.(°C)
Temperature in °C, accurate to 1°C.
Voltage(V)
Voltage in V, accurate to 0.01 V.
Bias(mA)
Bias current in mA, accurate to 0.01 mA.
RX power(dBm)
Receive power in dBm, accurate to 0.01 dBm.
TX power(dBm)
Transmit power in dBm, accurate to 0.01 dBm.
314
display transceiver interface
Use display transceiver interface to display the key parameters of transceiver modules.
Syntax
display transceiver interface { interface [ interface-type interface-number ] | controller cpos
[ cpos-number ] }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface-type interface-number: Specifies an interface by its type and number. If you do not specify
an interface, this command displays the key parameters of every transceiver module.
cpos [ cpos-number ]: Specifies a CPOS interface by its number. If no CPOS interface is specified,
this command displays the key parameters of the transceiver modules on all CPOS interfaces.
Examples
# Display the key parameters of the transceiver module in interface GigabitEthernet 1/0/1.
<Sysname> display transceiver interface gigabitethernet 1/0/1
GigabitEthernet1/0/1 transceiver information:
Transceiver Type
: 1000_BASE_SX_SFP
Connector Type
: LC
Wavelength(nm)
: 850
Transfer Distance(m)
: 550(50um),270(62.5um)
Digital Diagnostic Monitoring : YES
Vendor Name
: HPE
Ordering Name
: SFP-GE-SX-MM850
Table 55 Command output
Field
Description
Connector Type
Connector types:
•
SC—Fiber connector developed by NTT.
•
LC—1.25 mm/RJ-45 fiber connector developed by Lucent.
•
RJ-45.
•
CX 4.
Wavelength(nm)
Central wavelength (in nm) of the transmit laser. If the transceiver supports
multiple wavelengths, every two wavelength values are separated by a comma.
For a copper cable, this field displays N/A.
315
Field
Description
Transmission distance, where xx indicates the distance unit:
•
km—Kilometers, for single-mode transceiver modules.
•
m—Meters, for other transceiver modules.
Transfer Distance(xx)
If the transceiver module supports multiple types of transmission media, this field
displays the transmission distance for each type, in the form transmission distance
(medium type).
Transmission medium types include:
•
9 um—9/125 µm single-mode fiber.
•
50 um—50/125 µm multimode fiber.
•
62.5 um—62.5/125 µm multimode fiber.
•
TP—Twisted pair.
•
CX4—CX4 cable.
Digital Diagnostic
Monitoring
Support for digital diagnosis:
•
YES—Supported.
•
NO—Not supported.
Ordering Name
Product code.
display transceiver manuinfo
Use display transceiver manuinfo to display electronic label information for transceiver modules.
Syntax
display transceiver manuinfo interface { interface [ interface-type interface-number ] | controller
cpos [ cpos-number ] }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface [ interface-type interface-number ]: Specifies an interface by its type and number. If no
interface is specified, this command displays electronic label information for the transceiver modules
on all interfaces.
cpos [ cpos-number ]: Specifies a CPOS interface by its number. If no CPOS interface is specified,
this command displays electronic label information for the transceiver modules on all CPOS
interfaces.
Usage guidelines
This command displays only part of the electronic label information.
Examples
# Display electronic label information for the transceiver module on interface GigabitEthernet 1/0/1.
<Sysname> display transceiver manuinfo interface gigabitethernet 1/0/1
GigabitEthernet1/0/1 transceiver manufacture information:
Manu. Serial Number
: 213410A0000054000251
Manufacturing Date
: 2012-09-01
Vendor Name
: HPE
316
Table 56 Command output
Field
Description
Manu. Serial Number
Serial number generated during production of the transceiver module.
Manufacturing Date
Date when the electronic label information was written to the transceiver
module.
display version
Use display version to display system version information.
Syntax
display version
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display system version information.
<Sysname> display version
display version-update-record
Use display version-update-record to display the startup software image upgrade records.
(Centralized devices in standalone mode.)
Use display version-update-record to display the startup software image upgrade records of the
active MPU. (Distributed devices in standalone mode.)
Use display version-update-record to display the startup software image upgrade records of the
master. (Centralized devices in IRF mode.)
Use display version-update-record to display the startup software image upgrade records of the
global active MPU. (Distributed devices in IRF mode.)
Syntax
display version-update-record
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
The device records its current startup software version information and all subsequent version
update information. Such information can survive reboots.
The maximum number of records is 10.
317
Examples
# Display the startup software image upgrade records.
<Sysname> display version-update-record
Record 1
(updated on Apr 18 2014 at 06:23:54):
*Name
Version
: simware-cmw710-boot-a5301.bin
: 7.1.053 Alpha 7153
Compile time: Mar 25 2014 15:52:43
*Name
Version
: simware-cmw710-system-a5301.bin
: 7.1.053 Alpha 7153
Compile time: Mar 25 2014 15:52:43
Table 57 Command output
Field
Description
Record n
Number of the startup software image upgrade record. Record 1 is the most
recent record.
Name
Software image file name.
*
The software image version changed during the upgrade.
Related commands
reset version-update-record
header
Use header to configure a banner.
Use undo header to delete a banner.
Syntax
header { incoming | legal | login | motd | shell } text
undo header { incoming | legal | login | motd | shell }
Default
No banners are configured..
Views
System view
Predefined user roles
network-admin
Parameters
incoming: Configures the banner to be displayed before a modem dial-in user accesses user view.
If authentication is required, the incoming banner appears after the authentication is passed.
legal: Configures the banner to be displayed before a user inputs the username and password to
access the CLI.
login: Configures the banner to be displayed before password or scheme authentication is
performed for a login user.
motd: Configures the greeting banner to be displayed before the legal banner appears.
shell: Configures the banner to be displayed before a non-modem dial-in user accesses user view.
318
text: Specifies the banner message. You can enter the banner message on the same line as the
keywords or on different lines. For more information, see Fundamentals Configuration Guide.
Examples
# Configure the incoming banner, legal banner, login banner, MOTD banner, and shell banner.
<Sysname> system-view
[Sysname] header incoming
Please input banner content, and quit with the character '%'.
Welcome to incoming(header incoming)%
[Sysname] header legal
Please input banner content, and quit with the character '%'.
Welcome to legal (header legal)%
[Sysname] header login
Please input banner content, and quit with the character '%'.
Welcome to login(header login)%
[Sysname] header motd
Please input banner content, and quit with the character '%'.
Welcome to motd(header motd)%
[Sysname] header shell
Please input banner content, and quit with the character '%'.
Welcome to shell(header shell)%
In this example, the percentage sign (%) is the starting and ending character for each banner and is
not included in the banners.
# Telnet to the device to test the configuration. The login banner appears only when password or
scheme login authentication has been configured.
******************************************************************************
* Copyright (c) 2010-2016 Hewlett Packard Enterprise Development LP
*
* Without the owner's prior written consent,
*
* no decompiling or reverse-engineering shall be allowed.
*
******************************************************************************
Welcome to legal (header legal)
Welcome to motd(header motd)
Welcome to login(header login)
Login authentication
Password:
Welcome to shell(header shell)
job
Use job to assign a job to a schedule.
Use undo job to revoke a job.
319
Syntax
job job-name
undo job job-name
Default
No job is assigned to a schedule.
Views
Schedule view
Predefined user roles
network-admin
Parameters
job-name: Specifies the job name, a case-sensitive string of 1 to 47 characters.
Usage guidelines
You can assign multiple jobs to a schedule. The jobs in a schedule are executed concurrently.
The jobs to be assigned to a schedule must already exist. To create a job, use the scheduler job
command.
Examples
# Assign job save-job to schedule saveconfig.
<Sysname> system-view
[Sysname] scheduler schedule saveconfig
[Sysname-schedule-saveconfig] job save-job
Related commands
scheduler job
scheduler schedule
memory-threshold
Use memory-threshold to set free-memory thresholds.
Use undo memory-threshold to restore the defaults.
Syntax
Centralized devices in standalone mode:
memory-threshold minor minor-value severe severe-value critical critical-value normal
normal-value
undo memory-threshold
Distributed devices in standalone mode/centralized devices in IRF mode:
memory-threshold [ slot slot-number [ cpu cpu-number ] ] minor minor-value severe severe-value
critical critical-value normal normal-value
undo memory-threshold [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
memory-threshold [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] minor
minor-value severe severe-value critical critical-value normal normal-value
undo memory-threshold [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
320
Default
•
Minor alarm threshold—96 MB.
•
Severe alarm threshold—64 MB.
•
Critical alarm threshold—48 MB.
•
Normal state threshold—128 MB.
Views
System view
Predefined user roles
network-admin
Parameters
minor minor-value: Specifies the minor alarm threshold. This threshold must be equal to or less than
the normal state threshold. Setting this threshold to 0 disables the minor alarm feature.
The following matrix shows the value ranges for the minor-value argument:
Hardware
Value range
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
0 to 1004
MSR958(JH300A/JH301A)
0 to 1004
MSR1002-4/1003-8S
0 to 1003
MSR2003
0 to 1003
MSR2004-24/2004-48
0 to 1003
MSR3012/3024/3044/3064
0 to 1973
MSR4060/4080
0 to 1973
severe severe-value: Specifies the severe alarm threshold. This threshold must be equal to or less
than the minor alarm threshold. Setting this threshold to 0 disables the severe alarm feature.
The following matrix shows the value ranges for the severe-value argument:
Hardware
Value range
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
0 to 1004
MSR958(JH300A/JH301A)
0 to 1004
MSR1002-4/1003-8S
0 to 1003
MSR2003
0 to 1003
MSR2004-24/2004-48
0 to 1003
MSR3012/3024/3044/3064
0 to 1973
MSR4060/4080
0 to 1973
critical critical-value: Specifies the critical alarm threshold. This threshold must be equal to or less
than the severe alarm threshold. Setting this threshold to 0 disables the critical alarm feature.
The following matrix shows the value ranges for the critical-value argument:
Hardware
Value range
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
0 to 1004
321
Hardware
Value range
MSR958(JH300A/JH301A)
0 to 1004
MSR1002-4/1003-8S
0 to 1003
MSR2003
0 to 1003
MSR2004-24/2004-48
0 to 1003
MSR3012/3024/3044/3064
0 to 1973
MSR4060/4080
0 to 1973
normal normal-value: Specifies the normal state threshold. This threshold must be equal to or less
than the total memory size.
The following matrix shows the value ranges for the normal-value argument:
Hardware
Value range
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
0 to 1004
MSR958(JH300A/JH301A)
0 to 1004
MSR1002-4/1003-8S
0 to 1003
MSR2003
0 to 1003
MSR2004-24/2004-48
0 to 1003
MSR3012/3024/3044/3064
0 to 1973
MSR4060/4080
0 to 1973
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command sets
free-memory thresholds for the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member
device, this command sets free-memory thresholds for the master device. (Centralized devices in
IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The
chassis-number argument represents the member ID of the IRF member device. The slot-number
argument represents the slot number of the card. If you do not specify a card, this command sets
free-memory thresholds for the global active MPU. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed
devices in IRF or standalone mode.)
Usage guidelines
To ensure correct operation and improve memory efficiency, the system monitors the amount of free
memory space in real time. If the amount of free memory space exceeds a free-memory threshold,
the system generates an alarm notification and sends it to affected service modules or processes.
For more information about the thresholds, see Fundamentals Configuration Guide.
Examples
# Set the minor alarm, severe alarm, critical alarm, and normal state thresholds to 64 MB, 48 MB, 32
MB, and 96 MB, respectively.
<Sysname> system-view
[Sysname] memory-threshold minor 64 severe 48 critical 32 normal 96
322
Related commands
display memory-threshold
memory-threshold usage
Use memory-threshold usage to set the memory usage threshold.
Use undo memory-threshold usage to restore the default.
Syntax
Centralized devices in standalone mode:
memory-threshold usage memory-threshold
undo memory-threshold usage
Distributed devices in standalone mode/centralized devices in IRF mode:
memory-threshold [ slot slot-number [ cpu cpu-number ] ] usage memory-threshold
undo memory-threshold [ slot slot-number [ cpu cpu-number ] ] usage
Distributed devices in IRF mode:
memory-threshold [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] usage
memory-threshold
undo memory-threshold [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] usage
Default
The memory usage threshold is 100%.
Views
System view
Predefined user roles
network-admin
Parameters
memory-threshold: Specifies the memory usage threshold in percentage. The value range is 0 to
100.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command sets
the memory usage threshold for the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member
device, this command sets the memory usage threshold for the master device. (Centralized devices
in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The
chassis-number argument represents the member ID of the IRF member device. The slot-number
argument represents the slot number of the card. If you do not specify a card, this command sets the
memory usage threshold for the global active MPU. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed
devices in IRF or standalone mode.)
Usage guidelines
The device samples memory usage at an interval of 1 minute. If the sample is greater than the
memory usage threshold, the device sends a trap.
Examples
# Set the memory usage threshold to 80%.
323
<Sysname> system-view
[Sysname] memory-threshold chassis 1 slot 2 cpu 1 usage 80
Related commands
display memory-threshold
monitor cpu-usage enable
Use monitor cpu-usage enable to enable CPU usage monitoring.
Use undo monitor cpu-usage enable to disable CPU usage monitoring.
Syntax
Centralized devices in standalone mode:
monitor cpu-usage enable
undo monitor cpu-usage enable
Distributed devices in standalone mode/centralized devices in IRF mode:
monitor cpu-usage enable [ slot slot-number [ cpu cpu-number ] ]
undo monitor cpu-usage enable [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
monitor cpu-usage enable [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
undo monitor cpu-usage enable [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Default
CPU usage monitoring is enabled.
Views
System view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command
enables CPU usage monitoring for the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member
device, this command enables CPU usage monitoring for the master device. (Centralized devices in
IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The
chassis-number argument represents the member ID of the IRF member device. The slot-number
argument represents the slot number of the card. If you do not specify a card, this command enables
CPU usage monitoring for the global active MPU. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed
devices in IRF or standalone mode.)
Usage guidelines
After CPU usage monitoring is enabled, the system samples and saves CPU usage at the interval
specified by the monitor cpu-usage interval command. You can use the display cpu-usage
history command to view recent CPU usage.
Examples
# Enable CPU usage monitoring.
324
<Sysname> system-view
[Sysname] monitor cpu-usage enable
Related commands
display cpu-usage configuration
display cpu-usage history
monitor cpu-usage interval
monitor cpu-usage interval
Use monitor cpu-usage interval to set the sampling interval for CPU usage monitoring.
Syntax
Centralized devices in standalone mode:
monitor cpu-usage interval interval
Distributed devices in standalone mode/centralized devices in IRF mode:
monitor cpu-usage interval interval [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
monitor cpu-usage interval interval [ chassis chassis-number slot slot-number [ cpu
cpu-number ] ]
Default
The system samples CPU usage every 1 minute.
Views
System view
Predefined user roles
network-admin
Parameters
interval: Specifies the sampling interval for CPU usage monitoring. Valid values include 5Sec for 5
seconds, 1Min for 1 minute, and 5Min for 5 minutes.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command sets
the interval for the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member
device, this command sets the interval for the master device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The
chassis-number argument represents the member ID of the IRF member device. The slot-number
argument represents the slot number of the card. If you do not specify a card, this command sets the
interval for the global active MPU. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed
devices in IRF or standalone mode.)
Usage guidelines
After CPU usage monitoring is enabled, the system samples and saves CPU usage at the specified
interval. You can use the display cpu-usage history command to view recent CPU usage.
Examples
# Set the sampling interval for CPU usage monitoring to 5 seconds.
<Sysname> system-view
325
[Sysname] monitor cpu-usage interval 5Sec
Related commands
display cpu-usage configuration
display cpu-usage history
monitor cpu-usage enable
monitor cpu-usage threshold
Use monitor cpu-usage threshold to set the CPU usage threshold.
Use undo monitor cpu-usage threshold to restore the default.
Syntax
Centralized devices in standalone mode:
monitor cpu-usage threshold cpu-threshold [ slot slot-number ]
undo monitor cpu-usage threshold [ slot slot-number ]
Distributed devices in standalone mode/centralized devices in IRF mode:
monitor cpu-usage threshold cpu-threshold [ slot slot-number [ cpu cpu-number ] ]
undo monitor cpu-usage threshold [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
monitor cpu-usage threshold cpu-threshold [ chassis chassis-number slot slot-number [ cpu
cpu-number ] ]
undo monitor cpu-usage threshold [ chassis chassis-number slot slot-number [ cpu
cpu-number ] ]
Default
The CPU usage threshold is 100%.
Views
System view
Predefined user roles
network-admin
Parameters
cpu-threshold: Specifies the CPU usage threshold in percentage. The value range is 0 to 100.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command sets
the CPU usage threshold for the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member
device, this command sets the CPU usage threshold for the master device. (Centralized devices in
IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The
chassis-number argument represents the member ID of the IRF member device. The slot-number
argument represents the slot number of the card. If you do not specify a card, this command sets the
CPU usage threshold for the global active MPU. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed
devices in IRF or standalone mode.)
326
Usage guidelines
The device samples CPU usage at an interval of 1 minute. If the sample is greater than the CPU
usage threshold, the device sends a trap.
Examples
# Set the CPU usage threshold to 80%.
<Sysname> system-view
[Sysname] monitor cpu-usage threshold 80
Related commands
display cpu-usage configuration
password-recovery enable
Use password-recovery enable to enable password recovery capability.
Use undo password-recovery enable to disable password recovery capability.
Syntax
password-recovery enable
undo password-recovery enable
Default
Password recovery capability is enabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Password recovery capability controls console user access to the device configuration and SDRAM
from Boot ROM menus.
If password recovery capability is enabled, a console user can access the device configuration
without authentication to configure new passwords.
If password recovery capability is disabled, console users must restore the factory-default
configuration before they can configure new passwords. Restoring the factory-default configuration
deletes the next-startup configuration files.
To enhance system security, disable password recovery capability.
Availability of Boot ROM menu options depends on the password recovery capability setting. For
more information, see the release notes.
Examples
# Disable password recovery capability.
<Sysname> system-view
[Sysname] undo password-recovery enable
power-supply off
Use power-supply off to power off a card or subcard.
327
Syntax
Distributed devices in standalone mode:
power-supply off slot slot-number [ subslot subslot-number ]
Distributed devices in IRF mode:
power-supply off chassis chassis-number slot slot-number [ subslot subslot-number ]
Views
User view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies a card by its slot number. (Distributed devices in standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The
chassis-number argument represents the member ID of the IRF member device. The slot-number
argument represents the slot number of the card. (Distributed devices in IRF mode.)
subslot subslot-number: Specifies a subcard by its subslot number. If you do not specify a subcard,
this command stops supplying power to all subcards on the card.
Usage guidelines
The following matrix shows the command and hardware compatibility:
Hardware
Command compatibility
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
No
MSR958(JH300A/JH301A)
No
MSR1002-4/1003-8S
Yes
MSR2003
Yes
MSR2004-24/2004-48
Yes
MSR3012/3024/3044/3064
Yes
MSR4060/4080
Yes
When power is insufficient, you can power off interface cards that are idle or connected to
unimportant network nodes to ensure power supply to critical interface cards.
To avoid IRF split, the system does not power off an interface card that contains all active physical
IRF ports of a member device. (Distributed devices in IRF mode.)
Examples
# (Distributed devices in standalone mode.) Power off the card in slot 9.
<Sysname> power-supply off slot 9
# (Distributed devices in IRF mode.) Power off the card in slot 3 on member device 1.
<Sysname> power-supply off chassis 1 slot 3
power-supply on
Use power-supply on to power on a card or subcard.
328
Syntax
Distributed devices in standalone mode:
power-supply on slot slot-number [ subslot subslot-number ]
Distributed devices in IRF mode:
power-supply on chassis chassis-number slot slot-number [ subslot subslot-number ]
Views
User view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies a card by its slot number. (Distributed devices in standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The
chassis-number argument represents the member ID of the IRF member device. The slot-number
argument represents the slot number of the card. (Distributed devices in IRF mode.)
subslot subslot-number: Specifies a subcard by its subslot number. If you do not specify a subcard,
this command starts power supply to all subcards on the card.
Usage guidelines
The following matrix shows the command and hardware compatibility:
Hardware
Command compatibility
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
No
MSR958(JH300A/JH301A)
No
MSR1002-4/1003-8S
Yes
MSR2003
Yes
MSR2004-24/2004-48
Yes
MSR3012/3024/3044/3064
Yes
MSR4060/4080
Yes
Examples
# (Distributed devices in standalone mode.) Power on the card in slot 9.
<Sysname> power-supply on slot 9
# (Distributed devices in IRF mode.) Power on the card in slot 3 on IRF member device 1.
<Sysname> power-supply on chassis 1 slot 3
power-supply policy enable
Use power-supply policy enable to enable power supply management.
Use undo power-supply policy enable to disable power supply management.
Syntax
Distributed devices in standalone mode:
power-supply policy enable
undo power-supply policy enable
329
Distributed devices in IRF mode:
power-supply policy chassis chassis-number enable
undo power-supply policy chassis chassis-number enable
Default
Power supply management is disabled..
Views
System view
Predefined user roles
network-admin
Parameters
chassis chassis-number: Specifies an IRF member device by its member ID. (Distributed devices in
IRF mode.)
Usage guidelines
The following matrix shows the command and hardware compatibility:
Hardware
Command compatibility
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
No
MSR958(JH300A/JH301A)
No
MSR1002-4/1003-8S
No
MSR2003
No
MSR2004-24/2004-48
No
MSR3012/3024/3044/3064
No
MSR4060/4080
Yes
Examples
# (Distributed devices in standalone mode.) Enable power supply management.
<Sysname> system-view
[Sysname] power-supply policy enable
# (Distributed devices in IRF mode.) Enable power supply management for IRF member device 1.
<Sysname> system-view
[Sysname] power-supply policy chassis 1 enable
power-supply policy redundant
Use power-supply policy redundant to specify the number of redundant power supplies.
Use undo power-supply policy redundant to restore the default.
Syntax
Distributed devices in standalone mode:
power-supply policy redundant module-count
undo power-supply policy redundant
Distributed devices in IRF mode:
330
power-supply policy chassis chassis-number redundant module-count
undo power-supply policy chassis chassis-number redundant
Default
The number of redundant power supplies is 0.
Views
System view
Predefined user roles
network-admin
Parameters
chassis chassis-number: Specifies an IRF member device by its member ID. (Distributed devices in
IRF mode.)
module-count: Specifies the number of redundant power supplies. The value range varies by device
model. To view the value range for the module-count argument, use the online help for this command
at the CLI. The upper limit for the value range is the maximum number of redundant power supplies
supported by the system. The actual number of redundant power supplies that you can specify
varies by the number of the interface cards and their power consumption. The actual number is
smaller than or equal to the maximum number.
Usage guidelines
The following matrix shows the command and hardware compatibility:
Hardware
Command compatibility
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
No
MSR958(JH300A/JH301A)
No
MSR1002-4/1003-8S
No
MSR2003
No
MSR2004-24/2004-48
No
MSR3012/3024/3044/3064
No
MSR4060/4080
Yes
The configuration of this command takes effect only when power supply management is enabled.
Examples
# (Distributed devices in standalone mode.) Set the number of redundant power supplies to 3.
<Sysname> system-view
[Sysname] power-supply policy redundant 3
# (Distributed devices in IRF mode.) Set the number of redundant power supplies on IRF member
device 1 to 3.
<Sysname> system-view
[Sysname] power-supply policy chassis 1 redundant 3
reboot
Use reboot to reboot the device or a subcard. (Centralized devices in standalone mode.)
Use reboot to reboot a card, a subcard, or the entire system. (Distributed devices in standalone
mode.)
331
Use reboot to reboot an IRF member device, a subcard, or all IRF member devices. (Centralized
devices in IRF mode.)
Use reboot to reboot an IRF member device, a subcard, or all IRF member devices. (Distributed
devices in IRF mode.)
Syntax
Centralized devices in standalone mode:
reboot [ subslot subslot-number ] [ force ]
Distributed devices in standalone mode/centralized devices in IRF mode:
reboot [ slot slot-number [ subslot subslot-number ] ] [ force ]
Distributed devices in IRF mode:
reboot [ chassis chassis-number [ slot slot-number [ subslot subslot-number ] ] ] [ force ]
Views
User view
Predefined user roles
network-admin
Parameters
chassis chassis-number: Specifies an IRF member device by its member ID. (Distributed devices in
IRF mode.)
slot slot-number: Specifies a card by its slot number. (Distributed devices in standalone mode.)
slot slot-number: Specifies a card by its slot number. (Distributed devices in IRF mode.)
slot slot-number: Specifies an IRF member device by its member ID. (Centralized devices in IRF
mode.)
subslot subslot-number: Specifies a subcard by its subslot number.
force: Reboots the device immediately without performing software or hard disk check. If this
keyword is not specified, the system first identifies whether the reboot might result in data loss or a
system failure. For example, the system identifies whether the main system software image file
exists and whether a write operation is in progress on a storage medium. If the reboot might cause
problems, the system does not reboot the device.
Usage guidelines
CAUTION:
• A reboot might interrupt network services.
• If the main startup software images are corrupt or missing, you must re-specify a set of main
startup software images before executing the reboot command.
• Use the force keyword only when the device fails or a reboot command without the force
keyword cannot perform a reboot correctly. A reboot command with the force keyword might
result in file system corruption because it does not perform data protection.
For data security, the device does not reboot if you reboot the device while the device is performing
file operations.
•
Distributed devices in standalone mode:
{
To reboot the entire device, do not specify the slot number option.
{
To reboot a card, specify the slot number and do not specify a subslot number.
{
To reboot the active MPU, perform the following tasks:
−
Identify whether the standby MPU is installed and operating correctly.
332
−
Use the display system stable state command to display system stability and status
information.
If the standby MPU is not installed, the entire device will be rebooted. If the standby MPU is
installed and is operating correctly, a switchover will occur.
IMPORTANT:
To ensure correct operation of the system and cards, do not trigger a switchover by
rebooting the active MPU if the status of a card is not Stable.
•
Centralized devices in IRF mode:
{
{
{
To reboot all member devices, do not specify the slot number option.
To reboot an IRF member device, specify the slot number and do not specify a subslot
number.
To reboot the master, perform the following tasks:
−
Identify whether the IRF fabric has subordinate members and whether the subordinate
members are operating correctly.
−
Use the display system stable state command to display system stability and status
information.
If the IRF fabric has only one member device, the IRF fabric will be rebooted. If the IRF
fabric has a subordinate member and the member is operating correctly, a switchover will
occur.
NOTE:
To ensure correct operation of the IRF fabric and member devices, do not trigger a
switchover by rebooting the master if the status of a member device is not Stable.
•
Distributed devices in IRF mode:
{
To reboot all IRF member devices, do not specify the member ID option.
{
To reboot an IRF member device, specify only the member ID.
{
To reboot a card, specify both the member ID and the slot number.
{
To reboot the global active MPU, perform the following tasks:
−
Identify whether the IRF fabric has global standby MPUs and whether the global
standby MPUs are operating correctly.
−
Use the display system stable state command to display system stability and status
information.
If the IRF fabric has only one MPU, the IRF fabric will be rebooted. If the IRF fabric has a
global standby MPU and the MPU is operating correctly, a switchover will occur.
NOTE:
To ensure correct operation of the IRF fabric and MPUs, do not trigger a switchover by
rebooting the global active MPU if the status of a card is not Stable.
Examples
# Reboot the device when no configuration change has occurred since the last time you saved the
running configuration.
<Sysname> reboot
Start to check configuration with next startup configuration file, please
wait.........DONE!
This command will reboot the device. Continue? [Y/N]:y
Now rebooting, please wait...
333
# Reboot the device when the device has configuration changes that have not been saved. Choose
to save the running configuration.
<Sysname> reboot
Start to check configuration with next startup configuration file, please
wait.........DONE!
Current configuration will be lost after the reboot, save current configuration? [Y/N]:y
Please input the file name(*.cfg)[flash:/startup.cfg]
(To leave the existing filename unchanged, press the enter key):
flash:/startup.cfg exists, overwrite? [Y/N]:y
Validating file. Please wait...
Configuration is saved to flash successfully.
This command will reboot the device. Continue? [Y/N]:y
Now rebooting, please wait...
# Reboot the device when the device has configuration changes that have not been saved. Choose
not to save the running configuration..
<Sysname> reboot
Start to check configuration with next startup configuration file, please
wait.........DONE!
Current configuration will be lost after the reboot, save current configuration? [Y/N]:n
This command will reboot the device. Continue? [Y/N]:y
Now rebooting, please wait...
# Reboot the device immediately without performing software check.
<Sysname> reboot force
A forced reboot might cause the storage medium to be corrupted. Continue? [Y/N]:y
Now rebooting, please wait...
# (Distributed devices in standalone mode.) Reboot the interface card in slot 2.
<Sysname> reboot slot 2
Start to check configuration with next startup configuration file, please wait..
.......DONE!
This command will reboot the specified slot, Continue? [Y/N]:y
Now rebooting, please wait...
# (Distributed devices in standalone mode.) Reboot the interface card in slot 2 by force.
<Sysname> reboot slot 2 force
A forced reboot might cause the storage medium to be corrupted. Continue? [Y/N]:y
Now rebooting, please wait...
# (Distributed devices in IRF mode.) Reboot IRF member device 2.
<Sysname> reboot chassis 2
Start to check configuration with next startup configuration file, please wait..
.......DONE!
This command will reboot the specified chassis, Continue? [Y/N]:y
Now rebooting, please wait...
# (Distributed devices in IRF mode.) Reboot IRF member device 2 by force.
<Sysname> reboot chassis 2 force
A forced reboot might cause the storage medium to be corrupted. Continue? [Y/N]:y
Now rebooting, please wait...
# (Distributed devices in IRF mode.) Reboot the interface card in slot 2 on IRF member device 2.
<Sysname> reboot chassis 2 slot 2
334
Start to check configuration with next startup configuration file, please wait..
.......DONE!
This command will reboot the specified slot, Continue? [Y/N]:y
Now rebooting, please wait...
# (Distributed devices in IRF mode.) Reboot the interface card in slot 2 on IRF member device 2 by
force.
<Sysname> reboot chassis 2 slot 2 force
A forced reboot might cause the storage medium to be corrupted. Continue? [Y/N]:y
Now rebooting, please wait...
Related commands
display system stable state
remove
Use remove to unmount an HMIM module.
Syntax
Centralized devices in standalone mode/distributed devices in standalone mode:
remove hmimslot slot-number
Centralized devices in IRF mode:
remove slot slot-number hmimslot slot-number
Distributed devices in IRF mode:
remove chassis chassis-number hmimslot slot-number
Views
User view
Predefined user roles
network-admin
Parameters
hmimslot slot-number: Specifies an HMIM module by its slot number.
slot slot-number : Specifies an IRF member device by its member ID. (Centralized devices in IRF
mode.)
chassis chassis-number: Specifies an IRF member device by its member ID. (Distributed devices in
IRF mode.)
Usage guidelines
CAUTION:
Unmounting an HMIM module stops all services provided by the module.
The following matrix shows the command and hardware compatibility:
Hardware
Command compatibility
MSR954(JH296A/JH297A/JH298A/JH299A/JH373A)
No
MSR958(JH300A/JH301A)
No
MSR1002-4/1003-8S
No
335
Hardware
Command compatibility
MSR2003
No
MSR2004-24/2004-48
No
MSR3012/3024/3044/3064
Yes
MSR4060/4080
Yes
Unmount an HMIM module before removing the module from the device. If you remove an HMIM
module that is not unmounted, the device might fail or be damaged.
An unmounted HMIM module is not visible or configurable.
Examples
# (Centralized devices in standalone mode/distributed devices in standalone mode.) Unmount the
HMIM module in slot 6.
<Sysname> remove hmimslot 6
You can remove the card now!
# (Centralized devices in IRF mode.) Unmount the HMIM module in slot 6 of member device 1.
<Sysname> remove slot 1 hmimslot 6
You can remove the card now!
# (Distributed devices in IRF mode.) Unmount the HMIM module in slot 6 of member device 1.
<Sysname> remove chassis 1 hmimslot 6
You can remove the card now!
reset scheduler logfile
Use reset scheduler logfile to clear job execution log information.
Syntax
reset scheduler logfile
Views
User view
Predefined user roles
network-admin
Examples
# Clear job execution log information.
<Sysname> reset scheduler logfile
Related commands
display scheduler logfile
restore factory-default
Use restore factory-default to restore the factory-default configuration for the device.
Syntax
restore factory-default
336
Views
User view
Predefined user roles
network-admin
Usage guidelines
CAUTION:
This command is disruptive. Use this command only when you cannot troubleshoot the device by
using other methods, or you want to use the device in a different scenario.
Examples
# Restore the factory-default configuration for the device.
<Sysname> restore factory-default
This command will restore the system to the factory default configuration and clear the
operation data. Continue [Y/N]:y
Restoring the factory default configuration. This process might take a few minutes. Please
wait.................................................................................
.........................Done.
Please reboot the system to place the factory default configuration into effect.
Related commands
reboot
scheduler job
Use scheduler job to create a job and enter its view, or enter the view of an existing job.
Use undo scheduler job to delete a job.
Syntax
scheduler job job-name
undo scheduler job job-name
Default
No job exists.
Views
System view
Predefined user roles
network-admin
Parameters
job-name: Specifies the job name, a case-sensitive string of 1 to 47 characters.
Usage guidelines
A job can be referenced by multiple schedules. In job view, you can assign commands to the job.
Examples
# Create a job named backupconfig and enter job view.
<Sysname> system-view
[Sysname] scheduler job backupconfig
337
[Sysname-job-backupconfig]
Related commands
command
scheduler schedule
scheduler logfile size
Use scheduler logfile size to set the size for the job execution log file.
Syntax
scheduler logfile size value
Default
The size of the job execution log file is 16 KB.
Views
System view
Predefined user roles
network-admin
Parameters
value: Specifies the size of the job execution log file, in KB. The value range is 16 to 1024.
Usage guidelines
The job execution log file saves the execution information of jobs. If the file is full, old records are
deleted to make room for new records. If the size of the log information to be written to the file is
greater than the file size, the excessive information is not written to the file.
Examples
# Set the size of the job execution log file to 32 KB.
<Sysname> system-view
[Sysname] scheduler logfile size 32
Related commands
display scheduler logfile
scheduler reboot at
Use scheduler reboot at to specify the reboot date and time.
Use undo scheduler reboot to delete the reboot schedule configuration.
Syntax
scheduler reboot at time [ date ]
undo scheduler reboot
Default
No reboot date or time is specified.
Views
User view
338
Predefined user roles
network-admin
Parameters
time: Specifies the reboot time in the hh:mm format. The value range for hh is 0 to 23. The value
range for mm is 0 to 59.
date: Specifies the reboot date in the MM/DD/YYYY or YYYY/MM/DD format. The value range for
YYYY is 2000 to 2035. The value range for MM is 1 to 12. The value range for DD varies by month.
Usage guidelines
CAUTION:
Device reboot interrupts network services.
When the date argument is not specified, the system uses the following rules to determine the reboot
time:
•
If the reboot time is later than the current time, a reboot occurs at the reboot time of the current
day.
•
If the reboot time is earlier than the current time, a reboot occurs at the reboot time the next day.
For data security, the system does not reboot at the reboot time if a file operation is being performed.
The device supports only one device reboot schedule. If you execute both the scheduler reboot
delay and scheduler reboot at commands or execute one of the commands multiple times, the
most recent configuration takes effect.
Examples
# Configure the device to reboot at 12:00 p.m. This example assumes that the current time is 11:43
a.m. on June 6, 2011.
<Sysname> scheduler reboot at 12:00
Reboot system at 12:00:00 06/06/2011 (in 0 hours and 16 minutes). Confirm? [Y/N]:
Related commands
scheduler reboot delay
scheduler reboot delay
Use scheduler reboot delay to specify the reboot delay time.
Use undo scheduler reboot to delete the reboot schedule configuration.
Syntax
scheduler reboot delay time
undo scheduler reboot
Default
No reboot delay time is specified.
Views
User view
Predefined user roles
network-admin
339
Parameters
time: Specifies the reboot delay time in the hh:mm or mm format. This argument can contain up to six
characters. When in the hh:mm format, mm must be in the range of 0 to 59.
Usage guidelines
CAUTION:
Device reboot interrupts network services.
For data security, the system does not reboot at the reboot time if a file operation is being performed.
The device supports only one device reboot schedule. If you execute both the scheduler reboot
delay and schedule reboot at commands or execute one of the commands multiple times, the most
recent configuration takes effect.
Examples
# Configure the device to reboot after 88 minutes. This example assumes that the current time is
11:48 a.m. on June 6, 2011.
<Sysname> scheduler reboot delay 88
Reboot system at 13:16 06/06/2011(in 1 hours and 28 minutes). Confirm? [Y/N]:
scheduler schedule
Use scheduler schedule to create a schedule and enter its view, or enter the view of an existing
schedule.
Use undo scheduler schedule to delete a schedule.
Syntax
scheduler schedule schedule-name
undo scheduler schedule schedule-name
Default
No schedule exists.
Views
System view
Predefined user roles
network-admin
Parameters
schedule-name: Specifies the schedule name, a case-sensitive string of 1 to 47 characters.
Usage guidelines
You can configure a schedule to have the device automatically run a command or a set of commands
without administrative interference.
To configure a schedule:
1.
Use the scheduler job command to create a job and enter job view.
2.
Use the command command to assign commands to the job.
3.
Use the scheduler schedule command to create a schedule and enter schedule view.
4.
Use the job command to assign the job to the schedule. You can assign multiple jobs to a
schedule. The jobs must already exist.
340
5.
Use the user-role command to assign user roles to the schedule. You can assign up to 64 user
roles to a schedule.
6.
Use the time at, time once, or time repeating command to specify an execution time for the
schedule. You can specify only one execution time for a schedule.
Examples
# Create a schedule named saveconfig.
<Sysname> system-view
[Sysname] scheduler schedule saveconfig
Related commands
job
time at
time once
shutdown-interval
Use shutdown-interval to set the port status detection timer.
Use undo shutdown-interval to restore the default.
Syntax
shutdown-interval interval
undo shutdown-interval
Default
The port status detection timer setting is 30 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
interval: Specifies the port status detection timer value in seconds. The value range is 0 to 300. To
disable port status detection, set this argument to 0.
Usage guidelines
The device starts a port status detection timer when a port is shut down by a protocol. Once the timer
expires, the device brings up the port so the port status reflects the port's physical status.
If you change the timer setting during port detection, the device compares the new setting (T1) with
the time that elapsed since the port was shut down (T).
•
If T < T1, the port will be brought up after T1 – T seconds.
•
If T ≥ T1, the port is brought up immediately.
For example, the timer setting is 30 seconds. If you change it to 10 seconds 2 seconds after the port
is shut down, the port will come up 8 seconds later. If you change the timer setting to 2 seconds 10
seconds after the port is shut down, the port comes up immediately.
Examples
# Set the port status detection timer to 100 seconds.
<Sysname> system-view
[Sysname] shutdown-interval 100
341
sysname
Use sysname to set the device name.
Use undo sysname to restore the default.
Syntax
sysname sysname
undo sysname
Default
The default device name is HPE.
Views
System view
Predefined user roles
network-admin
Parameters
sysname: Specifies a name for the device, a string of 1 to 64 characters.
Usage guidelines
A device name identifies a device in a network and is used in CLI view prompts. For example, if the
device name is Sysname, the user view prompt is <Sysname>.
Examples
# Set the name of the device to R2000.
<Sysname> system-view
[Sysname] sysname R2000
[R2000]
time at
Use time at to specify an execution date and time for a non-periodic schedule.
Use undo time to delete the execution date and time configuration for a non-periodic schedule.
Syntax
time at time date
undo time
Default
No execution time or date is specified for a non-periodic schedule.
Views
Schedule view
Predefined user roles
network-admin
Parameters
time: Specifies the schedule execution time in the hh:mm format. The value range for hh is 0 to 23.
The value range for mm is 0 to 59.
342
date: Specifies the schedule execution date in the MM/DD/YYYY or YYYY/MM/DD format. The value
range for YYYY is 2000 to 2035. The value range for MM is 1 to 12. The value range for DD varies by
month.
Usage guidelines
The specified time (date plus time) must be later than the current system time.
The time at command, the time once command, and the time repeating command overwrite one
another. The most recently configured command takes effect.
Examples
# Configure the device to execute schedule saveconfig at 01:01 a.m. on May 11, 2011.
<Sysname> system-view
[Sysname] scheduler schedule saveconfig
[Sysname-schedule-saveconfig] time at 1:1 2011/05/11
Related commands
scheduler schedule
time once
Use time once to specify one or more execution days and the execution time for a non-periodic
schedule.
Use undo time to delete the execution day and time configuration for a non-periodic schedule.
Syntax
time once at time [ month-date month-day | week-day week-day&<1-7> ]
time once delay time
undo time
Default
No execution time or day is specified for a non-periodic schedule.
Views
Schedule view
Predefined user roles
network-admin
Parameters
at time: Specifies the execution time in the hh:mm format. The value range for hh is 0 to 23. The
value range for mm is 0 to 59.
month-date month-day: Specifies a day in the current month, in the range of 1 to 31. If you specify a
day that does not exist in the current month, the configuration takes effect on that day in the next
month.
week-day week-day&<1-7>: Specifies a space-separated list of up to seven week days for the
schedule. Valid week day values include Mon, Tue, Wed, Thu, Fri, Sat, and Sun.
delay time: Specifies the delay time for executing the schedule, in the hh:mm or mm format. This
argument can have up to six characters. When in the hh:mm format, mm must be in the range of 0 to
59.
Usage guidelines
If the specified time has already occurred, the schedule will be executed at the specified time the
following day.
343
If the day in the month has already occurred, the schedule will be executed at the specified day in the
following month.
If the specified day in a week has already occurred, the schedule will be executed at the specified
day in the following week.
The time at command, the time once command, and the time repeating command overwrite one
another. The most recently configured command takes effect.
Examples
# Configure the device to execute schedule saveconfig once at 15:00.
<Sysname> system-view
[Sysname] scheduler schedule saveconfig
[Sysname-schedule-saveconfig] time once at 15:00
Schedule starts at 15:00 5/11/2011.
# Configure the device to execute schedule saveconfig once at 15:00 on the coming 15th day in a
month.
<Sysname> system-view
[Sysname] scheduler schedule saveconfig
[Sysname-schedule-saveconfig] time once at 15:00 month-date 15
# Configure the device to execute schedule saveconfig at 12:00 p.m. on the coming Monday and
Friday.
<Sysname> system-view
[Sysname] scheduler schedule saveconfig
[Sysname-schedule-saveconfig] time once at 12:00 week-day mon fri
# Configure the device to execute schedule saveconfig after 10 minutes.
<Sysname> system-view
[Sysname] scheduler schedule saveconfig
[Sysname-schedule-saveconfig] time once delay 10
Related commands
scheduler schedule
time repeating
Use time repeating to specify an execution time table for a periodic schedule.
Use undo time to delete the execution time table configuration for a periodic schedule.
Syntax
time repeating [ at time [ date ] ] interval interval
time repeating at time [ month-date [ month-day | last ] | week-day week-day&<1-7> ]
undo time
Default
No execution time table is specified for a periodic schedule.
Views
Schedule view
Predefined user roles
network-admin
344
Parameters
at time: Specifies the execution time in the hh:mm format. The value range for hh is 0 to 23. The
value range for mm is 0 to 59. If you do not specify this option, the current system time is used as the
execution time.
date: Specifies the start date for the periodic schedule, in the MM/DD/YYYY or YYYY/MM/DD format.
The value range for YYYY is 2000 to 2035. The value range for MM is 1 to 12. The value range for
DD varies by month. If you do not specify this argument, the execution start date is the first day when
the specified time arrives.
interval interval: Specifies the execution time interval in the hh:mm or mm format. This argument
can have up to six characters. When in the hh:mm format, mm must be in the range of 0 to 59. When
in the mm format, this argument must be equal to or greater than 1 minute.
month-date [ month-day | last ]: Specifies a day in a month, in the range 1 to 31. The last keyword
indicates the last day of a month. If you specify a day that does not exist in a month, the configuration
takes effect on that day in the next month.
week-day week-day&<1-7>: Specifies a space-separated list of up to seven week days for the
schedule. Valid week day values include Mon, Tue, Wed, Thu, Fri, Sat, and Sun.
Usage guidelines
The time repeating [ at time [ date ] ] interval interval command configures the device to execute a
schedule at an interval from the specified time on.
The time repeating at time [ month-date [ month-day | last ] | week-day week-day&<1-7> ]
command configures the device to execute a schedule at the specified time on every specified day in
a month or week.
The time at command, the time once command, and the time repeating command overwrite one
another, whichever is configured most recently takes effect.
Examples
# Configure the device to execute schedule saveconfig once an hour from 8:00 a.m. on.
<Sysname> system-view
[Sysname] scheduler schedule saveconfig
[Sysname-schedule-saveconfig] time repeating at 8:00 interval 60
# Configure the device to execute schedule saveconfig at 12:00 p.m. every day.
<Sysname> system-view
[Sysname] scheduler schedule saveconfig
[Sysname-schedule-saveconfig] time repeating at 12:00
# Configure the device to execute schedule saveconfig at 8:00 a.m. on the 5th of every month.
<Sysname> system-view
[Sysname] scheduler schedule saveconfig
[Sysname-schedule-saveconfig] time repeating at 8:00 month-date 5
# Configure the device to execute schedule saveconfig at 8:00 a.m. on the last day of every month.
<Sysname> system-view
[Sysname] scheduler schedule saveconfig
[Sysname-schedule-saveconfig] time repeating at 8:00 month-date last
# Configure the device to execute schedule saveconfig at 8:00 a.m. every Friday and Saturday.
<Sysname> system-view
[Sysname] scheduler schedule saveconfig
[Sysname-schedule-saveconfig] time repeating at 8:00 week-day fri sat
Related commands
scheduler schedule
345
usb disable
Use usb disable to disable all USB interfaces.
Use undo usb disable to enable all USB interfaces.
Syntax
usb disable
undo usb disable
Default
All USB interfaces are enabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
You can use USB interfaces to upload or download files or to connect a 3G modem. By default, all
USB interfaces are enabled.
Before executing this command, use the umount command to unmount all USB file systems.
Examples
# Unmount all USB file systems before disabling USB interfaces.
<Sysname> umount usba0:
<Sysname> umount slot1#usba0:
<Sysname> system-view
[Sysname] usb disable
# Enable all USB interfaces.
<Sysname> system-view
[Sysname] undo usb disable
user-role
Use user-role to assign user roles to a schedule.
Use undo user-role to remove user roles from a schedule.
Syntax
user-role role-name
undo user-role role-name
Default
A schedule has the user roles of the schedule creator.
Views
Schedule view
Predefined user roles
network-admin
346
Parameters
role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters. The user role
can be user-defined or predefined. Predefined user roles include network-admin, network-operator,
and level-0 to level-15.
Usage guidelines
A schedule must have one or more user roles, and can have up to 64 user roles. A command in a
schedule can be executed if it is permitted by one or more user roles of the schedule.
You cannot assign user roles higher than the user role for the user line that you are using.
For more information about user roles, see the RBAC configuration in Fundamentals Configuration
Guide.
Examples
# Assign user role rolename to schedule test.
<sysname> system-view
[Sysname] scheduler schedule test
[Sysname-schedule-test] user-role rolename
Related commands
command
scheduler schedule
347
Tcl commands
cli
Use cli to enable a Comware command to be executed in Tcl configuration view when it conflicts with
a Tcl command.
Syntax
cli command
Views
Tcl configuration view
Predefined user roles
network-admin
Parameters
command: Specifies the commands to be executed. They must be complete command lines.
Usage guidelines
In Tcl configuration view, if a Comware command conflicts with a Tcl command, the Tcl command will
be executed. To execute the Comware command when a conflict occurs, execute the cli command.
Examples
# Perform the following steps to execute a Comware command that conflicts with a Tcl command in
Tcl configuration view.
1.
Execute a Comware command in Tcl configuration view. The output shows that the Comware
command cannot be executed because it conflicts with a Tcl command.
<Sysname> tclsh
<Sysname-tcl> system-view
[Sysname-tcl] route-policy 1 permit node 10
[Sysname-tcl-route-policy-1-10] apply cost 10
can't interpret "cost" as a lambda expression
2.
Configure the cli command to execute the Comware command again.
[Sysname-tcl-route-policy-1-10] cli apply cost 10
# Execute multiple Comware commands in one operation to enter OSPF area view.
Method 1:
[Sysname-tcl] cli "ospf 100 ; area 0"
[Sysname-tcl-ospf-100-area-0.0.0.0]
Method 2:
[Sysname-tcl] cli ospf 100 ; cli area 0
[Sysname-tcl-ospf-100-area-0.0.0.0]
tclquit
Use tclquit to return from Tcl configuration view to user view.
Syntax
tclquit
348
Views
Tcl configuration view
Predefined user roles
network-admin
Usage guidelines
To return from Tcl configuration view to user view, you can also use the quit command.
To return to the upper-level view after you execute Comware commands to enter system view or a
Comware feature view, use the quit command.
Examples
# Return from Tcl configuration view to user view.
<Sysname-tcl> tclquit
<Sysname>
Related commands
tclsh
tclsh
Use tclsh to enter Tcl configuration view from user view.
Syntax
tclsh
Views
User view
Predefined user roles
network-admin
Usage guidelines
In Tcl configuration view, you can execute the following commands:
•
All Tcl 8.5 commands.
•
Comware commands. The Tcl configuration view is equivalent to the user view. You can use
Comware commands in Tcl configuration view in the same way they are used in user view.
Examples
# Enter Tcl configuration view from user view.
<Sysname> tclsh
<Sysname-tcl>
Related commands
tclquit
349
Python commands
python
Use python to enter the Python shell.
Syntax
python
Views
User view
Predefined user roles
network-admin
Usage guidelines
In the Python shell, you can use the following items:
•
Python 2.7 commands.
•
Python 2.7 standard API.
•
Comware 7 extended API.
To return to user view from the Python shell, enter exit().
Examples
# Enter the Python shell.
<Sysname> python
Python 2.7.3 (default, Dec 22 2012, 11:39:05)
[GCC 4.4.1] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>>
>>> exit()
<Sysname>
python filename
Use python filename to execute a Python script.
Syntax
python filename [ param ]
Views
User view
Predefined user roles
network-admin
Parameters
filename: Specifies the name of a Python script on a file system of the device. The script name is
case sensitive and must use the extension .py. The extension .py is case insensitive.
param: Specifies the parameters to be passed to the script. To enter multiple parameters, use
spaces as the delimiter.
350
Usage guidelines
You cannot perform any operations while a Python script is being executed by your command.
Make sure the statements in the script meet the syntax requirements. The system stops executing a
Python script if it finds a statement with syntax errors.
When executing a script, the system uses the defaults for interactive statements. The system does
not stop for human input.
Examples
# Execute the Python script test.py.
<Sysname> python test.py 1 2
['/flash:/test.py', '1', '2']
351
Document conventions and icons
Conventions
This section describes the conventions used in the documentation.
Port numbering in examples
The port numbers in this document are for illustration only and might be unavailable on your device.
Command conventions
Convention
Description
Boldface
Bold text represents commands and keywords that you enter literally as shown.
Italic
Italic text represents arguments that you replace with actual values.
[]
Square brackets enclose syntax choices (keywords or arguments) that are optional.
{ x | y | ... }
Braces enclose a set of required syntax choices separated by vertical bars, from which
you select one.
[ x | y | ... ]
Square brackets enclose a set of optional syntax choices separated by vertical bars,
from which you select one or none.
{ x | y | ... } *
Asterisk marked braces enclose a set of required syntax choices separated by vertical
bars, from which you select at least one.
[ x | y | ... ] *
Asterisk marked square brackets enclose optional syntax choices separated by vertical
bars, from which you select one choice, multiple choices, or none.
&<1-n>
The argument or keyword and argument combination before the ampersand (&) sign
can be entered 1 to n times.
#
A line that starts with a pound (#) sign is comments.
GUI conventions
Convention
Description
Boldface
Window names, button names, field names, and menu items are in Boldface. For
example, the New User window appears; click OK.
>
Multi-level menus are separated by angle brackets. For example, File > Create >
Folder.
Convention
Description
Symbols
WARNING!
An alert that calls attention to important information that if not understood or followed
can result in personal injury.
CAUTION:
An alert that calls attention to important information that if not understood or followed
can result in data loss, data corruption, or damage to hardware or software.
IMPORTANT:
An alert that calls attention to essential information.
NOTE:
TIP:
An alert that contains additional or supplementary information.
An alert that provides helpful information.
352
Network topology icons
Convention
Description
Represents a generic network device, such as a router, switch, or firewall.
Represents a routing-capable device, such as a router or Layer 3 switch.
Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that
supports Layer 2 forwarding and other Layer 2 features.
Represents an access controller, a unified wired-WLAN module, or the access
controller engine on a unified wired-WLAN switch.
Represents an access point.
T
Represents a wireless terminator unit.
T
Represents a wireless terminator.
Represents a mesh access point.
Represents omnidirectional signals.
Represents directional signals.
Represents a security product, such as a firewall, UTM, multiservice security
gateway, or load balancing device.
Represents a security card, such as a firewall, load balancing, NetStream, SSL VPN,
IPS, or ACG card.
353
Support and other resources
Accessing Hewlett Packard Enterprise Support
•
For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website:
www.hpe.com/assistance
•
To access documentation and support services, go to the Hewlett Packard Enterprise Support
Center website:
www.hpe.com/support/hpesc
Information to collect
•
Technical support registration number (if applicable)
•
Product name, model or version, and serial number
•
Operating system name and version
•
Firmware version
•
Error messages
•
Product-specific reports and logs
•
Add-on products or components
•
Third-party products or components
Accessing updates
•
Some software products provide a mechanism for accessing software updates through the
product interface. Review your product documentation to identify the recommended software
update method.
•
To download product updates, go to either of the following:
{
Hewlett Packard Enterprise Support Center Get connected with updates page:
www.hpe.com/support/e-updates
{
Software Depot website:
www.hpe.com/support/softwaredepot
•
To view and update your entitlements, and to link your contracts, Care Packs, and warranties
with your profile, go to the Hewlett Packard Enterprise Support Center More Information on
Access to Support Materials page:
www.hpe.com/support/AccessToSupportMaterials
IMPORTANT:
Access to some updates might require product entitlement when accessed through the Hewlett
Packard Enterprise Support Center. You must have an HP Passport set up with relevant
entitlements.
354
Websites
Website
Link
Networking websites
Hewlett Packard Enterprise Information Library for
Networking
www.hpe.com/networking/resourcefinder
Hewlett Packard Enterprise Networking website
www.hpe.com/info/networking
Hewlett Packard Enterprise My Networking website
www.hpe.com/networking/support
Hewlett Packard Enterprise My Networking Portal
www.hpe.com/networking/mynetworking
Hewlett Packard Enterprise Networking Warranty
www.hpe.com/networking/warranty
General websites
Hewlett Packard Enterprise Information Library
www.hpe.com/info/enterprise/docs
Hewlett Packard Enterprise Support Center
www.hpe.com/support/hpesc
Hewlett Packard Enterprise Support Services Central
ssc.hpe.com/portal/site/ssc/
Contact Hewlett Packard Enterprise Worldwide
www.hpe.com/assistance
Subscription Service/Support Alerts
www.hpe.com/support/e-updates
Software Depot
www.hpe.com/support/softwaredepot
Customer Self Repair (not applicable to all devices)
www.hpe.com/support/selfrepair
Insight Remote Support (not applicable to all devices)
www.hpe.com/info/insightremotesupport/docs
Customer self repair
Hewlett Packard Enterprise customer self repair (CSR) programs allow you to repair your product. If
a CSR part needs to be replaced, it will be shipped directly to you so that you can install it at your
convenience. Some parts do not qualify for CSR. Your Hewlett Packard Enterprise authorized
service provider will determine whether a repair can be accomplished by CSR.
For more information about CSR, contact your local service provider or go to the CSR website:
www.hpe.com/support/selfrepair
Remote support
Remote support is available with supported devices as part of your warranty, Care Pack Service, or
contractual support agreement. It provides intelligent event diagnosis, and automatic, secure
submission of hardware event notifications to Hewlett Packard Enterprise, which will initiate a fast
and accurate resolution based on your product’s service level. Hewlett Packard Enterprise strongly
recommends that you register your device for remote support.
For more information and device support details, go to the following website:
www.hpe.com/info/insightremotesupport/docs
Documentation feedback
Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help
us improve the documentation, send any errors, suggestions, or comments to Documentation
Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title,
355
part number, edition, and publication date located on the front cover of the document. For online help
content, include the product name, product version, help edition, and publication date located on the
legal notices page.
356
Index
ABCDEFGHIJLMNOPQRSTUVWZ
databits,54
debug,117
delete,117
delete,251
delete,155
description,14
dir,118
dir,251
dir,158
disconnect,119
display | { begin | exclude | include },2
display | by-linenum,3
display >,4
display >>,5
display alarm,280
display alias,6
display archive configuration,182
display boot-loader,209
display clock,282
display copyright,283
display copyright,253
display cpu-usage,283
display cpu-usage configuration,286
display cpu-usage history,287
display current-configuration,183
display current-configuration diff,184
display default-configuration,186
display device,290
display device manuinfo,293
display device manuinfo fan,296
display device manuinfo power,297
display diagnostic-information,299
display diff,186
display environment,300
display fan,302
display ftp client source,119
display ftp-server,106
display ftp-user,107
display history-command,7
display history-command all,7
display hotkey,8
display install active,215
display install backup,219
display install committed,221
display install inactive,223
A
activation-key,48
alias,1
append,113
archive configuration,176
archive configuration interval,177
archive configuration location,177
archive configuration max,179
ascii,113
authentication-mode,50
auto-copy destination-directory,150
auto-copy source-directory,150
autodeploy sms enable,267
autodeploy udisk enable,267
auto-execute command,51
B
backup startup-configuration,180
binary,114
boot-loader file,202
boot-loader update,205
bootrom update,207
bye,114
C
card-mode,273
cd,151
cd,115
cdup,116
cli,348
clock datetime,275
clock protocol,276
clock summer-time,277
clock timezone,278
close,116
command,279
command accounting,52
command authorization,53
configuration encrypt,181
configuration replace file,181
copy,152
copy,250
copyright-info enable,280
Customer self repair,355
D
357
free ftp user,107
free ftp user-ip,108
free ftp user-ip ipv6,108
free line,64
free user-interface,66
ftp,257
ftp,120
ftp client ipv6 source,121
ftp client source,122
ftp ipv6,122
ftp server acl,109
ftp server dscp,110
ftp server enable,110
ftp server ipv6 dscp,111
ftp server ssl-server-policy,111
ftp timeout,112
display install ipe-info,224
display install job,224
display install log,225
display install package,226
display install package,253
display install rollback,228
display install which,228
display ip routing-table,254
display ipv6 routing-table,255
display line,55
display memory,303
display memory-threshold,304
display power,306
display power-supply,307
display role,14
display role feature,22
display role feature-group,25
display saved-configuration,188
display scheduler job,307
display scheduler logfile,308
display scheduler reboot,309
display scheduler schedule,309
display security-zone,268
display startup,189
display system stable state,310
display telnet client,57
display this,191
display transceiver alarm,312
display transceiver diagnosis,314
display transceiver interface,315
display transceiver manuinfo,316
display user-interface,58
display users,61
display version,256
display version,317
display version comp-matrix,230
display version-update-record,317
display zone-pair security,268
Documentation feedback,355
G
get,123
gunzip,162
gzip,163
H
header,318
help,125
history-command max-size,69
hotkey,9
I
idle-timeout,69
import interface,269
install abort,235
install activate,236
install add,241
install commit,242
install deactivate,243
install remove,244
install rollback to,245
install verify,246
interface policy deny,28
ip alias,70
E
J
escape-key,62
job,319
F
L
feature,27
file prompt,160
firmware update,211
fixdisk,161
flow-control,63
format,256
format,161
lcd,125
line,71
line class,74
lock,76
lock reauthentication,78
lock-key,77
358
ls,126
reboot,261
redirect disconnect,81
redirect enable,81
redirect listen-port,82
redirect passthrough,83
redirect refuse-negotiation,83
redirect timeout,84
reget,132
Remote support,355
remove,335
rename,168
rename,132
repeat,11
reset,133
reset install log-history oldest,249
reset install rollback oldest,249
reset recycle-bin,169
reset saved-configuration,192
reset scheduler logfile,336
reset ssh public-key,262
restart,133
restore factory-default,336
restore startup-configuration,194
return,12
rhelp,134
rmdir,169
rmdir,136
rmdir,263
role,34
role default-role enable,35
role feature-group,36
rstatus,136
rule,37
M
md5sum,163
memory-threshold,320
memory-threshold usage,323
mkdir,164
mkdir,127
mkdir,257
monitor cpu-usage enable,324
monitor cpu-usage interval,325
monitor cpu-usage threshold,326
more,258
more,165
mount,166
move,258
move,167
N
newer,128
O
open,128
P
parity,78
passive,129
password-recovery enable,327
permit interface,29
permit security-zone,30
permit vlan,32
permit vpn-instance,33
ping,259
ping ipv6,260
power-supply off,327
power-supply on,328
power-supply policy enable,329
power-supply policy redundant,330
protocol inbound,79
put,130
pwd,261
pwd,131
pwd,168
python,350
python filename,350
S
save,196
scheduler job,337
scheduler logfile size,338
scheduler reboot at,338
scheduler reboot delay,339
scheduler schedule,340
screen-length,85
screen-length disable,12
security-zone,270
security-zone intra-zone default permit,270
security-zone policy deny,41
send,85
set authentication password,88
sha256sum,170
shell,88
shutdown,263
Q
quit,10
quit,261
quit,131
R
reboot,331
359
terminal type,98
tftp,265
tftp,142
tftp client ipv6 source,143
tftp client source,144
tftp ipv6,145
tftp-server acl,146
tftp-server ipv6 acl,147
time at,342
time once,343
time repeating,344
shutdown-interval,341
speed,89
ssh2,264
startup saved-configuration,200
status,138
stopbit-error intolerance,90
stopbits,91
super,42
super authentication-mode,43
super default role,44
super password,44
sysname,342
system,139
system-view,265
system-view,13
U
umount,173
undelete,174
usb disable,346
user,139
user-interface,99
user-interface class,102
user-role,104
user-role,346
T
tar create,170
tar extract,171
tar list,172
tclquit,348
tclsh,349
telnet,91
telnet,265
telnet client source,92
telnet ipv6,93
telnet server acl,94
telnet server dscp,95
telnet server enable,95
telnet server ipv6 acl,96
telnet server ipv6 dscp,97
telnet server ipv6 port,97
telnet server port,98
V
verbose,140
version auto-update enable,212
version check ignore,213
vlan policy deny,45
vpn-instance policy deny,46
W
Websites,355
Z
zone-pair security,271
360