l It is recommended that the name of a directory or file should not contain more than 64 characters; otherwise you will not be able to delete such a directory or file, even though the system supports directory or file names containing more than 64 characters.

l The total number of characters including device, directory and file names can be up to 136 characters long.

1.1.1 cd

Syntax

cd directory

View

User view

Parameter

directory: Destination directory; By default, the directory is the working path configured by the user when the system starts.

Description

Use the cd command to change the current user configuration path on the Ethernet Switch.

Example

# Change the current working directory of the switch to flash.

<H3C> cd flash:

<H3C> pwd

flash:

1.1.2 copy

Syntax

copy fileurl-source fileurl-dest

View

User view

Parameter

fileurl-source: Source file name.

fileurl-dest: Destination file name.

Description

Use the copy command to copy a file.

You can use this command to copy a file from current directory to another directory, or vise versa. Where, the source filename must be the name of a file that has already existed in the specified directory, and the destination filename can be changed as required. When the destination filename is the same as that of an existing file, the system will ask whether to overwrite it.

Example

# Copy the file test.txt and saves it as test.bak.

<H3C> copy test.txt test.bak

Copy flash:/test/test.txt to flash:/test/test.bak ? [Y/N]:

% Copyed file flash:/test/test.txt flash:/test/test.bak

1.1.3 delete

Syntax

delete [ /unreserved ] file-url

View

User view

Parameter

/unreserved: Delete the file completely.

file-url: path and name of the file you want to delete.

Description

Use the delete command to cancel a specified file from the storage device of the Ethernet Switch.

This command supports wildcard characters. The deleted files are kept in the recycle bin and will not be displayed when you use the dir command. However they will be displayed, using the dir /all command. The files deleted by the delete command can be recovered with the undelete command or deleted permanently from the recycle bin, using the reset recycle-bin command.

Note that, if two files with the same name in a directory are deleted, only the latest deleted file will be kept in the recycle bin.

Example

# Delete the file flash:/test/test.txt

<H3C> delete flash:/test/test.txt

Delete flash:/test/test.txt?[Y/N]:

1.1.4 dir

Syntax

dir [ /all ] [ file-url ]

View

User view

Parameter

/all: Display all the files (including the deleted ones).

file-url: File or directory name to be displayed. The file-url parameter supports “*” matching. For example, using dir *.txt will display all the files with the extension txt in the current directory.

Description

Use the dir command to view the information about the specified file or directory in storage device of Ethernet Switch. This command supports wildcard characters.

Example

# Display the information about the file flash:/test/test.txt

<H3C> dir flash:/test/test.txt

Directory of flash:/test/

-rwxrwxrwx 1 noone nogroup 971 Sep 20 2003 14:28:52 test.txt

7932928 bytes total (4966400 bytes free)

# Display the information about all the files (including the deleted ones) in the flash:/test/ directory.

<H3C> dir /all flash:/test/

Directory of flash:/test/

-rwxrwxrwx 1 noone nogroup 971 Sep 20 2003 14:28:52 test.txt

1 -rw- 4 Apr 04 2005 20:13:47 [snmpboots]

31877 KB total (2182 KB free)

The files that have already been deleted and kept in the recycle bin are displayed with the [ ] prompt.

# Display the information about all the files (including the deleted ones) in the flash:/test/ directory whose names start with the t character.

<H3C> dir /all flash:/test/t*

Directory of flash:/test/

0 -rw- 1 noone nogroup 971 Sep 20 2003 14:28:52 test.txt

7932928 bytes total (4966400 bytes free)

1.1.5 execute

Syntax

execute filename

View

System view

Parameter

filename: Name of the batch file, ranging from 1 to 256, with a suffix of “.bat”.

Description

Use the execute command to execute the specified batch file.

The batch command executes the command lines in the batch file one by one. There should be no invisible character in the batch file. If invisible characters are found, the batch command will quit the current execution without back off operation. The batch command does not guarantee the execution of each command, nor does it perform hot backup itself. The forms and contents of the commands are not restricted in the batch file.

Example

# Execute the batch file “test.bat” in the directory of “flash:/”.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] execute test.bat

1.1.6 file prompt

Syntax

file prompt { alert | quiet }

View

System view

Parameter

alert: Performs interactive confirmation on dangerous file operations; The default value is alert, which configures to perform interactive confirmation on dangerous file operations.

quiet: Does not prompt for the file operations.

Description

Use the command to Using file prompt command, you can modify prompt modes of the file operation on the Ethernet switch.

If the prompt mode is set as quiet, that is, no prompt for file operations, some non-recoverable operations may lead to system damage.

Example

# Configure the prompt mode of file operation as quiet.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] file prompt quiet

1.1.7 fixdisk

Syntax

fixdisk device

View

User view

Parameter

device: Device name.

Description

Use the fixdisk command to restore the space of a storage device.

Some of the space of a storage device may be unavailable due to some reason (such as abnormal operations). In this case, you can use this command to restore the space.

Currently, the switch does not support this command on the compact flash (CF) card.

Example

# Restore the space of the storage device flash.

<H3C> fixdisk flash:

1.1.8 format

Syntax

format filesystem

View

User view

Parameter

filesystem: Device name.

Description

Use the format command to format the storage device.

Format operation will cause non-recoverable loss of all the files on the device. Specially, configuration files will be lost after formatting the flash memory.

Example

# Format flash.

<H3C> format flash:

All data on Flash will be lost , proceed with format ? [Y/N] y

% Now begin to format flash, please wait for a while...

Format winc: completed

1.1.9 mkdir

Syntax

mkdir directory

View

User view

Parameter

directory: Directory name, in the range 1 to 136 characters.

Description

Use the mkdir command to create directory in the specified directory on the storage device.

The directory to be created cannot have the same name as that of other directory or file in the specified directory.

Example

# Create the directory dd.

<H3C> mkdir dd

Created dir flash:/dd

1.1.10 more

Syntax

more file-url

View

User view

Parameter

file-url: File name.

Description

Use the more command to view the contents of a specific file.

At present, the file system can display files in text format. This command can be used to display the contents of the files with .txt suffix or .cfg (configuration) suffix.

Example

# Display the contents of file test.txt.

<H3C> more test.txt

AppWizard has created this test application for you.

This file contains a summary of what you will find in each of the files that make up your test application.

Test.dsp

This file (the project file) contains information at the project level and is used to build a single project or subproject. Other users can share the project (.dsp) file, but they should export the makefiles locally.

1.1.11 move

Syntax

move fileurl-source fileurl-dest

View

User view

Parameter

fileurl-source: Source file name.

fileurl-dest: Destination file name.

Description

Use the move command to move files.

When the destination filename is the same as that of an existing file, the system will ask whether to overwrite it.

Example

# Move flash:/test/sample.txt to flash:/sample.txt.

<H3C> move flash:/test/sample.txt flash:/sample.txt

Move flash:/test/sample.txt to flash:/sample.txt ?[Y/N]:y

%Moved file flash:/test/sample.txt to flash:/sample.txt

& Note:

The switch has the following limitation on directory name and filename:

l The maximum length of a directory name or filename is 64 characters.

l The maximum length of a full-path filename (including the device name, directory name, and filename) is 136 characters.

l The move command can be successfully executed only when the source file and the destination file are on the same device.

1.1.12 pwd

Syntax

pwd

View

User view

Parameter

None

Description

Use the pwd command to view the current path.

Error may occur without setting the current path.

Example

# Display the current path.

<H3C> pwd

flash:

1.1.13 rename

Syntax

rename fileurl-source fileurl-dest

View

User view

Parameter

fileurl-source: Source file name.

fileurl-dest: Destination file name.

Description

Use the rename command to rename a file.

If the destination file name is identical with that of an already existent directory or file, the rename operation fails and the system prompts that name has already been used or the file is being used.

Example

# Rename the file sample.txt to sample.bak.

<H3C> rename sample.txt sample.bak

Rename flash:/sample.txt to flash:/sample.bak ?[Y/N]:y

%Renamed file flash:/sample.txt to flash:/sample.bak

1.1.14 reset recycle-bin

Syntax

reset recycle-bin [ file-url ]

View

User view

Parameter

file-url: Name of the file to be deleted.

Description

Use the reset recycle-bin command to permanently delete files from the recycle bin.

The file-url supports the wildcard character "*”.The delete command only puts the file into the recycle bin, but reset recycle-bin command will delete this file permanently.

Example

# Delete the file from the recycle bin.

<H3C> reset recycle-bin flash:/ config.vrrp

Squeeze flash:/ config.vrrp ? [Y/N]:

1.1.15 rmdir

Syntax

rmdir directory

View

User view

Parameter

directory: Directory name.

Description

Use the rmdir command to cancel a directory.

The directory to be deleted must be empty, that is, all the files under the directory should be removed first.

& Note:

When you delete a directory using the rmdir command, the files that originally belonged to this direction, now in the Recycle Bin, will also be deleted.

Example

# Delete the directory test.

<H3C> rmdir test

Rmdir test?[Y/N]:y

% Removed directory test

1.1.16 umount

Syntax

umount device

View

User view

Parameter

device: Device name. Now, it can only be CF.

Description

Use the umount command to unload the CF card from the file system.

Example

# Unload the CF card from the file system.

<H3C> umount cf:

1.1.17 undelete

Syntax

undelete file-url

View

User view

Parameter

file-url: Name of the file to be recovered.

Description

Use the undelete command to recover the file that has not been deleted completely.

The file name to be recovered cannot be the same as an existing directory name. If the destination file name is the same as an existing file name, prompt whether to overwrite.

Example

# Recover the deleted file sample.bak.

<H3C> undelete sample.bak

Undelete flash:/sample.bak ?[Y/N]:y

%Undeleted file flash:/sample.bak

1.2 Configuration File Management Commands

1.2.1 display current-configuration

Syntax

display current-configuration [ controller | interface interface-type interface-number | configuration [ configuration ] ] [ | { begin | exclude | include } regular-expression ]

View

Any view

Parameter

controller: Views the configuration information of controllers.

interface: Views the configuration information of interfaces.

interface-type: Type of the interface, including Aux, Ethernet, GigabitEthernet, NULL, Vlan-interface, M-Ethernet, LoopBack.

interface-number: Number of the interface.

configuration configuration: Views the pre-positive and post-positive configuration information. The value of configuration is the key word of the configuration, such as:

l system: Views the host name.

l timerange: Views the configuration information of time range.

|: Filters the configuration information to be output by regular expression.

begin: Begins with the line that matches the regular expression.

exclude: Excludes lines that match the regular expression.

include: Includes lines that match the regular expression.

regular-expression: Defines the regular expression.

Table 1-1 Special characters in the regular expression

Special characters

Description

Restriction

Underscore, similar to a wildcard and can stand for these characters:

(^|$|[,(){} ])

A space, the beginning of the input string, the end of the input string

If the first character in the regular expression is not a underscore, then there is no restriction on the number of the underscore (but it is restricted by the command length).

If the first character in the regular expression is an underscore, then there should be less than five consecutive underscores.

If the underscores in a command are discrete, on the first group of underscores are filtered for the output information, but not the subsequent underscores.

(

Left parenthesis, push flag in program

It is recommended not to use this character in the regular expression.

Description

Use the display current-configuration command to display the currently effective configuration parameters of the switch.

If some running configuration parameters are the same with the default operational parameters, they will not be displayed.

If a user needs to authenticate whether the configurations are correct after finishing a set of configuration, the display current-configuration command can be used to display the running parameters. Although the user has configured some parameters, but the related functions are not effective, they are not displayed.

When there is much configuration information, you can use the regular expression to filter the output information. For specific rules about the regular expression, refer to the corresponding operation manual.

Related command: save, reset saved-configuration and display saved-configuration.

Example

# View the running configuration parameters of the switch.

<H3C> display current-configuration

sysname H3C

radius scheme system

server-type nec

primary authentication 127.0.0.1 1645

primary accounting 127.0.0.1 1646

user-name-format without-domain

domain system

radius-scheme system

access-limit disable

state active

idle-cut disable

domain default enable system

local-server nas-ip 127.0.0.1

router id 2.2.2.2

stp timer hello 500

vlan 1

vlan 2

interface Vlan-interface1

interface Vlan-interface2

ip address 10.1.1.2 255.255.255.0

interface Aux0/0

interface Aux0/0/1

interface M-Ethernet0/0/0

interface Ethernet4/1/1

interface Ethernet4/1/2

interface Ethernet4/1/3

interface Ethernet4/1/4

interface Ethernet4/1/5

interface Ethernet4/1/6

interface Ethernet4/1/7

…

interface NULL0

ospf

area 0.0.0.0

network 10.1.1.0 0.0.0.255

user-interface aux 0

user-interface vty 0 4

return

# View the lines containing the character string “10*.110” in the configuration information. The “*” indicates that the “0” before it can appear 0 times or multiple consecutive times.

<H3C> display current-configuration | include 10*.110

primary authentication 127.0.0.1 1645

primary accounting 127.0.0.1 1646

local-server nas-ip 127.0.0.1

vlan 1

interface Vlan-interface1

ip address 10.1.1.2 255.255.255.0

interface Ethernet4/1/1

speed 1000

interface Ethernet4/1/2

interface Ethernet4/1/3

interface Ethernet4/1/4

interface Ethernet4/1/5

network 10.1.1.0 0.0.0.255

# View configuration information begin with “user”.

<H3C> display current-configuration | include ^user

user-interface aux 0

user-interface vty 0 4

# View the pre-positive and post-positive configuration information.

<H3C> display current-configuration configuration

sysname H3C

radius scheme system

server-type nec

primary authentication 127.0.0.1 1645

primary accounting 127.0.0.1 1646

user-name-format without-domain

domain system

radius-scheme system

access-limit disable

state active

idle-cut disable

domain default enable system

local-server nas-ip 127.0.0.1

router id 2.2.2.2

stp timer hello 500

ospf

area 0.0.0.0

network 10.1.1.0 0.0.0.255

user-interface aux 0

user-interface vty 0 4

return

1.2.2 display saved-configuration

Syntax

display saved-configuration

View

Any view

Parameter

None

Description

Use the display saved-configuration command to view the configuration files in the flash memory or CF card of Ethernet Switch.

If the Ethernet Switch works abnormally after electrified, execute the display saved-configuration command to view the startup configuration of the Ethernet Switch.

Related command: save, reset saved-configuration and display current-configuration.

Example

# Display configuration files in flash memory or CF card of Ethernet Switch.

<H3C> display saved-configuration

sysname H3C

local-user abc password simple abc

tcp window 8

interface Aux7/1/1

link-protocol ppp

interface Ethernet2/1/1

interface Ethernet2/1/2

interface Ethernet2/1/3

ip address 10.110.101.17 255.255.255.0

interface NULL0

ospf 1

ip route-static 10.12.0.0 255.255.0.0 Ethernet 12/1/0

user-interface con 0

user-interface aux 0

user-interface vty 0 4

authentication-mode none

return

The displayed information is global, port and user configurations.

1.2.3 display this

Syntax

display this

View

Any view

Parameter

None

Description

Use the display this command to display the running configuration of the current view. If you need to authenticate whether the configurations is correct after you have finished a set of configurations under a view, you can use the display this command to view the running parameters.

Some effective parameters are not displayed if they are the same with the default ones, while some parameters, though have been configured by the user, if their related functions are not effective, are not displayed either. For example, if X.25 is encapsulated at the data link layer on an interface, you can configure PPP parameter on the interface, but cannot view the configuration information when executing the display this command.

Associated configuration of the interface is displayed when executing the command in different interface views; related configuration of the protocol view is displayed when executing this command in different protocol views; and all the configuration of the protocol view is displayed when executing this command in protocol sub-views.

Related command: save, reset saved-configuration, display current-configuration, display saved-configuration.

Example

# Display the running configuration parameters for the current view of the switch system.

<H3C> display this

1.2.4 display startup

Syntax

display startup

View

Any view

Parameter

None

Description

Use the display startup command to display the related system software and configuration filenames used for the current and the next start-ups.

This command is used to display the following information: the filename of the system software for the current enabling configured by the user, the filename of the system software actually used for the current enabling, the filename of the system software configured for the next enabling, the configuration filename used for the current enabling, the configuration filename configured for the next enabling.

Related command: startup saved-configuration.

Example

# Display the filenames related to the current and the next enabling.

<H3C> display startup

MainBoard:

Startup saved-configuration file: flash:/9500.cfg

Next startup saved-configuration file: flash:/9500.cfg

1.2.5 reset saved-configuration

Syntax

reset saved-configuration

View

User view

Parameter

None

Description

Use the reset saved-configuration command to erase configuration files from the flash memory of the Ethernet Switch.

Perform this command with cautious. It is suggested to consult technical support personnel first.

Generally, this command is used in the following situations:

l After upgrade of software, configuration files in flash memory may not match the new version's software. Perform the reset saved-configuration command to erase the old configuration files.

l If a used Ethernet Switch is applied to the new circumstance and the original configuration files cannot meet the new requirements, the Ethernet Switch should be configured again. Erase the original configuration files for reconfiguration.

If the configuration files do not exist in the flash memory when Ethernet Switch is electrified and initialized, it will enter setup switch view automatically.

Related command: save, display current-configuration, display saved-configuration.

Example

# Erase the configuration files from the flash memory of Ethernet Switch.

<H3C> reset saved-configuration

The saved configuration will be erased.

Are you sure?[Y/N]

1.2.6 save

Syntax

save [ file-name ]

View

User view

Parameter

file-name: Name of the configuration file with the extension .cfg. It is a character string of 5 to 56 characters.

Description

Use the save command to save the current configuration files to Flash memory.

After finishing a group of configurations and achieving corresponding functions, user should remember to get the current configuration files stored in the flash memory.

Even if the problems like reboot and power-off occur during saving, the configuration can be still saved to Flash.

Related command: reset saved-configuration, display current-configuration, display saved-configuration.

Example

# Get the current configuration files stored in the flash memory.

<H3C> save

The configuration will be written to the device.

Are you sure?[Y/N]y

Now saving current configuration to the device.

Saving configuration flash:/9500.cfg. Please wait..

Configuration is saved to flash memory successfully.

1.2.7 startup saved-configuration

Syntax

startup saved-configuration cfgfile

View

User view

Parameter

cfgfile: Name of the configuration file. It is a string with a length of 5 to 56 characters.

Description

Use the startup saved-configuration command to configure the configuration file used for enabling the system for the next time.

The configuration file must have “.cfg” as its extension name and must be saved under the root directory of the Flash. By default, the configuration file will be saved under the root directory of Flash.

The extension of configuration file must be .cfg, and the startup configuration file must be saved under the directory where the memory resides. The memory is Flash.

Related command: display startup.

Example

# Configure the configuration file for the next start-up

<H3C> startup saved-configuration config.cfg

1.3 FTP Server Configuration Commands

1.3.1 display ftp-server

Syntax

display ftp-server

View

Any view

Parameter

None

Description

Use the display ftp-server command to view the parameters of the current FTP Server. You can perform this command to verify the configuration after setting FTP parameters.

Example

# Display the configuration of FTP Server parameters.

<H3C> display ftp-server

FTP server is running

Max user number 5

User count 0

Timeout value(in minute) 30

The above information displays the running state of FTP server, maximum number of user connections, number of current login users, and timeout.

1.3.2 display ftp-user

Syntax

display ftp-user

View

Any view

Parameter

None

Description

Use the display ftp-user command to view the parameters of current FTP user.

Example

# Show the configuration of FTP user parameters.

<H3C> display ftp-user

% No ftp user

1.3.3 ftp disconnect

Syntax

ftp disconnect user-name

View

System view

Parameter

user-name: user name of FTP that is to be disconnected.

Description

Use the ftp disconnect command to disconnect an FTP user.

Example

# Disconnect the FTP user ftptest.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ftp disconnect ftptest

1.3.4 ftp server enable

Syntax

ftp server enable

undo ftp server

View

System view

Parameter

None

Description

Use the ftp server enable command to start FTP Server and enable FTP user logon.

Use the undo ftp server command to close FTP Server and disable FTP user logon.

By default, FTP Server is shut down.

Perform this command to easily start or shut down FTP Server, preventing Ethernet Switch from being attacked by some unknown user.

Example

# Shut down FTP Server.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] undo ftp server

% Close FTP server

1.3.5 ftp timeout

Syntax

ftp timeout minute

undo ftp timeout

View

System view

Parameter

minute: Connection timeouts (measured in minutes), ranging from 1 to 35791; By default, the connection timeout time is 30 minutes.

Description

Use the ftp timeout command to configure connection timeout interval.

Use the undo ftp timeout command to restore the default connection timeout interval.

After a user logs on to an FTP Server and has established connection, if the connection is interrupted or cut abnormally by the user, FTP Server will still hold the connection. The connection timeout can avoid this problem. If the FTP server has no command interaction with a client for a specific period of time, it considers the connection to be failed and disconnect to the client.

Example

# Set the connection timeout to 36 minutes.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ftp timeout 36

1.3.6 local-user

Syntax

local-user { username | multicast [ domain domain-name ] ipaddress | password-display-mode { auto | cipher-force } }

undo local-user { username | all [ service-type { ftp | lan-access | telnet | ppp | ssh | terminal } ] | multicast [ domain domain-name ] ipaddress | password-display-mode }

View

System view

Parameter

username: User name.

all [ service-type { ftp | lan-access | telnet | ppp | ssh | terminal } ]: Deletes all local users. The keywords ftp, lan-access, telnet are used respectively to delete all the FTP, LAN access, Telnet local users. ppp is used to delete all the point-to-point access local views. The SSH parameter is used to delete all the SSH local views. And the terminal parameter is used to delete all the user terminals.

multicast [ domain domain-name ]: Adds or deletes multicast address.

ipaddress: Multicast IP address.

password-display-mode { auto | cipher-force }: Specifies the display mode of password. auto indicates the password will be displayed in the same mode as that used when the user configure the password. And cipher-force indicates the password will be displayed in forcible cipher mode.

Description

Use the local-user command to configure a local user and enter the local user view.

Use the undo local-user command to cancel one or all the local users.

By default, no local user exists.

This configuration is required if you want to access FTP server through FTP from a client.

Example

# Create a local user, and enter the local user view.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] local-user H3C

[H3C-luser-H3C]

1.3.7 local-user password-display-mode

Syntax

local-user password-display-mode { auto | cipher-force }

undo local-user password-display-mode

View

System view

Parameter

password-display-mode: Sets the display mode of user password when the switch displays the local user.

auto: Sets the display mode to what was used in configuring the password. That is, if the password was configured in cipher mode, it is also displayed in cipher mode, or else, it is displayed in plain mode.

cipher-force: Forcibly sets the display mode to cipher.

Description

Use the local-user password-display-mode command to set the display mode of the user password when the switch displays the local user.

Use the undo local-user password-display-mode command to restore the default mode.

By default, this mode is auto.

Example

# Set the display mode of user password when the switch displays the local user to cipher-force.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] local-user password-display-mode cipher-force

1.3.8 password

Syntax

password [ simple | cipher ] password

undo password

View

Local user view

Parameter

simple: Specifies to display passwords in simple text, ranging from 1 to 63 characters.

cipher: Specifies to display passwords in cipher text, ranging from 1 to 88 characters.

password: Defines a password, which is a character string of up to 63 characters if it is in simple text and of up to 88 characters if it is in cipher text.

Description

Use the password command to configure a password display mode for local users.

Use the undo password command to cancel the specified password display mode.

By default, a local user does not have a password.

If a client user wants to access FTP server through FTP, a password must be configured.

Example

# Configure the password for the local user H3C as 123456 (encrypted).

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C]local-user H3C

New local user added.

[H3C-luser-H3C] password cipher 123456

Updating the password file, please wait...

1.3.9 service-type

Syntax

service-type { ftp [ ftp-directory directory ] | lan-access | ppp [ call-number call-number | callback-nocheck | callback-number callback-number ] | ssh [ level level | telnet | terminal ] | telnet [ level level | ssh | temninal ] | terminal [ level level | ssh | telnet ] }

undo service-type { ftp [ ftp-directory directory ] | lan-access | ppp [ call-number call-number | callback-nocheck | callback-number callback-number ] | ssh [ level level | telnet | terminal ] | telnet [ level level | ssh | temninal ] | terminal [ level level | ssh | telnet] }

View

Local user view

Parameter

ftp: Specifies user type as FTP.

ftp-directory directory: Specifies the directory of FTP users, directory is a character string of up to 64 characters.

lan-access: Specifies user type to Lan-access, which mainly refers to Ethernet accessing users, 802.1x supplicants for example.

ppp: Specifies user type as PPP.

call number: Sets call number.

callback-nocheck: Sets callback-nocheck for modem.

ssh: Sets user type to SSH.

telnet: Sets user type to Telnet.

level level: Specifies the level of Telnet users. The argument level is an integer in the range of 0 to 3 and defaults to 0.

terminal: Sets user type to Terminal.

Description

Use the service-type command to configure a service type for a particular user.

Use the undo service-type command to cancel the specified service type for the user.

This configuration is required if you want to access FTP server through FTP from a client.

Example

# Set user H3C as Lan-access user.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C]local-user H3C

New local user added.

[H3C-luser-H3C]

[H3C-luser-H3C] service-type lan-access

1.4 FTP Client Commands

1.4.1 ascii

Syntax

ascii

View

FTP Client view

Parameter

None

Description

Use the ascii command to configure data transmission mode as ASCII mode.

By default, the file transmission mode is ASCII mode.

Perform this command if the user needs to change the file transmission mode to default mode.

Example

# Configure to transmit data in the ASCII mode.

<H3C> ftp

[ftp] ascii

200 Type set to A.

1.4.2 binary

Syntax

binary

View

FTP Client view

Parameter

None

Description

Use the binary command to configure file transmission type as binary mode.

Example

# Configure to transmit data in the binary mode.

<H3C>ftp

[ftp] binary

200 Type set to I.

1.4.3 bye

Syntax

bye

View

FTP Client view

Parameter

None

Description

Use the bye command to disconnect with the remote FTP Server and return to user view.

After performing this command, you can terminate the control connection and data connection with the remote FTP Server.

Example

# Terminate connection with the remote FTP Server and return to user view.

<H3C> ftp

[ftp] bye

1.4.4 cd

Syntax

cd pathname

View

FTP Client view

Parameter

pathname: Path name.

Description

Use the cd command to change the working path on the remote FTP Server.

This command is used to access another directory on FTP Server. Note that the user can only access the directories authorized by the FTP server.

Example

# Change the working path to flash:/temp

<H3C> ftp

[ftp] cd flash:/temp

1.4.5 cdup

Syntax

cdup

View

FTP Client view

Parameter

None

Description

Use the cdup command to change working path to the upper level directory.

This command is used to exit the current directory and return to the upper level directory.

Example

# Change working path to the upper level directory.

<H3C> ftp

[ftp] cdup

1.4.6 close

Syntax

close

View

FTP Client view

Parameter

None

Description

Use the close command to disconnect FTP client side from FTP server side without exiting FTP client side view. That is to say, you can terminate the control connection and data connection with the remote FTP Server at the same time.

Example

# Terminate connection with the remote FTP Server and stays in FTP Client view.

<H3C> ftp

[ftp] close

1.4.7 debugging

Syntax

debugging

undo debugging

View

FTP Client view

Parameter

None

Description

Use the debugging command to enable the debugging for FTP Client commands.

Use the undo debugging command to disable the debugging for FTP Client commands.

By default, the debugging for FTP Client commands is disabled.

Example

# Enable the debugging for FTP Client commands.

<H3C> ftp

[ftp] debugging

1.4.8 delete

Syntax

delete remotefile

View

FTP Client view

Parameter

remotefile: File name.

Description

Use the delete command to cancel the specified file.

Example

# Delete the file temp.c

<H3C>ftp

[ftp] delete temp.c

1.4.9 dir

Syntax

dir [ filename ] [ localfile ]

View

FTP Client view

Parameter

filename: File name to be queried.

localfile: Saved local file name.

Description

Use the dir command to query a specified file.

If no parameter of this command is specified, then all the files in the directory will be displayed.

Example

# Query the file temp.c and saves the results in the file temp1.

<H3C> ftp

[ftp] dir temp.c temp1

1.4.10 disconnect

Syntax

disconnect

View

FTP Client view

Parameter

None

Description

Use the disconnect command to disconnect FTP Client side from FTP server side without exiting FTP client side view.

This command terminates the control connection and data connection with the remote FTP Server at the same time.

Example

# Terminate connection with the remote FTP Server and stays in FTP Client view.

<H3C> ftp

[ftp] disconnect

1.4.11 ftp

Syntax

ftp [ ipaddress [ port ] ]

View

User view

Parameter

ipaddress: IP address of the remote FTP Server.

port: Port number of remote FTP Server.

Description

Use the ftp command to establish control connection with the remote FTP Server and enter FTP Client view.

Example

# Connect to FTP Server at the IP address 1.1.1.1

<H3C> ftp 1.1.1.1

1.4.12 get

Syntax

get remotefile [ localfile ]

View

FTP Client view

Parameter

localfile: Local file name.

remotefile: Name of a file on the remote FTP Server.

Description

Use the get command to download a remote file and save it locally.

If no local file name is specified, it will be considered the same as that on the remote FTP Server.

Example

# Download the file temp1.c and saves it as temp.c

<H3C> ftp

[ftp] get temp1.c temp.c

1.4.13 lcd

Syntax

lcd

View

FTP Client view

Parameter

None

Description

Use the lcd command to view local working path of FTP Client.

Example

# Show local working path.

<H3C> ftp

[ftp] lcd

% Local directory now flash:/temp

1.4.14 ls

Syntax

ls [ remotefile ] [ localfile ]

View

FTP Client view

Parameter

remotefile: Remote file to be queried.

localfile: Saved local file name.

Description

Use the ls command to query a specified file.

If no parameter is specified, all the files will be shown.

Note that, the ls command only displays the file names, while the dir command also displays other file-related information such as the file size and creation date.

Example

# Query file temp.c

<H3C>ftp

[ftp] ls temp.c

1.4.15 mkdir

Syntax

mkdir pathname

View

FTP Client view

Parameter

pathname: Directory name.

Description

Use the mkdir command to create a directory on the remote FTP Server.

User can perform this operation as long as the remote FTP server has authorized.

Example

# Create the directory flash:/lanswitch on the remote FTP Server.

<H3C>ftp

[ftp] mkdir flash:/lanswitch

1.4.16 open

Syntax

open ipaddr [ port ]

View

FTP Client view

Parameter

ipaddr: IP address of the remote FTP server.

port: Port number of the remote server.

Description

Use the open command to set up an FTP connection with a remote FTP server.

Example

# Set up a FTP connection with the FTP server with the IP address of 10.110.3.1.

<H3C> ftp

[ftp] open 10.110.3.1

1.4.17 passive

Syntax

passive

undo passive

View

FTP Client view

Parameter

None

Description

Use the passive command to configure the data transmission mode as passive mode.

Use the undo passive command to configure the data transmission mode as active mode.

By default, the data transmission mode is passive mode

Example

# Set the data transmission to passive mode.

<H3C> ftp

[ftp] passive

1.4.18 put

Syntax

put localfile [ remotefile ]

View

FTP Client view

Parameter

localfile: Local file name.

remotefile: File name on the remote FTP Server.

Description

Use the put command to upload a local file to the remote FTP Server.

If the user does not specify the filename on the remote server, the system will consider it the same as the local file name by default.

Example

# Upload the local file temp.c to the remote FTP Server and saves it as temp1.c.

<H3C> ftp

[ftp] put temp.c temp1.c

1.4.19 pwd

Syntax

pwd

View

FTP Client view

Parameter

None

Description

Use the pwd command to view the current directory on the remote FTP Server.

Example

# Show the current directory on the remote FTP Server.

<H3C> ftp

[ftp] pwd

"flash:/temp" is current directory.

1.4.20 quit

Syntax

quit

View

FTP Client view

Parameter

None

Description

Use the quit command to terminate the connection with the remote FTP Server and return to user view.

Example

# Terminate connection with the remote FTP Server and returns to user view.

<H3C> ftp

[ftp] quit

<H3C>

1.4.21 remotehelp

Syntax

remotehelp [ protocol-command ]

View

FTP Client view

Parameter

protocol-command: FTP protocol command.

Description

Use the remotehelp command to view help information about the FTP protocol command. This command takes effects only when the FTP server provides the protocol command help. (S9500 series serving as servers provide this help service, but common FTP software do not provide this service).

Example

# Show the syntax of the protocol command user.

<H3C> ftp

[ftp] remotehelp user

214 Syntax: USER <sp> <username>

1.4.22 rmdir

Syntax

rmdir pathname

View

FTP Client view

Parameter

pathname: Directory name of remote FTP Server.

Description

Use the rmdir command to remove the specified directory from FTP Server. Note that, this command can be successfully executed only when the specified directory contains no files.

Example

# Delete the directory flash:/temp1 from FTP Server.

<H3C> ftp

[ftp] rmdir flash:/temp1

1.4.23 user

Syntax

user username [ password ]

View

FTP Client view

Parameter

username: Logon username.

password: Logon password.

Description

Use the user command to register an FTP user.

This command is available when you log in FTP server with a specified user account.

Example

# Log in the FTP Server with username tom and password bjhw.

<H3C> ftp

[ftp] user tom bjhw

1.4.24 verbose

Syntax

verbose

undo verbose

View

FTP Client view

Parameter

None

Description

Use the verbose command to enable the client to display the commands received from/sent to the server.

Use the undo verbose command to disable the client from display the commands received from/sent to the server

By default, the VERBOSE is enabled and the client displays the commands received from/sent to the server.

Example

# Enable VERBOSE.

<H3C> ftp

[ftp]verbose

1.5 TFTP Configuration Commands

1.5.1 tftp get

Syntax

tftp tftp-server get source-file [ dest-file ]

View

User view

Parameter

tftp-server: IP address or hostname of the TFTP server. The name of the TFTP server should be a string ranging from 1 to 20 characters.

source-file: Specifies the filename of the source file on the TFTP server.

dest-file: Specifies the filename of the destination file which will be saved on the switch.

Description

Use the tftp get command to download a file from the specified directory of the TFTP server and saving it on the switch.

Related command: tftp put.

Example

# Download the file LANSwitch.app from the TFTP server at 1.1.3.214 and save it as vxWorks.app on the local switch.

<H3C> tftp 1.1.3.214 get LANSwitch.app vxWorks.app

1.5.2 tftp put

Syntax

tftp tftp-server put source-file [ dest-file ]

View

User view

Parameter

tftp-server: IP address or hostname of the TFTP server. The name of the TFTP server should be a string ranging from 1 to 20 characters.

source-file: Specifies the filename of the source file which is saved on the switch.

dest-file: Name of the saved-as file uploaded to the specified directory on the TFTP server.

Description

Use the tftp put command to upload a file from the switch to the specified directory on the TFTP server.

Related command: tftp get.

Example

# Upload the config.txt to the TFTP server at 1.1.3.214 and save it as temp.txt.

<H3C> tftp 1.1.3.214 put config.txt temp.txt

Chapter 2 MAC Address Table Management Commands

2.1 MAC Address Table Management Commands

2.1.1 display mac-address aging-time

Syntax

display mac-address aging-time

View

Any view

Parameter

None

Description

Use the display mac-address aging-time command to view the aging time of the dynamic entry in the MAC address table.

Related command: mac-address, mac-address timer, display mac-address.

Example

# Display the aging time of the dynamic entry in the MAC address table.

<H3C> display mac-address aging-time

mac-address aging-time: 300s

The above information indicates that the aging time of the dynamic entry in the MAC address is 300s.

2.1.2 display mac-address

Syntax

display mac-address [ mac-addr [ vlan vlan-id ] | [ static | dynamic ] [ interface interface-type interface-number ] [ vlan vlan-id ] [ count ] ]

View

Any view

Parameter

mac-addr: Specifies the MAC address.

vlan-id: Specifies the VLAN ID.

static: Static table entry, that is no aging, If the configuration is saved, it can be restored after the switch is reset.

dynamic: Dynamic table entry, which will be aged.

interface-type: Specifies the interface type.

interface-number: Specifies the interface number.

count: the display information will only contain the sum number of MAC addresses in the MAC address table if user choice this parameter when using this command.

Description

Use the display mac-address command to view MAC address table information.

When managing the Layer-2 addresses of the switch, the administrator can perform this command to view such information as the Layer-2 address table, address status (static or dynamic), Ethernet port of the MAC address, VLAN of the address, and system address aging time.

Related command: mac-address, mac-address timer.

Example

# Show the information of the entry with MAC address at 00e0-fc01-0101

<H3C> display mac-address 00e0-fc01-0101

MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)

00e0-fc01-0101 1 Learned Ethernet1/1/1 300

Table 2-1 Description on the fields of the display mac-address command on display

Field	Description
MAC ADDR	The destination MAC address
VLAN ID	The VLAN of the MAC address
STATE	The state of the item, which can be Learned, Config static
PORT INDEX	The forwarding port
AGING TIME(s)	The aging time

2.1.3 mac-address

Syntax

mac-address { static | dynamic } mac-addr interface interface-type interface-number vlan vlan-id

undo mac-address [ static | dynamic ] [ mac-addr [ interface interface-type interface-number vlan vlan-id | interface interface-type interface-number | vlan vlan-id ]

View

System view

Parameter

static: Static table entry, lost after resetting switch.

dynamic: Dynamic table entry, which will be aged.

mac-addr: Specifies the MAC address.

For detailed description on interface-type and interface-number see Port Configuration section of this manual.

vlan-id: Specifies the VLAN ID.

Description

Use the mac-address command to add/modify the MAC address table entry.

Use the undo mac-address command to cancel the MAC address table entry

If the input address has been existed in the address table, the original entry will be modified. That is, replace the interface pointed by this address with the new interface and the entry attribute with the new attribute (dynamic entry, static entry and permanent entry).

All the (MAC unicast) addresses on a certain interface can be deleted. User can choose to delete any of the following addresses: address learned by system automatically, dynamic address configured by user, static and permanent addresses configured by user.

Related command: display mac-address.

Example

# Configure the port number corresponding to the MAC address 00e0-fc01-0101 as Ethernet2/1/1 in the address table, and sets this entry as static entry.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] mac-address static 00e0-fc01-0101 interface ethernet 2/1/1 vlan 2

2.1.4 mac-address max-mac-count

Syntax

mac-address max-mac-count count

undo mac-address max-mac-count

View

Ethernet port view

Parameter

count: Maximum number of MAC addresses learned by a port, ranging from 0 to 14,336, the value of 0 means that address learning is disabled.

Description

Use the mac-address max-mac-count command to set the maximum number of MAC addresses learned by an Ethernet port.

Use the undo mac-address max-mac-count command to remove the limit on the maximum number of MAC addresses learned by an Ethernet port.

By default, a port can learn as many MAC addresses as a board can have. You can change the default value by using this command: if you set the value to count, and when the number of MAC addresses learned by the port reaches this value, this port will no longer learn any more MAC addresses; and you can use the undo mac-address max-mac-count command to remove the limit on the number.

& Note:

l The maximum number of MAC addresses of a board ranges from 12 K to 16 K depending on various software versions and board types.

l The aforementioned number of MAC addresses includes only the MAC addresses learned by the switch dynamically, and excludes those configured by the user.

l When executing the mac-address max-mac-count command, if the current number of MAC addresses exceeds the threshold value, the switch neither delete the present MAC address entries nor learn new MAC address until the number of entries less than the threshold value after some entries are aged out.

Related command: mac-address and mac-address timer.

Example

Set the maximum number of MAC addresses learned by Ethernet port Ethernet3/1/3 to 600.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] interface Ethernet3/1/3

[H3C-Ethernet3/1/3] mac-address max-mac-count 600

2.1.5 mac-address max-mac-count alarm

Syntax

mac-address max-mac-count enable { alarm | forward }*

undo mac-address max-mac-count enable { alarm | forward }*

View

Ethernet port view

Parameter

alarm: when the current number of MAC addresses exceeds the threshold value, whether the switch gives the network administrator an alarm or not. By default, the switch doesn’t give an alarm.

Description

Use the mac-address max-mac-count enable { alarm | forward }* command to enable the switch to send alarms to network administrator.

Use the undo mac-address max-mac-count enable { alarm | forward }* command to disable the function.

After the mac-address max-mac-count enable { alarm | forward }* command is executed, if the MAC addresses learned by a port reach the maximum number of MAC addresses that the port can learned, the port will send an alarm to network administrator to prompt that the port will no longer learn any MAC addresses.

Related commands: mac-address, mac-address timer.

& Note:

l The maximum number of MAC addresses of a board ranges from 12 K to 16 K depending on various software versions and board types.

l The aforementioned number of MAC addresses includes only the MAC addresses learned by the switch dynamically, and excludes those configured by the user.

Example

# Set the maximum number of MAC addresses learned by Ethernet port Ethernet3/1/3 to 600, and the switch will give an alarm to the network administrator and forward the packets when the number of MAC addresses learned exceeds 600.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] interface Ethernet3/1/3

[H3C-Ethernet3/1/3] mac-address max-mac-count 600

[H3C-Ethernet3/1/3] mac-address max-mac-count enable forward alarm

# Cancel the alarm function

[H3C-Ethernet3/1/3] undo mac-address max-mac-count enable alarm

2.1.6 mac-address max-mac-count enable forward

Syntax

mac-address max-mac-count enable forward

undo mac-address max-mac-count enable forward

View

Ethernet port view

Parameter

None

Description

Use the mac-address max-mac-count enable forward command to enable the switch to forward the packets whose source MAC addresses have not been learned by ports when the number of automatically learned MAC addresses of a specified port exceeds maximum number of learned MAC addresses.

Use the undo mac-address max-mac-count enable forward command to discard the packets whose source MAC addresses have not been learned by ports when the number of automatically learned MAC addresses of a specified port exceeds maximum number of learned MAC addresses.

By default, the switch forwards the packets whose source MAC addresses have not been learned by ports when the number of automatically learned MAC addresses of a specified port exceeds maximum number of learned MAC addresses.

Related commands: mac-address, mac-address timer.

Example

# Set the maximum number of learned MAC addresses of Ethernet port Ethernet3/1/3 to 600, so that the switch discards the packets whose source addresses have not been learned by ports when the number of automatically learned MAC addresses exceeds 600.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] interface Ethernet3/1/3

[H3C-Ethernet3/1/3] mac-address max-mac-count 600

[H3C-Ethernet3/1/3] undo mac-address max-mac-count enable forward

2.1.7 mac-address max-mac-count max-mac-num

Syntax

mac-address max-mac-count max-mac-num

undo mac-address max-mac-count

View

VLAN view

Parameter

max-mac-num: Maximum number of MAC addresses that can be learned in a VLAN. This argument ranges from 0 to 4,294,967,295. Value of 0 disables MAC address learning.

Description

Use the mac-address max-mac-count command to set the maximum number of MAC addresses that can be learned in VLAN.

Use the undo mac-address max-mac-count command to cancel the configuration.

If you have set the maximum number, MAC addresses will not be learned in the VLAN when the maximum number is reached..

By default, the number of learned MAC addresses is not limited in a VLAN.

& Note:

If you execute this command with the max-mac-num argument less than the current number of MAC addresses learned, the switch does not remove the existing MAC address entries, neither does it learns new MAC addresses. The switch resumes MAC address learning when the number of MAC addresses learned is less than the value specified by the max-mac-num argument.

Related commands: mac-address, mac-address timer.

Example

# Set the maximum number of learned MAC addresses in a VLAN 100 to 600.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] vlan 100

[H3C-vlan100] mac-address max-mac-count 600

2.1.8 mac-address timer

Syntax

mac-address timer { aging age | no-aging }

undo mac-address timer aging

View

System view

Parameter

aging age: Specifies the aging time (measured in seconds) of the Layer-2 dynamic address table entry, ranging from 10 to 630. By default, the aging time is 300 seconds.

no-aging : No aging time.

Description

Use the mac-address timer command to configure the aging time of the Layer-2 dynamic address table entry.

Use the undo mac-address timer command to restore the default value.

If aging time is too short, the MAC address might be deleted before the Ethernet switch gets the address information. That way the switch broadcasts the received packets to all the ports within the VLAN. This will affect the switch operation performance.

If aging time is too long, the Ethernet switch will store a great number of out-of-date MAC address tables. This will consume MAC address table resources and the switch will not be able to update MAC address table according to the network change.

Caution:

The aging of dynamic MAC address is completed during the second aging cycle that has been configured.

Example

# Configure the entry aging time of Layer-2 dynamic address table to be 500 seconds.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] mac-address timer aging 500

2.1.9 reset mac-address

Syntax

reset mac-address { all | dynamic | static | interface { interface-type interface-number} | vlan vlan-id }

View

User view

Parameter

all: Clears all of the MAC address entries.

dynamic: Clears all dynamic MAC address entries.

static: Cleasr all static MAC address entries.

interface-type is the type of the port, and interface-number is the number of the interface.

Vlan vlan-id: Clears all of the MAC address entries in the specified VLAN.

Description

Use the reset mac-address command to clear corresponding MAC address entries.

Related commands: mac-address, display mac-address.

Example

# Clear all MAC address entries.

<H3C> reset mac-address all

Chapter 3 Device Management Commands

3.1.1 boot boot-loader

Syntax

boot boot-loader { primary | backup } file-url [ slot slot-number ]

View

User view

Parameter

file-url: ARP program path + program name

slot-number: Slot number of the active or standby SRPC.

primary: Specifies this program to be the primary bootstrap program.

backup: Specifies this program to be the backup bootstrap program.

Description

Use the boot boot-loader primary command to specify the primary bootstrap program to be the bootstrap program.

Use the boot boot-loader backup command to specify the backup bootstrap program to be the bootstrap program.

If the switch cannot be started through specified bootstrap program, a program will be selected from the Flash or CF card as bootstrap program. If the switch still cannot be started normally, the switch fails to boot up.

& Note:

An S9500 series routing switch supports system switchover, both its active and standby SRPCs have an application program system. You can operate on the programs on both SRPCs. But when you specify a bootstrap program on the standby SRPC, the URL of the program must begin with "slot[No.]#[flash: | cf:]/", where, [No.] is the slot number of the standby SRPC and [flash: | cf:] is the name of the equipment, flash card or CF card. For example, if the slot number of the standby SRPC is 1, the URL of the 9500.app program under the root directory on the standby SRPC must be "slot1#flash:/9500.app".

Example

# Specify flash:/s9500-cmw310-r1262.app as the current primary bootstrap program of the active SRPC.

<H3C> boot boot-loader primary flash:/s9500-cmw310-r1262.app

The specified file will be booted next time!.

# Specify slot1#flash:/s9500-cmw310-r1262.app as the current primary bootstrap program on the standby SRPC in slot 1.

<H3C> boot boot-loader primary slot1#flash:/s9500-cmw310-r1262.app slot 1

The specified file will be booted next time!.

3.1.2 boot bootrom

Syntax

boot bootrom file-url slot slot-num-list

View

User view

Parameter

file-url: Path and name of Bootrom file in the storage device.

slot slot-num-list: Specifies the slot number list of switch. The formula is slot-num-list={ slot-num [ to slot-num ] }&<1-n>. &<1-n> indicates that the prior parameter can be input for n times. For S9505, n is 7; for S9512, n is 14.

Description

Use the boot bootrom command to upgrade Bootrom.

Example

# Upgrade bootrom of No.1slot.

<H3C> boot bootrom PLATV100R002B09D002.app slot 1

3.1.3 display boot-loader

Syntax

display boot-loader

View

Any view

Parameter

None

Description

Use the display boot-loader command to view APP file used this time and next time.

Example

<H3C> display boot-loader

The primary app to boot of board 0 at the next time is: flash:/switch.app

The backup app to boot of board 0 at the next time is: flash:/switch.app

The app to boot of board 0 at this time is: flash:/switch.app

Table 3-1 Description on the display boot-loader command

Field	Description
The app to boot of board 0 at the next time is: flash:/Switch.app	Startup file used on startup next time
The app to boot of board 0 at this time is: flash:/PLAT.APP	Startup file used on startup this time

3.1.4 display cpu

Syntax

display cpu [slot slot-no ]

View

Any view

Parameter

slot slot-no: Specifies the board number.

Description

Use the display cpu command to display CPU occupancy.

Example

# Display CPU occupancy on slot 0.

<H3C> display cpu slot 0

Board 0 CPU busy status:

6% in last 5 seconds

7% in last 1 minute

12% in last 5 minutes

Table 3-2 Description on display information

Field

Description

Board 0 CPU busy status:

CPU usage of switch

6% in last 5 seconds

7% in last 1 minute

12% in last 5 minutes

CPU usage in last 5 seconds is 6%.

CPU usage in last 1 minute is 7%.

CPU usage in last 5 minutes is 12%.

3.1.5 display device

Syntax

display device [ detail | [ shelf shelf-no ] [ frame frame-no ] [ slot slot-no ] ]

View

Any view

Parameter

detail: displays all slot detail information.

shelf-no: Shelf number.

frame-no: Frame number.

slot-no: Slot number.

Description

Use the display device command to display the module type and working status information of a card, including physical card number, physical daughter card number, number of ports, hardware version number, FPGA version number, version number of BOOTROM software, application version number, address learning mode, interface card type and interface card type description, and so on.

Example

# Show device information.

<H3C> display device

Slot No. Brd Type Brd Status Subslot Num Sft Ver

0 LSB1SRPB Master 0 9500-0004

1 NONE Absent Absent None

2 NONE Absent Absent None

3 NONE Absent Absent None

4 NONE Absent Absent None

5 NONE Absent Absent None

6 NONE Absent Absent None

7 NONE Absent Absent None

3.1.6 display environment

Syntax

display environment

View

Any view

Parameter

None

Description

Use the display environment command to view environment information.

Example

# Display the environment information.

<H3C> display environment

System temperature information (degree centigrade):

----------------------------------------------------

Board Temperature Lower limit Upper limit

0 33 10 45

2 35 10 65

4 34 10 65

3.1.7 display fan

Syntax

display fan [ fan-id ]

View

Any view

Parameter

fan-id: the fan ID.

Description

Use the display fan command to view the working state of the built-in fans. User can perform this command to see if they work normally.

Example

# Display the working state of the fans.

<H3C> display fan

Fan 1 State: Normal

3.1.8 display memory

Syntax

display memory [ slot slot-no ]

View

Any view

Parameter

slot-no: Specifies slot number

Description

Use the display memory command to display memory situation.

Example

# Display memory situation.

<H3C> display memory slot 0

System Total Memory(bytes): 197932416

Total Used Memory(bytes): 65234704

Used Rate: 32%

Table 3-3 Description on the fields of the display memory command

Field	Description
System Total Memory(bytes)	The Total Memory of switch, unit in byte
Total Used Memory(bytes)	The Total used Memory of switch, unit in byte
Used Rate	The memory used rate

3.1.9 display power

Syntax

display power [ power-ID ]

View

Any view

Parameter

power-ID: Power ID.

Description

Use the display power command to view the working state of the built-in power supply.

Example

# Show power state.

<H3C> display power

Power 1 State: Absent

Power 2 State: Normal

Power 3 State: Absent

3.1.10 display schedule reboot

Syntax

display schedule reboot

View

Any view

Parameter

None

Description

Use the display schedule reboot command to check the configuration of related parameters of the switch schedule reboot terminal service.

Related command: reboot, schedule reboot at.

Example

# Display the configuration of the schedule reboot terminal service parameters of the current switch.

<H3C> display schedule reboot

System will reboot at 16:00:00 2004/11/1 (in 2 hours and 5 minutes).

3.1.11 reboot

Syntax

reboot [ slot slot-no ]

View

User view

Parameter

slot slot-no: Specifies the physical card number.

Description

Use the reboot command to reboot to restart the Ethernet switch or the specified card. Example

# Reset the Ethernet switch.

<H3C> reboot

3.1.12 schedule reboot at

Syntax

schedule reboot at hh:mm [ yyyy/mm/dd ]

undo schedule reboot

View

User view

Parameter

hh:mm: Reboot time of the switch, in the format of "hour: minute" The hh ranges from 0 to 23, and the mm ranges from 0 to 59.

yyyy/mm/dd: Reboot date of the switch, in the format of "year/month/day. The yyyy ranges from 2000 to 2099, the mm ranges from 1 to 12, and the value of dd is related to the specific month.

Description

Use the schedule reboot at command to enable the timing reboot function of the switch and set the specific reboot time and date.

Use the undo schedule reboot command to disable the timing reboot function.

By default, the timing reboot switch function is disabled.

& Note:

The precision of switch timer is 1 minute. The switch will reboot in one minute when time comes to the specified rebooting point.

If the schedule reboot at command sets specified date parameters, which represents a data in the future, the switch will be restarted in specified time, with error not more than 1 minute.

If no specified date parameters are configured, two cases are involved: If the configured time is after the current time, the switch will be restarted at the time point of that day; if the configured time is before the current time, the switch will be restarted at the time point of the next day.

It should be noted that the configured date should not exceed the current date more than 30 days. In addition, after the command is configured, the system will prompt you to input confirmation information. Only after the "Y" or the "y" is entered can the configuration be valid. If there is related configuration before, it will be covered directly.

Moreover, after the schedule reboot at command is configured and the system time is adjusted by the clock command, the former configured schedule reboot at parameter will go invalid.

Related command: reboot, display schedule reboot.

Example

# Set the switch to be restarted at 22:00 that night (the current time is 15:50).

<H3C> schedule reboot at 22:00

Reboot system at 22:00:00 UTC 2003/11/18 (in 6 hours and 10 minutes)

confirm?[Y/N]:y

aux0: schedule reboot parameters at 15:50:00 UTC 2003/11/18. And system will reboot at 22:00:00 UTC 2003/11/18

Proceed with reboot? [Y/N]:y

3.1.13 schedule reboot delay

Syntax

schedule reboot delay { hhh:mm | mmm }

undo schedule reboot

View

User view

Parameter

hhh:mm: Waiting time for rebooting a switch, in the format of "hour: minute" The hhh ranges from 0 to 720, and the mm ranges from 0 to 59.

mmm: Waiting delay for rebooting a switch, in the format of "absolute minutes" . Ranging from 0 to 43200,

Description

Use the schedule reboot delay command to enable the timing reboot switch function and set the waiting time.

Use the undo schedule reboot command to disable the timing reboot function.

By default, the timing reboot switch function is disabled.

& Note:

The precision of switch timer is 1 minute. The switch will reboot in one minute when time comes to the specified rebooting point.

Two formats can be used to set the waiting delay of timing reboot switch, namely the format of "hour: minute" and the format of "absolute minutes". But the total minutes should be no more than 30×24×60 minutes, or 30 days.

After this command is configured, the system will prompt you to input confirmation information. Only after the "Y" or the "y" is entered can the configuration be valid. If there is related configuration before, it will be covered directly.

Moreover, after the schedule reboot at command is configured, and the system time is adjusted by the clock command, the original schedule reboot at parameter will become invalid.

Related command: reboot, schedule reboot at, undo schedule reboot, display schedule reboot.

Example

# Configure the switch to be restarted after 88 minutes (the current time is 21:32).

<H3C> schedule reboot delay 88

Reboot system for 23:00:00 UTC 2002/11/1 (in 1 hours and 28 minutes)

Confirm? [Y/N]:y

3.1.14 temperature-limit

Syntax

temperature-limit slot down-value up-value

undo temperature-limit slot

View

User view

Parameter

slot: Physical card number.

down-value: Lower temperature limit, in the range 0 to 70 °C.

up-value: Upper temperature limit, in the range 20 to 90 °C.

Description

Use the temperature-limit command to configure temperature limit.

Use the undo temperature-limit command to restore temperature limit to default value.

Example

# Set the lower and upper temperature limit of card 0.

<H3C> temperature-limit 0 10 75

3.1.15 update l3plus

Syntax

update l3plus slot slot-no filename file-name ftpserver server-name username user-name password password [ port port-num ]

View

System view

Parameter

slot-no: Slot for the service processing board to be updated.

file-name: Name of upgrading file to be downloaded. The file suffix is .app.

server-name: IP address or host name of FTP Server where the file to be updated locates.

user-name: User name for file transfer protocol (FTP) login.

password: User password for FTP login.

port-num: FTP port number, in the range 0 to 65,535. By default, it is 21.

Description

Use the update l3plus command to update service processing boards. After the command is executed, the system logs into an FTP Server with the host name, user name and user password provided. The system downloads the host software containing load program of service processing board to the system’s synchronous dynamic random access memory (SDRAM), and uses the file to enable service processing boards.

Example

# Update the service processing board in slot 2. The file to be downloaded is place in the host with the IP address 192.168.1.100, and its name is L3PLUS.app. The user name and password for FTP login are 654321 and 123456 respectively.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] update l3plus slot 2 filename L3PLUS.app ftpserver 192.168.1.100 username 654321 password 123456

Chapter 4 System Maintenance Commands

4.1 Basic System Configuration and Management Commands

4.1.1 clock datetime

Syntax

clock datetime HH:MM:SS YYYY/MM/DD

View

User view

Parameter

HH:MM:SS: Current clock. HH ranges from 0 to 23. MM and SS range from 0 to 59.

YYYY/MM/DD: Specifies the current year, month and date. YYYY ranges from 2000 to 2100. MM ranges from 1 to 12 and DD ranges from 1 to 31.

Description

Use the clock datetime command to configure the current date and clock of Ethernet Switch.

By default, the date and clock of Ethernet Switch is set as 0:0:0, 2000/1/1.

The current date and clock of Ethernet Switch must be set in the circumstance that absolute time is strictly required.

Related command: display clock.

Example

# Set the current date of Ethernet Switch to 0:0:0, 2001/01/1.

<H3C> clock datetime 0:0:0 2001/01/01

4.1.2 clock summer-time

Syntax

clock summer-time zone-name { one-off | repeating } start-time start-date end-time end-date offset-time

undo clock summer-time

View

User view

Parameter

zone-name: Name of the summer time, which is a string with the length ranging 1 to 32 characters.

one-off: Only set the summer time of a certain year.

repeating: Set the summer time of every year starting from a certain year.

start-time: Set start time of the summer time, input like HH:MM:SS (hour/minute/second).

start-date: Set start date of the summer time, input like YYYY/MM/DD (year/month/day).

end-time: Set end time of the summer time, input like HH:MM:SS (hour/minute/second).

end-date: Set end date of the summer time, input like YYYY/MM/DD (year/month/day).

offset-time: Set offset time of the summer time, input like HH:MM:SS (hour/minute/second).

Description

Use the clock summer-time command to set the name, starting and ending time of the summer time.

Use the undo clock summer-time command to remove the configuration of the summer time.

After the configuration takes effect, the display clock command can be used to check it. Besides, the time of the log or Debugging information uses the local time after the adjustment of the time zone and summer time.

Related command: clock timezone.

Example

# Set the summer time for z2 that starts at 06:00:00 on 08/06/2002 and ends at 06:00:00 on 01/09/2002 with the time adding 1 hour.

<H3C> clock summer-time z2 one-off 06:00:00 2002/06/08 06:00:00 2002/09/01 01:00:00

# Set the summer time for z2 that starts at 06:00:00 on 08/06 and ends at 06:00:00 on 01/09 in each year from 2002 on with the time adding 1 hour.

<H3C> clock summer-time z2 repeating 06:00:00 2002/06/08 06:00:00 2002/09/01 01:00:00

4.1.3 clock timezone

Syntax

clock timezone zone-name { add | minus } HH:MM:SS

undo clock timezone

View

User view

Parameter

zone-name: Name of the time zone, which is a character with the length ranging from 1 to 32.

add: Tme is adding compared with the UTC.

minus: Time is minus compared with the UTC.

HH:MM:SS: Time (hour/minute/second).

Description

Use the clock timezone command to set the information of the local time zone.

Use the undo clock timezone command to restore to the default Universal Time Coordinated (UTC) time zone.

After the configuration takes effect, the display clock command can be used to check it. Besides, the time of the log or debug information uses the local time after the adjustment of the time zone and summer time.

Related command: clock summer-time.

Example

# Set the name of the local time zone as Z5 with the time adding 5 hours compared with the UTC.

<H3C> clock timezone z5 add 05:00:00

4.1.4 quick-ping enable

Syntax

quick-ping enable

undo quick-ping enable

View

System view

Parameter

None

Description

Use the quick-ping enable command to enable the PING distribution function.

Use the undo quick-ping enable command to disable the PING distribution function.

By default, the PING distribution function is enabled.

Example

# Enable the ping distribution function.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] quick-ping enable

4.1.5 sysname

Syntax

sysname sysname

undo sysname

View

System view

Parameter

sysname: Specifies the hostname with a character string with the length ranging from1 to 30 characters. The name of the Ethernet switch defaults to H3C.

Description

Use the sysname command to configure the hostname of Ethernet Switch.

By default, the hostname of Ethernet Switch is H3C.

Changing the hostname name of Ethernet Switch will affect the prompt of command line interface. E.g. the host name of Ethernet Switch is H3C, and the prompt in user view is <H3C>.

Example

# Set the hostname of the Ethernet Switch as H3CLANSwitch.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] sysname H3CLANSwitch

[H3CLANSwitch]

4.2 Clock Module Commands

4.2.1 clock

Syntax

clock { auto | manual source source }

View

System view

Parameter

auto: The clock works in the auto mode.

manual: The clock works in the manual mode.

source: Sets the primary clock source in manual mode.

source: The index of clock source, ranging from 1 to 18.

Description

Use the clock command to set the work mode of the clock module on the main processing card (SRPU), namely, the mode of clock selecting clock source, including auto mode and manual mode.

If it is necessary to set the clock source, you need to query the state of the clock source first. Only the clock source working normally can be selected.

1) In the manual mode, the clock module does not switch the clock source actively; it only traces the specified primary clock source. The set clock source priority and SSM level are not involved in control. If the primary clock source is lost, the phase lock mode of the clock module switches into Hold.

2) In auto mode

l If SSM is not involved in control, the set SSM level will be neglected, and the clock module will select a clock source by priority. If two clock sources have the same priority, they will be selected in the high-to-low order from clock source 1 to clock source 18. If the available clock source with the highest priority is lost, it will be switched to the next available clock source with the highest priority automatically. When the original clock source recovers, the clock module will switch to the original clock source. In this case, the manually set primary clock source will not work.

l If SSM is engaged in control, the clock module will select a clock source by SSM level first. If two clock sources have the same SSM level, they will be selected by the priority. If their have the same priority, they will be selected in high-to-low order from clock source 1 to clock source 18. If the available clock source with highest SSM level is lost, it will be switched to the next available clock source with the highest SSM level automatically. When the original clock source recovers, the clock module will switch back to the original clock source. In this case, the manually set primary clock source will not work.

3) Clock sources not engaged in switching

The following clock sources are neglected during clock source selection (when SSM is engaged in control):

l Clock sources whose signal is lost are unavailable clock sources, and are not engaged in switching.

l Clock sources with the priority of 0xFF are unconfigured clock sources, and are not engaged in switching.

l Clock sources with the SSM level being DNU should not be used for synchronization, and are not engaged in switching.

Example

# Set the work mode of clock module on the SRPU to auto.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] clock auto

4.2.2 clock forcessm

Syntax

clock forcessm { on | off } source source

View

System view

Parameter

on: SSM is not extracted from clock source, namely, SSM is manually configured.

off: SSM is extracted from the clock source, and the configured SSM is invalid.

source: The number of the clock source, ranging from 1 to 18.

Description

Use the clock sa-bit command to configure whether to use extracted or manually configured SSM.

Refer to the clock ssm command for SSM configuration.

Example

# Use SSM extracted from clock source 10.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C]clock forcessm off source 10

4.2.3 clock lpuport

Syntax

clock lpuport slot slotid card cardid port portid

View

System view

Parameter

slotid: The slot ID of interface card.

cardid: Card ID of ATM or POS interface card.

portid: Port ID.

Description

Use the clock lpuport command to select the output port of the line clock source of the interface card.

Example

# Set the output port of the line clock source of the interface card 3 to port 1.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] clock lpuport slot 3 card 1 port 1

4.2.4 clock priority

Syntax

clock priority value source source

View

System view

Parameter

value: Priority level, ranging from 1 to 18 or 255.

source: The index of clock source, ranging from 1 to 18.

Description

Use the clock priority command to set the priority level of the clock source of the clock module. The value is 255 by default.

Example

# Set the priority level of clock source 2 to 2.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C]clock priority 2 source 2

4.2.5 clock sa-bit

Syntax

clock sa-bit { sa4 | sa5 | sa6 | sa7 | sa8 } source source

View

System view

Parameter

source: Numer of the Bits clock source, ranging from 1 to 2.

sa4: Time slot of sa4 bit.

sa5: Time slot of sa5 bit.

sa6: Time slot of sa6 bit.

sa7: Time slot of sa7 bit.

sa8: Time slot of sa8 bit.

Description

Use the clock sa-bit command to set the time slot of a Bits clock source. sa4 through sa8 refer to the five bits, sa4 through sa8, of CRC4 CRC4 multiple-frame even-frame slot 0, one of which can be selected by the carrier to carry the SSM information according to ITU-T G.704.

Example

# Set the time slot of Bits clock source 1 to SA4.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] clock sa-bit sa4 source 1

4.2.6 clock ssm

Syntax

clock ssm { dnu | lnc | prc | sets | tnc | unknown } source source

View

System view

Parameter

dnu: Should be used for synchronization (DNU).

lnc: G.812 local node clock signal (LNC).

prc:G.811 clock signal (PRC).

sets: Clock source signal of SDH equipment (SETS).

tnc: G.812 transfer node clock signal (TNC).

unknown: The quality of synchronization is unknown.

source: The number of clock source, ranging from 1 to 18.

Description

Use the clock ssm command to set the SSM level of each clock source:

l For line clock source, the set SSM level is the SSM level of the clock source.

l For Bits clock source, if the input signal is 2048kbit/s (E1) and SSM is engaged in control, the SSM level of the clock source is the SSM level extracted from the input signal, and the set SSM level is neglected.

l For Bits clock source, if the input signal is 2048kHz signal, or the input signal is 2048kbits/s signal but SSM is not engaged in control, the set SSM level is the SSM level of the clock source.

SSM means Synchronization Status Marker, which is also referred to as synchronous quality information. It is used to indicate the level of synchronous timing signal in synchronous timing transfer link. For line clock sources, SSM is extracted by the interface card and reported to the SRPU, and then the SRPU sets the SSM of the line clock source for the clock module.

When the clock module is powered on, the clock level of all clock sources is unknown. From high to low, the order of SSM levels is: PRC > TNC > LNC > SETS > unknown > DNU. If the SSM level of a clock source is DNU and SSM is engaged in control, the clock source will not be selected during clock source switching.

The SRPU will notify the corresponding interface card about theSSM level after setting the SSM level. If the SSM level of the line clock source can be extracted, the set SSM level will be invalidated. Otherwise, the set SSM level will apply.

Example

# Set the SSM level of clock source 1 to DNU.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] clock ssm dnu source 1

4.2.7 clock ssmcontrol

Syntax

clock ssmcontrol { on | off }

View

System view

Parameter

on: Enable SSM to be engaged in control.

off: Disable SSM from being engaged in control.

Description

Use the clock ssmcontrol command to set whether the SSM function of the clock module is engaged in control.

l SSM is engaged in control: The level of the clock source is first determined by its SSM level during automatic clock source switching.

l SSM is not engaged in control: The SSM level can be set and queried, but the SSM level of the clock source is neglected during automatic clock source switching.

The SSM function of the clock module is not engaged in control by default.

Example

# Enable the SSM function to get engaged in control,

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] clock ssmcontrol on

4.2.8 clock stop warm-up

Syntax

clock stop warm-up

View

System view

Parameter

None

Description

Use the clock stop warm-up command to force the clock module to stop warming up the local oscillator and switch into normal work.

Example

# Force the clock module to stop warming up the local oscillator and switch into normal work.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] clock stop warm-up

4.2.9 display clock device

Syntax

display clock device

View

Any view

Parameter

None

Description

Use the display clock device command to query the detailed information of the clock device.

Example

# Query the detailed information of the clock device.

<H3C> display clock device

Clock module detail information:

Clock module state is OK

SRAM state: OK

Output 38.88Mhz signal state: OK

PLL tru050 state: OK

PLL 88915 state: OK

OSC state: OK

I2C bus state: OK

EPLD state: OK

HDLC state: OK

E1 A state: OK

E1 B state: OK

Reference state

Work mode : auto

Traced reference : 0

Lock mode : freerun

OSC state : normal

SSM output level : LNC

SSM participate in control : No

reference state Priority SSM-level Forcessm Sa-bit lpu port

1 lost 255 UNKNOWN No 4 N/A

2 lost 255 UNKNOWN No 4 N/A

3 lost 255 UNKNOWN No N/A -

4 lost 255 UNKNOWN No N/A -

5 lost 255 UNKNOWN No N/A -

6 normal 255 UNKNOWN No N/A 0/1/1

7 lost 255 UNKNOWN No N/A -

8 lost 255 UNKNOWN No N/A -

9 lost 255 UNKNOWN No N/A -

10 lost 255 UNKNOWN No N/A -

11 lost 255 UNKNOWN No N/A -

12 lost 255 UNKNOWN No N/A -

13 lost 255 UNKNOWN No N/A -

14 lost 255 UNKNOWN No N/A -

15 lost 255 UNKNOWN No N/A -

16 lost 255 UNKNOWN No N/A -

17 lost 255 UNKNOWN No N/A -

18 lost 255 UNKNOWN No N/A -

4.2.10 display clock version

Syntax

display clock version

View

Any view

Parameter

None

Description

Use the display clock version command to query the version information of the clock device.

Example

# Query version information of the clock device.

<H3C> display clock version

Clock module version

Software version: v010

Hardware version: Rev.A

CPLD version: v009

Release date: 2002.02.26

4.2.11 display clock d/a

Syntax

display clock d/a

View

Any view

Parameter

None

Description

Use the display clock d/a command to query the D/A value of the clock device.

Example

# Query the D/A value of the clock device.

<H3C> display clock d/a

DAC Voltage : 2048

4.2.12 display clock basephase

Syntax

display clock basephase

View

Any view

Parameter

None

Description

Use the display clock basephase command to query base phase of the clock.

Example

# Query the base phase of the clock.

<H3C> display clock basephase

clock base phase : 0x0

4.2.13 display clock lpuport

Syntax

display clock lpuport

View

Any view

Parameter

None

Description

Use the display clock lpuport command to query the LPU port to output the clock reference source.

Example

# Query the LPU port to output the clock reference source.

<H3C> display clock lpuport

the LPU port which output clock reference:

reference lpu port(slot-card-port)

4 CPOS2/1/1

4.2.14 display clock source

Command

display clock source

View

Any view

Parameter

None

Description

Use the display clock source command to query the status of the 18 clock sources.

Example

# Query the status of the 18 clock sources.

<H3C> display clock source

No primary reference is traced

reference state lpu port(slot-card-port)

1 lost N/A

2 lost N/A

3 lost -

4 normal 2/1/1

5 lost -

6 lost -

7 lost -

8 lost -

9 lost -

10 lost -

11 lost -

12 lost -

13 lost -

14 lost -

15 lost -

16 lost -

17 lost -

18 lost -

4.2.15 display clock self-test-result

Command

display clock self-test-result

View

Any view

Parameter

None

Description

Use the display clock self-test-result command to query the clock self test result.

Example

# Query the clock self test result.

<H3C> display clock self-test-result

Clock module work mode: normal

Detail test report:

SRAM : normal

Output 38.88MHz signal: normal

PLL TRU050 : normal

PLL 88915 : normal

OSC : normal

I2C bus : normal

EPLD : normal

HDLC : normal

E1a : normal

E1b : normal

4.2.16 display clock priority

Command

display clock priority

View

Any view

Parameter

None

Description

Use the display clock priority command to query the priority levels of the 18 clock sources.

Example

# Query the priority levels of the 18 clock sources.

<H3C> display clock priority

reference priority

1 255

2 4

3 255

4 255

5 255

6 255

7 255

8 255

9 255

10 255

11 255

12 255

13 255

14 255

15 255

16 255

17 255

18 255

4.2.17 display clock ssm-level

Command

display clock ssm-level

View

Any view

Parameter

None

Description

Use the display clock ssm-level command to query the SSM levels of the 18 clock sources.

Example

# Query the SSM levels of the 18 clock sources.

<H3C> display clock ssm-level

reference SSM level

1 LNC

2 UNKNOWN

3 UNKNOWN

4 LNC

5 UNKNOWN

6 UNKNOWN

7 UNKNOWN

8 UNKNOWN

9 UNKNOWN

10 UNKNOWN

11 UNKNOWN

12 UNKNOWN

13 UNKNOWN

14 UNKNOWN

15 UNKNOWN

16 UNKNOWN

17 UNKNOWN

18 UNKNOWN

4.2.18 display clock ssm-output

Command

display clock ssm-output

View

Any view

Parameter

None

Description

Use the display clock ssm-output command to query the SSM output level of the clock.

Example

# Query the SSM output level of the clock.

<H3C> display clock ssm-output

SSM output level is LNC.

4.2.19 display clock phase-lock-state

Command

display clock phase-lock-state

View

Any view

Parameter

None

Description

Use the display clock phase-lock-state command to query the phase lock status of the clock.

Example

# Query the phase lock status of the clock.

<H3C> display clock phase-lock-state

phase lock state: hold

osc state: noamal, finished warm-up

4.2.20 display clock work-mode

Command

display clock work-mode

View

Any view

Parameter

None

Description

Use the display clock work-mode command to query the clock work mode.

Example

# Query the clock work mode.

<H3C> display clock work-mode

clock work in auto mode.

4.2.21 display clock config

Command

display clock config

View

Any view

Parameter

None

Description

Use the display clock config command to query the current configuration of the clock module.

Example

# Query the current configuration of the clock module.

<H3C> display clock config

Clock moduke current configuration:

work mode : AUTO

SSM participate in control: No

reference Priority SSM level Forcessm Sa-bit lpu port

1 255 LNC No 4 N/A

2 4 UNKNOWN No 5 N/A

3 255 UNKNOWN No N/A -

4 255 LNC No N/A -

5 255 UNKNOWN No N/A -

6 255 UNKNOWN No N/A -

7 255 UNKNOWN No N/A -

8 255 UNKNOWN No N/A -

9 255 UNKNOWN No N/A -

10 255 UNKNOWN No N/A -

11 255 UNKNOWN No N/A -

12 255 UNKNOWN No N/A -

13 255 UNKNOWN No N/A -

14 255 UNKNOWN No N/A -

15 255 UNKNOWN No N/A -

16 255 UNKNOWN No N/A -

17 255 UNKNOWN No N/A -

18 255 UNKNOWN No N/A -

4.3 System Status and System Information Query Commands

4.3.1 display clock

Syntax

display clock

View

Any view

Parameter

None

Description

Use the display clock command to display the system date and time information, so that you make timely changes if the system time is incorrect.

The maximum time value supported by this command is 23:59:59 9999/12/31.

Related command: clock datetime.

Example

# View the current system date and time.

<H3C> display clock

18:36:31 beijing Sat 2002/02/02

Time Zone : beijing add 01:00:00

Summer-Time : bj one-off 01:00:00 2003/01/01 01:00:00 2003/08/08 01:00:00

Table 4-1 Description of the output information of the display clock command

Field	Description
18:36:31 beijing Sat 2002/02/02	Current system time
Time Zone : beijing add 01:00:00	Configured time zone information
Summer-Time : bj one-off 01:00:00 2003/01/01 01:00:00 2003/08/08 01:00:00	Configured summer time information

4.3.2 display debugging

Syntax

display debugging [ interface interface-type interface-number ] [ module-name ]

View

Any view

Parameter

interface-type: The interface type supported by the switch. The value can be Ethernet, GigabitEthernet, AUX, Vlan-interface and so on.

interface-number: Interface number.

module-name: Module name.

Description

Use the display debugging command to display debugging switches that have been turned on.

You can execute the display debugging to view which debugging switches have been turned on. If the command is executed without any parameter, the system will display all debugging switches that have been turned on.

Related command: debugging.

Example:

# Display all debugging switches that have been turned on.

<H3C> display debugging

Multicast packet forwarding debugging switch is on

4.3.3 display fiber-module

Syntax

display fiber-module [ interface-type interface-number ]

View

Any view

Parameter

interface-type: The interface type supported by switch. the value can be Ethernet, GigabitEthernet and so on.

interface-number: Interface number.

Description

Use the display fiber-module command to display the information of the optical modules connected with all the optical interfaces in position on the current shelf, including module information, optical module type, connector type, vendor name, manufacturer part number, single mode or multi-mode, wave length, transmission distance and so on.

Use the display fiber-module [ interface-type interface-number | interface-name ] command to display optical module information of the specified port.

Example

# Display the optical module information of all optical interfaces in position on the current shelf.

<H3C> display fiber-module

Pos3/1/1:

Card info: 10G-XFP

Fiber connect: LC

VendorName: Intel Corp

PartNumber: TXN181072013X07

Mode: SingleMode

WaveLength: 1310nm

Length for 9um: 10km

Pos4/1/1:

Card info: 100BASE-SFP

Fiber connect: LC

VendorName: AGILENT

PartNumber: HFBR-5760LP

Mode: MultiMode

WaveLength: Unknown

Length for 50/125um: 0m

Length for 62.5/125um: 2000m

Warning: This Port Use Wrong Optical Module !

Pos4/1/2:

Card info: 1000BASE-SFP

Fiber connect: LC

VendorName: Hitachi Cable

PartNumber: HTR6511R

Mode: SingleMode

WaveLength: 1310nm

Length for 9um: 10km

Warning: This Port Use Wrong Optical Module !

Pos4/1/3:

Card info: 2.5G-SFP

Fiber connect: LC

VendorName: FIBERXON INC

PartNumber: FTM-3125C-L2

Mode: SingleMode

WaveLength: 1310nm

Length for 9um: 2km

Pos4/1/4:

Card info: 1000BASE-SFP

Fiber connect: LC

VendorName: AGILENT

PartNumber: HFBR-5710L

Mode: MultiMode

WaveLength: 950nm

Length for 50/125um: 550m

Length for 62.5/125um: 270m

Warning: This Port Use Wrong Optical Module !

GigabitEthernet6/1/1:

Card info: 10G-XFP

Fiber connect: LC

VendorName: JDS Uniphase

PartNumber: 64P0215

Mode: SingleMode

WaveLength: 1310nm

Length for 9um: 10km

GigabitEthernet6/1/3:

Card info: 10G-XFP

Fiber connect: LC

VendorName: JDS Uniphase

PartNumber: 64P0215

Mode: SingleMode

WaveLength: 1310nm

Length for 9um: 10km

Please refer to the following table for the information above.

Table 4-2 Description of the display fiber-module command information on display

Field	Description
Card info	Card information
Fiber connect	Fiber connector type
VendorName	Vendor name
PartNumber	Manufacturer part number
Mode	Single mode or multi-mode
WaveLength	Wave length
Length for X um: Y km/m	The transmission distance of X-um sized fiber is Y km/h
Length for A / B um: Y km/m	The transmission diatance of the fiber with an inner diameter of um and outer diameter of is B um is Y km/m.

4.3.4 display users

Syntax

display users [ all ]

View

Any view

Parameter

all: display all users connected to the switch.

Description

Use the display users command to view information about users connected to the switch.

Example

# Display the information about all the active users on the console.

<H3C> display users

UI Delay Type Ipaddress Username

+ 0 CON 0 00:00:00

130 VTY 0 00:00:05 TEL 192.168.1.253 tb

# Display the information about all the users on the console.

<H3C> display users all

UI Delay Type Ipaddress Username

+ 0 CON 0 00:00:00

129 AUX 0

+ 130 VTY 0 00:00:16 TEL 192.168.1.253 tb

131 VTY 1

132 VTY 2

133 VTY 3

134 VTY 4

Table 4-3 Description on the fields of the display users command

Field	Description
+	Information about an active user
UI	The first number is the absolute number of the UI (user interface), and the second number is the relative number of the UI.
Delay	The time elapsed after the last user input, in the format of hh:mm:ss
Type	User type, such as Telnet, SSH, PAD
Ipaddress	Initial connection location, that is, the IP address of the incoming host
Username	Name of the user who uses this UI, that is, the login username of this user. If the current terminal line is in anonymous login mode (AAA authentication is enabled on it), this field is null

4.3.5 display version

Syntax

display version

View

Any view

Parameter

Description

Use the display version command to view such information as software version, issue date and the basic hardware configurations.

Example

# Display the information about the system version.

<H3C> display version

H3C COMWARE Platform Software

COMWARE software, Version 3.10, Alpha 1323

H3C S9500 uptime is 0 week, 0 day, 0 hour, 6 minutes

SRPC 1: uptime is 0 week,0 day,0 hour,6 minutes

H3CS9500 with 1 MPC755 Processor

512M bytes SDRAM

16384K bytes Flash Memory

512K bytes NVRAM Memory

PCB Version : Ver.C

BootROM Version : 201

CPLD Version : 005

Software Version : S9500-CMW310-A1323

LSB1FT48B0 5: uptime is 0 week,0 day,0 hour,4 minutes

H3CS9500 LPU with 1 MPC8245 Processor

128M bytes SDRAM

0K bytes NVRAM Memory

PCB Version : Ver.D

BootROM Version : 103

CPLD Version : 002

Software Version : S9500-CMW310-A1323

CPUCard 1

PCB Ver : .4

CPLD Ver : 001

SubCard 1

PCB Ver : REV.0

CPLD Ver : NONE

4.4 System Debug Commands

4.4.1 debugging

Syntax

debugging { all | timeout interval | module-name [ debugging-option ] }

undo debugging { all | module-name [ debugging-option ] }

View

User view

Parameter

all: Enables or disables all the debugging.

timeout interval: Specifies the interval during which the debugging all switch is on. The value ranges from 1 to 1440, in minutes. With this configuration, all debugging take the time at which they are enabled as the start time, and take effect during the predefined time. And after that, all debuggings are disabled.

module-name: Specifies the module name.

debugging-option: Debugging option.

Description

Use the debugging command to enable the system debugging.

Use the undo debugging command to disable the system debugging.

By default, all the debugging processes are disabled.

Ethernet Switch provides various kinds of debugging functions for technical support personnel and experienced maintenance staff to troubleshoot the network.

Enabling the debugging will generate a large amount of debugging information and decrease the system efficiency. Specially, network system may collapse after all the debugging is enabled by debugging all command. So it is not suggested to use the debugging all command. It is convenient for the user to disable all the debugging with undo debugging all command.

Related command: display debugging.

Example

# Enable IP Packet debugging.

<H3C> debugging ip packet

IP packet debugging switch is on.

The above output shows that the IP packet debugging is enabled.

4.4.2 display diagnostic-information

Syntax

display diagnostic-information

View

Any view

Parameter

None

Description

Use the display diagnostic-information command to view the current configuration information about all running modules. You can use all these information to help diagnose and troubleshoot the Ethernet switch.

When the Ethernet switch does not run well, you can collect all sorts of information about the switch to locate the source of fault. However, each module has its corresponding display command, which make it difficult for you to collect all the information needed. In this case, you can use display diagnostic-information command.

Example

# Display all system configuration information.

<H3C> display diagnostic-information

This operation may take a few minutes, continue?[Y/N]y

-------------------- display version --------------------

H3C Comware Routing Platform Software

COMWARE(R) Software, Version COMWAREHZV300R001B08D018, Release 0001

COMWARE(tm) Lanswitch Platform Software Version COMWAREHZV300R001B08D018

S9500 Software Version V100R002B02D018

S9500 Product Version S9500-COMWARE310-r1266

Compiled Sep 29 2005 03:43:00, RELEASE SOFTWARE

H3C S9500 uptime is 0 week, 2 days, 5 hours, 31 minutes

This device is H3C S9505

………

4.5 Network Connection Test Commands

4.5.1 ping

Syntax

View

Any view

Parameter

-a ip-address: Specifies the source IP address to transmit ICMP ECHO-REQUEST.

-c: count Specifies how many times the ICMP ECHO-REQUEST packet will be transmitted, ranging from 1 to 4,294,967,295. The default value is five.

-d: Configures the socket to be in DEBUGGING mode.

-f: Configures the packet to be dropped instead of being fragmented when the packet length is larger than interface MTU.

-h ttl: Configures TTL value for echo requests to be sent, range from 1 to 255. The default value is 255.

-i: Configures to choose packet sent on the interface.

interface-type: Specifies the interface type.

interface-number: Specifies the interface number.

-n: Configures to take the host parameter as IP address without domain name resolution.

-p: pattern is the hexadecimal padding of ICMP echo-request, for example -p ff pads the packet completely with ff. By default, the starting padding is 0x01, crescent, and the ending padding is 0x09, and then repeat.

-q: Configures not to display any other detailed information except statistics.

-r: Record route. By default, the system does not record route.

-s packetsize: Specifies the length of ECHO-REQUEST (excluding IP and ICMP packet header) in bytes. The length of the echo-request packet defaults to 56 bytes.

-t timeout: Maximum waiting time after sending the echo-request (measured in ms). The time defaults to 2000 ms.

-tos tos: Specifies TOS value for echo requests to be sent, range from 0 to 255. The default value is 0.

-v: Displays other received ICMP packets (non echo-response). By default, no other non echo-response ICMP packets is displayed.

-vpn-instance vpn-instance-nam: VPN instance name.

host: Destination host domain name or IP address of the destination host.

ip: Chooses IP ICMP packet.

Description

Use the ping command to check the IP network connection and the reachability of the host.

The ping command sends ICMP ECHO-REQUEST message to the destination. If the network to the destination works well, then the destination host will send ICMP ECHO-REPLY to the source host after receiving ICMP ECHO-REQUEST.

Perform ping command to troubleshoot the network connection and line quality. The output information includes:

l Responses to each of the ECHO-REQUEST messages. If the response message is not received until timeout, output "Request time out". Or display response message bytes, packet sequence number, TTL and response time.

l The final statistics, including number of sent packets, number of response packets received, percentage of non-response packets and minimal/maximum/average value of response time.

If the network transmission rate is too low, you can increase the response message timeout.

Related command: tracert.

Example

# Check whether the host 202.38.160.244 is reachable.

<H3C> ping 202.38.160.244

ping 202.38.160.244 : 56 data bytes

Reply from 202.38.160.244 : bytes=56 sequence=1 ttl=255 time = 1ms

Reply from 202.38.160.244 : bytes=56 sequence=2 ttl=255 time = 2ms

Reply from 202.38.160.244 : bytes=56 sequence=3 ttl=255 time = 1ms

Reply from 202.38.160.244 : bytes=56 sequence=4 ttl=255 time = 3ms

Reply from 202.38.160.244 : bytes=56 sequence=5 ttl=255 time = 2ms

--202.38.160.244 ping statistics--

5 packets transmitted

5 packets received

0% packet loss

round-trip min/avg/max = 1/2/3 ms

4.5.2 tracert

Syntax

View

Any view

Parameter

-a source-IP: Configures the source IP address used by tracert command;

-f: Configures to verify the -f switch, first-TTL specifies an initial TTL, ranging from 0 to the maximum TTL.first-TTL defaults to 1;

-m: Configures to verify the -m switch, max-TTL specifies a maximum TTL larger than the initial TTL. max-TTL defaults to 30;

-p: Configures to verify the -p switch, port is an integer host port number. Generally, user need not modify this option. port defaults to 33434;

-q: Configures to verify the -q switch, nqueries is an integer specifying the number of query packets sent, larger than 0. num-packet defaults to 3;

-vpn-instance vpn-instance-name: VPN instance name;

-w: Configures to verify the -wf switch, timeout is an integer specifying IP packet timeout in seconds, larger than 0.timeout defaults to 5s;

string: IP address of the destination host or the hostname of the remote system.

Description

Use the command to Using tracert command, you can check the reachability of network connection and troubleshoot the network. User can test gateways passed by the packets transmitted from the host to the destination.

By default, when the parameters are not specified,

The tracert command sends a packet with TTL 1, and the first hop will send an ICMP error message back to indicate this packet cannot be transmitted (because of TTL timeout). Then this packet will be sent again with TTL 2, and the second hop will indicate a TTL timeout error. Perform this operation repeatedly till reaching the destination. These processes are operated to record the source address of each ICMP TTL timeout so as to provide a path to the destination for an IP packet.

After ping command finds some error on the network, perform tracert to locate the error.

The output of tracert command includes IP address of all the gateways to the destination. If a certain gateway times out, output "***".

Example

# Test the gateways passed by the packets to the destination host at 18.26.0.115.

<H3C> tracert 18.26.0.115

tracert to allspice.lcs.mit.edu (18.26.0.115), 30 hops max

1 helios.ee.lbl.gov (128.3.112.1) 0 ms 0 ms 0 ms

2 lilac-dmc.Berkeley.EDU (128.32.216.1) 19 ms 19 ms 19 ms

3 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 19 ms 19 ms

4 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 19 ms 39 ms 39 ms

5 ccn-nerif22.Berkeley.EDU (128.32.168.22) 20 ms 39 ms 39 ms

6 128.32.197.4 (128.32.197.4) 59 ms 119 ms 39 ms

7 131.119.2.5 (131.119.2.5) 59 ms 59 ms 39 ms

8 129.140.70.13 (129.140.70.13) 80 ms 79 ms 99 ms

9 129.140.71.6 (129.140.71.6) 139 ms 139 ms 159 ms

10 129.140.81.7 (129.140.81.7) 199 ms 180 ms 300 ms

11 129.140.72.17 (129.140.72.17) 300 ms 239 ms 239 ms

12 * * *

13 128.121.54.72 (128.121.54.72) 259 ms 499 ms 279 ms

14 * * *

15 * * *

16 * * *

17 * * *

18 ALLSPICE.LCS.MIT.EDU (18.26.0.115) 339 ms 279 ms 279 ms

4.6 Log Commands

4.6.1 display channel

Syntax

display channel [ channel-number | channel-name ]

View

Any view

Parameter

channel-number: Channel number, ranging from 0 to 9, that is, the system has ten channels.

channel-name: Specifies the channel name. the name can be channel7, channel8, channel9, console, logbuffer, loghost, monitor, snmpagent, trapbuffer, logfile.

Description

Use the display channel command to view the details about the information channel.

Without parameter, display channel command shows the configurations of all the channels.

Example

# Show details about the information channel 0.

<H3C> display channel 0

channel number:0, channel name:console

MODU_ID NAME ENABLE LOG LEVEL ENABLE TRAP LEVEL ENABLE DEBUGGING LEVEL

0xffff0000 default Y warning Y debugging Y debugging

4.6.2 display info-center

Syntax

display info-center

View

Any view

Parameter

None

Description

Use the display info-center command to view the configuration of system log and the information recorded in the memory buffer.

If the information in the current log/trap buffer is less than the size of buffer, display the actual log/trap information.

Related command: info-center enable,info-center loghost,info-center logbuffer,info-center console channel,info-center monitor channel.

Example

# Show the system log information.

<H3C> display info-center

Information Center:enabled

Log host:

Console:

channel number:0, channel name:console

Monitor:

channel number:1, channel name:monitor

SNMP Agent:

channel number:5, channel name:snmpagent

Log buffer:

enabled, max buffer size:1024, current buffer size:256

current messages:6, channel number:4, channel name:logbuffer

dropped messages:0, overwrote messages:0

Trap buffer:

enabled, max buffer size:1024, current buffer size:256

current messages:0, channel number:3, channel name:trapbuffer

dropped messages:0, overwrote messages:0

Log file :

enabled,max file buffer size 32KB, current file buffer size 7KB,

channel number : 6, channel name : logfile

max log file number : 5, max length of each log file : 2MB

log file directory : cf:/logfile

Information timestamp setting:

log - date, trap - date, debug - boot

Table 4-4 Description on the fields of the display info-center command

Field	Description
Information Center:	The status of the information center
Log host:	The status of the log host, including its IP address, occupied channel number, channel name, language and the priority level of the log host.
Console:	The status of the console port, including the occupied channel name and channel number.
Monitor:	The status of the monitoring port, including the occupied channel number and channel name.
SNMP Agent:	The status of the SNMP agent, including the occupied channel number and channel name.
Log buffer:	The status of the log buffer, including enable status, maximum size, current size, number of current messages, channel name, channel number, number of dropped messages, number of the overwritten messages.
Trap buffer:	The status of the trap buffer, including enable status, maximum size, current size, number of current messages, channel name, channel number, number of dropped messages, number of the overwritten messages.
Log file	The status of the log file, including enable status, maximum file buffer size, channel number, channel name, maximum number of log files, maximum size of the log file, storage path of log files.
Information timestamp setting:	Information timestamp settings, including the timestamp type of log messages, trap messages and debugging messages.

4.6.3 display logbuffer

Syntax

View

Any view

Parameter

level: level.

levelnum: Information level value, ranging from 1 to 8.

emergencies, alerts, critical, debugging, errors, informational, notifications, warnings are the names of the eight log severity levels. You can type the values or names of the desired severity levels, which are equivalent, in commands. Table 4-5 gives the details.

Table 4-5 Severity levels defined in the information center

Severity	Value	Description
emergencies	1	Emergent errors
alerts	2	Errors you must correct immediately
critical	3	Critical errors
errors	4	Errors requiring your attention but not critical
warnings	5	Warning, an error may occur
notifications	6	Information requiring your attention
informational	7	General prompt information
debugging	8	Debugging information

size: Configures the size of buffer.

sizenum: Size of buffer (number of messages which can be kept); ranging from 1 to 1024. By default, the size of the buffer is 256.

|: Filters the configuration information to be output by regular expression.

begin: Begins with the line that matches the regular expression.

exclude: Excludes lines that match the regular expression.

include: Includes lines that match the regular expression.

text: Defines the regular expression.

Table 4-6 Special characters in the regular expression

Special characters

Description

Restriction

Underscore, similar to a wildcard and can stand for these characters:

(^|$|[,(){} ])

A space, the beginning of the input string, the end of the input string

If the first character in the regular expression is not a underscore, then there is no restriction on the number of the underscore (but it is restricted by the command length)

If the first character in the regular expression is an underscore, then there should be less than five consecutive underscores.

If the underscores in a command are discrete, on the first group of underscores are filtered for the output information, but not the subsequent underscores.

(

Left parenthesis, push flag in program

It is recommended not to use this character in the regular expression.

Description

Use the display logbuffer command to view the attribute of logbuffer and the information recorded in logbuffer.

Example

# Show the system logbuffer attribute and the log information in logbuffer.

<H3C> display logbuffer

Logging buffer configuration and contents:enabled

Allowed max buffer size : 1024

Actual buffer size : 512

Channel number : 4 , Channel name : logbuffer

Dropped messages : 0

Overwritten messages : 0

Current messages : 91

4.6.4 display logbuffer summary

Syntax

display logbuffer summary [ level severity ]

View

Any view

Parameter

level: Information level.

severity: Information level, do not output information below this level. Information at different levels is as the following table:

Table 4-7 Severity levels defined in the information center

Severity	Value	Description
emergencies	1	Emergent errors
alerts	2	Errors you must correct immediately
critical	3	Critical errors
errors	4	Errors requiring your attention but not critical
warnings	5	Warning, an error may occur
notifications	6	Information requiring your attention
informational	7	General prompt information
debugging	8	Debugging information

Description

Use the display logbuffer summary command to view the summary information recorded in logbuffer.

Related command: info-center enable,info-center loghost,info-center logbuffer,info-center console channel,info-center monitor channel.

Example

# Show the summary information recorded in logbuffer.

<H3C> display logbuffer summary

EMERG ALERT CRIT ERROR WARN NOTIF INFO DEBUG

0 0 0 0 94 0 1 0

4.6.5 display trapbuffer

Syntax

View

Any view

Parameter

size: Configures the size of buffer.

summary: Number of statistical logs.

sizenum: Size of buffer (number of messages which can be kept), ranging from 1 to 1024. By default, the size of the buffer is 256.

level: level.

levelnum: Information level value, ranging from 1 to 8.

Description

Use the display trapbuffer command to view the attribute of trapbuffer and the information recorded in trapbuffer.

Example

# Show the system trapbuffer attribute and the log information in trapbuffer.

<H3C> display trapbuffer

Trapping Buffer Configuration and contents:

enabled

allowed max buffer size : 1024

actual buffer size : 256

channel number : 3 , channel name : trapbuffer

dropped messages : 0

overwrote messages : 0

current messages : 6

#Dec 31 14:01:25 2004 H3C DEV/2/LOAD FINISHED:

Trap 1.3.6.1.4.1.2011.2.23.1.12.1.20: frameIndex is 0, slotIndex 0.4

#Dec 31 14:01:33 2004 H3C DEV/2/BOARD STATE CHANGE TO NORMAL:

Trap 1.3.6.1.4.1.2011.2.23.1.12.1.11: frameIndex is 0, slotIndex 0.2

#Dec 31 14:01:40 2004 H3C DEV/2/BOARD STATE CHANGE TO NORMAL:

Trap 1.3.6.1.4.1.2011.2.23.1.12.1.11: frameIndex is 0, slotIndex 0.

4.6.6 info-center channel name

Syntax

info-center channel channel-number name channel-name

undo info-center channel channel-number

View

System view

Parameter

channel-number: Channel number, ranging from 0 to 9, that is, system has ten channels.

channel-name: Specifies the channel name with a character string not exceeding 30 characters, excluding digit, "-", "/" or "\". .

Description

Use the info-center channel name command to rename a channel specified by the channel-number as channel-name.

Use the undo info-center channel command to restore the channel name.

The system assigns a channel in each output direction by default. See the table below.

Table 4-8 Numbers and names of the channels for log output

Output direction	Channel number	Default channel name
Console	0	console
Monitor	1	monitor
Info-center loghost	2	loghost
Trap buffer	3	trapbuf
Logging buffer	4	logbuf
snmp	5	snmpagent
Log file	6	Logfile

Note that the channel name cannot be duplicated.

Example

# Rename the channel 0 as execconsole.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] info-center channel 0 name execconsole

4.6.7 info-center console channel

Syntax

info-center console channel { channel-number | channel-name }

undo info-center console channel

View

System view

Parameter

channel-number: Channel number, ranging from 0 to 9, that is, system has ten channels.

channel-name: Specifies the channel name. The name can be channel7, channel8, channel9, console, logbuffer, loghost, monitor, snmpagent, trapbuffer, logfile.

Description

Use the info-center console channel command to configure the channel through which the log information is output to the console.

By default, Ethernet switches do not output log information to the console.

This command takes effect only after system logging is started.

Related command: info-center enable, display info-center.

Example

# Configure to output log information to the console through channel 0.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] info-center console channel 0

4.6.8 info-center enable

Syntax

info-center enable

undo info-center enable

View

System view

Parameter

None

Description

Use the info-center enable command to enable the system log function.

Use the undo info-center enable command to disable system log function.

By default, system log function is enabled.

Only after the system log function is enabled can the system output the log information to the info-center loghost and console, and so on.

Related command: info-center loghost, info-center logbuffer, info-center console channel, info-center monitor channel, display info-center.

Example

# Enable the system log function.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] info-center enable

4.6.9 info-center logbuffer

Syntax

info-center logbuffer [ channel { channel-number | channel-name } | size buffersize ]*

undo info-center logbuffer [ channel | size ]

View

System view

Parameter

channel: Configures the channel to output information to buffer.

channel-number: Channel number, ranging from 0 to 9, that is, system has ten channels.

channel-name: Specifies the channel name. The name can be channel7, channel8, channel9, console, logbuffer, loghost, monitor, snmpagent, trapbuffer, logfile.

size: Configures the size of buffer.

buffersize: Size of buffer (number of messages which can be kept).

Description

Use the info-center logbuffer command to configure to output information to the memory buffer.

Use the undo info-center logbuffer command to cancel the information output to buffer.

By default, the switch outputs information to the memory buffer whose size is 512.

This command takes effect only after the system logging is enabled.

Related command: info-center enable, display info-center.

Example

# Send log information to buffer and sets the size of buffer as 50.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] info-center logbuffer size 50

4.6.10 info-center logfile

Syntax

info-center logfile

undo info-center logfile

View

System view

Parameter

None

Description

Use the info-center logfile command to configure to output information to the logfile.

Use the undo info-center logfile command to cancel the information output to logfile.

This command takes effect only after the system logging is enabled.

Related command: info-center enable, display info-center.

Example

# Send log information to logfile.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] info-center logfile

4.6.11 info-center loghost

Syntax

info-center loghost host-ip-addr [ channel { channel-number | channel-name } | facility local-number | language { chinese | english } ]*

undo info-center loghost host-ip-addr

View

System view

Parameter

host-ip-addr: IP address of info-center loghost.

channel: Configures information channel of the info-center loghost.

channel-number: Channel number, ranging from 0 to 9, that is, system has ten channels.

channel-name: Specifies the channel name. The name can be channel7, channel8, channel9, console, logbuffer, loghost, monitor, snmpagent, trapbuffer, logfile.

facility: Configures the recording tool of info-center loghost.

local-number: Record tool of info-center loghost, ranging from local0 to local7.

language: Sets the logging language.

chinese,english: Language used in log file.

Description

Use the info-center loghost command to configure the system to output information to the log host.

Use the undo info-center loghost command to cancel output to info-center loghost.

By default, Ethernet switches do not output information to info-center loghost.

This command takes effect only after the system logging is enabled.

& Note:

You must input the correct IP address when configuring the IP address for the log host by using the info-center loghost command. If you input a loopback address, you are prompted for invalid address.

Related command: info-center enable, display info-center.

Example

# Configure to send log information to the UNIX workstation at 202.38.160.1.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] info-center loghost 202.38.160.1

4.6.12 info-center loghost source

Syntax

info-center loghost source interface-type interface-number

undo info-center loghost source

View

System view

Parameter

interface-type interface-number: Layer 3 interface on the switch.

Description

Use the command to Using info-center loghost source command, you can set source address of the packets sent to loghost as the address of the interface specified by the interface-name.

Use the command to Using undo info-center loghost source command, you can cancel the setting source address of the packets sent to loghost.

Related command: info-center enable, display info-center.

Example

# Set source address of the packets sent to loghost as the address of the VLAN interface 1.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] info-center loghost source vlan-interface 1

4.6.13 info-center monitor channel

Syntax

info-center monitor channel { channel-number | channel-name }

undo info-center monitor channel

View

System view

Parameter

channel-number: Channel number, ranging from 0 to 9, that is, the system has ten channels.

channel-name: Specifies the channel name. The name can be channel7, channel8, channel9, console, logbuffer, loghost, monitor, snmpagent, trapbuffer, logfile.

Description

Use the info-center monitor channel command to configure the channel to output the log information to the user terminal.

Use the undo info-center monitor channel command to restore the channel to output the log information to the user terminal to default value.

By default, Ethernet switches do not output log information to user terminal.

This command takes effect only after system logging is started.

Related command: info-center enable, display info-center.

Example

# Configure channel 0 to output log information to user terminal.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] info-center monitor channel 0

4.6.14 info-center snmp channel

Syntax

info-center snmp channel { channel-number | channel-name }

undo info-center snmp channel

View

System view

Parameter

channel-number: Channel number, ranging from 0 to 9, that is, the system has ten channels. By default, channel 5 is used.

channel-name: Specifies the channel name. The name can be channel7, channel8, channel9, console, logbuffer, loghost, monitor, snmpagent, trapbuffer, logfile.

Description

Use the info-center snmp channel command to configure new channel for transmitting the SNMP information.

Use the undo info-center snmp channel command to restore the default channel for transmitting the SNMP information.

The default channel for transmitting the SNMP information is channel 5.

Related command: display snmp.

Example

# Configure channel 6 as the SNMP information channel.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] info-center snmp channel 6

4.6.15 info-center source

Syntax

info-center source { modu-name | default } channel { channel-number | channel-name } [ debug { level severity | state state }* | log { level severity | state state }* | trap { level severity | state state }* ]*

undo info-center source { modu-name | default | all } channel { channel-number | channel-name }

View

System view

Parameter

modu-name: Module name.

Table 4-9 gives the details.

Table 4-9 The module name field

Module name	Description
8021X	802.1X module
ACL	ACL (access control list) module
ADBM	MAC address management module
ARP	ARP (address resolution protocol) module
BGP	BGP (border gateway protocol) module
CFM	Configuration file management module
CMD	Command module
default	Default setting of all modules
DEV	Device management module
DHCP	Dynamic host configuration protocol module
DIAGCLI	Diagnosis module
DNS	Domain name server module
DRVMPLS	MPLS (multiprotocol label switching) drive module
DRV_L2	Layer 2 drive module
DRV_L3	Layer 3 drive module
DRV_L3MC	Layer 3 multicast module
MPLS	MPLS (multiprotocol label switching) drive module
DRVPOS	POS drive module
DRVQACL	QACL drive module
DRVVPLS	VPLS (virtual private LAN service) drive module
ETH	Ethernet module
FTPS	FTP server module
HA	High availability module
HABP	HABP (Huawei authentication bypass protocol) module
HGMPS	HGMPS (Huawei group management protocol service) module
HWCM	Huawei configuration management MIB module
IFNET	Interface management module
IGSP	IGMP snooping module
IP	IP (internet protocol) module
ISIS	IS-IS (intermediate system-to-intermediate system intradomain routing protocol) module
L2INF	L2 interface management module
L2V	L2 VPN module
LACL	LAN switch ACL module
LDP	LDP (label distribution protocol) module
LINKAGG	LINKAGG module
LQOS	LAN switch QoS module
LS	Local server module
LSPAGENT	LSP (label switched path) agent module
LSPM	LSPM (label switch path management) module
MIX	Dual system management module
MMC	MMC module
MODEM	Modem module
MPLSFW	MPLS forward module
MPM	Multicast port management module
MSDP	MSDP (multicast source discovery protocol) module
MSTP	MSTP (multiple spanning tree protocol) module
NAT	NAT (network address translation) module
NTP	NTP (network time protocol) module
OSPF	OSPF (open shortest path first) module
PHY	Physical sublayer & physical layer module
POS_SNMP	POS SNMP (simple network management protocol) module
PPP	PPP (point to point protocol) module
PSSINIT	PSSINIT module
RDS	RADIUS module
RM	Routing management module
RMON	Remote monitor module
RPR	Resilent packet ring module
RSA	RSA (Revest, Shamir and Adleman) encryption module
RTPRO	Routing protocol module
SHELL	User interface module
SNMP	SNMP (simple network management protocol) module
SOCKET	Socket module
SSH	Secure Shell module
SYSM	System manage veneer module
SYSMIB	System MIB module
TELNET	Telnet module
VFS	VFS (virtual file system) module
VLAN	VLAN (virtual local area network) module
VRRP	VRRP (virtual router redundancy protocol) module
VTY	VTY (virtual type terminal) module

default: All the modules.

log: Log information.

trap: Trap information.

all: Clears all the information filtering configuration on the channelnum channel except the default one.

debugging: Debugging information.

level: Level.

severity: Information level, do not output information below this level.

Table 4-10 gives detailed severity information:

Table 4-10 Severity levels defined in the information center

Severity	Value	Description
emergencies	1	Emergent errors
alerts	2	Errors you must correct immediately
critical	3	Critical errors
errors	4	Errors requiring your attention but not critical
warnings	5	Warning, an error may occur
notifications	6	Information requiring your attention
informational	7	General prompt information
debugging	8	Debugging information

By default, the information level of each channel is as follows:

Table 4-11 Default information level of each channel

channel	Log information level	Trap information level	Debugging information level
Console	warning	debugging	debugging
Terminal	warning	debugging	debugging
Log host	informational	debugging	debugging
Trapbuffer	informational	warning	debugging
Logbuffer	warning	debugging	debugging
SNMPagent	debugging	warning	debugging
Logfile	warning	debugging	debugging
Channel7	debugging	debugging	debugging
Channel8	debugging	debugging	debugging
Channel9	debugging	debugging	debugging

By default, the information switch state of each channel is shown in Table 4-12:

Table 4-12 Default information switch state of each channel

Channel	Log information switch	Trap information switch	Debug information switch
Console	Enable	Disable	Enable
Terminal	Enable	Disable	Enable
Log host	Enable	Enable	Disable
Trapbuffer	Disable	Enable	Disable
Logbuffer	Enable	Disable	Disable
SNMPagent	Disable	Enable	Disable
Logfile	Enable	Disable	Disable
Channel7	Enable	Enable	Disable
Channel8	Enable	Enable	Disable
Channel9	Enable	Enable	Disable

& Note:

If you only specify the level for one/two of the three types of information, the level(s) of the unspecified two/one return(s) to the default. For example, if you only define the level of the log information, then the levels of the trap and debugging information return to the defaults.

channel-number: Channel number to be set.

channel-name: Channel name to be set. The name can be channel7, channel8, channel9, console, logbuffer, loghost, monitor, snmpagent, trapbuffer, logfile.

state: Sets the state of the information.

state: Specifies the state as on or off.

Description

Use the info-center source command to add/delete a record to the information channel.

Use the undo info-center source command to cancel the contents of the information channel.

Use this command to configure the information of log/trap/debugging type. For example, for the filter of IP module log output, you can configure to output the logs at a level higher than warnings to the log host and output those higher than informational to the log buffer. You can also configure to output the trap information on the IP module to a specified trap host, and so on.

The channels for filtering in all the directions are specified by this configuration command. All the information will be sent to the corresponding directions through the specified channels. You can configure the channels in the output direction, channel filter information, filtering and redirecting of all kinds of information.

At present, the system distributes an information channel in each output direction by default, shown as follows:

Table 4-13 Default information channel in each output direction

Output direction	Information channel name
Console	console
Monitor	monitor
Info-center loghost	loghost
Log buffer	logbuffer
Trap buffer	trapbuffer
snmp	snmpagent
Log file	logfile

In addition, each information channel has a default record with the module name “default” and module number as 0xffff0000. However, for different information channel, the default log, trap and debugging settings in the records may be different with one another. Use default configuration record if a module does not have any specific configuration record in the channel.

Example

# Configure to enable the log information of VLAN module in SNMP channel and allows the output of the information with a level higher than emergencies.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] info-center source vlan channel snmp log level emergencies

4.6.16 info-center timestamp

Syntax

info-center timestamp { log | trap | debugging } { boot | date | none }

undo info-center timestamp { log | trap | debugging }

View

System view

Parameter

log: Log information.

trap: Trap information.

debugging: Debugging information.

boot: Time elapsing after system starts. Format: xxxxxx.yyyyyy, xxxxxx is the high 32 bits of the elapsed time (in milliseconds) after system starts, and yyyyyy is the low 32 bits.

date: Current system date and time. It shows as yyyy/mm/dd-hh:mm:ss in Chinese environment and mm dd hh:mm:ss yyyy in Western language environment.

none: No timestamp format.

Description

Use the info-center timestamp command to configure the timestamp output format in debugging/trap information.

Use the undo info-center timestamp command to disable the output of timestamp field.

By default, date stamp is used.

Example

# Configure the debugging information timestamp format as boot.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] info-center timestamp debugging boot

4.6.17 info-center trapbuffer

Syntax

info-center trapbuffer [ size buffersize | channel { channel-number | channel-name } ]*

undo info-center trapbuffer [ channel | size ]

View

System view

Parameter

size: Configures the size of the trap buffer.

buffersize: Size of trap buffer (numbers of messages).

channel: Configures the channel to output information to trap buffer.

channel-number: Channel number, ranging from 0 to 9, that is, the system has ten channels.

channel-name: Specifies the channel name.

Description

Use the info-center trapbuffer command to output information to the trap buffer.

Use the undo info-center trapbuffer command to cancel output information to trap buffer.

By default, output information is transmitted to trap buffer and size of trap buffer is 256.

This command takes effect only after the system logging is enabled.

The information can be output to the trap buffer by configuring the size of the buffer.

Related command: info-center enable, display info-center.

Example

# Send information to the trap buffer and sets the size of buffer as 30.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] info-center trapbuffer size 30

4.6.18 reset logbuffer

Syntax

reset logbuffer

View

User view

Parameter

None

Description

Use the reset logbuffer command to reset information in log buffer.

Example

# Clear information in log buffer.

<H3C> reset logbuffer

4.6.19 reset trapbuffer

Syntax

reset trapbuffer

View

User view

Parameter

None

Description

Use the reset trapbuffer command to reset information in trap buffer.

Example

# Clear information in trap buffer.

<H3C> reset trapbuffer

4.6.20 terminal debugging

Syntax

terminal debugging

undo terminal debugging

View

User view

Parameter

None

Description

Use the terminal debugging command to configure to display the debugging information on the terminal.

Use the undo terminal debugging command to configure not to display the debugging information on the terminal.

By default, the displaying function is disabled.

Related command: debugging.

Example

# Enable the terminal display debugging.

<H3C> terminal debugging

4.6.21 terminal logging

Syntax

terminal logging

undo terminal logging

View

User view

Parameter

None

Description

Use the terminal logging command to enable terminal log information display.

Use the undo terminal logging command to disable terminal log information display.

By default, the log information display is enabled on the console and disabled on the terminal.

Example

# Disable the terminal log display.

<H3C> undo terminal logging

4.6.22 terminal monitor

Syntax

terminal monitor

undo terminal monitor

View

User view

Parameter

None

Description

Use the terminal monitor command to enable the log debugging/log/trap on the terminal monitor.

Use the undo terminal monitor command to disable these functions.

By default, enable these functions for the console user and disable them for the terminal user.

This command only takes effect on the current terminal where the commands are input. The debugging/log/trap information can be output to the current terminal, beginning in user view. When the terminal monitor is shut down, no debugging/log/trap information will be displayed in local terminal, which is equals to having performed undo terminal debugging, undo terminal logging, undo terminal trapping commands. When the terminal monitor is enabled, you can use terminal debugging / undo terminal debugging, terminal logging / terminal logging and terminal trapping / undo terminal trapping respectively to enable or disable the corresponding functions.

Example

# Disable the terminal monitor.

<H3C> undo terminal monitor

4.6.23 terminal trapping

Syntax

terminal trapping

undo terminal trapping

View

User view

Parameter

None

Description

Use the terminal trapping command to enable terminal trap information display.

Use the undo terminal trapping command to disable this function.

By default, this function is enabled.

Example

# Enable trap information display.

<H3C> terminal trapping

Chapter 5 SNMP Configuration Commands

5.1 SNMP Configuration Commands

5.1.1 display snmp-agent

Syntax

display snmp-agent { local-engineid | remote-engineid }

View

Any view

Parameter

local-engineid: Local engine ID.

remote-engineid: Remote engine ID.

Description

Use the display snmp-agent { local-engineid | remote-engineid } command to view engine ID of current device.

SNMP engine is the core of SNMP entity. It performs the function of sending, receiving and authenticating SNMP message, extracting PDU, packet encapsulation and the communication with SNMP application, and so on.

Example

# Display the engine ID of current device.

<H3C> display snmp-agent local-engineid

SNMP local EngineID: 800007DB00E0FC0000FF6877

The above displayed information ”SNMP local engine ID” represents local SNMP engine ID.

5.1.2 display snmp-agent community

Syntax

display snmp-agent community [ read | write ]

View

Any view

Parameter

read: Displays read-only community information.

write: Displays read-write community information.

Description

Use the display snmp-agent community command to view the currently configured community names.

Example

# Display the currently configured community names.

<H3C> display snmp-agent community

Community name:public

Group name:public

Storage-type: nonVolatile

Community name:private

Group name:private

Storage-type: nonVolatile

Table 5-1 Description on the fields of the display snmp-agent community command

Field	Description
community name	Community name
Group name	Group name
storage-type	Storage mode

5.1.3 display snmp-agent group

Syntax

display snmp-agent group [ group-name ]

View

Any view

Parameter

groupname: Group name.

Description

Use the display snmp-agent group command to view group name, security mode, state of various views and storage modes.

Example

# Display SNMP group name and safe mode.

<H3C> display snmp-agent group

Group name: test

Security model: v2c noAuthnoPriv

Readview: ViewDefault

Writeview: <no specified>

Notifyview :<no specified>

Storage-type: nonVolatile

The following table describes the output fields.

Table 5-2 Description on the fields of the display snmp-agent group command

Field	Description
groupname	SNMP Group name
Security model	The security mode adopted by SNMP
readview	Read-only MIB view name corresponding to that group
writeview	Writable MIB view corresponding to that group
notifyview	The name of the notify MIB view corresponding to that group
storage-type	Storage mode

5.1.4 display snmp-agent mib-view

Syntax

display snmp-agent mib-view [ exclude | include | { viewname mib-view } ]

View

Any view

Parameter

exclude: Displays the SNMP MIB view excluded.

Include: Displays the SNMP MIB view included.

viewname: Displays the SNMP MIB view according to the mib view name.

mib-view: Specifies the MIB view name.

Description

Use the display snmp-agent mib-view command to view the MIB view configuration information of the Ethernet switch.

Example

# Display the information about the currently configured MIB view.

<H3C> display snmp-agent mib-view

View name:ViewDefault

MIB Subtree:internet

Subtree mask:

Storage-type: nonVolatile

View Type:included

View status:active

View name:ViewDefault

MIB Subtree:snmpUsmMIB

Subtree mask:

Storage-type: nonVolatile

View Type:excluded

View status:active

View name:ViewDefault

MIB Subtree:snmpVacmMIB

Subtree mask:

Storage-type: nonVolatile

View Type:excluded

View status:active

The following table describes the output fields.

Table 5-3 Description on the fields of the display snmp-agent mib-view command

Field	Description
View name	View name
MIB Subtree	MIB subtree
Subtree mask	Subtree mask
storage-type	Storage type
View Type	Permit or forbid access to an MIB object
View status	Indicate the line state in the table

Caution:

If the SNMP Agent is disabled, "Snmp Agent disabled" will be displayed after you execute the above display commands.

5.1.5 display snmp-agent statistics

Syntax

display snmp-agent statistics

View

Any view

Parameter

None

Description

Use the display snmp-agent statistics command to view current state of SNMP communication.

This command provides a counter for SNMP operations.

Example

# Display the current state of SNMP communication.

<H3C> display snmp-agent statistics

0 Messages delivered to the SNMP entity

0 Messages which were for an unsupported version

0 Messages which used a SNMP community name not known

0 Messages which represented an illegal operation for the community supplied

0 ASN.1 or BER errors in the process of decoding

9 Messages passed from the SNMP entity

0 SNMP PDUs which had badValue error-status

0 SNMP PDUs which had genErr error-status

0 SNMP PDUs which had noSuchName error-status

0 SNMP PDUs which had tooBig error-status (Maximum packet size 2000)

9 MIB objects retrieved successfully

0 MIB objects altered successfully

0 GetRequest-PDU accepted and processed

9 GetNextRequest-PDU accepted and processed

0 GetBulkRequest-PDU accepted and processed

9 GetResponse-PDU accepted and processed

0 SetRequest-PDU accepted and processed

0 Trap PDUs accepted and processed

0 Alternate Response Class PDUs droped silently

0 Forwarded Confirmed Class PDUs droped silently

The following table describes the output fields.

Table 5-4 Description on the fields of the display snmp-agent statistics command

Field	Description
9 Get-next PDUs accepted and processed	Total number of the input SNMP packets
0 GetBulkRequest-PDU accepted and processed	Number of packets with version information error
0 GetResponse PDUs accepted and processed	Number of packets with community name error
0 Set-request PDU accepted and processed	Number of packets with authority error corresponding to the community name
0 Trap PDUs accepted and processed	Number of SNMP packets with encoding error
0 Alternate Response Class PDUs droped silently	Number of SNMP data packets output
0 Forwarded Confirmed Class PDUs droped silently	Number of SNMP packets with erroneous values
9 Get-next PDUs accepted and processed	Number of SNMP packets with general error
0 GetBulkRequest-PDU accepted and processed	Number or packets request for nonexistent MIB objects
0 GetResponse PDUs accepted and processed	Number of too long SNMP packets
0 Set-request PDU accepted and processed	Number of variables requested by NMS
0 Trap PDUs accepted and processed	Number of variables sent by NMS
0 Alternate Response Class PDUs droped silently	Number of the received packets requested by get
0 Forwarded Confirmed Class PDUs droped silently	Number of the received packets requested by get-next
9 Get-next PDUs accepted and processed	Number of the received packets requested by getBulk
0 GetBulkRequest-PDU accepted and processed	Number of the response packets sent
0 GetResponse PDUs accepted and processed	Number of the Trap packets sent
0 Set-request PDU accepted and processed	Number of the response packets dropped
0 Trap PDUs accepted and processed	Number of the Trap packets dropped

5.1.6 display snmp-agent sys-info

Syntax

display snmp-agent sys-info [ contact | location | version ]*

View

Any view

Parameter

None

Description

Use the display snmp-agent sys-info command to view the character string sysContact (system contact), character string describing the system location and the version information about the running SMNMP in the system.

Example

# Display the character string sysContact.

<H3C> display snmp-agent sys-info contact

The contact person for this managed node:

Hangzhou H3C Technologies Co.,Ltd.

The above information represents that the contact person for this machine is Hangzhou H3C Technologies Co.,Ltd.

# Display the character string describing the system location.

<H3C> display snmp-agent sys-info location

The physical location of this node:

Hangzhou ,China

The above information represents that the physical location of this machine is: Hangzhou ,China.

# Display the version information of running SNMP

<H3C> display snmp-agent sys-info version

SNMP version running in the system:

SNMPv3

The above information represents that the SNMP version running in the system is: SNMPv3.

5.1.7 display snmp-agent usm-user

Syntax

display snmp-agent usm-user [ engineid engineid | group groupname | username username ]*

View

Any view

Parameter

engineid: Displays user information with specified engine ID.

username: Displays user information with specified user name.

groupname: Displays user information of specified group.

Description

Use the display snmp-agent usm-user command to view information of all the SNMP usernames in the group username list.

SNMP user is the remote user executing SNMP administrative operation. You can use the snmp-agent usm-user command to specify the SNMP user.

Example

# Display the information of all the current users.

<H3C> display snmp-agent usm-user

User name: NotifyV3

Group name: NotifyGroup

Authencation Mode: sha

Privacy Mode: des

Engine ID: 800007DB00E0FC2085026877 active

User name: publicV3

Group name: groupV3

Authencation Mode: no

Privacy Mode: no

Engine ID: 800007DB00E0FC2085026877 active

Acl:2000

The following table describes the output fields.

Table 5-5 Description on the fields of the display snmp-agent usm-user command

Field	Description
User name	Character string identifying the SNMP user
Group name	Character string identifying the group the user belongs to
Authencation Mode	Authentication code
Privacy Mode	Personal code
Engine ID	Character string identifying the SNMP device
Acl	Character string identifying the access control list

5.1.8 enable snmp trap

Syntax

enable snmp trap updown

undo enable snmp trap updown

View

Ethernet port view / VLAN interface view

Parameter

None

Description

Use the enable snmp trap updown command to enable current port or VLAN interface to transmit the LINK UP and LINK DOWN trap messages.

Use the undo enable snmp trap updown command to disable current port or VLAN interface to transmit the LINK UP and LINK DOWN trap messages.

The enable snmp trap command should be used in cooperation with the snmp-agent trap enable and the snmp-agent target-host commands. The snmp-agent target-host command is used to specify which hosts can receive the trap messages. To enable the transmitting of trap messages, you must execute the snmp-agent target-host command at least once.

Example

# Enable current port Ethernet6/1/1 to transmit the LINK UP and LINK DOWN trap information with the community name public

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C-Ethernet6/1/1] snmp trap updown enable

[H3C] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public

[H3C] interface ethernet6/1/1

[H3C-Ethernet6/1/1] enable snmp trap updown

5.1.9 snmp-agent community

Syntax

snmp-agent community { read | write } community-name [ [ mib-view view-name ] [ acl acl-list ] ]

undo snmp-agent community community-name

View

System view

Parameter

read: Indicates that MIB object can only be read.

write: Indicates that MIB object can be read and written.

community-name: Community name character string.

view-name: MIB view name.

acl acl-list: sets access control list for specified community.

Description

Use the snmp-agent community command to configure community access name and enable the access to SNMP.

Use the undo snmp-agent community command to cancel the settings of community access name.

Example

# Configure community name as comaccess and permits read-only access by this community name.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] snmp-agent community read comaccess

# Configure community name as mgr and permits read-write access.

[H3C] snmp-agent community write mgr

# Delete the community name comaccess.

[H3C] undo snmp-agent community comaccess

5.1.10 snmp-agent group

Syntax

snmp-agent group { v1 | v2c } group-name [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-list ]

undo snmp-agent group { v1 | v2c } group-name

snmp-agent group v3 group-name [ authentication | privacy ] [ read-view read-view ] [ write-view write-view ] [notify-view notify-view ] [ acl acl-list ]

undo snmp-agent group v3 group-name [ authentication | privacy ]

View

System view

Parameter

v1: V1 security mode.

v2c: V2C security mode.

v3: V3 security mode.

group-name: Group name, ranging from 1 to 32 bytes.

authentication: Configures to authenticate the packet without encryption.

privacy: Configures to authenticate and encrypt the packet.

read-view: Configures to allow read-only view settings.

read-view: Read-only view name, ranging from 1 to 32 bytes.

write-view: Configures to allow read-write view settings.

write-view: Name of read-write view, ranging from 1 to 32 bytes.

notify-view: Configures to allow notify view settings.

notify-view: Specifies the notify view name, ranging from 1 to 32 bytes.

acl Sets access control list for this group name.

acl-list: access control list

Description

Use the snmp-agent group command to configure a new SNMP group, that is, to map SNMP user to SNMP view.

Use the undo snmp-agent group command to cancel a specified SNMP group.

By default, the SNMP group configured using the snmp-agent group v3 command is in none authentication mode.

Related command: snmp-agent mib-view and snmp-agent usm-user.

Example

# Create an SNMP group named test.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] snmp-agent group v3 test.

5.1.11 snmp-agent local-engineid

Syntax

snmp-agent local-engineid engineid

undo snmp-agent local-engineid

View

System view

Parameter

engineid: Specifies the engine ID with a character string, only composed of hexadecimal numbers between 5 and 32 including.

Description

Use the snmp-agent local-engineid command to configure a name for a local or remote SNMP engine on the Ethernet Switch.

Use the command to Using undo snmp-agent local-engineid command, you can restore the default setting of engine ID.

By default, the engine ID is corporation number + device information. Device information is determined according to different products. It can be IP address, MAC address or user defined text. However, you must use numbers in hexadecimal form.

Example

# Configure the ID of a local or remote device as 1234512345.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] snmp-agent local-engineid 1234512345

5.1.12 snmp-agent mib-view

Syntax

snmp-agent mib-view { included | excluded } view-name oid-tree

undo snmp-agent mib-view view-name

View

System view

Parameter

included: Includes this MIB subtree.

excluded: Excludes this MIB subtree.

view-name: Specifies the view name, with a character string, ranging from 1 to 32 characters.

oid-tree: MIB object subtree. It can be a character string of the variable OID, or a variable name, ranging from 1 to 255 characters. By default, OID is 1.3.6.1.

Description

Use the snmp-agent mib-view command to create or update the view information.

Use the undo snmp-agent mib-view command to cancel the view information

By default, the view name is ViewDefault. OID is 1.3.6.1.

This command supports the parameter input of both OID and node name.

Related command: snmp-agent group.

Example

# Create a view that consists of all the objects of MIB-II.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] snmp-agent mib-view included mib2 1.3.6.1.2.1

5.1.13 snmp-agent packet max-size

Syntax

snmp-agent packet max-size byte-count

undo snmp-agent packet max-size

View

System view

Parameter

byte-count: Specifies the size of SNMP packet (measured in bytes), ranging from 484 to 17940. By default, the size is 2000 bytes.

Description

Use the snmp-agent packet max-size command to configure the size of SNMP packet that the Agent can send/receive.

Use the undo snmp-agent packet max-size command to restore the default size of SNMP packet.

The sizes of the SNMP packets received/sent by the Agent are different in different network environment.

Example

# Set the size of SNMP packet to 1042 bytes.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] snmp-agent packet max-size 1042

5.1.14 snmp-agent sys-info

Syntax

snmp-agent sys-info { contact sysContact | location syslocation | version { { v1 | v2c | v3 } * | all } }

undo snmp-agent sys-info { { contact | location }* | version { { v1 | v2c | v3 } * | all } }

View

System view

Parameter

contact: The contact information for system maintenance.

sysContact: Characters describe the contact information for system maintenance.

location: Sets the geographical location of the device.

sysLocation: Geographical location of the device.

version: version of running SNMP.

v1: SNMP V1.

v2c: SNMP V2C.

v3: SNMP V3.

*: Indicates that you can select more than one item from the three options v1, v2c, and v3. Here, you must select at least one option, and you can select all the three options.

all: all SNMP version (includes SNMP V1, SNMP V2C, SNMP V3).

Description

Use the snmp-agent sys-info command to configure system information such as geographical location of the device, contact information for system maintenance and version information of running SNMP.

Use the undo snmp-agent sys-info location command to restore the default value.

By default, the contact information for system maintenance is " Hangzhou H3C Technologies Co., Ltd.", the system information about geographical location is "Hangzhou ,China", and the version information is " SNMPv3".

Related command: display snmp-agent sys-info.

Example

# Set the system maintenance information to "Dial System Operator at beeper # 27345".

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] snmp-agent sys-info contact Dial System Operator at beeper # 27345

5.1.15 snmp-agent target-host

Syntax

snmp-agent target-host trap address udp-domain host-addr [ udp-port udp-port-number ] params securityname securityname [ v1 | v2c | v3 [ authentication | privacy ] ]

undo snmp-agent target-host host-addr securityname securityname

View

System view

Parameter

address: Specifies the address of the host which receives SNMP messages.

host-addr: IP address of the host.

udp-port udp-port-number: Specifies the UDP port number of the host to receive the SNMP notification.

v1: Represent the version of SNMPV1.

v2c: Represent the version of SNMPV2C.

v3: Represent the version of SNMPV3.

securityname: Specifies the community name, ranging 1 to 32 bytes. It can be the community name of SNMPv1/v2c or the user name of SNMPv3.

authentication: Configures to authenticate the packet without encryption.

privacy: Configures to authenticate and encrypt the packet.

Description

Use the snmp-agent target-host command to configure destination of SNMP notification.

Use the undo snmp-agent target-host command to cancel the host that receives SNMP notification.

The snmp-agent target-host command and the snmp-agent trap enable command should be used at the same time. Use the snmp-agent trap enable command to enable the device to transmit Trap packets. The snmp-agent trap enable command and snmp-agent target-host command should be used at the same time on the host to enable notify message sending.

& Note:

If the version of SNMP message is v3, the packet authentication encryption mode specified by the command must be consistent with configuration for SNMP group to which the securityname belongs.

Related command: snmp-agent trap enable, snmp-agent trap source and snmp-agent trap life, snmp-agent group, snmp-agent usm-user.

Example

# Enable sending Trap message to 10.1.1.1 with community name public.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] snmp-agent trap enable

[H3C] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public

5.1.16 snmp-agent trap enable

Syntax

View

System view

Parameter

standard [ authentication ] [ coldstart ] [ linkdown ] [ linkup ]: Enables the sending of standard Trap messages.

authentication: Enables the sending of SNMP authentication Trap messages.

coldstart: Enables the sending of SNMP cold start Trap messages.

linkdown: Enables the sending of SNMP link down Trap messages.

linkup: Enables the sending of SNMP link up Trap messages.

warmstart: Enables the sending of SNMP hot start Trap messages.

bgp [ backwardtransition ] [ established ] : Enables the sending of BGP Trap messages.

configuration: Enables the sending of configuration management Trap messages.

flash: Enables the sending of FLASH Trap messages.

System: Enables the sending of system management MIB Trap messages.

vrrp [ authfailure | newmaster ]: Enables the sending of VRRP Trap messages.

ldp: Enables the sending of LDP Trap messages.

lsp: Enables the sending of LSP Trap messages.

Description

Use the snmp-agent trap enable command to enable the sending of Trap messages.

Use the undo snmp-agent trap enable command to disable the sending of Trap messages.

By default, Trap message sending is disabled.

The snmp-agent trap enable command and snmp-agent target-host command should be used at the same time. The snmp-agent target-host command specifies which hosts can receive Trap message. However, to send Trap message, at least one the snmp-agent target-host command should be configured.

Example

# Enable to send the trap packet of SNMP authentication failure to 10.1.1.1. The community name is public.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] snmp-agent trap enable standard authentication

[H3C] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public

5.1.17 snmp-agent trap life

Syntax

snmp-agent trap life seconds

undo snmp-agent trap life

View

System view

Parameter

seconds: Specifies the timeouts, ranging from 1 to 2,592,000 seconds; By default, the timeout interval is 120 seconds.

Description

Use the snmp-agent trap life command to configure the timeout of Trap packets.

Use the undo snmp-agent trap life command to restore the default value.

The set timeout of Trap packet is represented by seconds. If time exceeds seconds, this Trap packet will be discarded.

Related command: snmp-agent trap enable, snmp-agent target-host .

Example

# Configure the timeout interval of Trap packet as 60 seconds.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] snmp-agent trap life 60

5.1.18 snmp-agent trap queue-size

Syntax

snmp-agent trap queue-size length

undo snmp-agent trap queue-size

View

System view

Parameter

length: Length of queue, ranging from 1 to 1,000. By default, the length is 100.

Description

Use the snmp-agent trap queue-size command to configure the information queue length of Trap packet sent to Destination Host.

Use the undo snmp-agent trap queue-size command to restore the default value.

Related command: snmp-agent trap enable, snmp-agent target-host, snmp-agent trap life.

Example

# Configure the queue length to 200.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] snmp-agent trap queue-size 200

5.1.19 snmp-agent trap source

Syntax

snmp-agent trap source vlan-interface vlan-id

undo snmp-agent trap source

View

System view

Parameter

vlan-id: Specifies the VLAN interface ID, ranging from 1 to 4094.

Description

Use the snmp-agent trap source command to configure the source address for sending Trap.

Use the undo snmp-agent trap source command to cancel the source address for sending Trap.

You can use this command to configure to track specific event by using the trap address.

Example

# Configure the IP address of the VLAN interface 1 as the source address for transmitting the Trap packets.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] snmp-agent trap source vlan-interface 1

5.1.20 snmp-agent usm-user

Syntax

snmp-agent usm-user { v1 | v2c } username groupname [ acl acl-list ]

undo snmp-agent usm-user { v1 | v2c } username groupname

snmp-agent usm-user v3 username groupname [ authentication-mode { md5 | sha } authpassstring [ privacy-mode { des56 privpassstring } ] ] [ acl acl-list ]

undo snmp-agent usm-user v3 username groupname { local | engineid engine-id }

View

System view

Parameter

v1: Configures to use V1 safe mode.

v2c: Configures to use V2c safe mode.

v3: Configures to use V3 safe mode.

username: Specifies the user name, ranging from 1 to 32 bytes.

groupname: Specifies the group name corresponding to that user, a character string at the length ranging from 1 to 32 bytes.

authentication-mode: Specifies the safety level as authentication required.

md5: MD5 algorithm is adopted in authentication. MD5 authentication uses the 128-digit password. Computation speed of MD5 is faster than that of SHA

sha: SHA algorithm is adopted in authentication. SHA authentication uses the 160-digit password. Computation speed of SHA is slower than that of MD5, but with higher security.

authpasstring: Specifies the authentication password with a character string, ranging from 1 to 64 bytes.

privacy-mode: Specifies the safety level as encrypted.

des56: Specifies the authentication protocol as DES.

privpassword: Specifies the encryption password with a character string, ranging from 1 to 64 bytes.

acl acl-list: Sets access control list for this user based on USM name

engineid engine-id: SNMP engineID.

Description

Use the snmp-agent usm-user command to add a new user to an SNMP group.

Use the undo snmp-agent usm-user command to cancel a user from SNMP group.

SNMP engineID (for authentication) is required when configuring remote user for an agent. This command will not be effective without engineID configured.

For V1 and V2C, this command will add a new community name. For V3, it will add a new user for an SNMP group.

Example

# Add a user wang for test (an SNMP group), configures to authenticate with MD5 and sets authentication password as pass.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] snmp-agent usm-user v3 wang test authentication-mode md5 pass

5.1.21 undo snmp-agent

Syntax

undo snmp-agent

View

System view

Parameter

None

Description

Use the undo snmp-agent command to disable all versions of SNMP running on the server.

Perform any command of snmp-agent will enable SNMP Agent.

Example

# Disable the running SNMP agents of all SNMP versions.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] undo snmp-agent

Chapter 6 RMON Configuration Commands

6.1 RMON Configuration Commands

6.1.1 display rmon alarm

Syntax

display rmon alarm [ alarm-table-entry ]

View

Any view

Parameter

alarm-table-entry: Alarm table entry index.

Description

Use the display rmon alarm command to view RMON alarm information.

Related command: rmon alarm.

Example

# Display the RMON alarm information.

<H3C> display rmon alarm

Alarm table 1 owned by monitor is VALID.

Samples type : delta

Variable formula : 1.3.6.1.2.1.16.1.1.1.3.1<etherStatsDropEvents.1>

Description : Ethernet5/1/1

Sampling interval : 10(sec)

Rising threshold : 10(linked with event 1)

Falling threshold : 2(linked with event 1)

When startup enables : risingOrFallingAlarm

Latest value : 0

Table 6-1 Description on the fields of the display rmon alarm command

Field	Description
Alarm table 1	Index 1 in alarm table
monitor	Owner
VALID	The alarm entry corresponding to this index is valid.
Samples type	Type of sampling
Variable formula	Variable parameters
Description	Description information
Sampling interval	Time interval for sampling
Rising threshold is 1000	The rising threshold is 1000.
Falling threshold is 100	The falling threshold is 100.
startup	First triggering
When startup enables : risingOrFallingAlarm	Type of the first alarm. The startup may trigger rising threshold alarm, falling threshold alarm, or both.
Latest value	Last sample value

6.1.2 display rmon event

Syntax

display rmon event [ event-table-entry ]

View

Any view

Parameter

event-table-entry: Entry index of event table.

Description

Use the display rmon event command to view RMON events.

The display includes event index in event table, owner of the event, description to the event, action caused by event (log or alarm information), and occurrence time of the latest event (counted on system initiate/boot time in centiseconds).

Related command: rmon event.

Example

# Show the RMON event.

<H3C> display rmon event

Event table 1 owned by null is VALID.

Description: null.

Will cause log-trap when triggered, last triggered at 0days 00h:02m:27s.

Table 6-2 Description on the fields of the display rmon event command

Field	Description
Event table 1	Index 1 in event table
VALID	The entry corresponding to the index is valid
Description	Event description
Cause log-trap when triggered,	When the event is triggered, it will cause the log-trap.
Last triggered at 0days 00h:02m:27s	The last triggered time is 00h:02m:27s

6.1.3 display rmon eventlog

Syntax

display rmon eventlog [ event-number ]

View

Any view

Parameter

event-number: Entry index of event table.

Description

Use the display rmon eventlog command to view RMON event log.

The display includes event index in the event table, the status of the event, the time at which the event log is generated (this time starts from the system initialization or booting and counted in milliseconds), and event description.

Example

# Show event log of RMON.

<H3C> display rmon eventlog 1

Event table 1 owned by null is VALID.

Generates eventLog 1.1 at 0days 00h:01m:39s.

Description: The 1.3.6.1.2.1.16.1.1.1.4.1 defined in alarm table 1,

less than(or =) 100 with alarm value 0. Alarm sample type is absolute.

Generates eventLog 1.2 at 0days 00h:02m:27s.

Description: The alarm formula defined in private alarm table 1,

less than(or =) 100 with alarm value 0. Alarm sample type is absolute.

Table 6-3 Description on the fields of the display rmon eventlog command

Field	Description
Event table 1	Index 1 in event table
VALID	The entry corresponding to the index is valid
Description	Event description
less than(or =) 100 with alarm value 0	The alarm sample value is less than or equal to 100
Alarm sample type is absolute	The type of alarm sampling is absolute
Generates eventLog 1.2 at 0days 00h:02m:27s	The eventlog corresponding to the index 1.2 is generated at 0days 00h:02m:27s.

6.1.4 display rmon history

Syntax

display rmon history [ port-num ]

View

Any view

Parameter

port-num: Ethernet port name.

Description

Use the display rmon history command to view latest RMON history sampling information (including utility, error number and total packet number).

Related command: rmon history.

Example

# Show the RMON history information.

<H3C> display rmon history ethernet 2/1/1

History control entry 1 owned by null is VALID

Samples interface : Ethernet2/1/1<ifEntry.642>

Sampling interval : 10(sec) with 10 buckets max

Latest sampled values :

Dropevents :0 , octets :0

packets :0 , broadcast packets :0

multicast packets :0 , CRC alignment errors :0

undersize packets :0 , oversize packets :0

fragments :0 , jabbers :0

collisions :0 , utilization :0

Table 6-4 Description on the fields of the display rmon history command

Field	Description
Samples interface	The sampled interface
History control entry	Index number in history control table
VALID	The entry corresponding to the index is valid
Sampling interval	Sampling interval
buckets	Records in history control table
Latest sampled values	The latest sample information
dropevents	Dropping packet events
octets	Sent/Received octets in sampling time
packets	Packets sent/received in sampling time
broadcast packets	Number of broadcast packets
multicast packets	Number of multicast packets
CRC alignment errors	Number of CRC error packets
undersized packets	Number of undersized packets
oversized packets	Number of oversized packets
fragments	Number of undersized and CRC error packets
jabbers	Number of oversized and CRC error packets
collisions	Number of collision packets
utilization	Utilization

6.1.5 display rmon prialarm

Syntax

display rmon prialarm [ prialarm-table-entry ]

View

Any view

Parameter

prialarm-table-entry: Entry index of extended RMON alarm table.

Description

Use the display rmon prialarm command to view information about extended RMON alarm table.

Related command: rmon prialarm.

Example

# Display the information about extended RMON alarm table.

<H3C> display rmon prialarm

Prialarm table 1 owned by monitor is UNDERCREATION.

Samples type : changeratio

Variable formula : (.1.3.6.1.2.1.2.2.1.10.201326601+.1.3.6.1.2.1.2.2.1.16

.201326601)*8*100/.1.3.6.1.2.1.2.2.1.5.201326601

Description : ifUtilization.Ethernet5/1/1

Sampling interval : 10(sec)

Rising threshold : 50(linked with event 1)

Falling threshold : 5(linked with event 1)

When startup enables : risingOrFallingAlarm

This entry will exist : forever.

Latest value : 0

Table 6-5 Description on the fields of the display rmon prialarm command

Field	Description
Prialarm table 1	Index of extended alarm entry.
owned by monitor	Creator of the extended alarm entry.
UNDERCREATION	Status of expansion alarms
Samples type	Type of sampling
Variable formula	Formula for expansion alarms
Description	Description information
Sampling interval : 10(sec)	Sampling interval
Rising threshold	Rising threshold. When sampling value rises from normal value to this threshold, rising threshold alarm will be triggered.
Falling threshold	Falling threshold. When sampling value decreases from normal value to this threshold, falling threshold alarm will be triggered.
linked with event 1	Corresponding event index of ring and falling threshold alarm.
When startup enables: risingOrFallingAlarm	Kind of first alarm. It may trigger rising threshold alarm or falling threshold alarm or both.
This entry will exist forever	The lifespan of this alarm entry which can be forever or a specified period of time.
Latest value : 0	The value of the latest sampling.

6.1.6 display rmon statistics

Syntax

display rmon statistics [ port-num ]

View

Any view

Parameter

port-num: Ethernet port number.

Description

Use the display rmon statistics command to view RMON statistics.

The displayed information includes collision, CRC (Cyclic Redundancy Check) and queue, undersized or oversized packet, timeout, fragment, broadcast, multicast, unicast, and bandwidth utility.

Related command: rmon statistics.

Example

# Show RMON statistics.

<H3C> display rmon statistics Ethernet 2/1/1

Statistics entry 1 owned by aaa is VALID.

Interface : Ethernet2/1/1<ifIndex.872418178>

etherStatsOctets : 756 , etherStatsPkts : 9

etherStatsBroadcastPkts : 9 , etherStatsMulticastPkts : 0

etherStatsUndersizePkts : 0 , etherStatsOversizePkts : 0

etherStatsFragments : 0 , etherStatsJabbers : 0

etherStatsCRCAlignErrors : 0 , etherStatsCollisions : 0

etherStatsDropEvents (insufficient resources): 0

Packets received according to length (etherStatsPktsXXXtoYYYOctets):

64 : 0 , 65-127 : 444 , 128-255 : 0

256-511: 0 , 512-1023: 0 , 1024-max : 0

6.1.7 rmon alarm

Syntax

rmon alarm entry-number alarm-variable sampling-time { delta | absolute } rising-threshold threshold-value1 event-entry1 falling-threshold threshold-value2 event-entry2 [ owner text ]

undo rmon alarm entry-number

View

System view

Parameter

entry-number: Number of the entry to be added/deleted, ranging from 1 to 65535.

alarm-variable: Specifies the alarm variable with a character string, ranging from 1 to 256, in the OID dotted format, like 1.3.6.1.2.1.2.1.10.1 (or ifInOctets.1).

sampling-time: Specifies the sampling interval, ranging from 5 to 65535 (measured in seconds).

delta: Sampling type is delta.

absolute: Sampling type is absolute.

rising-threshold threshold-value1: Rising threshold, ranging from 0 to 2147483647.

event-entry1: Event number corresponding to the upper limit of threshold, ranging from 0 to 65535.

falling-threshold threshold-value2: Falling threshold, ranging from 0 to 2147483647.

event-entry2: Event number corresponding to the falling threshold, ranging from 0 to 65535.

owner text: Specifies the creator of the alarm. Length of the character string ranges from 1 to 127.

Description

Use the rmon alarm command to add an entry to the alarm table.

Use the undo rmon alarm command to cancel an entry from this table.

In this way, the alarm event can be triggered in the abnormal situations and then decides to log and send trap to the NM station.

& Note:

Before adding an alarm entry, you need first to define the event to be referenced in the alarm entry using the rmon event command.

The system takes these actions on the defined alarm entries:

l Sampling the defined alarm variables at a specified time interval.

l Comparing the sample values against the predefined threshold and take further actions (see Table 6-6).

Table 6-6 Handling alarm entries

Item	Handling
The sample value is greater than the upper limit threshold-value1.	Triggers the defined event event-entry1
The sample value is less than the lower limit threshold-value2.	Triggers the defined event event-entry2

Example

# Create alarm group

l Configure an event before configuring “alarm” and “prialarm”.

[H3C]rmon event 1 log owner test-rmon

l View configuration information.

[H3C]display rmon event 1

Event table 1 owned by test-rmon is VALID.

Description: null.

Will cause log when triggered, last triggered at 1days 01h:42m:09s.

l Configure alarm group.

# Add the first line in the alarm table. Sample the nodes 1.3.6.1.2.1.16.1.1.1.4.1 every 10 seconds. Trigger event 1 when the sampling value exceeds the upper threshold 50, and trigger event 2 when the sampling value gets below the lower threshold 5. The owner is user1.

<H3C> system-view

[H3C]rmon alarm 1 1.3.6.1.2.1.16.1.1.1.4.1 10 absolute rising_threshold 50 1 falling_threshold 5 2 owner user1

# Delete the information of entry 15 from the alarm table.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] undo rmon alarm 15

6.1.8 rmon event

Syntax

rmon event event-entry [ description string ] { log | trap trap-community | log-trap log-trapcommunity | none } [ owner text ]

undo rmon event event-entry

View

System view

Parameter

event-entry: Number of the entry to be added/deleted, ranging from 1 to 65535.

description string: Event description. Length of the character string ranges from 1 to 127.

log-trap log-trapcommunity: Defines the event as log and trap event, and specifies the community name of the NMS which receives the messages triggered by the event.

log: Log event.

trap trap-community: Defines the event as trap event, and specifies the community name of the NMS which receives the messages triggered by the event.

none: Neither log nor trap event.

owner text: Creator for this entry. The length of the character string ranges from 1 to 127.

Description

Use the rmon event command to add an entry to the event table.

Use the undo rmon event command to cancel an entry from this table.

RMON event management defines the event ID and the handling of the event.

You can handle the event in the following ways:

l Keeping logs

l Sending the trap messages to NMS

l Keeping logs and sending the trap messages to NMS

Example

# Add the entry 10 to the event table and marks it as log event.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] rmon event 10 log

6.1.9 rmon history

Syntax

rmon history entry-number buckets number interval sampling-interval [ owner text-string ]

undo rmon history entry-number

View

Ethernet port view

Parameter

entry-number: Number of the entry to be added/deleted, ranging from 1 to 65,535.

buckets number: Capacity of the history table corresponding to the control line.

interval sampling-interval: Sampling interval, ranging from 5 to 3600 (measured in seconds).

owner text-string: Creator of this entry. Length of the character string ranges from 1 to127.

Description

Use the rmon history command to add an entry to the history control table.

Use the undo rmon history command to cancel an entry from history control table.

Perform this command to sample, set sample parameter (sample time interval) and storage amounts for a port. RMON will periodically perform data collection and save for query on this port. Sample information includes utility, error number and total packet number.

Related command: display rmon history.

Example

# Create a history control table entry with the index number of 15, capacity of 100 and sampling interval of 10 seconds. The owner is tester.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C]interface Ethernet 2/1/1

[H3C-Ethernet2/1/1] rmon history 15 buckets 100 interval 10 owner tester

6.1.10 rmon prialarm

Syntax

rmon prialarm entry-number prialarm-formula prialarm-des sampling-timer { delta | absolute | changeratio } rising-threshold threshold-value1 event-entry1 falling-threshold threshold-value2 event-entry2 entrytype { forever | cycle cycle-period } [ owner text ]

undo rmon prialarm entry-number

View

System view

Parameter

entry-number: Specifies the entry number, ranging from 1 to 65535.

prialarm-formula: Variables in the formula must be represented by OID, for example, (1.3.6.1.2.1.2.1.10.1)*8. The operation results are in long integers. Every operation result must be within the range of the long integer; otherwise, errors may be prompted.

prialarm-des : Specifies the alarm description with a length ranging from 1 to 256;

sampling-timer: Sets the sampling interval, ranging from 10 to 65535 and measured in seconds.

delta | absolute | changeratio: Specifies the sampling type as delta ratio, absolute ratio or change ratio.

threshold-value1: Rising threshold value, specified with a number greater than 0.

event-entry1: Corresponding event number to the upper limit threshold value, ranging from 0 to 65535.

threshold-value2: Falling threshold value, specified with a number greater than 0.

event-entry2: Event number corresponding to the falling threshold, ranging from 0 to 65535.

forever | cycle cycle-period: Specifies the type of the alarm instance line.

cycle-period specifies the functional cycle of the instance.

owner text: Creator of this entry. Length of the character string ranges from 1 to 127.

Description

Use the rmon prialarm command to add an entry to the extended RMON alarm table.

Use the undo rmon prialarm command to cancel an entry from the extended RMON alarm table.

The number of instances can be created in the table depends on the hardware resource of the product.

& Note:

Before adding an extended alarm entry, you need first to define the event to be referenced in the extended alarm entry using the rmon event command.

You can define up to 50 prialarm entries.

The system takes these actions on the extended alarm entries you defined:

l Sampling the alarm variables in the defined extended alarm formula at a specified time interval.

l Calculating the sample value using the defined extended alarm formula.

l Comparing the sample values against the predefined threshold and take further actions (see Table 6-7).

Table 6-7 Handling extended alarm entries

Item	Handling
The calculated sample value is greater than the upper limit threshold-value1.	Triggers the defined event event-entry1
The calculated sample value is less than the lower limit threshold-value2.	Triggers the defined event event-entry2

Example

# Add an extended alarm entry in the fifth line of the extended alarm table. Perform operation on the corresponding variant by means of the formular ((.1.3.6.1.4.1.43.45.1.6.1.2.1.1.2.1-.1.3.6.1.4.1.43.45.1.6.1.2.1.1.3.1)*100/.1.3.6.1.4.1.43.45.1.6.1.2.1.1.2.1) to get the port utilization of Gigabit Ethernet interface 1/1/1. Monitor the operation results at the sampling interval of 10 seconds. When the variation rate exceeds the upper threshold 50, trigger event 1; when the variation rate gets below the lower threshold 2, trigger event 2. Set the alarm instance sampling type to “forever”, and set the owner of the extended alarm table to “user1”.

<H3C> system-view

[H3C] rmon prialarm 5 ((.1.3.6.1.4.1.43.45.1.6.1.2.1.1.2.1-.1.3.6.1.4.1.43.45.1.6.1.2.1.1.3.1)*100/.1.3.6.1.4.1.43.45.1.6.1.2.1.1.2.1) ifUtilization.GigabitEthernet1/1/1 10 changeratio rising_threshold 50 1 falling_threshold 5 2 entrytype forever owner user1

# Delete line 10 from the extended RMON alarm table.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] undo rmon prialarm 10

6.1.11 rmon statistics

Syntax

rmon statistics entry-number [ owner text-string ]

undo rmon statistics entry-number

View

Ethernet port view

Parameter

entry-number: Number of the entry to be added/deleted, ranging from 1 to 65535.

owner text-string: Creator of this entry. Length of the character string ranges from 1 to127.

Description

Use the rmon statistics command to add an entry to the statistic table.

Use the undo rmon statistics command to cancel an entry from statistic table.

RMON statistic management concerns the statistics and monitoring of the usage and error on a port. Statistics includes collision, undersized or oversized packet, timeout, fragment, broadcast, multicast, unicast, and bandwidth utility.

You can use the display rmon statistics command to view information about statistics table entry.

Example

# Add statistics of Ethernet2/1/1 to the entry 20.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C]interface Ethernet 2/1/1

[H3C-Ethernet2/1/1] rmon statistic 20

Chapter 7 NTP Configuration Commands

7.1 NTP Configuration Commands

7.1.1 debugging ntp-service

Syntax

debugging ntp-service { access | adjustment | authentication | event | filter | packet | parameter | refclock | selection | synchronization | validity | all }

undo debugging ntp-service { access | adjustment | authentication | event | filter | packet | parameter | refclock | selection | synchronization | validity | all }

View

User view

Parameter

access: NTP access control debugging.

adjustment: NTP clock adjustment debugging.

all: All NTP debugging functions.

authentication: NTP authentication debugging.

event: NTP event debugging.

filter: NTP filter information debugging.

packet: NTP packet debugging.

parameter: NTP clock parameter debugging.

refclock: NTP reference clock debugging.

selection: NTP clock selection information debugging.

synchronization: NTP clock synchronization information debugging.

validity: NTP remote host validity debugging.

Description

Use the debugging ntp-service command to debug different NTP services.

Use the undo debugging ntp-service command to disable corresponding debugging function.

By default, no debugging function is enabled.

Example

# Enable NTP access control debugging.

<H3C> debugging ntp-service access

7.1.2 display ntp-service sessions

Syntax

display ntp-service sessions [ verbose ]

View

Any view

Parameter

verbose: Indicates to display the detail information about the SESSIONS.

Description

Use the display ntp-service sessions command to display the status of all the SESSIONS maintained by NTP service provided by the local equipment.

By default, the status of all the SESSIONS maintained by NTP service provided by the local equipment will be displayed.

When you configure this command without the verbose parameter, the Ethernet switch will display the brief information about all the SESSIONS it maintains.

With the verbose parameter configured, Ethernet switch will display the detail information about all the SESSIONS it maintains.

Example

# Display status of all SESSIONS maintained by the local device NTP service.

<H3C> display ntp-service sessions

source reference stra reach poll now offset delay disper

********************************************************************

[12345]127.127.1.0 LOCAL(0) 7 377 64 16 0.0 0.0 0.9

note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured

7.1.3 display ntp-service status

Syntax

display ntp-service status

View

Any view

Parameter

None

Description

Use the display ntp-service status command to display the NTP service status.

Example

# Display the NTP service status.

<H3C> display ntp-service status

clock status: unsynchronized

clock stratum: 16

reference clock ID: none

nominal frequency: 100.0000 Hz

actual frequency: 100.0000 Hz

clock precision: 2^17

clock offset: 0.0000 ms

root delay: 0.00 ms

root dispersion: 0.00 ms

peer dispersion: 0.00 ms

reference time: 00:00:00.000 UTC Jan 1 1900(00000000.00000000)

The following table describes the outputs:

Table 7-1 Description on the fields of the display ntp-service status command

Field	Description
clock status: unsynchronized	Local clock status: do not synchronize to any remote NTP server.
clock stratum: 16	Indicates the NTP stratum of local clock.
reference clock ID	Indicates the address of a remote server of the reference ID, in the case that the local system has been synchronized by a remote NTP server or the ID of some clock source.
nominal frequency	Nominal frequency of the local system hardware clock
actual frequency	Actual frequency of the local system hardware clock
clock precision	Precision of local system clock
clock offset	Offset of the local clock to the NTP server clock
root delay	Root delay from local equipment to the master reference clock.
root dispersion	Dispersion of the local clock relative to the NTP server clock
peer dispersion	Dispersion of the remote NTP server
reference time	Reference timestamp

7.1.4 display ntp-service trace

Syntax

display ntp-service trace

View

Any view

Parameter

None

Description

Use the display ntp-service trace command to display the brief information about every NTP server on the way from the local device to the reference clock source.

With this command, the system synchronizes the NTP server link from the local device along time till the reference clock source, and displays brief information about every NTP server.

Example

# Display brief information about every NTP server on the way from the local device to the reference clock source.

<H3C> display ntp-service trace

server 127.0.0.1,stratum 8, offset 0.000000, synch distance 0.00000

refid 127.127.1.0

7.1.5 ntp-service access

Syntax

ntp-service access { query | synchronization | server | peer } acl-number

undo ntp-service access { query | synchronization | server | peer }

View

System view

Parameter

query: Allows to control query authority.

synchronization: Only allows the server to access.

server: Allows query to server and access.

peer: Full access authority.

acl-number: IP address list number.

Description

Use the ntp-service access command to set the authority to access the local equipment.

Use the undo ntp-service access command to cancel the access authority settings.

By default, there is no limit to the access.

Set authority to access the NTP services on a local Ethernet Switch. This is a basic and brief security measure, compared to authentication. An access request will be matched with peer, server, synchronization, and query in an ascending order of the limitation. The first matched authority will be given.

Example

# Give the authority of time request, query control and synchronization with the local equipment to the peer in ACL 2000.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ntp-service access peer 2000

# Give the authority of time request and query control of the local equipment to the peer in ACL 2000.

[H3C] ntp-service access synchronization 2000

7.1.6 ntp-service authentication enable

Syntax

ntp-service authentication enable

undo ntp-service authentication enable

View

System view

Parameter

None

Description

Use the ntp-service authentication enable command to enable the NTP-service authentication function.

Use the undo ntp-service authentication enable command to disable this function.

By default, the authentication is disabled.

Example

# Enable NTP authentication function.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ntp-service authentication enable

7.1.7 ntp-service authentication-keyid

Syntax

ntp-service authentication-keyid number authentication-mode md5 value

undo ntp-service authentication-keyid number

View

System view

Parameter

number: Key number, ranging from 1 to 4,294,967,295.

value: Value of the key with 1 to 32 ASCII characters.

Description

Use the ntp-service authentication-keyid command to set NTP authentication key.

Use the undo ntp-service authentication-keyid command to cancel the NTP authentication key.

By default, there is no authentication key.

Only MD5 authentication is supported for the NTP authentication key settings.

Example

# Set MD5 authentication key 10 as test.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ntp-service authentication-keyid 10 authentication-mode md5 test

7.1.8 ntp-service broadcast-client

Syntax

ntp-service broadcast-client

undo ntp-service broadcast-client

View

VLAN interface view

Parameter

None

Description

Use the ntp-service broadcast-client command to configure NTP broadcast client mode.

Use the undo ntp-service broadcast-client command to disable the NTP broadcast client mode.

By default, the NTP broadcast client mode is disabled.

Designate an interface on the local Ethernet Switch to receive NTP broadcast messages and operate in broadcast client mode. The local Ethernet Switch listens to the broadcast from the server. When it receives the first broadcast packet, it starts a brief Client/Server mode to switch messages with a remote server for estimating the network delay. Thereafter, the local Ethernet Switch enters Broadcast Client mode and continues listening to the broadcast and synchronizes the local clock according to the arrived broadcast message.

Example

# Configure to receive NTP broadcast packets through Vlan-Interface1.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] interface vlan-interface1

[H3C-Vlan-interface1] ntp-service broadcast-client

7.1.9 ntp-service broadcast-server

Syntax

ntp-service broadcast-server [ authentication-keyid keyid version number ]

undo ntp-service broadcast-server

View

VLAN interface view

Parameter

authentication-keyid: Specifies the authentication key.

keyid: Key ID used in broadcast, ranging from 0 to 4294967295.

version: Defines NTP version number.

number: NTP version number, ranging from 1 to 3.

Description

Use the ntp-service broadcast-server command to configure NTP broadcast server mode.

Use the undo ntp-service broadcast-server command to disable the NTP broadcast server mode.

By default, the broadcast service is disabled and number defaults to 3.

Designate an interface on the local equipment to broadcast NTP packets. The local equipment runs in broadcast-server mode and regularly broadcasts packets to its clients.

Example

# Configure to broadcast NTP packets through Vlan-Interface1, encrypt them with Key 4, and set the NTP version number as 3.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] interface vlan-interface1

[H3C-Vlan-interface1] ntp-service broadcast-server authentication-key 4 version 3

7.1.10 ntp-service max-dynamic-sessions

Syntax

ntp-service max-dynamic-sessions number

undo ntp-service max-dynamic-sessions

View

System view

Parameter

number: The maximum SESSIONS can be created locally, ranging from 0 to 100.

Description

Use the ntp-service max-dynamic-sessions command to set how many SESSIONS can be created locally.

Use the undo ntp-service max-dynamic-sessions command to resume the default maximum SESSIONS number

By default, a local device allows up to 100 SESSIONS.

Example

# Set the local equipment to allow up to 50 SESSIONS.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ntp-service max-dynamic-sessions 50

7.1.11 ntp-service multicast-client

Syntax

ntp-service multicast-client [ ip-address ]

undo ntp-service multicast-client [ ip-address ]

View

VLAN interface view

Parameter

ip-address: Specifies an multicast IP address of Class D. By default, the ip-address is set to 224.0.1.1. Actually, for the S9500 series, you can set 224.0.1.1 as the multicast IP address only.

Description

Use the ntp-service multicast-client command to configure the NTP multicast client mode.

Use the undo ntp-service multicast-client command to disable the NTP multicast client mode.

By default, the multicast client service is disabled. ip-address defaults to 224.0.1.1.

Designate an interface on the local Ethernet Switch to receive NTP multicast messages and operate in Multicast Client mode. The local Ethernet Switch listens to the multicast packets from the server. When it receives the first multicast packet, it starts a brief Client/Server mode to switch messages with a remote server for estimating the network delay. Thereafter, the local Ethernet Switch enters Multicast Client mode and continues listening to the multicast packets and synchronizes the local clock according to the arrived multicast packets.

Example

# Configure to receive NTP multicast packet through Vlan-Interface1 and the multicast group corresponding to these packets located at 224.0.1.1.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] interface vlan-interface 1

[H3C-Vlan-interface1] ntp-service multicast-client 224.0.1.1

7.1.12 ntp-service multicast-server

Syntax

ntp-service multicast-server [ ip-address ] [ authentication-keyid keyid ] [ ttl ttl-number ] [ version number ]*

undo ntp-service multicast-server [ ip-address ]

View

VLAN interface view

Parameter

ip-address: Specifies a multicast IP address of Class D and default to 224.0.1.1. Actually, for the S9500 series, you can set 224.0.1.1 as the multicast IP address only.

authentication-keyid: Specifies authentication key.

keyid: Key ID used in multicast, ranging from 1 to 4294967295.

ttl: Time to live of a multicast packet.

ttl-number: ttl of a multicast packet, ranging from 1 to 255.

version: NTP version number.

number: NTP version number and range from 1 to 3.

Description

Use the ntp-service multicast-server command to configure NTP multicast server mode, if no IP address is specified, switch automatically choice the 224.0.1.1 as the multicast IP address.

Use the undo ntp-service multicast-server command to disable NTP multicast server mode, if no IP address is specified, the switch will disable the configuration of the multicast IP address 224.0.1.1.

By default, the multicast service is disabled. IP address defaults to 224.0.1.1 and the version number defaults to 3.

Designate an interface on the local equipment to transmit NTP multicast packet. The local equipment operates in multicast-server mode and multicasts packets regularly to its clients.

Example

# Configure to transmit NTP multicast packets encrypted with Key 4 through Vlan-Interface1 at 224.0.1.1 and use NTP version 3.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] interface vlan-interface 1

[H3C-Vlan-interface1] ntp-service multicast-server 224.0.1.1 authentication-keyid 4 version 3

7.1.13 ntp-service refclock-master

Syntax

ntp-service refclock-master [ ip-address ] [ stratum ]

undo ntp-service refclock-master [ ip-address ]

View

System view

Parameter

ip-address: Specifies the reference clock IP address as 127.127.u, where u ranges from 0 to 3.

stratum: Specifies which stratum the local clock is located at and range from 1 to 15.

Description

Use the ntp-service refclock-master command to configure an external reference clock or the local clock as an NTP master clock.

Use the undo ntp-service refclock-master command to cancel the NTP master clock settings.

By default, ip-address is 127.127.1.0 and stratum defaults to 8.

You can use this command to designate an NTP external reference clock or the local clock as an NTP master clock to provide synchronized time for other equipment. ip-address specifies the IP address of an external clock as 127.127.u. If no IP address is specified, the local clock is set as the NTP master clock by default. You can also specify the stratum of the NTP master clock.

Example

# Set the local clock as the NTP master clock to provide synchronized time for its peers and locate it at stratum 3.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ntp-service refclock-master 3

7.1.14 ntp-service reliable authentication-keyid

Syntax

ntp-service reliable authentication-keyid number

undo ntp-service reliable authentication-keyid number

View

System view

Parameter

number: Specifies the key number, ranging from 1 to 4294967295.

Description

Use the ntp-service reliable authentication-keyid command to configure the key as reliable.

Use the undo ntp-service reliable authentication-keyid command to cancel the current setting.

By default, no key is configured as reliable.

When you enable the authentication, you can use this command to configure one or more than one keys as reliable. In this case, a Client will only get synchronized by a server whichever can provide a reliable key.

Example

# Enable NTP authentication, adopt MD5 encryption, and designate Key 37 BetterKey and configure it as reliable.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ntp-service authentication enable

[H3C] ntp-service authentication-keyid 37 authentication-mode md5 BetterKey

[H3C] ntp-service reliable authentication-keyid 37

7.1.15 ntp-service source-interface

Syntax

ntp-service source-interface interface-type interface-number

undo ntp-service source-interface

View

System view

Parameter

interface-type: Specifies the interface type and determine an interface with the interface-number parameter. The interface can be VLAN interface and Loopback interface currently.

interface-number: Specifies the interface number and determine an interface with the interface-type parameter.

Description

Use the ntp-service source-interface command to designate an interface to transmit NTP message.

Use the undo ntp-service source-interface command to cancel the current setting.

By default, the source address specifies where the packets are transmitted from.

You can use this command to designate an interface to transmit all the NTP packets and take the source address of these packets from its IP address. If you do not want any other interface to receive the acknowledgement packets, use this command to specify one interface to send all the NTP packets.

Example

# Configure all the outgoing NTP packets to use the IP address of Vlan-Interface1 as their source IP address.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ntp-service source-interface Vlan-Interface 1

7.1.16 ntp-service unicast-peer

Syntax

ntp-service unicast-peer ip-address [ version number ] [ authentication-key keyid ] [ source-interface interface-type interface-number ] [ priority ]*

undo ntp-service unicast-peer ip-address

View

System view

Parameter

ip-address: Specifies the IP address of a remote server.

version: Defines NTP version number.

number: NTP version number, ranging from 1 to 3.

authentication-keyid: Defines authentication key.

keyid: Key ID used for transmitting messages to a remote server, ranging from 1 to 4294967295.

source-interface: Specifies the name of an interface, the interface can be VLAN interface and Loopback interface currently.

interface-type: Specifies the interface type and determine an interface together with the interface-number parameter.

interface-number: Specifies the interface number and determine an interface together with the interface-type parameter.

priority: Designates a server as the first choice.

Description

Use the ntp-service unicast-peer command to configure NTP peer mode.

Use the undo ntp-service unicast-peer command to cancel NTP peer mode.

By default, version number number defaults to 3, the authentication is disabled, and the local server is not the first choice.

This command sets the remote server at ip-address as a peer of the local equipment, which operates in symmetric active mode. ip-address specifies a host address other than an IP address of broadcast, multicast, or reference clock. By operating in this mode, a local device can synchronize and be synchronized by a remote server.

Example

# Configure the local equipment to synchronize or synchronized by a peer at 128.108.22.44. Set the NTP version to 3. The IP address of the NTP packets are taken from that of Vlan-Interface1.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ntp-service unicast-peer 131.108.22.33 version 3 source-interface Vlan-Interface 1

7.1.17 ntp-service unicast-server

Syntax

ntp-service unicast-server ip-address [ version number ] [ authentication-keyid keyid ] [ source-interface interface-type interface-number ] [ priority ]*

undo ntp-service unicast-server ip-address

View

System view

Parameter

ip-address: Specifies the IP address of a remote server.

version: Defines NTP version number.

number: NTP version number, ranging from 1 to 3.

authentication-keyid: Defines authentication key.

keyid: Key ID used for transmitting messages to a remote server, ranging from 1 to 4294967295.

source-interface: Specifies the name of an interface, the interface can be VLAN interface and Loopback interface.

interface-type: Specifies the interface type and determine an interface together with the interface-number parameter.

interface-number: Specifies the interface number and determine an interface together with the interface-type parameter.

priority: Designates a server as the first choice.

Description

Use the ntp-service unicast-server command to configure NTP server mode.

Use the undo ntp-service unicast-server command to disable NTP server mode.

By default, version number number defaults to 3, the authentication is disabled, and the local server is not the first choice.

The command announces to use the remote server at ip-address as the local time server. ip-address specifies a host address other than an IP address of broadcast, multicast, or reference clock. By operating in client mode, a local device can be synchronized by a remote server, but not synchronize any remote server.

Example

# Designate the server at 128.108.22.44 to synchronize the local device and use NTP version 3.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ntp-service unicast-server 128.108.22.44 version 3

Chapter 8 SSH Terminal Service Configuration Commands

8.1 SSH Server Configuration Commands

8.1.1 debugging ssh server

Syntax

debugging ssh server { VTY index | all }

undo debugging ssh server { VTY index | all }

View

User view

Parameter

index: SSH channel to be debugged, whose value is dictated by VTY numbers. The default VTY numbers are 0 to 4.

all: All the SSH channels.

Description

Use the debugging ssh server command to send information regulated by the SSH2.0 protocol, such as the negotiation procedure, to the information center in the format of Debugging information. You can also use it to debug a user interface individually.

Use the undo debugging ssh server command to disable the debugging.

By default, the debugging is disabled.

Related command: ssh server authentication-retries, ssh server rekey-interval, ssh server timeout.

Example

# Print the Debugging information when the SSH is running.

<H3C> debugging ssh server vty 0

00:23:20: SSH0: starting SSH control process

00:23:20: SSH0: sent protocol version id SSH-1.5-H3C-1.25

00:23:20: SSH0: protocol version id is - SSH-1.5-1.2.26

00:23:20: SSH0: SSH_SMSG_PUBLIC_KEY msg

00:23:21: SSH0: SSH_CMSG_SESSION_KEY msg - length 112, type 0x03

00:23:21: SSH: RSA decrypt started

00:23:21: SSH: RSA decrypt finished

00:23:21: SSH: RSA decrypt started

00:23:21: SSH: RSA decrypt finished

8.1.2 display rsa local-key-pair public

Syntax

display rsa local-key-pair public

View

Any view

Parameter

None

Description

Use the display rsa local-key-pair public command to display the public key of the server’s host key pair and server key pair. If no key has been created, you will see a prompt like this: RSA keys not found.

Related command: rsa local-key-pair create.

Example

# Display the public key of the server’s host key pair and server key pair.

<H3C> display rsa local-key-pair public

% Key pair was generated at: 12:26:33 UTC 2002/4/4

Key name: rtvrp_Host

Usage: Encryption Key

Key Data:

30470240 AF7DB1D0 DA78944F 53B7B59B 40D425D0 DC9C57D2 A60916C2 1F165807 08B84DDB 5F4DB8E7 A115B74E 2D41D96C AC61D276 AA027E41 DD48DE64 696E0934 EB872805 02030100 01

% Key pair was generated at: 12:26:45 UTC 2002/4/4

Key name: rtvrp_Server

Usage: Encryption Key

Key Data:

30670260 C05280D9 BA0D56C8 7BE43379 8634CDE7 83ABA9A2 3F36280E 25995487 4FF6AD7A 0E57871C 761E6D92 9914D8C5 CC577388 5B580B94 C2172C8F 36039EED 160A0478 651DED3A 9CCF1AAD D800AAF2 DF7FBEC4 A13ADA59 9E738319 AF366B8B 519D39F5 02030100 01

8.1.3 display rsa peer-public-key

Syntax

display rsa peer-public-key [ brief | name keyname ]

View

Any view

Parameter

brief: Displays the brief information about all client public keys.

keyname: Specifies the public key name of the client to be displayed. The key name is a consecutive string whose length ranges from 1 to 64 characters.

Description

Use the display rsa peer-public-key command to display the public key of RSA key pair specified by the client. If you do not specify the keyname argument, all public keys will be displayed.

Related command: rsa local-key-pair create.

Example

# Display the public key of the specified RSA key pair of the client.

<H3C> display rsa peer-public-key

Address Bits Name

1023 abcd

1024 hq

1024 wn1

1024 hq_all

# Display the public key of the specified RSA key pair named abcd of the client.

<H3C> display rsa peer-public-key name abcd

Key name:abcd

Key address:

Data:

30818602 8180739A 291ABDA7 04F5D93D C8FDF84C 42746319 91C164B0 DF178C55 FA833591 C7D47D53 81D09CE8 2913D7ED F9C08511 D83CA4ED 2B30B809 808EB0D1 F52D045D E40861B7 4A0E1355 23CCD74C AC61F8E5 8C452B2F 3F2DA0DC C48E3306 367FE187 BDD94401 8B3B69F3 CBB0A573 202C16BB 2FC1ACF3 EC8F828D 55A36F1C DDC4BB45 504F0201 25

8.1.4 display ssh server

Syntax

display ssh server { status | session }

View

Any view

Parameter

status: Displays the SSH status information.

session: Displays the SSH session information.

Description

Use the display ssh server command to display the status information or session information of an SSH server.

Related command: ssh server authentication-retries, ssh server rekey-interval, ssh server timeout.

Example

# Display the status information of the SSH server.

<H3C> display ssh server status

SSH - version 2.0

SSH connection timeout: 60 seconds

SSH Authentication retries: 3 times

SFTP Server state: Disable

# Display the session information of the SSH server.

[H3C] display ssh server session

Connection Version Encryption State Username

VTY0 2.0 3DES Session started H3C

VTY3 1.5 DES Session started switch

8.1.5 display ssh user-information

Syntax

display ssh user-information [ username ]

View

Any view

Parameter

username: Valid SSH username.

Description

Use the display ssh user-information command to display information about the current SSH user, including username, peer key name, authentication mode and the types of authorized services. If you specify the argument username in the command, the user information about the specified username will be displayed.

Related command: ssh user username assign rsa-key, ssh user username authentication-type, ssh user username service-type, display local-user, display rsa peer-public-key.

Example

# Display the current SSH user information.

<H3C> display ssh user-information

Username Authentication-type User-public-key-name Service-type

sshuser2 rsa sshuser2 stelnet

sshuser1 password sshuser1 stelnet

If the Username and User-key-name are too long, the result of the dispaly ssh user-information is displayed with wildcard ” ...”. An example is given below:

# Display current SSH user information.

<H3C> display ssh user-information

Username Authentication-type User-public-key-name Service-type

admin password aaaaaaaaaabbbbbbb... sftp

aaaaaaaaaabbbbbb... all aaaaaaaaaabbbbbbb... stelnet

fxdfxdfxdfxdfxdf... null null stelnet|sftp

You can use the display local-user command and the display rsa peer-public-key command respectively to view Username and User-public-key-name which are too long.

8.1.6 peer-public-key end

Syntax

peer-public-key end

View

Public key view

Parameter

None

Description

Use the peer-public-key end command to exit from the public key view and return to the system view.

Related command: rsa peer-public-key, public-key-code begin.

Example

# Exit the public key view and save the configuration.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] rsa peer-public-key H3C003

RSA public key view: return to System View with "peer-public-key end".

[H3C-rsa-public-key] peer-public-key end

[H3C]

8.1.7 protocol inbound

Syntax

protocol inbound { all | pad | ssh | telnet }

View

VTY user interface view

Parameter

all: Supports all protocols, including Telnet and SSH.

ssh: Supports the SSH protocol only, and does not support the Telnet protocol.

telnet: Supports the Telnet protocol only, and does not support the SSH protocol.

Description

Use the protocol inbound command to specify the protocol supported by the current user interface.

By default, all protocols are supported.

This configuration takes effect at the next login. Note that after enabling SSH by this command, you still cannot log in through SSH if the client RSA key is not configured.

Caution:

l If the supported protocol configured in the user interface is SSH, make sure to configure the corresponding authentication mode to authentication-mode scheme (using AAA authentication mode).

l If the authentication mode is configured as authentication-mode password or authentication-mode none, the configuration of protocol inbound ssh will fail; contrarily, if a user interface is configured to support the SSH protocol, you will fail to configure authentication-mode password and authentication-mode none.

Related command: user-interface vty.

Example

# Set VTY 0 to 4 to support the SSH protocol only.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] user-interface vty 0 4

[H3C-ui-vty0-4] protocol inbound ssh

# Disable the Telnet function of VTY 0 and make it support SSH only.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] user-interface vty 0

[H3C-ui-vty0] protocol inbound ssh

8.1.8 public-key-code begin

Syntax

public-key-code begin

View

Public key view

Parameter

None

Description

Use the public-key-code begin command to enter the public key edit view and input the public key of the client. Note that you must use the rsa peer-public-key command to specify a client key name before performing this command.

When inputting the public key, you may type spaces between the characters (the system will delete the spaces automatically), or press <Enter> and then continue to input the key. Note that the public key must be a hexadecimal string coded in the public key format and is randomly generated by the SSH 2.0-enabled client software or the client switch.

Related command: rsa peer-public-key, public-key-code end.

Example

# Enter the public key edit view and input the key.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] rsa peer-public-key H3C003

[H3C-rsa-public-key] public-key-code begin

RSA key code view: return to last view with "public-key-code end".

[H3C-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463

[H3C-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913

[H3C-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4

[H3C-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC

[H3C-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16

[H3C-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125

[H3C-key-code] public-key-code end

[H3C-rsa-public-key]

8.1.9 public-key-code end

Syntax

public-key-code end

View

Public key edit view

Parameter

None

Description

Use the public-key-code end command to return from the public key edit view to the public key view and save the public key entered.

After this command is performed to end the public key edit procedure, the system will check the validity of the key before saving the input public key. If the public key string contains any illegal character, the system will prompt the failure of the configuration and the configured key will be discarded; otherwise, the key is valid and will be saved to the user public key list.

Related command: rsa peer-public-key, public-key-code begin.

Example

# Exit the public key edit view and save the configured public key.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] rsa peer-public-key H3C003

[H3C-rsa-public-key] public-key-code begin

RSA key code view: return to last view with "public-key-code end".

[H3C-rsa-key-code] public-key-code end

[H3C-rsa-public-key]

8.1.10 rsa local-key-pair create

Syntax

rsa local-key-pair create

View

System view

Parameter

None

Description

Use the rsa local-key-pair create command to generate the RSA key pair (including the host key and server key) of the server. The naming conventions for the keys are switch name + host and switch name + server respectively, for example, H3C_host, H3C_server.

When configuring by this command, if the RSA key pair already exists, you will get a warning asking if you want to replace the existing one. Note that the host key and the server key must have a difference of 128 bits at least, and that the minimum and maximum lengths for the host key and the server key are 512 bits and 2048 bits .

Generating the RSA key pair of the server is the first step to perform after SSH login. It needs to be performed only once; you need not re-perform it after rebooting the switch.

Caution:

When you log in through SSH user, the key generated by the server must be longer than or equal to 768 bits. The RSA key genetated by the server is 512 bits by default.

Related command: rsa local-key-pair destroy.

Example

# Generate the local RSA key pair.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] rsa local-key-pair create

The name for the keys will be: rtvrp_Host

% You already have RSA keys defined for rtvrp_Host

% Do you really want to replace them? [yes/no]:y

Choose the size of the key modulus in the range of 512 to 2048 for your Keys.

Choosing a key modulus greater than 512 may take a few minutes.

How many bits in the modulus [512]:512

Generating keys...

.....++++++++++++

........................++++++++++++

..........++++++++

............................++++++++

8.1.11 rsa local-key-pair destroy

Syntax

rsa local-key-pair destroy

View

System view

Parameter

None

Description

Use the rsa local-key-pair destroy command to destroy all the RSA key pairs of the server, including the host keys and server keys.

Related command: rsa local-key-pair create.

Example

# Destroy all the RSA keys of the server.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] rsa local-key-pair destroy

% Keys to be removed are named rtvrp_Host .

% Do you really want to remove these keys? [yes/no]:y

8.1.12 rsa peer-public-key

Syntax

rsa peer-public-key key-name

View

System view

Parameter

key-name: Name of the public key of the client. It is a consecutive string whose length ranges from 1 to 64 characters.

Description

Use the rsa peer-public-key command to enter the public key view.

Performing this command, you can enter the public key view. Then you can use the public-key-code begin command to configure the client public key on the server. The client public key is generated randomly by the SSH 2.0-enabled client software.

Related command: public-key-code begin, public-key-code end.

Example

# Enter the public key view named H3C002.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] rsa peer-public-key H3C002

[H3C-rsa-public-key]

8.1.13 ssh server authentication-retries

Syntax

ssh server authentication-retries times

undo ssh server authentication-retries

View

System view

Parameter

times: Number of authentication retries, in the range from 1 to 5. By default, the value is 3.

Description

Use the ssh server authentication-retries command to set the number of SSH connection authentication retries.

Use the ssh server authentication-retries command to restore the default number of SSH connection authentication retries.

Related command: display ssh server.

Example

# Specify the number of login authentication retries to 4.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ssh server authentication-retries 4

8.1.14 ssh server compatible_ssh1x enable

Syntax

ssh server compatible_ssh1x enable

undo ssh server compatible_ssh1x

View

System view

Parameter

None

Description

Use the ssh server compatible_ssh1x enable command to make the server compatible with the SSH 1.x client.

Use the undo ssh server compatible_ssh1x command to make the server not compatible with an SSH 1.x client.

By default, the server is compatible with the SSH 1.x client.

Example

# Set the server to be compatible with the SSH 1.x client.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ssh server compatible_ssh1x enable

8.1.15 ssh server rekey-interval

Syntax

ssh server rekey-interval hours

undo ssh server rekey-interval

View

System view

Parameter

hours: Update interval of the server key, in range of 1 to 24 (hours). It cannot be 0.

Description

Use the ssh server rekey-interval command to set update interval of the server key.

Use the undo ssh server rekey-interval command to remove the configuration.

By default, the system does not update the server key.

Related command: display ssh server

Example

# Set to update the server key every three hours.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ssh server rekey-interval 3

8.1.16 ssh server timeout

Syntax

ssh server timeout seconds

undo ssh server timeout

View

System view

Parameter

seconds: Specifies the login timeout (in seconds), in the range from 1 to 120. By default, the value is 60.

Description

Use the ssh server timeout command to set the authentication timeout of SSH connections.

Use the undo ssh server timeout command to restore the default SSH authentication timeout.

The configuration takes effect at the next login.

Related command: display ssh server.

Example

# Set the login timeout to 80 seconds.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ssh server timeout 80

8.1.17 ssh user assign rsa-key

Syntax

ssh user username assign rsa-key keyname

undo ssh user username assign rsa-key

View

System view

Parameter

keyname: Name of the client public key. It is a consecutive string whose length ranges from 1 to 64 characters.

username: Valid SSH username. It is a consecutive string whose length ranges from 1 to 80 characters.

Description

Use the ssh user assign rsa-key command to assign an existing public key for the specified SSH user.

Use the undo ssh user assign rsa-key command to cancel the corresponding relationship between the user and the public key.

The new public key takes effect at the next login.

If a public key already exists before this command is performed, the newly configured key takes effect.

Related command: display ssh user-information.

Example

# Assign public key1 for user zhangsan.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ssh user zhangsan assign rsa-key key1

8.1.18 ssh user authentication-type

Syntax

ssh user username authentication-type { password | rsa | password-publickey | all }

undo ssh user username authentication-type

View

System view

Parameter

password: Forces the user’s authentication mode to password authentication.

rsa: Forces the user’s authentication mode to RSA public key authentication.

password-publickey: Forces the user’s authentication mode to password authentication plus RSA public key authentication.

all: Specifies that the user’s authentication mode can be either password authentication or public authentication.

Description

Use the ssh user authentication-type command to specify an authentication mode for a user.

Use the undo ssh user authentication-type command to restore the default unable-to-login mode.

The new authentication mode takes effect at the next login.

By default, no login authentication mode is specified, that is, SSH users are unable to login.

For a new user, you must specify an authentication mode; otherwise, the new user will not be able to log in.

Related command: display ssh user-information.

Example

# Specify the authentication mode of user zhangsan to password authentication.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ssh user zhangsan authentication-type password

8.2 SSH Client Configuration Commands

8.2.1 display ssh server-info

Syntax

display ssh server-info

View

Any view

Parameter

None

Description

Use the display ssh server-info command to view the corresponding relationship between the client’s servers and public keys.

Example

# Display the corresponding relationship between the client’s servers and public keys.

<H3C> display ssh server-info

Server Name(IP) Server public key name

192.168.0.1 test_key01

192.168.0.2 test_key02

8.2.2 quit

Syntax

quit

View

User view

Parameter

None

Description

Use the quit command to terminate the connection with the remote SSH server.

Example

# Terminate the connection with the remote SSH server.

<H3C> quit

8.2.3 ssh client assign rsa-key

Syntax

ssh client server-ip assign rsa-key keyname

undo ssh client server-ip assign rsa-key

View

System view

Parameter

server-ip: IP address of the server.

keyname: Public key name of the client.

Description

Use the ssh client assign rsa-key command to specify the IP address and the corresponding public key name of the server on the client.

Use the undo ssh client assign rsa-key command to cancel the configuration.

Example

# Specify the public key of a server with IP address 192.168.0.1 on the client to serverkey01.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ssh client 192.168.0.1 assign rsa-key serverkey01

8.2.4 ssh client first-time enable

Syntax

ssh client first-time enable

undo client ssh first-time

View

System view

Parameter

None

Description

Use the ssh client first-time enable command to set the SSH client to perform the first-time authentication of the SSH server to be accessed.

Use the undo ssh client first-time command to cancel the first-time authentication.

The first-time authentication means that when the SSH client accesses the server for the first time in the case that there is no local copy of the server’s public key, the user can proceed to access the server and save a local copy of the server’s public key; when the client accesses the server next time, it uses the saved public key to authenticate the server.

If the first-time authentication is not supported, when there is no local copy of the public key of the connected server, the client assumes that the server is illegal and will refuse to access the server. The user can save a copy of the server’s public key locally by other means beforehand.

By default, the client does not perform the first-time authentication.

Example

# Set the SSH client to perform the first-time authentication of the SSH server to be accessed.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ssh client first-time enable

8.2.5 ssh2

Syntax

ssh2 { host-ip | host-name } [ port-num ] [ prefer_kex { dh_group1 | dh_exchange_group } ] [ prefer_ctos_cipher { des | 3des | aes128 } ] [ prefer_stoc_cipher { des | 3des | aes128 } ] [ prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } ] [ prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ]

View

System view

Parameter

host-ip: IP address of the server.

host-name: Server name, a string with 1 to 20 characters.

port-num: Server port number, ranges from 0 to 65535, and defaults to 22.

prefer_kex: Preferred key exchange algorithm, which can be one of the two algorithms.

dh_group1: Key exchange algorithm diffie-hellman-group1-sha1, which is the default algorithm.

dh_exchange_group: Key exchange algorithm diffie-hellman-group-exchange-sha1.

prefer_ctos_cipher: Preferred encryption algorithm from the client to the server. The default algorithm is aes128.

prefer_stoc_cipher: Preferred encryption algorithm from the server to the client. The default algorithm is aes128.

des: Encryption algorithm des_cbc.

3des: Encryption algorithm 3des_cbc.

aes128: Encryption algorithm aes_128.

prefer_ctos_hmac: Preferred HMAC algorithm from the client to the server. The default algorithm is sha1_96.

prefer_stoc_hmac: Preferred HMAC algorithm from the server to the client. The default algorithm is sha1_96.

sha1: HMAC algorithm hmac-sha1.

sha1_96: HMAC algorithm hmac-sha1-96.

md5: HMAC algorithm hmac-md5.

md5_96: HMAC algorithm hmac-md5-96.

Description

Use the ssh2 command to enable the connection between the SSH client and the server, and specify the preferred key exchange algorithm, encryption algorithm and HMAC algorithm of the client and the server.

Example

# Log in to remote SSH2 server with IP address 10.214.50.51, and configure encryption algorithms as follows:

l Preferred key exchange algorithm: dh_exchange_group

l Preferred encryption algorithm from the client to the server: 3DES-CBC

l Preferred HMAC algorithm from the client to the server: HMAC-MD5

l Preferred encryption algorithm from the server to the client: AES-128

l Preferred HMAC algorithm from the server to the client: HMAC-SHA1-96

The command is as follows:

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ssh2 10.214.50.51 prefer_kex dh_exchange_group prefer_ctos_cipher 3des prefer_ctos_hmac md5

8.3 SFTP Server Configuration Commands

8.3.1 sftp server enable

Syntax

sftp server enable

undo sftp server

View

System view

Parameter

None

Description

Use the sftp server enable command to start the SFTP server.

Use the undo sftp server enable command to shutdown the SFTP server.

By default, the SFTP server is shutdown.

Example

# Start the SFTP server.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] sftp-server enable

# Shutdown the SFTP server.

[H3C] undo sftp-server enable

8.3.2 ssh user service-type

Syntax

ssh user username service-type { stelnet | sftp | all }

undo ssh user username service-type

View

System view

Parameter

username: Local username or username defined by the remote RADIUS server.

stelnet: Specifies the service type as stelnet.

sftp: Specifies the service type as SFTP.

all: Includes both Telnet and SFTP service types.

Description

Use the ssh user service-type command to specify the service type for a particular user.

Use the undo ssh user service-type command to restore the default service type.

By default, the service type is stelnet.

Related command: display ssh user-information.

Example

# Specify the service type to be SFTP for user zhangsan.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ssh user zhangsan service-type sftp

8.4 SFTP Client Configuration Commands

8.4.1 bye

Syntax

bye

View

SFTP Client view

Parameter

None

Description

Use the bye command to terminate the connection with the remote SFTP server and return to the user view.

This command has the same functionality as the exit and quit commands.

Example

# Terminate the connection with the remote SFTP server.

<H3C> system-view

System View: return to User View with Ctrl+Z.

sftp-client> bye

<H3C>

8.4.2 cd

Syntax

cd [remote-path ]

View

SFTP Client view

Parameter

remote-path: Name of a path on the server.

Description

Use the cd command to change the current path on the SFTP server. If you do not specify the remote-path argument, the current path will be displayed.

Example

# Change the current path to d:/temp.

sftp-client> cd d:/temp

8.4.3 cdup

Syntax

cdup

View

SFTP Client view

Parameter

None

Description

Use the cdup command to change the current path to its upper directory.

Example

# Change the current path to its upper directory.

sftp-client> cdup

8.4.4 delete

Syntax

delete remote-file

View

SFTP Client view

Parameter

remote-file: Name of a file on the server.

Description

Use the delete command to delete the specified file from the server.

This command has the same functionality as the remove command.

Example

# Delete file temp.c from the server.

sftp-client> delete temp.c

8.4.5 dir

Syntax

dir [ remote-path ]

View

SFTP Client view

Parameter

remote-path: Name of the directory to view.

Description

Use the dir command to view the files in the specified directory.

If the remote-path argument is not specified, the files in the current directory will be displayed.

This command has the same functionality as the ls command.

Example

# View directory flash:/

sftp-client> dir flash:/

-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg

-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2

-rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1

-rwxrwxrwx 1 noone nogroup 225 Sep 28 08:28 pub1

drwxrwxrwx 1 noone nogroup 0 Sep 28 08:24 new1

drwxrwxrwx 1 noone nogroup 0 Sep 28 08:18 new2

-rwxrwxrwx 1 noone nogroup 225 Sep 28 08:30 pub2

8.4.6 exit

Syntax

exit

View

SFTP Client view

Parameter

None

Description

Use the exit command to terminate the connection with the remote SFTP server and return to the user view.

This command has the same functionality as the bye and quit commands.

Example

# Terminate the connection with the remote SFTP server.

sftp-client> exit

<H3C>

8.4.7 get

Syntax

get remote-file [ local-file ]

View

SFTP Client view

Parameter

remote-file: Name of a file on the remote SFTP server.

local-file: Name of a local file.

Description

Use the get command to download a file from the remote server and save it locally.

By default, if no local file name is specified, it is assumed that the local file has the same name as the file on the SFTP server.

Example

# Download file temp1.c and save it with name temp.c.

sftp-client> get temp1.c temp.c

8.4.8 help

Syntax

help [ command ]

View

SFTP Client view

Parameter

command: Name of a command.

Description

Use the help command to view the help information for SFTP client commands.

If the command argument is not specified, all command names will be displayed.

Example

# View the help information for the get command.

sftp-client> help get

get remote-path [local-path] Download file

Default local-path is the same with remote-path

8.4.9 ls

Syntax

ls [ remote-path ]

View

SFTP Client view

Parameter

remote-path: Name of the directory to view.

Description

Use the ls command to view the files in the specified directory.

If the remote-path argument is not specified, the files in the current directory will be displayed.

This command has the same functionality as the dir command.

Example

# View directory flash:/.

sftp-client> ls flash:/

-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg

-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2

-rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1

-rwxrwxrwx 1 noone nogroup 225 Sep 28 08:28 pub1

drwxrwxrwx 1 noone nogroup 0 Sep 28 08:24 new1

drwxrwxrwx 1 noone nogroup 0 Sep 28 08:18 new2

-rwxrwxrwx 1 noone nogroup 225 Sep 28 08:30 pub2

8.4.10 mkdir

Syntax

mkdir remote-path

View

SFTP Client view

Parameter

remote-path: Name of a directory on the remote SFTP server.

Description

Use the mkdir command to create a directory on the remote SFTP server.

Example

# Create directory test on the remote SFTP server.

sftp-client> mkdir test

8.4.11 put

Syntax

put local-file [ remote-file ]

View

SFTP Client view

Parameter

local-file: Name of a local file.

remote-file: Name of a file on the remote SFTP server.

Description

Use the put command to upload a local file to the remote SFTP server.

By default, if no name of the file on the remote server is specified, it is assumed that the file on the remote server has the same name as the local file.

Example

# Upload local file temp.c to the remote SFTP server and save it with the name temp1.c.

sftp-client> put temp.c temp1.c

8.4.12 pwd

Syntax

pwd

View

SFTP Client view

Parameter

None

Description

Use the pwd command to display the current directory on the SFTP server.

Example

# Display the current directory on the SFTP server.

sftp-client> pwd

flash:

8.4.13 quit

Syntax

quit

View

SFTP Client view

Parameter

None

Description

Use the quit command to terminate the connection with the remote SFTP server and return to the user view.

This command has the same functionality as the bye and exit commands.

Example

# Terminate the connection with the remote SFTP server.

sftp-client> quit

<H3C>

8.4.14 remove

Syntax

remove remote-file

View

SFTP Client view

Parameter

remote-file: Name of a file on the server.

Description

Use the remove command to delete the specified file from the server.

This command has the same functionality as the delete command.

Example

# Delete the file temp.c from the server.

sftp-client> delete temp.c

8.4.15 rename

Syntax

rename oldname newname

View

SFTP Client view

Parameter

oldname: Original file name.

newname: New file name.

Description

Use the rename command to change the name of the specified file on the SFTP server.

Example

# Change the name of the file temp1 on the SFTP server to temp2.

sftp-client> rename temp1 temp2

8.4.16 rmdir

Syntax

rmdir remote-path

View

SFTP Client view

Parameter

remote-path: Name of a directory on the remote SFTP server.

Description

Use the rmdir command to delete the specified directory from the SFTP server.

Example

# Delete the directory D:/temp1 from the SFTP server.

sftp-client> rmdir D:/temp1

8.4.17 sftp

Syntax

sftp ipaddr [ prefer_kex { dh_group1 | dh_exchange_group } ] [ prefer_ctos_cipher { des | 3des | aes128 } ] [ prefer_stoc_cipher { des | 3des | aes128 } ] [ prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } ] [ prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ]

View

System view

Parameter

ipaddr: IP address of the server.

prefer_key: Preferred key exchange algorithm, which can be either diffie-hellman-group1-sha1 or diffie-hellman-group-exchange-sha1.

dh_group1: Key exchange algorithm diffie-hellman-group1-sha1, which is default algorithm.

dh_exchange_group: Key exchange algorithm diffie-hellman-group-exchange-sha1.

prefer_ctos_cipher: Preferred encryption algorithm from the client to the server. The default algorithm is aes128.

prefer_stoc_cipher: Preferred encryption algorithm from the server to the client. The default algorithm is aes128.

des: Encryption algorithm des_cbc.

3des: Encryption algorithm 3des_cbc.

aes128: Encryption algorithm aes_128.

prefer_ctos_hmac: Preferred HMAC algorithm from the client to the server. The default algorithm is sha1_96.

prefer_stoc_hmac: Preferred HMAC algorithm from the server to the client. The default algorithm is sha1_96.

sha1: HMAC algorithm hmac-sha1.

sha1_96: HMAC algorithm hmac-sha1-96.

md5: HMAC algorithm hmac-md5.

md5_96: HMAC algorithm hmac-md5-96.

Description

Use the sftp command to establish the connection with the remote SFTP server and enter the SFTP Client view.

Example

# Connect to the SFTP server with IP address 10.214.49.126 using the default encryption algorithm.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] sftp 10.214.49.126

H3C S9500 Series Routing Switches Command Manual-(V1.01)

1.1.15 rmdir

1.4 FTP Client Commands

1.4.7 debugging

2.1.1 display mac-address aging-time

2.1.4 mac-address max-mac-count

3.1.3 display boot-loader

3.1.4 display cpu

3.1.5 display device

Chapter 4 System Maintenance Commands

4.1.1 clock datetime

4.1.2 clock summer-time

4.3.4 display users

4.4 System Debug Commands