Using the CLI

Boldface

Bold text represents commands and keywords that you enter literally as shown.

Italic

Italic text represents arguments that you replace with actual values.

[ ]

Square brackets enclose syntax choices (keywords or arguments) that are optional.

{ x | y | ... }

Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.

[ x | y | ... ]

Square brackets enclose a set of optional syntax choices separated by vertical bars, from which you select one or none.

{ x | y | ... } *

Asterisk marked braces enclose a set of required syntax choices separated by vertical bars, from which you select at least one.

[ x | y | ... ] *

Asterisk marked square brackets enclose optional syntax choices separated by vertical bars, from which you select one choice, multiple choices, or none.

&<1-n>

The argument or keyword and argument combination before the ampersand (&) sign can be entered 1 to n times.

#

A line that starts with a pound (#) sign is comments.

Enter system view from user view.

system-view

Available in user view.

Return to the upper-level view from any view.

quit

Available in any view.

Return to user view from any view.

return

Common keys

If the edit buffer is not full, pressing a common key inserts the character at the position of the cursor and moves the cursor to the right.

Backspace

Deletes the character to the left of the cursor and moves the cursor back one character.

Left arrow key or Ctrl+B

Moves the cursor one character to the left.

Right arrow key or Ctrl+F

Moves the cursor one character to the right.

Tab

If you press Tab after entering part of a keyword, the system automatically completes the keyword:

·     If a unique match is found, the system substitutes the complete keyword for the incomplete one and displays what you entered in the next line.

·     If there is more than one match, you can press Tab multiple times to choose the keyword you want to enter.

·     If there is no match, the system does not modify what you entered but displays it again in the next line.

1.     Enter system view.

system-view

N/A

2.     Enable the command keyword alias function.

command-alias enable

By default, the command keyword alias function is disabled.

3.     Configure a command keyword alias.

command-alias mapping cmdkey alias

By default, no command keyword alias is configured.

You must enter the cmdkey and alias arguments in their complete form.

1.     Enter system view.

system-view

N/A

2.     Configure hotkeys.

hotkey { CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U } command

By default:

·     Ctrl+G is assigned the display current-configuration command.

·     Ctrl+L is assigned the display ip routing-table command.

·     Ctrl+O is assigned the undo debugging all command.

·     No command is assigned to Ctrl+T or Ctrl+U.

3.     Display hotkeys.

display hotkey [ | { begin | exclude | include } regular-expression ]

Optional.

Available in any view. See Table 3 for hotkeys reserved by the system.

Ctrl+A

Moves the cursor to the beginning of the line.

Ctrl+B

Moves the cursor one character to the left.

Ctrl+C

Stops the current command.

Ctrl+D

Deletes the character at the cursor.

Ctrl+E

Moves the cursor to the end of the line.

Ctrl+F

Moves the cursor one character to the right.

Ctrl+H

Deletes the character to the left of the cursor.

Ctrl+K

Aborts the connection request.

Ctrl+N

Displays the next command in the command history buffer.

Ctrl+P

Displays the previous command in the command history buffer.

Ctrl+R

Redisplays the current line.

Ctrl+V

Pastes text from the clipboard.

Ctrl+W

Deletes the word to the left of the cursor.

Ctrl+X

Deletes all characters to the left of the cursor.

Ctrl+Y

Deletes all characters to the right of the cursor.

Ctrl+Z

Returns to user view.

Ctrl+]

Terminates an incoming connection or a redirect connection.

Esc+B

Moves the cursor back one word.

Esc+D

Deletes all characters from the cursor to the end of the word.

Esc+F

Moves the cursor forward one word.

Esc+N

Moves the cursor down one line. This hotkey is available before you press Enter.

Esc+P

Moves the cursor up one line. This hotkey is available before you press Enter.

Esc+<

Moves the cursor to the beginning of the clipboard.

Esc+>

Moves the cursor to the ending of the clipboard.

1.     Enter system view.

system-view

N/A

2.     Enable redisplaying entered-but-not-submitted commands.

info-center synchronous

Disabled by default.

For more information about the info-center synchronous command, see Network Management and Monitoring Command Reference.

% Unrecognized command found at '^' position.

The keyword in the marked position is invalid.

% Incomplete command found at '^' position.

One or more required keywords or arguments are missing.

% Ambiguous command found at '^' position.

The entered character sequence matches more than one command.

% Too many parameters found at '^' position.

The entered character sequence contains excessive keywords or arguments.

% Wrong parameter found at '^' position.

The argument in the marked position is invalid.

Display all commands in the command history buffer.

display history-command [ | { begin | exclude | include } regular-expression ]

Display the previous history command.

Up arrow key or Ctrl+P

Display the next history command.

Down arrow key or Ctrl+N

1.     Enter system view.

system-view

N/A

2.     Enter user interface view.

user-interface { first-num1 [ last-num1 ] | { aux | console | vty } first-num2 [ last-num2 ] }

N/A

3.     Set the maximum number of commands that can be saved in the command history buffer.

history-command max-size size-value

Optional.

By default, the command history buffer can save up to 10 commands.

Space

Displays the next screen.

Enter

Displays the next line.

Ctrl+C

Stops the displaying and aborts the command execution.

<PageUp>

Displays the previous page.

<PageDown>

Displays the next page.

Disable pausing between screens of output for the current session.

screen-length disable

The default for a session depends on the setting of the screen-length command in user interface view. The default of the screen-length command is pausing between screens of output and displaying up to 24 lines on a screen.

This command is executed in user view and takes effect only for the current session. When you relog in to the switch, the default is restored.

^string

Starting sign. Matches a line that starts with string.

For example, regular expression "^user" matches a line beginning with "user", not "Auser".

string$

Ending sign. Matches a line that ends with string.

For example, regular expression "user$" only matches a line ending with "user", not "userA".

.

Matches any single character, such as a single character, a special character, and a blank.

For example, ".s" matches both "as" and "bs".

*

Matches the preceding character or character group zero or multiple times.

For example, "zo*" matches "z" and "zoo"; "(zo)*" matches "zo" and "zozo".

+

Matches the preceding character or character group one or multiple times

For example, "zo+" matches "zo" and "zoo", but not "z".

|

Matches the preceding or succeeding character string

For example, "def|int" only matches a character string containing "def" or "int".

_

If it is at the beginning or the end of a regular expression, it equals ^ or $. In other cases, it equals comma, space, round bracket, or curly bracket.

For example, "a_b" matches "a b" or "a(b"; "_ab" only matches a line starting with "ab"; "ab_" only matches a line ending with "ab".

-

It connects two values (the smaller one before it and the bigger one after it) to indicate a range together with [ ].

For example, "1-9" means 1 to 9 (inclusive); "a-h" means a to h (inclusive).

[ ]

Matches a single character contained within the brackets.

For example, [16A] matches a string containing any character among 1, 6, and A; [1-36A] matches a string containing any character among 1, 2, 3, 6, and A (- is a hyphen).

"]" can be matched as a common character only when it is put at the beginning of characters within the brackets, for example [ ]string]. There is no such limit on "[".

( )

A character group. It is usually used with "+" or "*".

For example, (123A) means a character group "123A"; "408(12)+" matches 40812 or 408121212. But it does not match 408.

\index

Repeats the character string specified by the index. A character string refers to the string within () before \. index refers to the sequence number (starting from 1 from left to right) of the character group before \. If only one character group appears before \, index can only be 1; if n character groups appear before index, index can be any integer from 1 to n.

For example, (string)\1 repeats string, and a matching string must contain stringstring. (string1)(string2)\2 repeats string2, and a matching string must contain string1string2string2. (string1)(string2)\1\2 repeats both string1 and string2, and a matching string must contain string1string2string1string2.

[^]

Matches a single character not contained within the brackets.

For example, [^16A] means to match a string containing any character except 1, 6 or A, and the matching string can also contain 1, 6 or A, but cannot contain these three characters only. For example, [^16A] matches "abc" and "m16", but not 1, 16, or 16A.

\<string

Matches a character string starting with string.

For example, "\<do" matches word "domain" and string "doa".

string\>

Matches a character string ending with string.

For example, "do\>" matches word "undo" and string "abcdo".

\bcharacter2

Matches character1character2. character1 can be any character except number, letter or underline, and \b equals [^A-Za-z0-9_].

For example, "\ba" matches "-a" with "-" being character1, and "a" being character2, but it does not match "2a" or "ba".

\Bcharacter

Matches a string containing character, and no space is allowed before character.

For example, "\Bt" matches "t" in "install", but not "t" in "big top".

character1\w

Matches character1character2. character2 must be a number, letter, or underline, and \w equals [A-Za-z0-9_].

For example, "v\w" matches "vlan" ("v" is character1 and "l" is character2) and "service" ( "i" is character2).

\W

Equals \b.

For example, "\Wa" matches "-a", with "-" being character1, and "a" being character2, but does not match "2a" or "ba".

\

Escape character. If a special character listed in this table follows \, the specific meaning of the character is removed.

For example, "\\" matches a string containing "\", "\^" matches a string containing "^", and "\\b" matches a string containing "\b".

0

Visit

Includes commands for network diagnosis and commands for accessing an external switch. Configuration of commands at this level cannot survive a switch restart. Upon switch restart, the commands at this level will be restored to the default settings.

Commands at this level include ping, tracert, telnet and ssh2.

1

Monitor

Includes commands for system maintenance and service fault diagnosis. Commands at this level are not saved after being configured. After the switch is restarted, the commands at this level will be restored to the default settings.

Commands at this level include debugging, terminal, refresh, and send.

2

System

Includes service configuration commands, including routing configuration commands and commands for configuring services at different network levels.

By default, commands at this level include all configuration commands except for those at manage level.

3

Manage

Includes commands that influence the basic operation of the system and commands for configuring system support modules.

By default, commands at this level involve the configuration commands of file system, FTP, TFTP, Xmodem download, user management, level setting, and parameter settings within a system, which are not defined by any protocols or RFCs.

1.     Enter system view.

system-view

N/A

2.     Enter user interface view.

user-interface { first-num1 [ last-num1 ] | { aux | console | vty } first-num2 [ last-num2 ] }

N/A

3.     Specify the scheme authentication mode.

authentication-mode scheme

By default, the authentication mode for VTY and AUX users is password, and no authentication is needed for console users.

4.     Return to system view.

quit

N/A

5.     Configure the authentication mode for SSH users as password.

For more information, see Security Configuration Guide.

This task is required only for SSH users that are required to provide their usernames and passwords for authentication.

6.     Configure the user privilege level by using the AAA module.

·     To use local authentication:

a.     Use the local-user command to create a local user and enter local user view.

b.     Use the level keyword in the authorization-attribute command to configure the user privilege level.

·     To use remote authentication (RADIUS, HWTACACS, or LDAP):
Configure the user privilege level on the authentication server

User either method.

For local authentication, if you do not configure the user privilege level, the user privilege level is 0.

For remote authentication, if you do not configure the user privilege level, the user privilege level depends on the default configuration of the authentication server.

For more information about the local-user and authorization-attribute commands, see Security Command Reference.

1.     Configure the authentication type for SSH users as publickey.

For more information, see Security Configuration Guide.

Required if the SSH login mode is adopted, and only the username is needed during authentication.

You must also set the authentication mode of the user interfaces to scheme.

2.     Enter system view.

system-view

N/A

3.     Enter user interface view.

user-interface { first-num1 [ last-num1 ] | vty first-num2 [ last-num2 ] }

N/A

4.     Configure the authentication mode for any user that uses the current user interface to log in to the switch.

authentication-mode scheme

By default, the authentication mode for VTY and AUX users is password, and no authentication is needed for console users.

5.     Configure the privilege level for users that log in through the current user interface.

user privilege level level

Optional.

By default, the user privilege level for users logged in through the console user interface is 3, and that for users logged in through the other user interfaces is 0.

1.     Enter system view.

system-view

N/A

2.     Enter user interface view.

user-interface { first-num1 [ last-num1 ] | { aux | console | vty } first-num2 [ last-num2 ] }

N/A

3.     Configure the authentication mode for any user who uses the current user interface to log in to the switch.

authentication-mode { none | password }

Optional.

By default, the authentication mode for VTY and AUX user interfaces is password, and no authentication is needed for console users.

4.     Configure the privilege level of users logged in through the current user interface.

user privilege level level

Optional.

By default, the user privilege level for users logged in through the console user interface is 3, and that for users logged in through the other user interfaces is 0.

local

Local password authentication only (local-only)

The switch authenticates a user by using the privilege level switching password entered by the user.

To use this mode, you must set the password for privilege level switching by using the super password command.

scheme

Remote AAA authentication through HWTACACS or RADIUS

The switch sends the username and password for privilege level switching to the HWTACACS or RADIUS server for remote authentication.

To use this mode, you must perform the following configuration tasks:

·     Configure the required HWTACACS or RADIUS schemes and configure the ISP domain to use the schemes for users. For more information, see Security Configuration Guide.

·     Add user accounts and specify the user passwords on the HWTACACS or RADIUS server.

local scheme

Local password authentication first and then remote AAA authentication

The switch authenticates a user by using the local password first, and if no password for privilege level switching is set, for the user logged in from the console port, the privilege level is switched directly; for the user logged in from any of the AUX or VTY user interfaces, the AAA authentication is performed.

scheme local

Remote AAA authentication first and then local password authentication

AAA authentication is performed first, and if the remote HWTACACS or RADIUS server does not respond or AAA configuration on the switch is invalid, the local password authentication is performed.

1.     Enter system view.

system-view

N/A

2.     Set the authentication mode for user privilege level switching.

super authentication-mode { local | scheme } *

Optional.

By default, local-only authentication is used.

3.     Configure the password for user privilege level switching.

super password [ level user-level ] [ hash ] { simple | cipher } password

This step is required when local authentication is involved.

By default, a privilege level has no password.

The hash keyword is not supported in FIPS mode.

Executing this command without specifying the user privilege level, configures a password for user privilege level 3.

You cannot configure the super password [ level user-level ] hash cipher password command when the password-control enable command is configured.

Switch the user privilege level.

super [ level ]

When logging in to the switch, a user has a user privilege level, which depends on user interface or authentication user level.

none/password

local

Password configured for the privilege level on the switch with the super password command

N/A

local scheme

Password configured for the privilege level on the switch with the super password command

Username and password configured on the AAA server for the privilege level

scheme

Username and password for the privilege level

N/A

scheme local

Username and password for the privilege level

Local user privilege level switching password.

scheme

local

Password configured for the privilege level on the device with the super password command

N/A

local scheme

Password configured for the privilege level on the device with the super password command

Password for privilege level switching configured on the AAA server. The system uses the login username as the privilege level switching username.

scheme

Password for privilege level switching configured on the AAA server. The system uses the login username as the privilege level switching username.

N/A

scheme local

Password for privilege level switching configured on the AAA server. The system uses the login username as the privilege level switching username.

Local user privilege level switching password.

1.     Enter system view.

system-view

N/A

2.     Change the level of a command in a specific view

command-privilege level level view view command

See Table 7 for the default settings.

Display the command keyword alias configuration.

display command-alias [ | { begin | exclude | include } regular-expression ]

Available in any view.

Display data in the clipboard.

display clipboard [ | { begin | exclude | include } regular-expression ]

Available in any view.