99-Book 685795 1285 0

H3C S7500E Series Ethernet Switches
Fundamentals
Configuration Guide
Hangzhou H3C Technologies Co., Ltd.

http://www.h3c.com
Document Version: 20100722-C-1.01

Product Version: Release 6605 and Later
Copyright © 2009-2010, Hangzhou H3C Technologies Co., Ltd. and its licensors
All Rights Reserved
No part of this manual may be reproduced or transmitted in any form or by any means without prior
written consent of Hangzhou H3C Technologies Co., Ltd.
Trademarks
H3C, , Aolynk, , H3Care, , TOP G, , IRF, NetPilot, Neocean, NeoVTL,

SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V2G, VnG, PSPT,
XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co.,
Ltd.
All other trademarks that may be mentioned in this manual are the property of their respective owners.
Notice
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Preface
The H3C S7500E documentation set includes 12 configuration guides, which describe the software
features for the H3C S7500E Series Ethernet Switches and guide you through the software
configuration procedures. These configuration guides also provide configuration examples to help you
apply software features to different network scenarios.
The Fundamentals Configuration Guide describes how to configure the command line interface (CLI),
log in to the switch, perform file management, configuration file management, and device management
for your switch, upgrade the software, and perform automatic configuration.
This preface includes:
z Audience
z Document Organization
z Conventions
z About the H3C S7500E Documentation Set
z Obtaining Documentation
z Documentation Feedback
Audience
This documentation is intended for:
z Network planners
z Field technical support and servicing engineers
z Network administrators working with the S7500E series
Document Organization
The Fundamentals Configuration Guide comprises these parts:
CLI Configuration Login Methods CLI Login NMS Login
File Management
User Login Control FTP Configuration TFTP Configuration
Configuration
Configuration File Upgrading Software Device Management

Management Configuration Configuration
Conventions
This section describes the conventions used in this documentation set.
Command conventions
Convention Description
Boldface Bold text represents commands and keywords that you enter literally as shown.
italic Italic text represents arguments that you replace with actual values.
[] Square brackets enclose syntax choices (keywords or arguments) that are

optional.
Braces enclose a set of required syntax choices separated by vertical bars,

{ x | y | ... }
from which you select one.
Square brackets enclose a set of optional syntax choices separated by vertical

[ x | y | ... ]
bars, from which you select one or none.
Asterisk marked braces enclose a set of required syntax choices separated by

{ x | y | ... } *
vertical bars, from which you select at least one.
Asterisk marked square brackets enclose optional syntax choices separated by

[ x | y | ... ] *
vertical bars, from which you may select multiple choices or none.
The argument or keyword and argument combination before the ampersand (&)
&<1-n>
sign can be entered 1 to n times.
# A line that starts with a pound (#) sign is comments.
GUI conventions
<> Button names are inside angle brackets. For example, click <OK>.
Window names, menu items, data table and field names are inside square
[]
brackets. For example, pop up the [New User] window.
Multi-level menus are separated by forward slashes. For example,

/
[File/Create/Folder].
Symbols
Means reader be extremely careful. Improper operation may cause bodily

injury.
Means reader be careful. Improper operation may cause data loss or damage to
equipment.
Means an action or information that needs special attention to ensure

successful configuration or good performance.
Means a complementary description.
About the H3C S7500E Documentation Set

The H3C S7500E documentation set includes:
Category Documents Purposes
Marketing brochures Describe product specifications and benefits.
Product description and Provide an in-depth description of software features

Technology white papers
specifications and technologies.
Card datasheets Describe card specifications, features, and standards.

Provides a complete guide to hardware installation

Installation guide
and hardware specifications.
H3C N68 Cabinet

Guides you through installing and remodeling H3C
Installation and Remodel
N68 cabinets.
Introduction
H3C Pluggable SFP

[SFP+][XFP] Transceiver Guides you through installing SFP/SFP+/XFP
Modules Installation transceiver modules.
Guide
Hardware installation
H3C Mid-Range Series
Describes the hot-swappable modules available for
Ethernet Switches
the Mid-Range Series Ethernet Switches, their
Pluggable Modules
external views, and specifications.
Manual
Describes how to install the DIMM

H3C PoE DIMM Module
(LSBM1POEDIMMH) for PoE master and slave power
Installation Guide
management.
Single PoE DIMM Describes how to install the 24-port DIMM

Module Installation Guide (LSQM1POEDIMMS0) for PoE power management.
Describe software features and configuration

Configuration guides
procedures.
Software configuration Command references Provide a quick reference to all available commands.
Describe typical network scenarios and provide

Configuration examples
configuration examples and instructions.
Provide information about the product release,

Operations and including the version history, hardware and software
Release notes
maintenance compatibility matrix, version upgrade information,
technical support information, and software upgrading.
H3C
Describes the appearance, specifications, LEDs, and
PSR320-A[PSR320-D]
installation and removal of the H3C
Power Module User
PSR320-A/PSR320-D power module.
Manual
H3C
PSR650-A[PSR650-D]
Power Module User
Manual
H3C
PSR1400-A[PSR1400-D]
Power Module User
Manual
Power configuration
H3C PSR2800-ACV Describes the appearance, specifications, LEDs, and
Power Module User installation and removal of the H3C PSR2800-ACV
Manual power module.
H3C PSR6000-ACV Describes the appearance, specifications, LEDs, and

Power Module User installation and removal of the H3C PSR6000-ACV
Manual power module.
H3C PWR-SPA Power Describes the functions and appearance of the H3C
Module Adapter User PWR-SPA power module adapter, and how to use it
Manual with the PSR650 power module.
H3C S7500E Power

Guides you to select power modules in various cases.
Configuration Guide
Optional cards Card manuals The S7500E series Ethernet switches support various
card models. Each model is provided with a card
manual that describes:
z The type, number, and transmission rate of
interfaces
z Applicable switches of the card
z Required software version
z Pluggable modules supported by the card
Obtaining Documentation
You can access the most up-to-date H3C product documentation on the World Wide Web at
http://www.h3c.com.
Click the links on the top navigation bar to obtain different categories of product documentation:
[Technical Support & Documents > Technical Documents] – Provides hardware installation, and
software feature configuration and maintenance documentation.
[Products & Solutions] – Provides information about products and technologies, as well as solutions.
[Technical Support & Documents > Software Download] – Provides the documentation released with
the software version.
Documentation Feedback
You can e-mail your comments about product documentation to info@h3c.com.
We appreciate your comments.
Table of Contents
1 CLI Configuration ······································································································································1-1

What Is CLI? ···········································································································································1-1
Entering the CLI ······································································································································1-2
Command Conventions···························································································································1-2
Undo Form of a Command ·····················································································································1-3
CLI View Description·······························································································································1-3
Entering System View ·····················································································································1-4
Exiting the Current View ··················································································································1-5
Returning to User View····················································································································1-5
Using the CLI Online Help ······················································································································1-5
Typing Commands ··································································································································1-6
Editing Command Lines ··················································································································1-6
Typing Incomplete Keywords ··········································································································1-7
Configuring Command Aliases········································································································1-7
Configuring CLI Hotkeys··················································································································1-8
Redisplaying Input But Not Submitted Commands ·······································································1-10
Checking Command Line Errors···········································································································1-10
Using Command History ·······················································································································1-11
Accessing History Commands ······································································································1-11
Configuring the History Buffer Size ·······························································································1-12
Controlling CLI Display··························································································································1-12
Multi-Screen Display······················································································································1-12
Filtering Output Information···········································································································1-13
Configuring User Privilege and Command Levels ················································································1-16
Introduction····································································································································1-16
Configuring a User Privilege Level ································································································1-17
Switching User Privilege Level ······································································································1-21
Modifying the Level of a Command·······························································································1-25
Saving the Current Configuration··········································································································1-25
Displaying and Maintaining CLI ············································································································1-25
2 Login Methods ···········································································································································2-1

Login Methods·········································································································································2-1
User Interface Overview ·························································································································2-2
Users and User Interfaces···············································································································2-2
Numbering User Interfaces ·············································································································2-3
3 CLI Login ····················································································································································3-1

Overview ·················································································································································3-1
Logging In Through the Console Port ·····································································································3-1
Introduction······································································································································3-1
Configuration Requirements············································································································3-2
i
Login Procedure ······························································································································3-2
Console Login Authentication Modes······························································································3-5
Configuring None Authentication for Console Login ·······································································3-6
Configuring Password Authentication for Console Login ································································3-7
Configuring Scheme Authentication for Console Login···································································3-9
Configuring Common Settings for Console Login (Optional) ························································3-12
Logging In Through Telnet····················································································································3-15
Introduction····································································································································3-15
Telnet Login Authentication Modes ·······························································································3-16
Configuring None Authentication for Telnet Login ········································································3-17
Configuring Password Authentication for Telnet Login ·································································3-18
Configuring Scheme Authentication for Telnet Login····································································3-19
Configuring Common Settings for VTY User Interfaces (Optional)···············································3-23
Configuring the Device to Log In to Another Device as a Telnet Client ········································3-25
Logging In Through SSH ······················································································································3-26
Introduction····································································································································3-26
Configuring the SSH Server ··········································································································3-27
Configuring the SSH Client to Log In to the SSH Server ······························································3-29
Logging In Through Modems ················································································································3-30
Introduction····································································································································3-30
Configuration Requirements··········································································································3-30
Login Procedure ····························································································································3-30
Modem Login Authentication Modes ·····························································································3-34
Configuring None Authentication for Modem Login ······································································3-35
Configuring Password Authentication for Modem Login ·······························································3-36
Configuring Scheme Authentication for Modem Login··································································3-37
Configuring Common Settings for Modem Login (Optional) ·························································3-41
Displaying and Maintaining CLI Login···································································································3-44
4 NMS Login ··················································································································································4-1

NMS Login Overview ······························································································································4-1
Configuring NMS Login ···························································································································4-1
NMS Login Example ·······························································································································4-3
5 User Login Control ····································································································································5-1

User Login Control Overview ··················································································································5-1
Configuring Login Control over Telnet Users··························································································5-1
Configuration Preparation ···············································································································5-1
Configuring Source IP-Based Login Control over Telnet Users······················································5-1
Configuring Source and Destination IP-Based Login Control over Telnet Users ···························5-2
Configuring Source MAC-Based Login Control over Telnet Users ·················································5-3
Source MAC-Based Login Control Configuration Example·····························································5-3
Configuring Source IP-Based Login Control over NMS Users ·······························································5-4
Configuration Preparation ···············································································································5-4
Configuring Source IP-Based Login Control over NMS Users························································5-4
Source IP-Based Login Control Over NMS Users Configuration Example·····································5-5
ii
6 FTP Configuration ·····································································································································6-1
FTP Overview ·········································································································································6-1
Introduction to FTP ··························································································································6-1
Operation of FTP ·····························································································································6-1
Configuring the FTP Client······················································································································6-3
Establishing an FTP Connection ·····································································································6-3
Operating the Directories on an FTP Server ···················································································6-5
Operating the Files on an FTP Server·····························································································6-5
Using Another Username to Log In to an FTP Server ····································································6-6
Maintaining and Debugging an FTP Connection ············································································6-7
Terminating an FTP Connection ·····································································································6-7
FTP Client Configuration Example (Distributed Device) ·································································6-8
FTP Client Configuration Example (Distributed IRF Device) ··························································6-9
Configuring the FTP Server ··················································································································6-11
Configuring FTP Server Operating Parameters ············································································6-11
Configuring Authentication and Authorization on the FTP Server ················································6-12
FTP Server Configuration Example (Distributed Device)······························································6-14
FTP Server Configuration Example (Distributed IRF Device) ·······················································6-16
Displaying and Maintaining FTP ···········································································································6-18
7 TFTP Configuration ···································································································································7-1

TFTP Overview ·······································································································································7-1
Introduction to TFTP························································································································7-1
Operation of TFTP···························································································································7-1
Configuring the TFTP Client ···················································································································7-2
Displaying and Maintaining the TFTP Client···························································································7-4
TFTP Client Configuration Example (Distributed Device)·······································································7-4
TFTP Client Configuration Example (Distributed IRF Device)································································7-5
8 File System Management··························································································································8-1

File System ·············································································································································8-1
File System Overview······················································································································8-1
Filename Formats····························································································································8-1
Directory Operations ·······························································································································8-3
Displaying Directory Information ·····································································································8-4
Displaying the Current Working Directory ·······················································································8-4
Changing the Current Working Directory ························································································8-4
Creating a Directory·························································································································8-4
Removing a Directory ······················································································································8-4
File Operations········································································································································8-5
Displaying File Information ··············································································································8-5
Displaying the Contents of a File·····································································································8-5
Renaming a File ······························································································································8-6
Copying a File··································································································································8-6
Moving a File ···································································································································8-6
Deleting a File··································································································································8-6
Restoring a File from the Recycle Bin ·····························································································8-7
iii
Emptying the Recycle Bin ···············································································································8-7
Batch Operations ····································································································································8-7
Storage Medium Operations ···················································································································8-8
Managing the Space of a Storage Medium ·····················································································8-8
Mounting/Unmounting a Storage Medium·······················································································8-9
Setting File System Prompt Modes·········································································································8-9
File System Operations Example··········································································································8-10
9 Configuration File Management···············································································································9-1

Configuration File Overview····················································································································9-1
Types of Configuration ····················································································································9-1
Format and Content of a Configuration File ····················································································9-1
Coexistence of Multiple Configuration Files ····················································································9-2
Startup with the Configuration File ··································································································9-2
Configuration Display ······························································································································9-2
Saving the Current Configuration············································································································9-2
Introduction······································································································································9-2
Enabling Configuration File Auto-Save ···························································································9-2
Modes in Saving the Configuration ·································································································9-3
Setting Configuration Rollback················································································································9-5
Introduction······································································································································9-5
Configuration Task List····················································································································9-6
Configuring Parameters for Saving the Current Running Configuration ·········································9-7
Saving the Current Running Configuration Automatically ·······························································9-8
Saving the Current Running Configuration Manually ······································································9-9
Setting Configuration Rollback ········································································································9-9
Specifying a Startup Configuration File for the Next System Startup ···················································9-10
Backing Up the Startup Configuration File····························································································9-11
Deleting the Startup Configuration File for the Next Startup ································································9-11
Restoring the Startup Configuration File·······························································································9-12
Displaying and Maintaining Device Configuration ················································································9-13
10 Software Upgrade Configuration ·········································································································10-1

Device Software Overview····················································································································10-1
Software Upgrade Methods ··················································································································10-1
Upgrading the Boot ROM Program Through a System Reboot ···························································10-2
Upgrading the Boot File Through a System Reboot ·············································································10-3
Software Upgrade by Installing Hotfixes ·······························································································10-5
Hotfix Overview ·····························································································································10-5
Basic Concepts in Hotfix ···············································································································10-5
Patch Status ··································································································································10-5
Hotfix Configuration Task List ·······································································································10-8
Configuration Prerequisites ···········································································································10-8
One-Step Patch Installation···········································································································10-9
Step-by-Step Patch Installation ···································································································10-10
Step-by-Step Patch Uninstallation·······························································································10-12
Displaying and Maintaining Software Upgrade···················································································10-13
iv
Software Upgrade Configuration Example ·························································································10-14
Immediate Upgrade Configuration Example (Distributed Device) ··············································10-14
Immediate Upgrade Configuration Example (Distributed IRF Virtual Device) ····························10-16
Hotfix Configuration Example······································································································10-17
11 Device Management ······························································································································11-1

Device Management Overview ·············································································································11-1
Device Management Configuration Task List ·······················································································11-2
Configuring the Device Name ···············································································································11-2
Configuring the System Clock···············································································································11-3
Configuring the system clock ········································································································11-3
Displaying the system clock ··········································································································11-3
Enabling/Disabling the Display of Copyright Information······································································11-7
Configuring a Banner ····························································································································11-8
Introduction to banners··················································································································11-8
Configuring a banner ·····················································································································11-8
Configuring the Exception Handling Method ························································································11-9
Rebooting a Device·····························································································································11-10
Scheduled Task Configuration············································································································11-13
What Is a Scheduled Task ··········································································································11-13
Configuring a Scheduled Task ····································································································11-13
Configuring a Scheduled Task( user view and system view only) ··············································11-14
Configuring Temperature Alarm Thresholds for a board ····································································11-15
Clearing the 16-bit Interface Indexes Not Used in the Current System··············································11-16
Configuring the System Load Sharing Function ·················································································11-17
Enabling Active/Standby Mode for Service Ports on SRPUs ·····························································11-18
Configuring the Traffic Forwarding Mode of SRPUs···········································································11-19
Configuring the Working Mode of LPUs······························································································11-20
Introduction to the Working Mode of LPUs ·················································································11-20
Configuring the Working Mode of an EA LPU ·············································································11-21
Configuring the Working Mode of EB and SD LPUs ···································································11-23
Enabling the Port Down Function Globally ·························································································11-24
Enabling Expansion Memory Data Recovery Function on a board ····················································11-24
Identifying and Diagnosing Pluggable Transceivers···········································································11-24
Introduction to pluggable transceivers·························································································11-24
Identifying pluggable transceivers ·······························································································11-25
Diagnosing pluggable transceivers ·····························································································11-26
Displaying and Maintaining Device Management Configuration ························································11-26
12 Index ·······················································································································································12-1
v
1 CLI Configuration
This chapter includes these sections:
z What Is CLI?
z Entering the CLI
z Command Conventions
z Undo Form of a Command
z CLI View Description
z Using the CLI Online Help
z Typing Commands
z Checking Command Line Errors
z Using Command History
z Controlling CLI Display
z Configuring User Privilege and Command Levels
z Saving the Current Configuration
z Displaying and Maintaining CLI
What Is CLI?
The command line interface (CLI) enables you to interact with your device by typing text commands. At
the CLI, you can instruct your device to perform a given task by typing a text command and then
pressing Enter to submit it to your device. Compared with the graphical user interface (GUI) where you
can use a mouse to perform configurations, the CLI allows you to input more information in one
command line. The CLI of H3C devices is as shown in Figure 1-1.
1-1
Figure 1-1 CLI
Entering the CLI

The H3C devices provide multiple methods for entering the CLI, for example, through the console port,
through telnet, and through SSH. For more information, see CLI Login in the Fundamentals
Configuration Guide.
Command Conventions
Command conventions help you understand command meanings. Commands in H3C product
manuals comply with the conventions listed in Table 1-1.
Table 1-1 Command conventions
The keywords of a command line are in Boldface. Keep keywords unchanged

Boldface
when typing them at the CLI.
Command arguments are in italic. Replace arguments with actual values at the
Italic
CLI.
[] Items (keywords or arguments) in square brackets [ ] are optional.
Alternative items are grouped in braces and separated by vertical bars. One is
{ x | y | ... }
selected.
Optional alternative items are grouped in square brackets and separated by

[ x | y | ... ]
vertical bars. One or none is selected.
Alternative items are grouped in braces and separated by vertical bars. A

{ x | y | ... } *
minimum of one or a maximum of all can be selected.
1-2
Optional alternative items are grouped in square brackets and separated by

[ x | y | ... ] *
vertical bars. Many or none can be selected.
&<1-n> The argument(s) before the ampersand (&) sign can be entered 1 to n times.
# A line starting with the # sign is comments.
The keywords of H3C command lines are case insensitive.
Take the clock datetime time date command as an example to understand the command meaning
according to Table 1-1.
Figure 1-2 Read command line parameters
For example, you can type the following command line at the CLI of your device and press Enter to set
the device system time to 10 o’clock 30 minutes 20 seconds, February 23, 2010.
<sysname> clock datetime 10:30:20 2/23/2010
You can read any command that is more complicated according to Table 1-1.
Undo Form of a Command

The undo form of a command typically restores the default, disables a function, or removes a
configuration.
Almost every configuration command has its undo form.
For example, the info-center enable command is used to enable the information center, while the
undo info-center enable command is used to disable the information center.
CLI View Description

To facilitate CLI usage, commands are grouped into different classes by function. To use a command,
you must enter the class (view) of the command.
CLI views adopt a hierarchical structure, as shown in Figure 1-3.
1-3
z After logging in to the switch, you are in user view. The prompt of user view is <device name>. In
user view, you can perform display, debugging, and file management operations, set the system
time, restart your device, and perform FTP and telnet operations.
z You can enter system view from user view. In system view, you can configure parameters such as
daylight saving time, banners, and short-cut keys.
z In system view, you can enter different function views. For example, enter interface view to
configure interface parameters, create a VLAN and enter its view, enter user interface view to
configure login user attributes, create a local user and enter local user view to configure the
password and level of the local user, and enter OSPF view to configure OSPF parameters.
To know which commands are supported in a certain view, enter ? in this view. Then the system
displays all the commands that can be executed in this view.
Figure 1-3 Command line views

……
Entering System View
When you log in to the device, you automatically enter user view, where <Device name> is displayed.
You can perform limited operations in user view, such as display operations, file operations, and Telnet
operations. To perform further configurations for the device, enter system view.
Follow the step below to enter system view:
To do… Use the command… Remarks
Required
Enter system view from user view system-view
Available in user view
1-4
Exiting the Current View
The CLI is divided into different command views. Each view has a set of specific commands and
defines the effective scope of the commands. The commands available to you at any given time
depend on the view you are in.
Follow the step below to exit the current view:
Return to the parent view from the Required

quit
current view Available in any view.
z Executed in user view, the quit command terminates the current connection between the terminal
and the device.
z In public key code view, use the public-key-code end command to return to the parent view
(public key view). In public key view, use the peer-public-key end command to return to system
view.
Returning to User View
This feature allows you to return to user view from any other view, without the need to execute the quit
command repeatedly. You can also press Ctrl+Z to return to user view from the current view.
Follow the step below to exit to user view:
Required
Return to user view return Available in any view except user
view
Using the CLI Online Help

At the CLI, you can type a question mark (?) to obtain online help. See the following examples.
1) Type ? in any view to display all commands available in this view and brief descriptions for these
commands. For example:
<sysname> ?
User view commands:
archive Specify archive settings
backup Backup next startup-configuration file to TFTP server
boot-loader Set boot loader
1-5
bootrom Update/read/backup/restore bootrom
cd Change current directory
clock Specify the system clock
…Omitted…
2) Type part of a command and a ? separated by a space.
If ? is at the position of a keyword, the CLI displays all possible keywords with a brief description for
each keyword. For example:
<sysname> terminal ?
debugging Send debug information to terminal
logging Send log information to terminal
monitor Send information output to current terminal
trapping Send trap information to terminal
If ? is at the position of an argument, the CLI displays a description about this argument. For example:
<sysname> system-view
[sysname] interface vlan-interface ?
<1-4094> VLAN interface number
[sysname] interface vlan-interface 1 ?
<cr>
[sysname] interface vlan-interface 1
The string <cr> indicates that the command is a complete command, and you can execute the
command by pressing Enter.
3) Type an incomplete character string followed by a ?. The CLI displays all commands starting with
the typed character(s).
<sysname> c?
cd
clock
cluster
copy
<sysname> display cl?
clipboard
clock
cluster
Typing Commands
Editing Command Lines
Table 1-2 lists some shortcut keys you can use to edit command lines.
Table 1-2 Editing functions
Key Function
If the edit buffer is not full, pressing a common key inserts the character at
Common keys
the position of the cursor and move the cursor to the right.
Deletes the character to the left of the cursor and move the cursor back one
Backspace
character.
Left arrow key or Ctrl+B The cursor moves one character space to the left.
1-6
Key Function
Right arrow key or Ctrl+F The cursor moves one character space to the right.
If you press Tab after entering part of a keyword, the system automatically
completes the keyword:
z If finding a unique match, the system substitutes the complete keyword

for the incomplete one and displays it in the next line.
Tab z If there is more than one match, you can press Tab repeatedly to display
in cycles all the keywords starting with the character string that you
typed.
z If there is no match, the system does not modify the incomplete keyword
and displays it again in the next line.
Typing Incomplete Keywords
You can input a command comprising incomplete keywords that can uniquely identify the complete
command.
For example, in user view, commands starting with an s include startup saved-configuration and
system-view.
z To enter system view, type sy.
z To set the configuration file for next startup, type st s.
You can also press Tab to have an incomplete keyword automatically completed.
Configuring Command Aliases
The command alias function allows you to replace the first keyword of a command with your preferred
keyword. For example, if you configure show as the replacement of the display keyword for each
display command, to execute the display xx command, input the command alias show xx.
Note the following when configuring command aliases:
z When you input a command alias, the system displays and saves the command in its original
format instead of its alias. In other words, you can define and use a command alias but the
command is not restored in its alias format.
z When you define a command alias, the cmdkey and alias arguments must be in their complete
form.
z With the command alias function enabled, when you input an incomplete keyword, which partially
matches both a defined alias and the keyword of a command, the alias wins; to execute the
command whose keyword partially matches your input, input the complete keyword. When you
input a character string that partially matches multiple aliases, the system gives you prompts.
z If you press Tab after you input the keyword of an alias, the original format of the keyword is
displayed.
z You can replace only the first keyword of a non-undo command instead of the complete command;
and you can replace only the second keyword of undo commands.
Follow these steps to configure command aliases:
1-7
Enter system view system-view —
Required
Enable the command alias Disabled by default, which means
command-alias enable
function you cannot configure command
aliases.
command-alias mapping cmdkey Required

Configure a command alias
alias Not configured by default.
Configuring CLI Hotkeys
Follow these steps to configure CLI hotkeys:
Optional
hotkey { CTRL_G | CTRL_L |
The Ctrl+G, Ctrl+L and Ctrl+O
Configure CLI hotkeys CTRL_O | CTRL_T | CTRL_U }
hotkeys are specified at the CLI by
command
default.
Available in any view. See Table

Display hotkeys display hotkey 1-3 for hotkeys reserved by the
system.
By default, the Ctrl+G, Ctrl+L and Ctrl+O hotkeys are associated with corresponding commands and
the Ctrl+T and Ctrl+U hotkeys are not.
z Ctrl+G corresponds to the display current-configuration command.
z Ctrl+L corresponds to the display ip routing-table command.
z Ctrl+O corresponds to the undo debugging all command.
Table 1-3 Hotkeys reserved by the system
Hotkey Function
Ctrl+A Moves the cursor to the beginning of the current line.
Ctrl+B Moves the cursor one character to the left.
Ctrl+C Stops performing a command.
1-8
Hotkey Function
Ctrl+D Deletes the character at the current cursor position.
Ctrl+E Moves the cursor to the end of the current line.
Ctrl+F Moves the cursor one character to the right.
Ctrl+H Deletes the character to the left of the cursor.
Ctrl+K Terminates an outgoing connection.
Ctrl+N Displays the next command in the history command buffer.
Ctrl+P Displays the previous command in the history command buffer.
Ctrl+R Redisplays the current line information.
Ctrl+V Pastes the content in the clipboard.
Deletes all the characters in a continuous string to the left of the

Ctrl+W
cursor.
Ctrl+X Deletes all the characters to the left of the cursor.
Ctrl+Y Deletes all the characters to the right of the cursor.
Ctrl+Z Exits to user view.
Ctrl+] Terminates an incoming connection or a redirect connection.
Moves the cursor to the leading character of the continuous string

Esc+B
to the left.
Deletes all the characters of the continuous string at the current

Esc+D
cursor position and to the right of the cursor.
Moves the cursor to the front of the next continuous string to the
Esc+F
right.
Moves the cursor down by one line (available before you press
Esc+N
Enter)
Esc+P Moves the cursor up by one line (available before you press Enter)
Esc+< Specifies the cursor as the beginning of the clipboard.
Esc+> Specifies the cursor as the ending of the clipboard.
1-9
The hotkeys in the table above are defined by the switch. If the same hotkeys are defined by the
terminal software that you use to interact with the switch, the hotkeys defined by the terminal software
take effect.
Redisplaying Input But Not Submitted Commands
If your command input is interrupted by output system information, you can use this feature to
redisplay the previously input but not submitted commands so that you can continue your operation
from where you were stopped.
Follow these steps to enable redisplaying of input but not submitted commands:
Enable redisplaying of input but Required

info-center synchronous
not submitted commands Disabled by default
With this feature enabled:

z If you have no input at the command line prompt and the system outputs system information such
as logs, the system will not display the command line prompt after the output.
z If the system outputs system information when you are typing interactive information (not YES/NO
for confirmation), the system will not redisplay the prompt information but a line break after the
output and then display what you have typed.
z For more information about the info-center synchronous command, see Information Center
Configuration in the Network Management and Monitoring Configuration Guide.
Checking Command Line Errors

If a command contains syntax errors, the CLI reports error information. Table 1-4 lists some common
command line errors.
Table 1-4 Common command line errors
Error information Cause
% Unrecognized command found at '^' position. The command was not found.
% Incomplete command found at '^' position. Incomplete command
1-10
Error information Cause
% Ambiguous command found at '^' position. Ambiguous command
Too many parameters Too many parameters
% Wrong parameter found at '^' position. Wrong parameters
Using Command History

The CLI automatically saves the commands recently used in the history command buffer. You can
access and execute them again.
Accessing History Commands
Follow a step below to access history commands:
To do… Use the key/command… Result
Displays valid history commands you

Display history commands display history-command
used
Display the previous history Displays the previous history command,

Up arrow key or Ctrl+P
command if any
Display the next history Displays the next history command, if

Down arrow key or Ctrl+N
command any
You can use arrow keys to access history commands in Windows 200X and XP Terminal or Telnet.
However, the up and down arrow keys are invalid in Windows 9X HyperTerminal, because they are
defined differently. You can press Ctrl+P or Ctrl+N instead.
z The commands saved in the history command buffer are in the same format in which you typed
the commands. If you type an incomplete command, the command saved in the history command
buffer is also an incomplete one.
z If you execute the same command repeatedly, the switch saves only the earliest record. However,
if you execute the same command in different formats, the system saves them as different
commands. For example, if you execute the display cu command repeatedly, the system saves
only one command in the history command buffer. If you execute the command in the format of
display cu and display current-configuration respectively, the system saves them as two
commands.
z By default, the CLI can save up to 10 commands for each user. To set the capacity of the history
command buffer for the current user interface, use the history-command max-size command.
1-11
(For more information about the history-command max-size command, see Logging In to the
Switch Commands in the Fundamentals Command Reference.
Configuring the History Buffer Size
Follow these steps to configure the history buffer size:
user-interface { first-num1
Enter user interface view [ last-num1 ] | { aux | vty } —
first-num2 [ last-num2 ] }
Set the maximum number of Optional

history-command max-size
commands that can be saved in By default, the history buffer can
size-value
the history buffer save up to 10 commands.
For more information about the user-interface and history-command max-size commands, see
Logging In to the Switch Commands in the Fundamentals Command Reference.
Controlling CLI Display

Multi-Screen Display
Controlling multi-screen display

If the output information spans multiple screens, each screen pauses after displayed. Then, you can
perform one of the following operations to proceed.
Action Function
Press Space Displays the next screen.
Press Enter Displays the next line.
Press Ctrl+C Stops the display and the command execution.
Press <PageUp> Displays the previous page.
Press <PageDown> Displays the next page.
By default, each screen displays up to 24 lines. To change the maximum number of lines displayed on
the next screen, use the screen-length command. For more information about the screen-length
command, see Logging In to the Switch Commands in the Fundamentals Command Reference.
1-12
Disabling multi-screen display
You can use the following command to disable the multi-screen display function. Then, all the output
information is displayed at one time and the screen is refreshed continuously until the last screen is
displayed.
Required
By default, a login user uses the

settings of the screen-length
command. The default settings of
the screen-length command are:
multiple-screen display is enabled
Disable the multi-screen display
screen-length disable and up to 24 lines are displayed on
function
the next screen.
This command is executed in user

view, and takes effect for the current
user only. When the user re-logs
into the switch, the default
configuration is restored.
Filtering Output Information
Only display commands that support | { begin | exclude | include } regular-expression ] support
filtering output information. When the display commands support these parameters depends on your
device model.
Introduction
You can use regular expressions in display commands to filter output information.
There are two ways to filter output information.
z Input the begin, exclude, or include keyword plus a regular expression in the display command
to filter the output information.
z When the system displays the output information in multiple screens, use /, - or + plus a regular
expression to filter subsequent output information. / equals the keyword begin, - equals the
keyword exclude, and + equals the keyword include.
The following describes the begin, exclude, and include keywords:
z begin: Displays the first line that matches the specified regular expression and all lines that follow.
z exclude: Displays the lines that do not match the specified regular expression.
z include: Displays all lines that match the specified regular expression.
1-13
A regular expression is a case sensitive string of 1 to 256 characters. It also supports the following
special characters.
Character Meaning Remarks
Starting sign. string appears only at For example, regular expression “ûser” only
^string
the beginning of a line. matches a string beginning with “user”, not “Auser”.
Ending sign. string appears only at For example, regular expression "user$” only
string$
the end of a line. matches a string ending with “user”, not “userA”.
Matches any single character, such

. as a single character, a special For example, “.l” matches both “vlan” and “mpls”.
character, and a blank.
Matches the preceding character or

For example, “zo*” matches “z” and “zoo”; “(zo)*”
* character group zero or multiple
matches “zo” and “zozo”.
times.
Matches the preceding character or

For example, “zo+” matches “zo” and “zoo”, but not
+ character group one or multiple
“z”.
times
Matches the preceding or For example, “def|int” only matches a character

|
succeeding character string string containing “def” or “int”.
If it is at the beginning or the end of a

regular expression, it equals ^ or $. For example, “a_b” matches “a b” or “a(b”; “_ab”
_ In other cases, it equals comma, only matches a line starting with “ab”; “ab_” only
space, round bracket, or curly matches a line ending with “ab”.
bracket.
It connects two values (the smaller

one before it and the bigger one For example, “1-9” means 1 to 9 (inclusive); “a-h”
-
after it) to indicate a range together means a to h (inclusive).
with [ ].
For example, [16A] matches a string containing any

character among 1, 6, and A; [1-36A] matches a
string containing any character among 1, 2, 3, 6,
Matches a single character and A (- is a hyphen).
[]
contained within the brackets. “]” can be matched as a common character only
when it is put at the beginning of characters within
the brackets, for example [ ]string]. There is no such
limit on “[”.
For example, (123A) means a character group

A character group. It is usually used
() “123A”; “408(12)+” matches 40812 or 408121212.
with “+” or “*”.
But it does not match 408.
1-14
Character Meaning Remarks
Repeats the character string

specified by the index. A character
string refers to the string within () For example, (string)\1 repeats string, and thus a
before \. index refers to the matching string must contain stringstring.
sequence number (starting from 1 (string1)(string2)\2 repeats string2, and thus a
\index from left to right) of the character matching string must contain string1string2string2.
group before \. If only one character (string1)(string2)\1\2 repeats string1 and string2
group appears before \, index can respectively, and thus a matching string must
only be 1; if n character groups contain string1string2string1string2.
appear before index, index can be
any integer from 1 to n.
For example, [^16A] means to match a string

containing any character except 1, 6 or A, and the
Matches a single character not matching string can also contain 1, 6 or A, but
[^]
contained within the brackets. cannot contain these three characters only. For
example, [^16A] matches “abc” and “m16”, but not
1, 16, or 16A.
Matches a character string starting For example, “\<do” matches word “domain” and
\<string
with string. string “doa”.
Matches a character string ending For example, “do\>” matches word “undo” and string
string\>
with string. “abcdo”.
Matches character1character2.
For example, “\ba” matches “-a” with “-“ being
character1 can be any character
\bcharacter2 character1, and “a” being character2, but it does not
except number, letter or underline,
match “2a” or “ba”.
and \b equals [Â-Za-z0-9_].
Matches a string containing

For example, “\Bt” matches “t” in “install”, but not “t”
\Bcharacter character, and no space is allowed
in “big top”.
before character.
Matches character1character2.
For example, “v\w” matches “vlan”, with “v” being
character2 must be a number, letter,
character1\w character1, and “l” being character2. v\w also
or underline, and \w equals
matches “service”, with “i” being character2.
[Â-Za-z0-9_].
For example, “\Wa” matches “-a”, with “-” being

\W Equals \b. character1, and “a” being character2, but does not
match “2a” or “ba”.
Escape character. If a special

For example, “\\” matches a string containing “\”, “\^”
character listed in this table follows \,
\ matches a string containing “^”, and “\\b” matches a
the specific meaning of the character
string containing “\b”.
is removed.
1-15
Example of filtering output information
1) Example of using the begin keyword
# Display the configuration from the line containing “user-interface” to the last line in the current
configuration (the output information depends on the device model and the current configuration).
<Sysname> display current-configuration | begin user-interface
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode none
user privilege level 3
#
return
2) Example of using the exclude keyword
# Display the non-direct routes in the routing table (the output depends on the device model and the
current configuration).
<Sysname> display ip routing-table | exclude Direct
Routing Tables: Public
Destination/Mask Proto Pre Cost NextHop Interface
10.1.1.0/24 OSPF 10 2 10.1.1.2 Vlan2

3) Example of using the include keyword
# Display the route entries that contain Vlan in the routing table (the output depends on the device
model and the current configuration).
<Sysname> display ip routing-table | include Vlan
Routing Tables: Public
Destination/Mask Proto Pre Cost NextHop Interface
192.168.1.0/24 Direct 0 0 192.168.1.42 Vlan999
Configuring User Privilege and Command Levels

Introduction
To avoid unauthorized access, the switch defines user privilege levels and command levels. User
privilege levels correspond to command levels. When a user at a privilege level logs in, the user can
only use commands at that level, and lower levels.
All the commands are categorized into four levels, which are visit, monitor, system, and manage from
low to high, and identified respectively by 0 through 3. Table 1-5 describes the levels of the commands.
1-16
Table 1-5 Default command levels
Level Privilege Description
Involves commands for network diagnosis and commands for accessing an

external device. Configuration of commands at this level cannot survive a device
0 Visit restart. Upon device restart, the commands at this level will be restored to the
default settings.
Commands at this level include ping, tracert, telnet and ssh2.
Involves commands for system maintenance and service fault diagnosis.

Commands at this level are not allowed to be saved after being configured. After
the switch is restarted, the commands at this level will be restored to the default
1 Monitor
settings.
Commands at this level include debugging, terminal, refresh, reset, and

send.
Provides service configuration commands, including routing configuration

commands and commands for configuring services at different network levels.
2 System
By default, commands at this level include all configuration commands except
for those at manage level.
Involves commands that influence the basic operation of the system and
commands for configuring system support modules.
By default, commands at this level involve the configuration commands of file

3 Manage
system, FTP, TFTP, Xmodem download, user management, level setting, and
parameter settings within a system (which are not defined by any protocols or
RFCs).
Configuring a User Privilege Level
A user privilege level can be configured by using AAA authentication parameters or under a user
interface.
Configure user privilege level by using AAA authentication parameters
If the authentication mode of a user interface is scheme, the user privilege level of users logging into
the user interface is specified in AAA authentication configuration.
Follow these steps to configure the user privilege level by using AAA authentication parameters:
1-17
Required
By default, the authentication

Specify the scheme authentication mode for VTY and AUX users is
authentication-mode scheme
mode password, and no authentication
is needed for console and TTY
login users.
Return to system view quit —
For more information, see SSH2.0 Required if users use SSH to log
Configure the authentication mode
Configuration in the Security in, and username and password
for SSH users as password
Configuration Guide. are needed at authentication
z Use the local-user command User either approach

to create a local user and enter
z For local authentication, if you
local user view.
Using local do not configure the user
z Use the level keyword in the
authentication privilege level, the user
Configure the
authorization-attribute
privilege level is 0, that is,
user privilege
command to configure the user
users of this level can use
level by using
privilege level.
commands at level 0 only.
AAA
authentication Using remote z For remote authentication, if
parameters authentication you do not configure the user

(RADIUS, Configure the user privilege level privilege level, the user
HWTACACS, on the authentication server privilege level depends on the
and LDAP default configuration of the
authentications) authentication server.
Example of configuring a user privilege level by using AAA authentication parameters

# It is required to authenticate the users that telnet to the switch through VTY 1, verify their username
and password, and specify the user privilege level as 3.
<Sysname> system-view
[Sysname] user-interface vty 1
[Sysname-ui-vty1] authentication-mode scheme
[Sysname-ui-vty1] quit
[Sysname] local-user test
[Sysname-luser-test] password cipher 12345678
[Sysname-luser-test] service-type telnet
After the above configuration, when users telnet to the switch through VTY 1, they need to input
username test and password 12345678. After passing the authentication, users can only use the
commands of level 0. If the users need to use commands of levels 0, 1, 2 and 3, the following
configuration is required:
[Sysname-luser-test] authorization-attribute level 3
1-18
Configure the user privilege level under a user interface
z If the user interface authentication mode is scheme when a user logs in, and SSH publickey
authentication type (only username is needed for this authentication type) is adopted, the user
privilege level is the user interface level.
z If the authentication mode of a user interface is scheme, and SSH publickey authentication type
(only username is needed for this authentication type) is adopted, the user privilege level of users
logging into the user interface is the user interface level.
z If the authentication mode of a user interface is none or password, the user privilege level of users
logging into the user interface is the user interface level.
Follow these steps to configure the user privilege level under a user interface (SSH publickey
authentication type):
Required if the SSH login mode is

adopted, and only username is
For more information, see SSH2.0 needed during authentication.
Configure the authentication type
Configuration in the Security After the configuration, the
for SSH users as publickey
Configuration Guide. authentication mode of the
corresponding user interface must
be set to scheme.
Enter user interface view [ last-num1 ] | vty first-num2 —
[ last-num2 ] }
Optional
By default, the authentication
for any user that uses the current
authentication-mode scheme mode for VTY and AUX users is
user interface to log in to the
password, and no authentication
switch
is needed for AUX users.
Optional
By default, the user privilege level

Configure the privilege level for
for users logged in through the
users that log in through the user privilege level level
console user interface is 3, and
current user interface
that for users logged in through the
other user interfaces is 0.
Follow these steps to configure the user privilege level under a user interface (none or password
authentication mode):
1-19
Optional
Configure the authentication mode By default, the authentication
for any user that uses the current authentication-mode { none | mode for VTY and AUX user
user interface to log in to the password } interfaces is password, and no
switch authentication is needed for AUX
login users.
Optional
By default, the user privilege level

Configure the privilege level of
for users logged in through the
users logged in through the current user privilege level level
console user interface is 3, and
user interface
that for users logged in through the
other user interfaces is 0.
Example of configuring a user privilege level under a user interface

# Authenticate users logged in to the switch through Telnet, verify their password, and specify their
user privilege level as 2.
[Sysname] user-interface vty 0 4
[Sysname-ui-vty1] authentication-mode password
[Sysname-ui-vty0-4] set authentication password cipher 123
[Sysname-ui-vty0-4] user privilege level 2
By default, users logged in through telnet use the commands of level 0 after passing the authentication.
After the above configuration, when users log in to the switch through Telnet, they need to input
password 123, and then they can use commands of levels 0, 1, and 2.
z For more information about user interfaces, see CLI Login in the Fundamentals Configuration
Guide. For more information about the user-interface, authentication-mode, and user privilege
level commands, see Logging In to the Switch Commands in the Fundamentals Command
Reference.
z For more information about AAA authentication, see AAA Configuration in the Security
Configuration Guide. For more information about the local-user and authorization-attribute
commands, see AAA Configuration Commands in the Security Command Reference.
z For more information about SSH, see SSH 2.0 Configuration in the Security Configuration Guide.
1-20
Switching User Privilege Level
Introduction
Users can switch to a user privilege level temporarily without logging out and terminating the current
connection. After the switch, users can continue to configure the switch without the need of relogin, but
the commands that they can execute have changed. For example, if the current user privilege level is 3,
the user can configure system parameters. After switching to the user privilege level 0, the user can
only execute some simple commands, like ping and tracert, and only a few display commands. The
switching operation is effective for the current login. After the user relogs in, the user privilege restores
to the original level.
z To avoid misoperations, the administrators are recommended to log in to the switch by using a
lower privilege level and view switch operating parameters, and when they have to maintain the
switch, they can switch to a higher level temporarily
z When the administrators need to leave for a while or ask someone else to manage the switch
temporarily, they can switch to a lower privilege level before they leave to restrict the operation by
others.
Setting the authentication mode for user privilege level switch
z A user can switch to a privilege level equal to or lower than the current one unconditionally and is
not required to input the password (if any).
z A user is required to input the password (if any) to switch to a higher privilege level for security
sake. The authentication falls into one of the following four categories:
Authentication
Meaning Description
mode
The switch authenticates a user by using the privilege level switch

Local password password input by the user.
local
authentication When this mode is applied, you need to set the password for
privilege level switch with the super password command.
The switch sends the username and password for privilege level
switch to the HWTACACS or RADIUS server for remote
authentication.
Remote AAA
When this mode is applied, you need to perform the following
authentication
configurations:
scheme through
HWTACACS or z Configure HWTACACS or RADIUS scheme and reference the
RADIUS created scheme in the ISP domain. For more information, see
AAA Configuration in the Security Configuration Guide.
z Create the corresponding user and configure password on the
HWTACACS or RADIUS server.
1-21
Authentication
Meaning Description
mode
Performs the local

The switch authenticates a user by using the local password first,
password
and if no password for privilege level switch is set, for the user
authentication first
local scheme logged in from the console port, the privilege level is switched
and then the
directly; for the user logged in from any of the AUX, TTY, or VTY
remote AAA
user interfaces, the AAA authentication is performed.
authentication
Performs remote
AAA AAA authentication is performed first, and if the remote
authentication first HWTACACS or RADIUS server does not respond or AAA
scheme local
and then the local configuration on the switch is invalid, the local password
password authentication is performed.
authentication
Follow these steps to set the authentication mode for user privilege level switch:
Set the authentication mode for super authentication-mode Optional

user privilege level switch { local | scheme } * local by default.
Required if the authentication

mode is set to local (that is,
super password [ level
Configure the password for user specify the local keyword when
user-level ] { simple | cipher }
privilege level switch setting the authentication mode)
password
By default, no privilege level switch
password is configured.
1-22
z When you configure the password for switching the user privilege level with the super password
command, the user privilege level is 3 if no user privilege level is specified.
z If you specify the simple keyword, the password saved in the configuration file is in plain text,
which is easy to be stolen. If you specify the cipher keyword, the password saved in the
configuration file is in cipher text, which is safer.
z The timeout time of AAA authentication is 120 seconds. Then, the AAA authentication is
considered as no response.
z If the user logs in from the console user interface (the console port or the AUX port used as the
console port) to switch to a higher level, although the authentication mode is local, and no user
privilege level password is configured, the privilege level can be switched successfully.
Switching the user privilege level

Follow these steps to switch the user privilege level:
Required
When logging in to the switch, a

user has a user privilege level,
Switch the user privilege level super [ level ]
which depends on user interface
or authentication user level.
Available in user view.
When you switch the user privilege level, the information you need to input varies with combinations of
user interface authentication mode and super authentication mode.
Table 1-6 Information input for user privilege level switch
User privilege level

User interface
switch Information input for the Information input after the
authentication
authentication first authentication mode authentication mode changes
mode
mode
Local user privilege level

none/password local switch password (configured —
on the switch)
Username and password for

local scheme privilege level switch (configured
switch password
on the AAA server)
Username and password for

scheme —
privilege level switch
1-23
User privilege level
User interface
switch Information input for the Information input after the
authentication
authentication first authentication mode authentication mode changes
mode
mode
Username and password for Local user privilege level switch

scheme local
privilege level switch password

local —
switch password
Password for privilege level

switch (configured on the AAA
Local user privilege level server). The system uses the
local scheme
switch password username used for logging in as
the privilege level switch
username.
scheme switch (configured on the

AAA server). The system
scheme —
uses the username used for
logging in as the privilege
level switch username.

switch (configured on the
AAA server). The system Local user privilege level switch
scheme local
uses the username used for password
logging in as the privilege
level switch username.
z When the authentication mode is set to local, configure the local password before switching to a
higher user privilege level.
z When the authentication mode is set to scheme, configure AAA related parameters before
switching to a higher user privilege level.
z The privilege level switch fails after three consecutive unsuccessful password attempts.
z For more information about user interface authentication, see CLI Login in the Fundamentals
1-24
Modifying the Level of a Command
All the commands in a view are defaulted to different levels. The administrator can change the default
level of a command to a lower level or a higher level as needed.
Follow these steps to modify the command level:
Required
Configure the command level in a command-privilege level level
See Table 1-5 for the default
specified view view view command
settings.
You are recommended to use the default command level or modify the command level under the
guidance of professional staff. An improper change of the command level may bring inconvenience to
your maintenance and operation, or even potential security problems.
Saving the Current Configuration

On the device, you can input the save command in any view to save all the submitted and executed
commands into the configuration file. Commands saved in the configuration file can survive a reboot.
The save command does not take effect on one-time commands, such as display commands, which
display specified information, and the reset commands, which clear specified information. The
one-time commands executed are never saved.
Displaying and Maintaining CLI
display command-alias [ |
Display defined command aliases
{ begin | exclude | include } Available in any view
and the corresponding commands
regular-expression ]
display clipboard [ | { begin |

Display the clipboard information exclude | include } Available in any view
regular-expression ]
1-25
2 Login Methods
z Login Methods
z User Interface Overview
Login Methods
You can log in to a device in the following ways.
Table 2-1 Login methods
Login method Default state
Logging In By default, you can log in to a device through the console port, the
CLI Login Through the authentication mode is None (no username or password required),
Console Port and the user privilege level is 3.
By default, you cannot log in to a device through telnet. To do so, log

in to the device through the console port, and complete the following
configuration:
z Enable the telnet function.

z Configure the IP address of the VLAN interface, and make sure
Logging In
that your device and the telnet client can reach each other (by
Through Telnet
default, the device does not have an IP address.).
z Configure the authentication mode of VTY login users (password
by default).
z Configure the user privilege level of VTY login users (0 by
default).
By default, you cannot log in to a device through SSH. To do so, log

in to the device through the console port, and complete the following
configuration:
z Enable the SSH function and configure SSH attributes.

z Configure the IP address of the network management port or
Logging In VLAN interface, and make sure that your device and the SSH
Through SSH client can reach each other (by default, your device does not have
an IP address.).
z Configure the authentication mode of VTY login users as scheme
(password by default).
z Configure the user privilege level of VTY login users (0 by
default).
2-1
Login method Default state
Logging In
By default, you can log in to a device through modems. The default
Through
user privilege level of modem login users is 3.
Modems
By default, you cannot log in to a device through an network

management station (NMS). To do so, log in to the device through the
console port, and complete the following configuration:
NMS Login z Configure the IP address of the VLAN interface, and make sure
the device and the NMS can reach each other (by default, your
device does not have an IP address.).
z Configure SNMP basic parameters.
User Interface Overview

User interface (also called line) allows you to manage and monitor sessions between the terminal and
device when you log in to the device through the console port directly, or through Telnet or SSH.
One user interface corresponds to one user interface view where you can configure a set of
parameters, such as whether to authenticate users at login, whether to redirect the requests to another
device, and the user privilege level after login. When the user logs in through a user interface, the
parameters set for the user interface apply.
At present, the system supports the following four CLI configuration methods:
z Local configuration via the console port
z Local/Remote configuration through Telnet or SSH
The two methods correspond to the following two user interfaces.
z AUX user interface: Used to manage and monitor users that log in via the Console port. The type
of the Console port is EIA/TIA-232 DTE.
z VTY (virtual type terminal) user interface: Used to manage and monitor users that log in via VTY.
A VTY port used for Telnet or SSH access.
Users and User Interfaces
At a time, only one user can use a user interface. The configuration made in a user interface view
applies to any login user. For example, if user A uses the console port to log in, the configuration in the
console port user interface view applies to user A; if user A logs in through VTY 1, the configuration in
VTY 1 user interface view applies to user A.
A device can be equipped with two AUX user interface, and five VTY user interfaces. These user
interfaces do not associate with specific users. When a user initiates a connection request, the system
automatically assigns an idle user interface with the smallest number to the user based on the login
method. During the login, the configuration in the user interface view takes effect. The user interface
varies depending on the login method and the login time.
2-2
Numbering User Interfaces
User interfaces can be numbered in two ways: absolute numbering and relative numbering.
Absolute numbering
Absolute numbering identifies a user interface or a group of different types of user interfaces. The
specified user interfaces are numbered from number 0 with a step of 1 and in the sequence of AUX,
and VTY user interfaces. You can use the display user-interface command without any parameters
to view supported user interfaces and their absolute numbers.
Relative numbering
Relative numbering allows you to specify a user interface or a group of user interfaces of a specific
type. The number format is “user interface type + number”. The rules of relative numbering are as
follows:
z AUX ports are numbered from 0 in the ascending order, with a step of 1.
z VTYs are numbered from 0 in the ascending order, with a step of 1.
2-3
3 CLI Login
z Overview
z Logging In Through the Console Port
z Logging In Through Telnet
z Logging In Through SSH
z Logging In Through Modems
z Displaying and Maintaining CLI Login
Overview
The CLI enables you to interact with a device by typing text commands. At the CLI, you can instruct
your device to perform a given task by typing a text command and then pressing Enter to submit it to
your device. Compared with the graphical user interface (GUI) where you can use a mouse to perform
configuration, the CLI allows you to input more information in one command line.
You can log in to the device at the CLI through the console port, telnet, SSH, or modem.
z By default, you can log in to a device through the console port without any authentication, which
brings security problems.
z By default, you cannot log in to a device through telnet, SSH, so you cannot remotely manage and
maintain the device.
Therefore, you need to perform configurations to increase device security and manageability.
Logging In Through the Console Port

Introduction
Logging in through the console port is the most common login method, and is also the first step to
configure other login methods.
By default, you can log in to a device through its console port only. After logging in to the device
through the console port, you can configure other login methods.
This section includes:
z Configuration Requirements
z Login Procedure
z Console Login Authentication Modes
z Configuring None Authentication for Console Login
z Configuring Password Authentication for Console Login
z Configuring Scheme Authentication for Console Login
z Configuring Common Settings for Console Login (Optional)
3-1
Configuration Requirements
The following table shows the configuration requirements of console port login.
Object Requirements
Device No configuration requirement
Run the hyper terminal program.

Terminal
Configure the hyper terminal attributes.
The port properties of the hyper terminal must be the same as the default settings of the console port
shown in the following table.
Setting Default
Bits per second 9,600 bps
Flow control None
Parity None
Stop bits 1
Data bits 8
Login Procedure
As shown in Figure 3-1, use the console cable shipped with the device to connect the PC and the
device. Plug the DB-9 connector of the console cable into the serial port of the PC, and plug the RJ-45
connector into the console port of your device.
Figure 3-1 Connect the device and PC through a console cable
Identify interfaces to avoid connection errors.
3-2
Because the serial port of a PC does not support hot-swap, do not plug or unplug the console cable to
or from the PC when your device is powered on. To connect the PC to the device, first plug the DB-9
connector of the console cable into the PC, and then plug the RJ-45 connector of the console cable
into your device. To disconnect the PC from the device, first unplug the RJ-45 connector and then the
DB-9 connector.
Launch a terminal emulation program (such as HyperTerminal in Windows XP/Windows 2000). The
following takes the HyperTerminal of Windows XP as an example. Select a serial port to be connected
to the device, and set terminal parameters as follows: set Bits per second to 9600, Data bits to 8,
Parity to None, Stop bits to 1, and Flow control to None, as shown in Figure 3-2 through Figure 3-4.
On the Windows 2003 Server operating system, you need to add the HyperTerminal program first, and
then log in to and manage the device as described in this document. On the Windows 2008 Server,
Windows 7, Windows Vista, or some other operating system, you need to obtain a third party terminal
control program first, and follow the user guide or online help of that program to log in to the device.
Figure 3-2 Connection description
3-3
Figure 3-3 Specify the serial port used to establish the connection
Figure 3-4 Set the properties of the serial port
Turn on the device. You are prompted to press Enter if the device successfully completes the
power-on self test (POST). A prompt such as <H3C> appears after you press Enter, as shown in
Figure 3-5.
3-4
Figure 3-5 Configuration page
Execute commands to configure the device or check the running status of the device. To get help,
type ?.
Console Login Authentication Modes
Three authentication modes are available for console port login: none, password, and scheme.
z none: Requires no username and password at the next login through the console port. This mode
is insecure.
z password: Requires password authentication at the next login through the console port. Keep
your password. If you lose your password, see H3C Series Ethernet Switches Login Password
Recovery Manual for password recovery.
z scheme: Requires username and password authentication at the next login through the console
port. Authentication falls into local authentication and remote authentication. To use local
authentication, configure a local user and related parameters. To use remote authentication,
configure the username and password on the remote authentication server. For more information
about authentication modes and parameters, see AAA Configuration in the Security
Configuration Guide. Keep your username and password. If you lose your password, see H3C
Series Ethernet Switches Login Password Recovery Manual for password recovery.
The following table lists console port login configurations for different authentication modes:
Authenticati
Configuration Remarks
on mode
For more information, see

Configuring None
None Configure not to authenticate users
Authentication for Console
Login.
Password Configure to authenticate users by using the local password For more information, see
3-5
Authenticati
on mode
Configuring Password
Set the local password Authentication for Console
Login.
Configure the authentication scheme
Configure a
RADIUS/HWTACAC
S scheme
Configure the AAA

Remote AAA scheme used by the
authentication domain
Configure the For more information, see
Select an Configuring Scheme

Scheme username and
authentication Authentication for Console
password on the AAA
scheme Login.
server
Configure the
authentication
username and
Local password
authentication
Configure the AAA
scheme used by the
domain as local
A newly configured authentication mode does not take effect unless you exit and enter the CLI again.
Configuring None Authentication for Console Login
Configuration prerequisites
You have logged in to the device.
By default, you can log in to the device through the console port without authentication and have user
privilege level 3 after login. For how to log in to the device with default configuration, see Configuration
Requirements.
Configuration procedure
Follow these steps to configure none authentication for console login:
3-6
user-interface aux first-number

Enter AUX user interface view —
[ last-number ]
Required
By default, you can log in to the

Specify the none authentication
authentication-mode none device through the console port
mode
without authentication, and have
user privilege level 3 after login.
Optional
Configure common settings for
— See Configuring Common Settings
AUX user interface view
for Console Login (Optional).
After the configuration, when you log in to the device through the console port at the next time, you are
prompted to press enter. A prompt such as <H3C> appears after you press Enter, as shown in Figure
3-6.
Configuring Password Authentication for Console Login
Requirements.
3-7
Follow these steps to configure password authentication for console login:
Enters system view system-view —

[ last-number ]
Required
By default, you can log in to the

authentication-mode password device through the console port
as local password authentication
without authentication and have
user privilege level 3 after login.
Required
set authentication password
Set the local password By default, no local password is
{ cipher | simple } password
set.
Optional
After the configuration, when you log in to the device through the console port at the next time, you are
prompted to enter a login password. A prompt such as <H3C> appears after you input the password
and press Enter, as shown in Figure 3-7.
3-8
Configuring Scheme Authentication for Console Login
Requirements.
Follow these steps to configure scheme authentication for console login:

[ last-number ]
Required
Whether local, RADIUS, or

HWTACACS authentication is
Specify the scheme adopted depends on the configured
authentication mode AAA scheme.
By default, users that log in through

the console port are not
authenticated.
Optional
z By default, command
authorization is not enabled.
z By default, the command level
depends on the user privilege
level. A user is authorized a
command level not higher than
the user privilege level. With
command authorization enabled,
Enable command authorization command authorization the command level for a login
user is determined by both the
user privilege level and AAA
authorization. If a user executes
a command of the corresponding
command level, the
authorization server checks
whether the command is
authorized. If yes, the command
can be executed.
3-9
Optional
z By default, command accounting

is disabled. The accounting
server does not record the
commands executed by users.
z Command accounting allows the
HWTACACS server to record all
the commands executed by
users, regardless of command
execution results. This helps
control and monitor user
Enable command accounting command accounting operations on the device. If
command accounting is enabled
and command authorization is
not enabled, every executed
command is recorded on the
HWTACACS server. If both
command accounting and
command authorization are
enabled, only the authorized and
executed commands are
recorded on the HWTACACS
server.
Configure Enter the ISP Optional

domain domain-name
the domain view By default, the AAA scheme is
authentic local.
authentication default
ation Apply the
{ hwtacacs-scheme If you specify the local AAA scheme,
mode specified AAA
hwtacacs-scheme-name [ local ] | you need to perform local user
scheme to the
local | none | radius-scheme configuration. If you specify an
domain
radius-scheme-name [ local ] } existing scheme by providing the
3-10
radius-scheme-name argument,
perform the following configuration
as well:
z For RADIUS and HWTACACS

configuration, see AAA
Configuration in the Security
Exit to system
quit Configuration Guide.
view
z Configure the username and
password accordingly on the
AAA server. (For more
information, see AAA
Configuration Guide.)
Create a local user and enter Required

local-user user-name
local user view By default, no local user exists.
Set the authentication password { cipher | simple }

Required
password for the local user password
Specifies the command level of Optional

authorization-attribute level level
the local user By default, the command level is 0.
Required
Specify the service type for the
service-type terminal By default, no service type is
local user
specified.
Optional
After you enable command authorization, you need to perform the following configuration to make the
function take effect:
z Create a HWTACACS scheme, and specify the IP address of the authorization server and other
authorization parameters. For more information, see AAA Configuration in the Security
z Reference the created HWTACACS scheme in the ISP domain. For more information, see AAA
Configuration in the Security Configuration Guide.
After you enable command accounting, you need to perform the following configuration to make the
z Create a HWTACACS scheme, and specify the IP address of the accounting server and other
accounting parameters. For more information, see AAA Configuration in the Security
3-11
When users adopt the scheme mode to log in to the device, the level of the commands that the users
can access depends on the user privilege level defined in the AAA scheme.
z When the AAA scheme is local, the user privilege level is defined by the authorization-attribute
level level command.
z When the AAA scheme is RADIUS or HWTACACS, the user privilege level is configured on the
RADIUS or HWTACACS server.
z For more information about AAA, RADIUS, and HWTACACS, see AAA Configuration in the
Security Configuration Guide.
After the configuration, when you log in to the device through the console port, you are prompted to
enter a login username and password. A prompt such as <H3C> appears after you input the password
and username and press Enter, as shown in Figure 3-8.
Configuring Common Settings for Console Login (Optional)
Follow these steps to configure common settings for console port login
Enable display of copyright Optional

copyright-info enable
information Enabled by default.

[ last-number ]
3-12
Optional
Configure
By default, the transmission rate is
AUX user
Configure the 9600 bps.
interface speed speed-value
baud rate Transmission rate is the number of
view
properties bits that the device transmits to the
terminal per second.
Configure the parity { even | mark | none | odd Optional

parity check mode | space } none by default.
Optional
By default, the stop bits of the

console port is 1.
Configure the stop Stop bits are the last bits transmitted
stopbits { 1 | 1.5 | 2 }
bits in data transmission to
unequivocally indicate the end of a
character. The more the bits are, the
slower the transmission is.
Optional
By default, the data bits of the

console port is 8.
Data bits is the number of bits
Configure the data representing one character. The

databits { 5 | 6 | 7 | 8 } setting depends on the contexts to
bits
be transmitted. For example, you
can set it to 7 if standard ASCII
characters are to be sent, and set it
to 8 if extended ASCII characters
are to be sent.
Define a shortcut Optional

key for enabling a activation-key character By default, you can press Enter to
terminal session enable a terminal session.

key for terminating escape-key { default | character } By default, you can press Ctrl+C to
tasks terminate a task.
Configure the flow flow-control { hardware | none | Optional

control mode software } By default, the value is none
3-13
Optional
By default, the terminal display type

is ANSI.
The device supports two types of

terminal display: ANSI and VT100. It
is recommended to set the display
type of both the device and the client
Configure the type to VT100. If the device and the client

terminal type { ansi | vt100 } use different display types (for
of terminal display
example, hyper terminal or Telnet
terminal) or both are set to ANSI,
when the total number of characters
of the currently edited command line
exceeds 80, an anomaly such as
cursor corruption or abnormal
display of the terminal display may
occur on the client.
Optional
Configure the user
By default, the default command
privilege level for user privilege level level
level is 3 for the console user
login users
interface.
Optional
Set the maximum
By default, the next screen displays
number of lines on screen-length screen-length
24 lines.
the next screen.
A value of 0 disables the function.
Set the size of Optional

history command By default, the buffer saves 10
value
buffer history commands at most.
Optional
The default idle-timeout is 10

minutes. The system automatically
terminates the user’s connection if
Set the
idle-timeout minutes [ seconds ] there is no information interaction
idle-timeout timer
between the device and the user
within the idle-timeout time.
Setting idle-timeout to 0 disables the

timer.
3-14
The common settings configured for console login take effect immediately. If you configure the
common settings after you log in through the console port, the current connection may be interrupted.
Therefore, use another login method. After you configure common settings for console login, you need
to modify the settings on the terminal to make them consistent with those on the device.
Logging In Through Telnet

Introduction
The device supports telnet. You can telnet to the device to remotely manage and maintain it, as shown
in Figure 3-9.
Figure 3-9 Telnet login
The following table shows the configuration requirements of telnet login.
Object Requirements
Configure the IP address of the VLAN interface, and make sure the telnet
Telnet server server and client can reach each other.
Configure the authentication mode and other settings
Run the telnet client program.

Telnet client
Obtain the IP address of the VLAN interface on the server
By default, the device is enabled with the telnet server and client functions.
z On a device that serves as the telnet client, you can log in to a telnet server to perform operations
on the server.
z On a device that serves as the telnet server, you can configure the authentication mode and user
privilege level for telnet users. By default, password authentication is adopted for telnet login, but
no login password is configured. Therefore, you cannot log in to the device through telnet by
default. Before you can telnet to the device, you need to log in to the device through the console
port and configure the authentication mode, user privilege level, and common settings.
This section includes these topics:
z Telnet Login Authentication Modes
z Configuring None Authentication for Telnet Login
z Configuring Password Authentication for Telnet Login
3-15
z Configuring Scheme Authentication for Telnet Login
z Configuring Common Settings for VTY User Interfaces (Optional)
z Configuring the Device to Log In to Another Device as a Telnet Client
Telnet Login Authentication Modes
Three authentication modes are available for telnet login: none, password, and scheme.
z none: Requires no username and password at the next login through telnet. This mode is
insecure.
z password: Requires password authentication at the next login through telnet. Keep your
password. If you lose your password, log in to the device through the console port to view or
modify the password.
z scheme: Requires username and password authentication at the next login through telnet.
Authentication falls into local authentication and remote authentication. To use local
about authentication modes and parameters, see AAA Configuration in the Security Configuration
Guide. Keep your username and password. If you lose your password, see H3C Series Ethernet
Switches Login Password Recovery Manual for password recovery.
The following table lists telnet login configurations for different authentication modes.
Authentication
mode
For more information, see

Configuring None
Authentication for Telnet
Login.
Configure to authenticate users by using the local For more information, see
password Configuring Password
Password
Set the local password Login.
Scheme Configure the authentication scheme For more information, see

Configuring Scheme
Select an Configure a
authenticati RADIUS/HWTACAC
Login.
on scheme S scheme
Configure the AAA

Remote AAA scheme used by the
authentication domain
Configure the
username and
password on the AAA
server
3-16
Authentication
mode
Configure the
authentication
username and
Local password
authentication
Configure the AAA
scheme used by the
domain as local
Configuring None Authentication for Telnet Login
Requirements.
Follow these steps to configure none authentication for telnet login:
Required
Enable telnet telnet server enable By default, the telnet service is
disabled.
Enter one or multiple VTY user user-interface vty first-number

—
interface views [ last-number ]
Required
Specify the none authentication
authentication-mode none By default, authentication mode for
mode
VTY user interfaces is password.
Configure the command level for Required

login users on the current user user privilege level level By default, the default command
interfaces level is 0 for VTY user interfaces.
Optional
VTY user interfaces
for VTY User Interfaces (Optional).
When you log in to the device through telnet again:
3-17
z You enter the VTY user interface, as shown in Figure 3-10.
z If “All user interfaces are used, please try later!” is displayed, it means the current login users
exceed the maximum number. Please try later.
Configuring Password Authentication for Telnet Login
Requirements.
Follow these steps to configure password authentication for telnet login:
Required
enabled.

—
Required
Specify the password By default, authentication mode
authentication-mode password
authentication mode for VTY user interfaces is
password.
3-18
Required
set authentication password { cipher
| simple } password
set.
Configure the user privilege level Required

user privilege level level
for login users 0 by default.
Optional
Configure common settings for See Configuring Common
—
VTY user interfaces Settings for VTY User
Interfaces (Optional).

z You are required to enter the login password. A prompt such as <H3C> appears after you enter
the correct password and press Enter, as shown in Figure 3-11.
z If “All user interfaces are used, please try later!” is displayed, it means the current concurrent login
users exceed the maximum number. Please try later.
Configuring Scheme Authentication for Telnet Login
Requirements.
Follow these steps to configure scheme authentication for telnet login
3-19
Required
enabled.

—
Required

Specify the scheme authentication
authentication-mode scheme adopted depends on the
mode
configured AAA scheme.
By default, local authentication is

adopted.
Optional
By default, command authorization

is not enabled.
z Create a HWTACACS scheme,

and specify the IP address of
the authorization server and
other authorization parameters.
Enable command authorization command authorization For more information, see AAA
z Reference the created
HWTACACS scheme in the ISP
domain. For more information,
see AAA Configuration in the
Security Configuration Guide.
3-20
Optional
accounting is disabled. The
accounting server does not
record the commands executed
by users.
z Command accounting allows
the HWTACACS server to
record all executed commands
that are supported by the
device, regardless of the
command execution result. This
Enable command accounting command accounting helps control and monitor user
operations on the device. If
command accounting is
enabled and command
authorization is not enabled,
every executed command is
server. If both command
accounting and command
authorization are enabled, only
the authorized and executed
commands are recorded on the
HWTACACS server.
Exit to system view quit —
Configure Enter the default ISP Optional

domain domain-name
the domain view By default, the AAA scheme is
authentic local.
authentication default
ation
{ hwtacacs-scheme If you specify the local AAA
mode Specify the AAA
hwtacacs-scheme-name scheme, perform the configuration
scheme to be applied to
[ local ] | local | none | concerning local user as well. If you
the domain
radius-scheme specify an existing scheme by
radius-scheme-name [ local ] } providing the radius-scheme-name
3-21
argument, perform the following

configuration as well:

Exit to system view quit
z Configure the username and
Create a local user and enter local

local-user user-name By default, no local user exists.
user view
Required
password { cipher | simple }
password
set.
Specifies the command level of the authorization-attribute level Optional

local user level By default, the command level is 0.
Required
Specify the service type for the local
service-type telnet By default, no service type is
user
specified.
Optional
Configure common settings for VTY
user interfaces
3-22
For more information about AAA, RADIUS, and HWTACACS, see AAA Configuration in the Security
z You are required to enter the login username and password. A prompt such as <H3C> appears
after you enter the correct username (for example, admin) and password and press Enter, as
shown in Figure 3-12.
z If “All user interfaces are used, please try later!” is displayed, it means the current login users
exceed the maximum number. Please try later.
Configuring Common Settings for VTY User Interfaces (Optional)
Follow these steps to configure Common settings for VTY user interfaces:
3-23
Required
Create a VLAN interface and enter interface vlan-interface If the VLAN interface already
VLAN interface view vlan-interface-id exists, the command enters the
VLAN interface view.
Required
Specify an IP address for a VLAN ip address ip-address { mask |
By default, no IP address is
interface mask-length }
specified for a VLAN interface.


—
User Enable the terminal Optional

shell
interface service Enabled by default.
configuration
Optional
Enable the current
By default, both protocols are
user interface(s) to protocol inbound { all | ssh |
supported.
support either Telnet, telnet }
SSH, or both of them The configuration takes effect next
time you log in.
Optional
Define a shortcut key escape-key { default |
By default, you can press Ctrl+C to
for terminating tasks character }
terminate a task.
Optional
Configure the type of
terminal type { ansi | vt100 } By default, the terminal display
terminal display
type is ANSI.
Optional
Set the maximum
By default, the next screen
displays 24 lines.
the next screen
Optional
Set the size of history history-command max-size
By default, the buffer saves 10
command buffer value
history commands.
3-24
Optional

minutes for all user interfaces.
The system automatically

Set the idle-timeout idle-timeout minutes terminates the user’s connection if
timer [ seconds ] there is no information interaction
between the device and the user in
timeout time.
Setting idle-timeout to 0 disables

the timer.
Optional
By default, command
auto-execution is disabled.
The system automatically executes

the specified command when a
Specify a command user logs in to the user interface,
to be automatically and tears down the user
auto-execute command
executed when a user connection after the command is
command
logs in to the current executed. If the command triggers
user interface another task, the system does not
tear down the user connection until
the task is completed. A telnet
command is usually specified to
enable the user to automatically
telnet to the specified device.
The auto-execute command command may disable you from configuring the system through the
user interface to which the command is applied. Therefore, before configuring the command and
saving the configuration (by using the save command), make sure that you can access the device
through VTY, TTY, console, or AUX interfaces to remove the configuration when a problem occurs.
Configuring the Device to Log In to Another Device as a Telnet Client
3-25
Requirements.
Figure 3-13 Log in to another device from the current device
If the telnet client port and the telnet server port that connect them are not in the same subnet, make
sure that the two devices can reach each other.
Follow the step below to configure the device to log in to a telnet server as a telnet client:
telnet remote-host [ service-port ]

[ [ vpn-instance
Configure the device to log in to a vpn-instance-name ] | [ source Optional
telnet server as a telnet client { interface interface-type Available in user view
interface-number | ip
ip-address } ] ]
Logging In Through SSH

Introduction
Secure Shell (SSH) offers an approach to log into a remote device securely. By providing encryption
and strong authentication, it protects devices against attacks such as IP spoofing and plain text
password interception. The device supports SSH, and you can log in to the device through SSH to
remotely manage and maintain the device, as shown in Figure 3-14.
Figure 3-14 SSH login diagram
The following table shows the configuration requirements of SSH login.
3-26
Object Requirements
Configure the IP address of the VLAN interface, and make sure the SSH
SSH server server and client can reach each other.
Configure the authentication mode and other settings.
Run the SSH client program.

SSH client
Obtain the IP address of the VLAN interface on the server.
By default, the device is enabled with the SSH server and client functions.
z On a device that serves as the SSH client, you can log in to an SSH server to perform operations
on the server.
z On a device that serves as the SSH server, you can configure the authentication mode and user
level for SSH users. By default, password authentication is adopted for SSH login, but no login
password is configured. Therefore, you cannot log in to the device through SSH by default. Before
you can log in to the device through SSH, you need to log in to the device through the console port
and configure the authentication mode, user level, and common settings.
z Configuring the SSH Server
z Configuring the SSH Client to Log In to the SSH Server
Configuring the SSH Server
You have logged in to the device, and want to log in to the device through SSH in the future.
Requirements.
Follow these steps to configure the device that serves as an SSH server:
Required
public-key local create { dsa |
Create local key pair(s) By default, no local key pair(s) are
rsa }
created.
Required
Enable SSH server ssh server enable
By default, SSH server is disabled.
3-27
Enter one or more VTY user user-interface vty first-number

—
Required
Specify the scheme authentication
authentication-mode scheme By default, authentication mode for
mode
VTY user interfaces is password.
Enable the current user interface Optional

to support either Telnet, SSH, or protocol inbound { all | ssh } By default, both protocols are
both of them supported.
Create a local user and enter local Required

user view By default, no local user exists.
Required
password { cipher | simple }
password
set.
Specifies the command level of the Optional

local user By default, the command level is 0.
Required
Specify the service type for the
service-type ssh By default, no service type is
local user
specified.
ssh user username service-type

stelnet authentication-type Required
Create an SSH user, and specify
{ password | { any | By default, no SSH user exists,
the authentication mode for the
password-publickey | and no authentication mode is
SSH user
publickey } assign publickey specified.
keyname }
Optional
VTY user interfaces
For more information about SSH, see SSH2.0 Configuration in the Security Configuration Guide.
3-28
Configuring the SSH Client to Log In to the SSH Server
Requirements.
Figure 3-15 Log in to another device from the current device
If the telnet client and the telnet server are not in the same subnet, make sure that the two devices can
reach each other.
Follow these steps to configure the SSH client to log in to the SSH server:
Required
server is the IPv4 address or host

Log in to an IPv4 SSH server ssh2 server
name of the server.
Required
server is the IPv6 address or host

Log in to an IPv6 SSH server ssh2 ipv6 server
name of the server.
You can configure other settings for the SSH client to work with the SSH server. For more information,
see SSH2.0 in the Security Command Reference.
3-29
Logging In Through Modems
Introduction
The administrator can use two modems to remotely maintain a switch through its Console port over the
Public Switched Telephone Network (PSTN) when the IP network connection is broken.
z Configuration Requirements
z Login Procedure
z Modem Login Authentication Modes
z Configuring None Authentication for Modem Login
z Configuring Password Authentication for Modem Login
z Configuring Scheme Authentication for Modem Login
z Configuring Common Settings for Modem Login (Optional)
Configuration Requirements
By default, no authentication is needed when you log in through modems, and the default user
privilege level is 3.
To use this method, perform necessary configurations at both the device side and administrator side.
The following table shows the configuration requirements of remote login through Console port by
using modem dial-in:
Object Requirement
The PC is correctly connected to the modem.
The modem is connected to a telephone cable that works normally.

Administrator side
The telephone number of the remote modem connected to the Console port of the
remote switch is obtained.
The Console port is correctly connected to the modem.
Configurations have been configured on the modem.

Device side
The modem is connected to a telephone cable that works normally.
Authentication configuration has been completed on the remote switch.
Login Procedure
Set up a configuration environment as shown in Figure 3-16: connect the serial port of the PC and the
Console port of the device to a modem respectively.
3-30
Figure 3-16 Set up a configuration terminal
Configuration on the administrator side

The PC and the modem are correctly connected, the modem is connected to a telephone cable, and
the telephone number of the remote modem connected to the Console port of the remote switch is
obtained.
On the device,
z The baud rate of the Console port is lower than the transmission rate of the modem. Otherwise,
packets may be lost.
z The parity check mode, stop bits, and data bits of the Console port adopt the default settings.
Perform the following configurations on the modem that is directly connected to the device:
AT&F ----------------------- Restore the factory defaults
ATS0=1 ----------------------- Configure auto-answer on first ring
AT&D ----------------------- Ignore data Terminal Ready signals
AT&K0 ----------------------- Disable local flow control
AT&R1 ----------------------- Ignore Data Flow Control signals
AT&S0 ----------------------- Force DSR to remain on
ATEQ1&W ----------------------- Disable the modem from response to commands and save the
configuration
To verify your configuration, enter AT&V to show the configuration results.
The configuration commands and the output for different modems may be different. For more
information, see the user guide of your modem.
Launch a terminal emulation utility (such as HyperTerminal in Windows XP/Windows 2000), create a
new connection (the telephone number is the number of the modem connected to the device).
3-31
On the Windows 2003 Server operating system, you need to add the HyperTerminal program first, and
then log in to and manage the device as described in this document. On the Windows 2008 Server,
Windows 7, Windows Vista, or some other operating system, you need to obtain a third party terminal
control program first, and follow the user guide or online help of that program to log in to the device.
Dial the destination number on the PC to establish a connection with the device, as shown in Figure
3-17 through Figure 3-19.
Figure 3-17 Connection Description
Figure 3-18 Enter the phone number
3-32
Figure 3-19 Dial the number
Character string CONNECT9600 is displayed on the terminal. Then a prompt such as <H3C> appears when
you press Enter.
Execute commands to configure the device or check the running status of the device. To get help,
type ?.
3-33
z To terminate the connection between the PC and device, execute the ATH command on the
terminal to terminate the connection between the PC and modem. If you cannot execute the
command on the terminal, input AT+ + + and then press Enter. When you are prompted OK,
execute the ATH command, and the connection is terminated if OK is displayed. You can also
terminal the connection between the PC and deice by clicking on the hyper terminal window.
z Do not close the hyper terminal directly. Otherwise, the remote modem may be always online, and
you will fail to dial in at the next time.
Modem Login Authentication Modes
Three authentication modes are available for modem dial-in login: none, password, and scheme.
z none: Requires no username and password at the next login through modems. This mode is
insecure.
z password: Requires password authentication at the next login through the console port. Keep
your password. If you lose your password, log in to the device through the console port to view or
modify the password.
z scheme: Requires username and password authentication at the next login through the console
port. Authentication falls into local authentication and remote authentication. To use local
about authentication modes and parameters, see AAA Configuration in the Security
Configuration Guide. Keep your username and password. If you lose your password, see H3C
Series Ethernet Switches Login Password Recovery Manual for password recovery.
The following table lists modem login configurations for different authentication modes:
Authentication
mode
For more information,

see Configuring None
Authentication for
Modem Login.
Configure to authenticate users by using the local password For more information,
see Configuring
Password Password
Set the local password Authentication for
Modem Login.
Scheme Configure the authentication scheme For more information,
3-34
Authentication
mode
Configure a see Configuring
RADIUS/HWTACACS Scheme Authentication
scheme for Modem Login.
Remote AAA
Configure the AAA scheme
Select authentication
used by the domain
an
authenti Configure the username and
cation password on the AAA server
scheme
Configure the authentication
username and password
Local authentication
Configure the AAA scheme
used by the domain as local
Modem login authentication changes do not take effect until you exit the CLI and log in again.
Configuring None Authentication for Modem Login
Requirements.
Follow these steps to configure none authentication for modem login:
Enter one or more AUX user user-interface aux first-number

—
Required
Specify the none authentication By default, users that log in
authentication-mode none
mode through the console port are not
authenticated.
3-35
Optional
VTY user interfaces
After the configuration, when you log in to the device through modems, you are prompted to press
Enter. A prompt such as <H3C> appears after you press Enter, as shown in Figure 3-21.
Configuring Password Authentication for Modem Login
Requirements.
Follow these steps to configure password authentication for modem login:

—
3-36
Required
By default, the modem login

authentication mode of the device
Specify the password that has a separate AUX port is
authentication-mode password
authentication mode password, and that of the device
with the console and AUX port
sharing the same physical port is
none.
Required
set authentication password
{ cipher | simple } password
set.
Optional
Configure common settings for For more information, see
—
VTY user interfaces Configuring Common Settings for
VTY User Interfaces (Optional).
After the configuration, when you log in to the device through modems, you are prompted to enter a
login password. A prompt such as <H3C> appears after you input the password and press Enter, as
shown in Figure 3-22.
Configuring Scheme Authentication for Modem Login
3-37
Requirements.
Follow these steps to configure scheme authentication for modem login:
Enter AUX user interface user-interface aux first-number

—
view [ last-number ]
Required

adopted depends on the configured
AAA scheme.
Specify the scheme By default, the modem login
authentication mode authentication mode of the device
that has a separate AUX port is
password, and that of the device
with the console and AUX port
sharing the same physical port is
none.
Optional
authorization is not enabled.
z By default, command level for a
login user depends on the user
privilege level. The user is
authorized the command with
the default level not higher than
the user privilege level. With the
Enable command
command authorization command authorization
authorization
configured, the command level
for a login user is determined by
both the user privilege level and
AAA authorization. If a user
executes a command of the
corresponding command level,
the authorization server checks
whether the command is
authorized. If yes, the command
can be executed.
3-38
Optional
z By default, command accounting

is disabled. The accounting
server does not record the
commands executed by users.
z Command accounting allows the
HWTACACS server to record all
executed commands that are
supported by the device,
regardless of the command
execution result. This helps
Enable command control and monitor user
command accounting
accounting operations on the device. If
command accounting is enabled
and command authorization is
not enabled, every executed
command is recorded on the
HWTACACS server. If both
command accounting and
command authorization are
enabled, only the authorized and
executed commands are
server.
Configure Enter the Optional

the default ISP domain domain-name By default, the AAA scheme is
authentic domain view local.
ation
authentication default If you specify the local AAA scheme,
mode Apply the
{ hwtacacs-scheme perform the configuration
specified AAA
hwtacacs-scheme-name [ local ] | local concerning local user as well. If you
scheme to the
| none | radius-scheme specify an existing scheme by
domain
radius-scheme-name [ local ] } providing the radius-scheme-name
3-39
argument, perform the following

configuration as well:

Return to Configuration Guide.
quit
system view z Configure the username and
Create a local user and Required

enter local user view By default, no local user exists.
Set the authentication

password { cipher | simple } password Required
password for the local user
Specifies the command Optional

level of the local user By default, the command level is 0.
Required
Specify the service type for
service-type terminal By default, no service type is
the local user
specified.
Optional
Configure common settings
for VTY user interfaces
3-40
For more information about AAA, RADIUS, and HWTACACS, see AAA Configuration in the Security
After the configuration, when you log in to the device through modems, you are prompted to enter a
login username and password. A prompt such as <H3C> appears after you input the password and
username and press Enter, as shown in Figure 3-23.
Configuring Common Settings for Modem Login (Optional)
Follow these steps to configure common settings for modem login:


—
3-41
Optional
By default ,the baud rate is 9600

Configure
Configure the bps.
AUX port speed speed-value
baud rate Transmission rate is the number of
properties
bits that the device transmits to the
terminal per second.
Optional
Configure the parity { even | mark | none | odd By default, the parity check mode of
parity check mode | space } the AUX port is set to none, which
means no check bit.
Optional
By default, the stop bits of the

console port is 1.
Configure the stop Stop bits are the last bits transmitted
stopbits { 1 | 1.5 | 2 }
bits in data transmission to
unequivocally indicate the end of a
character. The more the bits are, the
slower the transmission is.
Optional
By default, the data bits of the AUX

port is 8.
Data bits is the number of bits
Configure the data representing one character. The

databits { 5 | 6 | 7 | 8 } setting depends on the contexts to
bits
be transmitted. For example, you
can set it to 7 if standard ASCII
characters are to be sent, and set it
to 8 if extended ASCII characters
are to be sent.

key for starting a activation-key character By default, you can press Enter to
session start a session.

key for terminating escape-key { default | character } By default, you can press Ctrl+C to
tasks terminate a task.
Configure the flow flow-control { hardware | none | Optional

control mode software } By default, the value is none
3-42
Optional
By default, the terminal display type

is ANSI.
The device supports two types of

terminal display: ANSI and VT100. It
is recommended to set the display
type of both the device and the client
Configure the type to VT100. If the device and the client

terminal type { ansi | vt100 } use different display types (for
of terminal display
example, hyper terminal or Telnet
terminal) or both are set to ANSI,
when the total number of characters
of the currently edited command line
exceeds 80, an anomaly such as
cursor corruption or abnormal
display of the terminal display may
occur on the client.
Configure the user

Optional
privilege level for user privilege level level
3 by default.
login users
Optional
Set the maximum
By default, the next screen displays
24 lines at most.
the next screen
Set the size of the Optional

history command By default, the buffer saves 10
value
buffer history commands at most.
Optional

minutes. The system automatically
terminates the user’s connection if
Set the
idle-timeout minutes [ seconds ] there is no information interaction
idle-timeout timer
between the device and the user
within the idle-timeout time.
Setting idle-timeout to 0 disables the

timer.
3-43
Enable the modem

to accept incoming
calls, initiate modem [ both | call-in | call-out ] Required
outgoing calls, or
both
Configure the
Optional
modem to operate
modem auto-answer Manual answer mode applies by
in the auto-answer
default.
mode
Set the maximum

amount of time
that the modem
waits for the
Optional
carrier signal after modem timer answer seconds
30 seconds by default
the off-hook action
during incoming
call connection
setup
z The common settings configured for Console login take effect immediately. If you configure the
common settings after you log in through the Console port, the current connection may be
interrupted. Therefore, use another login method. After you configure common settings for
Console login, you need to modify the settings on the terminal to make them consistent with those
on the device.
z The baud rate of the Console port must be lower than the transmission rate of the modem.
Otherwise, packets may be lost.
Displaying and Maintaining CLI Login

Display information about the user

display users Available in any view
interfaces that are being used
Displays information about all user

display users all Available in any view
interfaces that the device supports
3-44
display user-interface [ num1 |

Display user interface information Available in any view
{ aux | vty } num2 ] [ summary ]
Multiple users can log in to the

system to simultaneously
configure the device. In some
circumstances, when the
administrator wants to make
configurations without interruption
free user-interface { num1 | { aux from the users that have logged in
Release a specified user interface
| vty } num2 } through other user interfaces, the
administrator can execute the
command to release the
connections established on the
specified user interfaces.
You cannot use this command to

release the connection that you
are using.

Lock the current user interface lock By default, the current user
interface is not locked.
Send messages to the specified send { all | num1 | { aux | vty }

user interfaces num2 }
3-45
3-1
4 NMS Login
z NMS Login Overview
z Configuring NMS Login
z NMS Login Example
NMS Login Overview

A Network Management Station (NMS) runs the SNMP client software. It offers a user-friendly
interface to facilitate network management. An agent is a program that resides in the device. It
receives and handles requests from the NMS. An NMS is a manager in an SNMP enabled network,
whereas agents are managed by the NMS. The NMS and agents exchange information through the
SNMP protocol. At present, the device supports multiple NMS programs, such as iMC and CAMS.
By default, you cannot log in to the device through NMS. To enable NMS login, log in to the device via
the console port and make the configurations described in the following table.
The following table shows the configuration requirements of NMS login.
Object Requirements
Configure the IP address of the VLAN interface
Device Make sure the device and the NMS can reach each other
Configure SNMP settings
NMS Configure the NMS. For more information, see the manual of your NMS
Configuring NMS Login

Connect the Ethernet port of the PC to an Ethernet port of VLAN 1 of the device, as shown in Figure
4-1. Make sure the PC and VLAN 1 interface can reach each other.
Figure 4-1 Network diagram for configuring NMS login
Follow these steps to configure SNMPv3 settings:
4-1
Optional
Disabled by default.
Enable SNMP agent snmp-agent You can enable SNMP agent with this
command or any command that
begins with snmp-agent.
snmp-agent group v3 group-name

[ authentication | privacy ] Required
Configure an SNMP group
[ read-view read-view ] [ write-view By default, no SNMP group is
and specify its access right
write-view ] [ notify-view configured.
notify-view ] [ acl acl-number ]
snmp-agent usm-user v3
Required
user-name group-name [ [ cipher ]
If the cipher keyword is specified,
Add a user to the SNMP authentication-mode { md5 | sha }
both auth-password and
group auth-password [ privacy-mode
priv-password are cipher text
{ 3des | aes128 | des56 }
passwords.
priv-password ] ] [ acl acl-number ]
Follow these steps to configure SNMPv1 and SNMPv2C settings:
Optional
Enable SNMP agent snmp-agent You can enable SNMP agent

with this command or any
command that begins with
snmp-agent.
snmp-agent mib-view Optional

{ excluded | included } By default, the MIB view
Create or update MIB view information
view-name oid-tree [ mask name is ViewDefault and
mask-value ] OID is 1.
snmp-agent community
Required
Configure Configure an { read | write }
Use either approach.
SNMP NMS Directly SNMP community-name [ acl
access right community acl-number | mib-view The direction configuration
view-name ]* approach is for SNMPv1 or
4-2
snmp-agent group { v1 | SNMPv2C. The community
v2c } group-name name configured on the NMS
Configure an [ read-view read-view ] should be consistent with the
SNMP group [ write-view write-view ] username configured on the
[ notify-view notify-view ] agent.

Indirectly [ acl acl-number ] The indirect configuration
approach is for SNMPv3.
snmp-agent usm-user { v1
Add a user to the | v2c } user-name
SNMP group group-name [ acl
acl-number ]
The device supports three SNMP versions: SNMPv1, SNMPv2C and SNMPv3. For more information
about SNMP, see SNMP Configuration in the Network Management and Monitoring Configuration
Guide.
NMS Login Example

In this example, iMC is used as the NMS for illustration.
Configuration on the device
# Assign 1.1.1.1/24 for the IP address of device. Make sure the device and the NMS can reach each
other. (Configuration steps are omitted.)
# Enter system view.
# Enable the SNMP agent.
[Sysname] snmp-agent
# Configure an SNMP group.
[Sysname] snmp-agent group v3 managev3group read-view test write-view test
# Add a user to the SNMP group.
[Sysname] snmp-agent usm-user v3 managev3user managev3group
Configuration on the NMS
On the PC, start the browser. In the address bar, enter http://192.168.4.112:8080/imc, where
192.168.4.112 is the IP address of the iMC.
4-3
Figure 4-2 iMC login page
Type the username and password, and then click Login. The iMC homepage appears, as shown in
Figure 4-3.
Figure 4-3 iMC homepage
Log in to the iMC and configure SNMP settings for the iMC to find the device. After the device is found,
you can manage and maintain the device through the iMC. For example, query device information or
configure device parameters.
The SNMP settings on the iMC must be the same as those configured on the device. If not, the device
cannot be found or managed by the iMC. See the iMC manuals for more information.
Click Help in the upper right corner of each configuration page to get corresponding help information.
4-4
4-5
5 User Login Control
z User Login Control Overview
z Configuring Login Control over Telnet Users
z Configuring Source IP-Based Login Control over NMS Users
User Login Control Overview

The device provides the following login control methods.
Login Through Login control methods ACL used
Configuring Source IP-Based Login Control over Telnet

Basic ACL
Users
Configuring Source and Destination IP-Based Login

Advanced ACL
Telnet Control over Telnet Users
Configuring Source MAC-Based Login Control over

Telnet UsersConfiguring Source MAC-Based Login Ethernet frame header ACL
Control over Telnet Users
Configuring Source IP-Based Login Control over NMS

NMS Users Basic ACL
Configuring Login Control over Telnet Users

Configuration Preparation
Before configuration, determine the permitted or denied source IP addresses, source MAC addresses,
and destination IP addresses.
Configuring Source IP-Based Login Control over Telnet Users
Because basic ACLs match the source IP addresses of packets, you can use basic ACLs to implement
source IP-based login control over telnet users. Basic ACLs are numbered from 2000 to 2999. For
more information about ACL, see ACL Configuration in the ACL and QoS Configuration Guide.
Follow these steps to configure source IP-based login control over telnet users:
5-1
Create a basic ACL and enter its

acl [ ipv6 ] number acl-number Required
view, or enter the view of an
[ match-order { config | auto } ] By default, no basic ACL exists.
existing basic ACL
rule [ rule-id ] { permit | deny }

[ source { sour-addr sour-wildcard
Configure rules for this ACL Required
| any } | time-range time-name |
fragment | logging ]*
Exit the basic ACL view quit —
user-interface [ type ] first-number

Enter user interface view —
[ last-number ]
Required
inbound: Filters incoming telnet

Use the ACL to control user login acl [ ipv6 ] acl-number { inbound |
packets.
by source IP address outbound }
outbound: Filters outgoing telnet
packets.
Configuring Source and Destination IP-Based Login Control over Telnet Users
Because advanced ACLs can match both source and destination IP addresses of packets, you can
use advanced ACLs to implement source and destination IP-based login control over telnet users.
Advanced ACLs are numbered from 3000 to 3999. For more information about ACL, see ACL
Configuration in the ACL and QoS Configuration Guide.
Follow these steps to configure source and destination IP-based login control over telnet users:
Create an advanced ACL

Required
and enter its view, or enter acl [ ipv6 ] number acl-number
By default, no advanced ACL
the view of an existing [ match-order { config | auto } ]
exists.
advanced ACL
Configure rules for the ACL rule [ rule-id ] { permit | deny } rule-string Required
Exit advanced ACL view quit —

Enter user interface —
[ last-number ]
5-2
Required
Use the ACL to control user inbound: Filters incoming telnet

acl [ ipv6 ] acl-number { inbound |
login by source and packets.
outbound }
destination IP addresses outbound: Filters outgoing telnet
packets.
Configuring Source MAC-Based Login Control over Telnet Users
Because Ethernet frame header ACLs can match the source MAC addresses of packets, you can use
Ethernet frame header ACLs to implement source MAC-based login control over telnet users. Ethernet
frame header ACLs are numbered from 4000 to 4999. For more information about ACL, see ACL
Configuration in the ACL and QoS Configuration Guide.
Follow these steps to configure source MAC-based login control over telnet users:
Create an advanced ACL and Required

acl number acl-number
enter its view, or enter the view of By default, no advanced ACL
[ match-order { config | auto } ]
an existing advanced ACL exists.

Configure rules for the ACL Required
rule-string
Exit the advanced ACL view quit —

Enter user interface view —
[ last-number ]
Required
Use the ACL to control user login
acl acl-number inbound inbound: Filters incoming telnet
by source MAC address
packets.
The above configuration does not take effect if the telnet client and server are not in the same subnet.
Source MAC-Based Login Control Configuration Example
Network requirements
As shown in Figure 5-1, configure an ACL on the Device to permit only incoming telnet packets
sourced from Host A and Host B.
5-3
Figure 5-1 Network diagram for configuring source MAC-based login control
# Configure basic ACL 2000, and configure rule 1 to permit packets sourced from Host B, and rule 2 to
permit packets sourced from Host A.
[Sysname] acl number 2000 match-order config
[Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[Sysname-acl-basic-2000] quit
# Reference ACL 2000 in user interface view to allow telnet users from Host A and Host B to access
the Device.
[Sysname] user-interface vty 0 15
[Sysname-ui-vty0-15] acl 2000 inbound
Configuring Source IP-Based Login Control over NMS Users

You can log in to the NMS to remotely manage the devices. SNMP is used for communication between
the NMS and the agent that resides in the device. By using the ACL, you can control SNMP user
access to the device.
Configuration Preparation
Before configuration, determine the permitted or denied source IP addresses.
Configuring Source IP-Based Login Control over NMS Users
Because basic ACLs match the source IP addresses of packets, you can use basic ACLs to implement
source IP-based login control over NMS users. Basic ACLs are numbered from 2000 to 2999. For
more information about ACL, see ACL Configuration in the ACL and QoS Configuration Guide.
Follow these steps to configure source IP-based login control over NMS users:
5-4
Create a basic ACL and enter its

acl [ ipv6 ] number acl-number Required
view, or enter the view of an
[ match-order { config | auto } ] By default, no basic ACL exists.
existing basic ACL

[ source { sour-addr sour-wildcard
Create rules for this ACL Required
| any } | time-range time-name |
fragment | logging ]*
Exit the basic ACL view quit —
snmp-agent community { read |

Associate this SNMP community write } community-name [ acl
with the ACL acl-number | mib-view
view-name ]*
snmp-agent group { v1 | v2c }

group-name [ read-view
read-view ] [ write-view
write-view ] [ notify-view
Associate the SNMP group with notify-view ] [ acl acl-number ]
Required
the ACL snmp-agent group v3
You can associate the ACL when
group-name [ authentication |
creating the community, the SNMP
privacy ] [ read-view read-view ]
group, and the user.
[ write-view write-view ]
[ notify-view notify-view ] [ acl For more information about SNMP,
acl-number ] see SNMP Configuration in the

Network Management and
snmp-agent usm-user { v1 | v2c } Monitoring Configuration Guide.
user-name group-name [ acl
acl-number ]
snmp-agent usm-user v3
user-name group-name [ [ cipher ]
Associate the user with the ACL
authentication-mode { md5 |
sha } auth-password
[ privacy-mode { 3des | aes128 |
des56 } priv-password ] ] [ acl
acl-number ]
Source IP-Based Login Control Over NMS Users Configuration Example
As shown in Figure 5-2, configure the device to allow only NMS users from Host A and Host B to
access.
5-5
Figure 5-2 Network diagram for configuring source IP-based login control over NMS users
# Create ACL 2000, and configure rule 1 to permit packets sourced from Host B, and rule 2 to permit
packets sourced from Host A.
[Sysname] acl number 2000 match-order config
[Sysname-acl-basic-2000] quit
# Associate the ACL with the SNMP community and the SNMP group.
[Sysname] snmp-agent community read aaa acl 2000
[Sysname] snmp-agent group v2c groupa acl 2000
[Sysname] snmp-agent usm-user v2c usera groupa acl 2000
5-6
6 FTP Configuration
When configuring FTP, go to these sections for information you are interested in:
z FTP Overview
z Configuring the FTP Client
z Configuring the FTP Server
z Displaying and Maintaining FTP
FTP Overview
Introduction to FTP
The File Transfer Protocol (FTP) is an application layer protocol for sharing files between server and
client over a TCP/IP network.
FTP uses TCP ports 20 and 21 for file transfer. Port 20 is used to transmit data, and port 21 to transmit
control commands. Refer to RFC 959 for details of FTP basic operation.
FTP transfers files in two modes:
z Binary mode: transfers files as raw data, like .app, .bin, and .btm files.
z ASCII mode: transfers files as text, like .txt, .bat, and .cfg files.
Operation of FTP
FTP adopts the client/server model. Your device can function either as the client or as the server (as
shown in Figure 6-1).
z When the device serves as the FTP client and the PC serves as the FTP server, execute the ftp
command on the device to establish a connection to the FTP server and upload/download files
to/from the server.
z When the device serves as the FTP server and the PC serves as the FTP client, run the FTP
client program on the PC to establish a connection to the FTP server and upload/download files
to/from the server.
Figure 6-1 Network diagram for FTP
When the device serves as the FTP client, you need to perform the following configuration:
6-1
Table 6-1 Configuration when the device serves as the FTP client
Device Configuration Remarks
If the remote FTP server supports

anonymous FTP, the device can log in to it
Use the ftp command to establish the
Device (FTP client) directly; if not, the device must obtain the FTP
connection to the remote FTP server
username and password first to log in to the
remote FTP server.
Enable FTP server on the PC, and

PC (FTP server) configure the username, password, —
user privilege level, and so on.
When the device serves as the FTP server, you need to perform the following configuration:
Table 6-2 Configuration when the device serves as the FTP server
Enable the FTP server function You can use the display ftp-server command to view
the FTP server configuration on the device.
Configure the username, password, authorized working

directory for an FTP user.
Device (FTP
Configure authentication and The device does not support anonymous FTP for
server)
authorization security reasons. Therefore, you must use a valid
username and password. By default, authenticated
users can access the root directory of the device.
Configure the FTP server

Parameters such as the FTP connection timeout time
operating parameters
Use the FTP client program to You can log in to the FTP server only after you input the
PC (FTP client)
log in to the FTP server. correct FTP username and password.
z Make sure that the FTP server and the FTP client are reachable to each other before establishing
the FTP connection; otherwise the connection fails.
z When you use IE to log in to the device serving as the FTP server, part of the FTP functions is not
available. This is because multiple connections are established during the login process but the
device supports only one connection at a time.
6-2
Configuring the FTP Client
Only users with the manage level can use the ftp command to log in to an FTP server, enter FTP client
view, and execute directory and file related commands. However, whether the commands can be
executed successfully depends on the authorizations of the FTP server.
Establishing an FTP Connection
To access an FTP server, an FTP client must establish a connection with the FTP server. Two ways are
available to establish a connection: using the ftp command to establish the connection directly; using
the open command in FTP client view.
Before using the ftp command to establish a FTP connection, you can perform source address binding.
The source address binding means to configure an IP address on a stable interface such as a
loopback interface, and then use this IP address as the source IP address of an FTP connection. The
source address binding function simplifies the configuration of ACL rules and security policies. You just
need to specify the source or destination address argument in an ACL rule as this address to filter
inbound and outbound packets on the device, ignoring the difference between interface IP addresses
as well as the affect of interface statuses. You can configure the source address by configuring the
source interface or source IP address. The primary IP address configured on the source interface is
the source address of the transmitted packets. The source address of the transmitted packets is
selected following these rules:
z If no source address is specified, the FTP client uses the IP address of the interface determined
by the matched route as the source IP address to communicate with an FTP server.
z If the source address is specified with the ftp client source or ftp command, this source address
is used to communicate with an FTP server.
z If you use the ftp client source command and the ftp command to specify a source address
respectively, the source address specified with the ftp command is used to communicate with an
FTP server.
The source address specified with the ftp client source command is valid for all FTP connections and
the source address specified with the ftp command is valid only for the current FTP connection.
Follow these steps to establish an FTP connection (In IPv4 networking):
6-3
Optional
A device uses the IP address

ftp client source { interface of the interface determined
Configure the source address of
interface-type interface-number | ip by the matched route as the
the FTP client
source-ip-address } source IP address to
communicate with the FTP
server by default.
ftp [ server-address [ service-port ]

Log in to the remote FTP server [ source { interface interface-type Use either approach.
directly in user view interface-number | ip The ftp command is available
source-ip-address } ] ] in user view; and the open
command is available in FTP
Log in to the remote FTP server ftp
client view.
indirectly in FTP client view
open server-address [ service-port ]
z If no primary IP address is configured on the specified source interface, no FTP connection can be
established.
z If you use the ftp client source command to first configure the source interface and then the
source IP address of the transmitted packets, the newly configured source IP address will take
effect instead of the current source interface, and vice versa.
Follow these steps to establish an FTP connection (In IPv6 networking):
ftp ipv6 [ server-address

Log in to the remote FTP server [ service-port ] [ source ipv6
directly in user view source-ipv6-address ] [ -i Use either approach.
interface-type interface-number ] ] The ftp ipv6 command is available
in user view; and the open ipv6
ftp ipv6
command is available in FTP client
Log in to the remote FTP server
open ipv6 server-address view.
indirectly in FTP client view
[ service-port ] [ -i interface-type
interface-number ]
6-4
Operating the Directories on an FTP Server
After the device serving as the FTP client has established a connection with an FTP server (For how to
establish an FTP connection, refer to Establishing an FTP Connection.), you can create or delete
folders under the authorized directory of the FTP server.
Follow these steps to operate the directories on an FTP server:
Display detailed information about a directory or

dir [ remotefile [ localfile ] ] Optional
file on the remote FTP server
Query a directory or file on the remote FTP server ls [ remotefile [ localfile ] ] Optional
Change the working directory of the remote FTP

cd { directory | .. | / } Optional
server
Exit the current working directory and return to an

cdup Optional
upper level directory of the remote FTP server
Display the working directory that is being

pwd Optional
accessed
Create a directory on the remote FTP server mkdir directory Optional
Remove the specified working directory on the

rmdir directory Optional
remote FTP server
Operating the Files on an FTP Server
After the device serving as the FTP client has established a connection with an FTP server (For how to
establish an FTP connection, refer to Establishing an FTP Connection.), you can upload a file to or
download a file from the FTP server under the authorized directory of the FTP server by following
these steps:
1) Use the dir or ls command to display the directory and the location of the file on the FTP server.
2) Delete useless files for effective use of the storage space.
3) Set the file transfer mode. FTP transmits files in two modes: ASCII and binary. ASCII mode
transfers files as text. Binary mode transfers files as raw data.
4) Use the lcd command to display the local working directory of the FTP client. You can upload the
file under this directory, or save the downloaded file under this directory.
5) Upload or download the file.
Follow these steps to operate the files on an FTP server:
6-5
Optional
Display detailed information The ls command displays the name of a
about a directory or file on the dir [ remotefile [ localfile ] ] directory or file only, while the dir
remote FTP server command displays detailed information
such as the file size and creation time.
Optional
The ls command displays the name of a

Query a directory or file on the
ls [ remotefile [ localfile ] ] directory or file only, while the dir
remote FTP server
command displays detailed information
such as the file size and creation time.
Delete the specified file on the

delete remotefile Optional
remote FTP server permanently
Set the file transfer mode to Optional

ascii
ASCII ASCII by default.
Set the file transfer mode to Optional

binary
binary ASCII by default.
Set the data transmission mode Optional

passive
to passive Passive by default.
Display the local working

lcd Optional
directory of the FTP client
Upload a file to the FTP server put localfile [ remotefile ] Optional
Download a file from the FTP

get remotefile [ localfile ] Optional
server
Using Another Username to Log In to an FTP Server
After the device serving as the FTP client has established a connection with the FTP server (For how
to establish an FTP connection, refer to Establishing an FTP Connection.), you can use another
username to log in to the FTP server.
This feature allows you to switch to different user levels without affecting the current FTP connection
(namely, the FTP control connection, data connection and connection status are not changed); if you
input an incorrect username or password, the current connection will be terminated, and you must log
in again to access the FTP server.
Follow the step below to use another username to log in to the FTP server:
6-6
Use another username to relog in after

user username [ password ] Optional
successfully logging in to the FTP server
Maintaining and Debugging an FTP Connection
After a device serving as the FTP client has established a connection with the FTP server (For how to
establish an FTP connection, refer to Establishing an FTP Connection.), you can perform the following
operations to locate and diagnose problems encountered in an FTP connection:
Display the help information of

FTP-related commands supported by remotehelp [ protocol-command ] Optional
the remote FTP server
Enable information display in a detailed Optional

verbose
manner Enabled by default
Enable FTP related debugging when the Optional

debugging
device acts as the FTP client Disabled by default
Terminating an FTP Connection
After the device serving as the FTP client has established a connection with the FTP server (For how
to establish an FTP connection, refer to Establishing an FTP Connection.), you can use any of the
following commands to terminate an FTP connection:
Terminate the connection to the FTP Optional

disconnect
server without exiting FTP client view Equal to the close command.
Optional
Terminate the connection to the FTP
close Equal to the disconnect
server without exiting FTP client view
command.
Optional
bye Equal to the quit command in
server and return to user view
FTP client view.
Optional
quit Available in FTP client view,
server and return to user view
equal to the bye command.
6-7
FTP Client Configuration Example (Distributed Device)
z As shown in Figure 6-2, use Device as an FTP client and PC as the FTP server. Their IP
addresses are 10.2.1.1/16 and 10.1.1.1/16 respectively. An available route exists between Device
and PC.
z Device downloads a startup file from PC for device upgrade, and uploads the configuration file to
PC for backup.
z On PC, an FTP user account has been created for the FTP client, with the username being abc
and the password being pwd.
Figure 6-2 Network diagram for FTPing a startup file from an FTP server
If the available memory space of the device is not enough, use the fixdisk command to clear the
memory or use the delete /unreserved file-url command to delete the files not in use and then perform
the following operations.
# Log in to the server through FTP.

<Sysname> ftp 10.1.1.1
Trying 10.1.1.1 ...
Connected to 10.1.1.1.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(10.1.1.1:(none)):abc
331 Give me your password, please
Password:
230 Logged in successfully
# Set the file transfer mode to binary.
[ftp] binary
200 Type set to I.
# Download the startup file newest.app from PC to Device.
z Download the startup file newest.app from PC to the root directory of the storage medium on the
AMB.
[ftp] get newest.app
SMB (in slot 1).
6-8
[ftp] get newest.app slot1#flash:/newest.app
# Upload the configuration file config.cfg of Device to the server for backup.
[ftp] ascii
200 Type set to A.
[ftp] put config.cfg back-config.cfg
227 Entering Passive Mode (10,1,1,1,4,2).
125 ASCII mode data connection already open, transfer starting for /config.cfg.
226 Transfer complete.
FTP: 3494 byte(s) sent in 5.646 second(s), 618.00 byte(s)/sec.
[ftp] bye
# Specify newest.app as the main startup file to be used at the next startup.
z Specify newest.app as the main startup file to be used at the next startup for the AMB.
<Sysname> boot-loader file newest.app slot 0 main
This command will set the boot file of the specified board. Continue? [Y/N]:y
The specified file will be used as the main boot file at the next reboot on slot 0!
z Specify newest.app as the main startup file to be used at the next startup for the SMB (in slot 1).
<Sysname> boot-loader file slot1#flash:/newest.app slot 1 main
# Reboot the device, and the startup file is updated at the system reboot.
<Sysname> reboot
The startup file used for the next startup must be saved under the root directory of the storage medium.
You can copy or move a file to the root directory of the storage medium. For the details of the
boot-loader command, refer to Upgrading Software Commands in the Fundamentals Command
Reference.
FTP Client Configuration Example (Distributed IRF Device)
z As shown in Figure 6-3, Device is a IRF system, which is composed of a master and a slave. The
member ID of the master is 1, and the slot numbers of the AMB and the SMB on the master are 0
and 1 respectively. The member ID of the slave is 2, and the slot numbers of the AMB and SMB
on the slave are 0 and 1 respectively.
z Device serves as an FTP client. PC serves as the FTP server. Their IP addresses are as shown in
the following figure. Device and PC are reachable to each other.
z Device downloads a startup file from PC for upgrade, and uploads the configuration file to PC for
backup.
6-9
If the available memory space of the device is insufficient, use the fixdisk command to clear the
# Log in to the server through FTP.

<Sysname> ftp 10.1.1.1
Trying 10.1.1.1 ...
User(10.1.1.1:(none)):abc
Password:
# Set the file transfer mode to binary to transmit startup file.
[ftp] binary
200 Type set to I.
# Download the startup file newest.app from PC to the device.
AMB of the IRF (that is, the AMB on the master).
[ftp] get newest.app
z Download the startup file newest.app from PC to the root directory of the storage media of the
SMBs of the IRF (that is, any main board except the AMB of the IRF) (the member ID and slot
number of the member device where one SMB resides are both 1; the member ID and slot
number of the member device where another SMB resides are 2 and 0 respectively; the member
ID and slot number of the member device where the third SMB resides are 2 and 1 respectively).
[ftp] get newest.app chassis1#slot1#flash:/newest.app
# Upload the configuration file config.cfg of the device to the server for backup.
6-10
[ftp] ascii
200 Type set to A.
[ftp] put config.cfg back-config.cfg
227 Entering Passive Mode (10,1,1,1,4,2).
125 ASCII mode data connection already open, transfer starting for /config.cfg.
226 Transfer complete.
FTP: 3494 byte(s) sent in 5.646 second(s), 618.00 byte(s)/sec.
[ftp] bye
# Specify newest.app as the main startup file to be used at the next startup for the AMB of the IRF.
<Sysname> boot-loader file newest.app chassis 1 slot 0 main
The specified file will be used as the main boot file at the next reboot on chassis 1 slot
0!
# Specify newest.app as the main startup file to be used at the next startup for the SMBs of the IRF.
<Sysname> boot-loader file chassis1#slot1#flash:/newest.app chassis 1 slot 1 main
1!
0!
1!
<Sysname> reboot
Reference.
Configuring the FTP Server

Configuring FTP Server Operating Parameters
The FTP server uses one of the two modes to update a file when you upload the file (use the put
command) to the FTP server:
z In fast mode, the FTP server starts writing data to the storage medium after a file is transferred to
the memory. This prevents the existing file on the FTP server from being corrupted in the event
that anomaly, power failure for example, occurs during a file transfer.
6-11
z In normal mode, the FTP server writes data to the storage medium while receiving data. This
means that any anomaly, power failure for example, during file transfer might result in file
corruption on the FTP server. This mode, however, consumes less memory space than the fast
mode.
Follow these steps to configure the FTP server:
Required
Enable the FTP server ftp server enable
Optional
Use an ACL to control FTP clients’
ftp server acl acl-number By default, no ACL is used to control
access to the device
FTP clients’ access to the device.
Optional
30 minutes by default.
Within the idle-timeout time, if there is

Configure the idle-timeout timer ftp timeout minutes no information interaction between
the FTP server and client, the
connection between them is
terminated.
Set the file update mode for the Optional

ftp update { fast | normal }
FTP server Normal update is used by default.
Quit to user view quit —
Manually release the FTP

Optional
connection established with the free ftp user username
specified username
Configuring Authentication and Authorization on the FTP Server
To allow an FTP user to access certain directories on the FTP server, you need to create an account
for the user, authorizing access to the directories and associating the username and password with the
account.
The following configuration is used when the FTP server authenticates and authorizes a local FTP user.
If the FTP server needs to authenticate a remote FTP user, you need to configure authentication,
authorization and accounting (AAA) policy instead of the local user. For detailed configuration, refer to
AAA Configuration in the Security Configuration Guide.
In local authentication, the device checks the input username and password against those configured
on the device. In remote authentication, the device sends the input username and password to the
6-12
remote authentication server, which then checks whether they are consistent with those configured on
the device.
Follow these steps to configure authentication and authorization for FTP server:
Required
Create a local user and No local user exists by default, and the
enter its view system does not support FTP anonymous
user access.
Assign a password to password { simple | cipher }

Required
the user password
Required
By default, the system does not support

Assign the FTP service anonymous FTP access, and does not assign
service-type ftp
to the user any service. If the FTP service is assigned,
the root directory of the device is used by
default.
authorization-attribute { acl
Optional
acl-number | callback-number
By default, the FTP/SFTP users can access
Configure user callback-number | idle-cut minute
the root directory of the device, and the user
properties | level level | user-profile
level is 0. You can change the default
profile-name | vlan vlan-id |
configuration by using this command.
work-directory directory-name } *
z For more information about the local-user, password, service-type ftp, and
authorization-attribute commands, refer to AAA Commands in the Security Command
Reference.
z When the device serves as the FTP server, if the client is to perform the write operations (upload,
delete, create, and delete for example) on the device’s file system, the FTP login users must be
level 3 users; if the client is to perform other operations, for example, read operation, the device
has no restriction on the user level of the FTP login users, that is, any level from 0 to 3 is allowed.
6-13
FTP Server Configuration Example (Distributed Device)
z As shown in Figure 6-4, use Device as an FTP server, and the PC as the FTP client. Their IP
and PC.
z PC keeps the updated startup file of the device. Use FTP to upgrade the device and back up the
configuration file.
z Set the username to ftp and the password to pwd for the FTP client to log in to the FTP server.
Figure 6-4 Upgrading using the FTP server
1) Configure Device (FTP Server)
# Create an FTP user account ftp, set its password to pwd and the user privilege level to level 3 (the
manage level). Authorize ftp’s access to the root directory of the flash on the AMB, and specify ftp to
use FTP.
[Sysname] local-user ftp
[Sysname-luser-ftp] password simple pwd
[Sysname-luser-ftp] authorization-attribute level 3
[Sysname-luser-ftp] authorization-attribute work-directory flash:/
# To access the flash root directory of the SMB (in slot 1), execute this command:
[Sysname-luser-ftp] authorization-attribute work-directory slot1#flash:/
[Sysname-luser-ftp] service-type ftp
[Sysname-luser-ftp] quit
# Enable FTP server.
[Sysname] ftp server enable
[Sysname] quit
# Check files on your device. Remove those redundant to ensure adequate space for the startup file to
be uploaded.
<Sysname> dir
Directory of flash:/
0 drw- - Dec 07 2005 10:00:57 filename

1 drw- - Jan 02 2006 14:27:51 logfile
2 -rw- 1216 Jan 02 2006 14:28:59 config.cfg
3 -rw- 1216 Jan 02 2006 16:27:26 back.cfg
64389 KB total (2511 KB free)

<Sysname> delete /unreserved flash:/back.cfg
2) Configure the PC (FTP Client)
# Log in to the FTP server through FTP.
6-14
c:\> ftp 1.1.1.1
220 FTP service ready.
User(1.1.1.1:(none)):ftp
331 Password required for ftp.
Password:
230 User logged in.
# Download the configuration file config.cfg of Device to the PC for backup.
ftp> get config.cfg back-config.cfg
# Upload the configuration file newest.app to the root directory of the storage medium on the AMB.
ftp> put newest.app
ftp> bye
z You can take the same steps to upgrade configuration file with FTP. When upgrading the
configuration file with FTP, put the new file under the root directory of the storage medium.
z After you finish upgrading the Boot ROM program through FTP, you must execute the bootrom
update command to upgrade the Boot ROM.
3) Upgrade Device
# Copy the startup file newest.app to the root directory of the storage medium on the SMB (in slot 1).
<Sysname> copy newest.app slot1#flash:/
# Reboot the device and the startup file is updated at the system reboot.
<Sysname> reboot
Reference.
6-15
FTP Server Configuration Example (Distributed IRF Device)
z As shown in Figure 6-5, Device is a IRFsystem, which is composed of a master and a slave. The
z Device serves as an FTP server and PC as the FTP client. Their IP addresses are as shown in the
following figure. Device and PC are reachable to each other.
z Device downloads a startup file from PC for upgrade, and uploads the configuration file to PC for
backup.
1) Configure Device (FTP Server)

# Create an FTP user account ftp, set its password to pwd and the user privilege level to level 3 (the
manage level). Authorize ftp’s access to the root directory of the flash on the AMB of the IRF, and
specify ftp to use FTP.
[Sysname] local-user ftp
[Sysname-luser-ftp] password simple pwd
[Sysname-luser-ftp] authorization-attribute work-directory level 3
[Sysname-luser-ftp] authorization-attribute work-directory flash:/
To access an SMB of the IRF (suppose that the member ID and slot number of the member device
where the SMB resides are 2 and 1 respectively), you must configure the following:
6-16
[Sysname-luser-ftp] authorization-attribute work-directory chassis2#slot1#flash:/
[Sysname-luser-ftp] service-type ftp
[Sysname-luser-ftp] quit
# Enable FTP server.
[Sysname] ftp server enable
[Sysname] quit
2) Configure the PC (FTP Client)
# Log in to the FTP server through FTP.
c:\> ftp 1.1.1.1
220 FTP service ready.
User(1.1.1.1:(none)):ftp
331 Password required for ftp.
Password:
230 User logged in.
# Download the configuration file config.cfg of the device to the PC for backup.
ftp> get config.cfg back-config.cfg
# Upload the configuration file newest.app to the root directory of the storage medium on the AMB of
the IRF.
ftp> put newest.app
ftp> bye
z You can take the same steps to upgrade configuration file with FTP. When upgrading the
configuration file with FTP, put the new file under the root directory of the storage medium.
z After you finish upgrading the Boot ROM program through FTP, you must execute the bootrom
update command to upgrade the Boot ROM.
3) Upgrade Device
# Copy the startup file newest.app from PC to the root directory of the storage media of the SMBs of
the IRF (the member ID and slot number of the member device where one SMB resides are both 1; the
member ID and slot number of the member device where another SMB resides are 2 and 0
respectively; the member ID and slot number of the member device where the third SMB resides are 2
and 1 respectively).
<Sysname> copy newest.app chassis1#slot1#flash:/
# Specify newest.app as the main startup file to be used at the next startup for all the main boards of
the IRF.
0!
6-17
1!
0!
1!
<Sysname> reboot
Reference.
Displaying and Maintaining FTP
display ftp client

Display the configuration of the FTP client Available in any view
configuration
Display the configuration of the FTP server display ftp-server Available in any view
Display detailed information about logged-in

display ftp-user Available in any view
FTP users
6-18
7 TFTP Configuration
When configuring TFTP, go to these sections for information you are interested in:
z TFTP Overview
z Configuring the TFTP Client
z Displaying and Maintaining the TFTP Client
z TFTP Client Configuration Example (Distributed Device)
z TFTP Client Configuration Example (Distributed IRF Device)
TFTP Overview
Introduction to TFTP
The Trivial File Transfer Protocol (TFTP) provides functions similar to those provided by FTP, but it is
less complex than FTP in interactive access interface and authentication. Therefore, it is more suitable
in environments where complex interaction is not needed between client and server.
TFTP uses the UDP port 69 for data transmission. For TFTP basic operation, refer to RFC 1986.
In TFTP, file transfer is initiated by the client.
z In a normal file downloading process, the client sends a read request to the TFTP server, receives
data from the server, and then sends the acknowledgement to the server.
z In a normal file uploading process, the client sends a write request to the TFTP server, sends data
to the server, and receives the acknowledgement from the server.
TFTP transfers files in two modes:
z Binary mode for program file transmission, like files with the suffixes .app, .bin, or .btm.
z ASCII mode for text file transmission, like files with the suffixes .txt, .bat, or .cfg.
Operation of TFTP
Only the TFTP client service is available with your device at present.
Figure 7-1 TFTP configuration diagram
7-1
Before using TFTP, the administrator needs to configure IP addresses for the TFTP client and server,
and make sure that there is a reachable route between the TFTP client and server.
When the device serves as the TFTP client, you need to perform the following configuration:
Table 7-1 Configuration when the device serves as the TFTP client
z Configure the IP address and routing function, and

ensure that the route between the device and the
TFTP server is available.
Device (TFTP client) —
z Use the tftp command to establish a connection to
the remote TFTP server to upload/download files
to/from the TFTP server
Enable TFTP server on the PC, and configure the TFTP

PC (TFTP server) —
working directory.
Configuring the TFTP Client

When a device acts as a TFTP client, you can upload a file on the device to a TFTP server and
download a file from the TFTP server to the local device. You can use either of the following ways to
download a file:
z Normal download: The device writes the obtained file to the storage medium directly. In this way, if
you download a remote file using a filename destination-filename that exists in the directory, the
device deletes the original file and then saves the new one. If file download fails due to network
disconnection or other reasons, the original system file will never recover because it has been
deleted.
z Secure download: The device saves the obtained file to its memory and does not write it to the
storage medium until the whole file is obtained. In this way, if you download a remote file using a
filename destination-filename that exists in the directory, the original file is not overwritten. If file
download fails due to network disconnection or other reasons, the original file still exists. This
mode is more secure but consumes more memory.
You are recommended to use the secure mode or, if you use the normal mode, specify a filename not
existing in the current directory as the target filename when downloading the startup file or the startup
configuration file.
Before using the tftp command to establish a TFTP connection, you can perform source address
binding.Source address binding means to configure an IP address on a stable interface such as a
loopback interface, and then use this IP address as the source IP address of a TFTP connection. The
source address binding function simplifies the configuration of ACL rules and security policies. You just
need to specify the source or destination address argument in an ACL rule as this address to filter
inbound and outbound packets on the device, ignoring the difference between interface IP addresses
as well as the affect of interface statuses. You can configure the source address by configuring the
source interface or source IP address. The primary IP address configured on the source interface is
7-2
the source address of the transmitted packets. The source address of the transmitted packets is
selected following these rules:
z If no source address of the TFTP client is specified, a device uses the IP address of the interface
determined by the matched route as the source IP address to communicate with a TFTP server.
z If the source address is specified with the tftp client source or tftp command, this source
address is adopted.
z If you use the tftp client source command and the tftp command to specify a source address
respectively, the source address configured with the tftp command is used to communicate with a
TFTP server.
The source address specified with the tftp client source command is valid for all TFTP connections
and the source address specified with the tftp command is valid only for the current tftp connection.
Follow these steps to configure the TFTP client:
Optional
Use an ACL to control the device’s By default, no ACL is used to
tftp-server [ ipv6 ] acl acl-number
access to TFTP servers control the device’s access to
TFTP servers.
Optional
tftp client source { interface A device uses the source address
Configure the source address of
interface-type interface-number | determined by the matched route
the TFTP client
ip source-ip-address } to communicate with the TFTP
server by default.
Return to user view quit —
tftp server-address { get | put |

sget } source-filename
Download or upload a file in an [ destination-filename ] [ source Optional
IPv4 network { interface interface-type Available in user view
interface-number | ip
source-ip-address } ]
tftp ipv6 tftp-ipv6-server [ -i

Download or upload a file in an interface-type interface-number ] Optional
IPv6 network { get | put } source-file Available in user view
[ destination-file ]
7-3
z If no primary IP address is configured on the source interface, no TFTP connection can be
established.
z If you use the ftp client source command to first configure the source interface and then the
source IP address of the packets of the TFTP client, the new source IP address will overwrite the
current one, and vice versa.
Displaying and Maintaining the TFTP Client
Display the configuration of the

display tftp client configuration Available in any view
TFTP client
TFTP Client Configuration Example (Distributed Device)

z As shown in Figure 7-2, use a PC as the TFTP server and Device as the TFTP client. Their IP
and PC.
z Device downloads a startup file from PC for upgrading and uploads a configuration file named
config.cfg to PC for backup.
Figure 7-2 Smooth upgrading using the TFTP client function
1) Configure PC (TFTP Server), the configuration procedure is omitted.
z On the PC, enable the TFTP server
z Configure a TFTP working directory
2) Configure Device (TFTP Client)
7-4
If the available memory space of the device is not enough, use the fixdisk command to clear the
# Download application file newest.app from PC to the device.

z Download application file newest.app from PC to the root directory of the storage medium on the
AMB.
<Sysname> tftp 1.2.1.1 get newest.app
SMB (in slot 1).
<Sysname> tftp 1.2.1.1 get newest.app slot1#flash:/newest.app
# Upload a configuration file config.cfg to the TFTP server.
<Sysname> tftp 1.2.1.1 put config.cfg configback.cfg
# Reboot the device and the software is upgraded.
<Sysname> reboot
Reference.
TFTP Client Configuration Example (Distributed IRF Device)

z As shown in Figure 7-3, Device is a IRF system, which is composed of a master and a slave. The
7-5
z Device serves as a TFTP client and PC as the TFTP server. Their IP addresses are as shown in
the following figure. Device and PC are reachable to each other.
z Device downloads a startup file from PC for upgrade and uploads a configuration file named
config.cfg to PC for backup.
Figure 7-3 Smooth upgrading using the TFTP client function
1) Configure PC (TFTP Server), the detailed configuration procedure is omitted.
z On the PC, enable TFTP server
z Configure a TFTP working directory
2) Configure Device (TFTP Client)
# Download application file newest.app from PC to Device.

AMB of the IRF.
<Sysname> tftp 1.2.1.1 get newest.app
z Download the startup file newest.app from PC to the root directories of the storage media of the
SMBs of the IRF (the member ID and slot number of the member device where one SMB resides
are both 1; the member ID and slot number of the member device where another SMB resides are
2 and 0 respectively; the member ID and slot number of the member device where the third SMB
resides are 2 and 1 respectively).
<Sysname> tftp 1.2.1.1 get newest.app chassis1#slot1#flash:/newest.app
# Upload a configuration file config.cfg to the TFTP server.
<Sysname> tftp 1.2.1.1 put config.cfg configback.cfg
7-6
# Specify newest.app as the main startup file to be used at the next startup for all the main boards of
the IRF.
0!
1!
0!
1!
# Reboot the device and the software is upgraded.
<Sysname> reboot
Reference.
7-7
8 File System Management
The S7500E Series Ethernet Switches are distributed devices supporting Intelligent Resilient
Framework (IRF). Two S7500E series can be connected together to form a distributed IRF device. If
an S7500E series is not in any IRF, it operates as a distributed device; if the S7500E series is in an
IRF, it operates as a distributed IRF device. For introduction of IRF, refer to IRF Configuration in the
IRF Configuration Guide.
When managing a file system, go to these sections for information you are interested in:
z File System
z Directory Operations
z File Operations
z Batch Operations
z Storage Medium Operations
z Setting File System Prompt Modes
z File System Operations Example
File System
File System Overview
A major function of the file system is to manage storage media. It allows you to perform operations
such as directory create and delete, and file copy and display.
File system operations fall into Directory Operations, File Operations, Batch Operations, Storage
Medium Operations, and Setting File System Prompt Modes.
Filename Formats
When you specify a file, you must enter the filename in one of the following formats.
Filename formats (distributed device):
8-1
Format Description Length Example
a.cfg indicates a file named a.cfg

under the current working
directory. If the current working
Specifies a file under the current 1 to 91 directory is on the AMB, a.cfg
file-name
working directory. characters represents file a.cfg on the AMB; if
the current working directory is on
the SMB, a.cfg represents file
a.cfg on the SMB.
Specifies a file in the specified

folder under the current working
test/a.cfg indicates a file named
directory. path represents the 1 to 135
path/file-name a.cfg in the test folder under the
folder name. You can specify characters
current working directory.
multiple folders, indicating a file
under a multi-level folder.

storage medium on the device.
drive represents the storage
flash:/test/a.cfg indicates a file
medium name. The storage
named a.cfg in the test folder
medium on the AMB is usually
under the root directory of the flash
flash or cf; the storage medium on
memory on the AMB.
drive:/[path]/file-na the SMB is usually slotX#flash or 1 to 135
To read and write the a.cfg file
me slotX#cf, where X represents the characters
under the root directory of the flash
number of the slot where the SMB
on the SMB (with the slot number
resides. For example, slot1#flash.
1), input slot1#flash:/a.cfg for the
You can use the display device
filename.
command to view the
correspondence between a board
and its slot number.
Filename formats (distributed IRF device):
8-2
Format Description Length Example
a.cfg indicates a file named a.cfg

under the current working
directory. If the current working
directory is on the AMB of the IRF
(that is, the AMB of the master),
Specifies a file under the current 1 to 91 a.cfg represents file a.cfg on the
file-name
working directory. characters AMB of the master; if the current
working directory is on an SMB
(that is, any main board except the
AMB) of the IRF, a.cfg represents
file a.cfg on the SMB of the master
or on a slave.

folder under the current working
test/a.cfg indicates a file named
directory. path represents the 1 to 135
path/file-name a.cfg in the test folder under the
folder name. You can specify characters
current working directory.
multiple folders, indicating a file
under a multi-level folder.

storage medium on the device.
drive represents the storage
medium name. The storage flash:/test/a.cfg indicates a file
medium on the AMB of the master named a.cfg in the test folder
is usually flash or cf; the storage under the root directory of the flash
medium on a slave is usually memory on the AMB of the IRF.
chassisX#slotY#flash or To read and write the a.cfg file
drive:/[path]/file-na 1 to 135
chassisX#slotY#cf, where X under the root directory of the flash
me characters
represents the member ID of the on an SMB of the IRF (the member
slave and Y represents the ID and slot number of the SMB are
number of the slot where the main 2 and 5 respectively), input
board of the slave resides. You chassis2#slot5#flash:/a.cfg for
can use the display irf command the filename.
to view the correspondence
between a device and its member
ID.
Directory Operations
Directory operations include creating/removing a directory, displaying the current working directory,
displaying the specified directory or file information, and so on.
8-3
Displaying Directory Information
Required
Display directory or file information dir [ /all ] [ file-url ]
Displaying the Current Working Directory
Display the current working Required

pwd
directory Available in user view
Changing the Current Working Directory
Change the current working Required

cd { directory | .. | / }
directory Available in user view
Creating a Directory
Required
Create a directory mkdir directory
Removing a Directory
Required
Remove a directory rmdir directory
8-4
z The directory to be removed must be empty, meaning that before you remove a directory, you
must delete all the files and the subdirectory under this directory. For file deletion, refer to the
delete command; for subdirectory deletion, refer to the rmdir command.
z After you execute the rmdir command successfully, the files in the recycle bin under the directory
will be automatically deleted.
File Operations
File operations include displaying the specified directory or file information; displaying file contents;
renaming, copying, moving, removing, restoring, and deleting files.
You can create a file by copying, downloading or using the save command.
Displaying File Information
Required
Display file or directory information dir [ /all ] [ file-url ]
Displaying the Contents of a File
Required
Currently only a .txt file can be

Display the contents of a file more file-url
displayed.
8-5
Renaming a File
Required
Rename a file rename fileurl-source fileurl-dest
Copying a File
Required
Copy a file copy fileurl-source fileurl-dest
Moving a File
Required
Move a file move fileurl-source fileurl-dest
Deleting a File
Move a file to the recycle bin or Required

delete [ /unreserved ] file-url
delete it permanently Available in user view
z The files in the recycle bin still occupy storage space. To delete a file in the recycle bin, you need
to execute the reset recycle-bin command in the directory that the file originally belongs. It is
recommended to empty the recycle bin timely with the reset recycle-bin command to save
storage space.
z The delete /unreserved file-url command deletes a file permanently and the action cannot be
undone. Execution of this command equals that you execute the delete file-url command and then
the reset recycle-bin command in the same directory.
8-6
Restoring a File from the Recycle Bin
Required
Restore a file from the recycle bin undelete file-url
Emptying the Recycle Bin
Optional
If the original directory of the file to

Enter the original working directory be deleted is not the current
cd { directory | .. | / }
of the file to be deleted working directory, this command is
required.
Delete the file under the current Required

reset recycle-bin [ /force ]
directory and in the recycle bin Available in user view
Batch Operations
A batch file is a set of executable commands. Executing a batch file equals executing the commands in
the batch file one by one.
The following steps are recommended to execute a batch file:
1) Edit the batch file on your PC.
2) Download the batch file to the device. If the suffix of the file is not .bat, use the rename command
to change the suffix to .bat.
3) Execute the batch file.
Follow the steps below to execute a batch file:
8-7
Execute a batch file execute filename Required
Execution of a batch file does not guarantee the successful execution of every command in the batch
file. If a command has error settings or the conditions for executing the command are not satisfied, this
command will fail to be executed, and the system will skip the command to the next one.
Storage Medium Operations

Managing the Space of a Storage Medium
When some space of a storage medium becomes inaccessible due to abnormal operations for
example, you can use the fixdisk command to restore the space of the storage medium. The
execution of the format command will format the storage medium, and all the data on the storage
medium will be deleted.
Use the following commands to manage the storage medium space:
Restore the space of a storage Optional

fixdisk device
medium Available in user view
Optional
FAT16 and FAT32 are not

Format a storage medium format device [ FAT16 | FAT32 ]
applicable to a flash card.
z When you format a storage medium, all the files stored on it are erased and cannot be restored. In
particular, if there is a startup configuration file on the storage medium, formatting the storage
medium results in loss of the startup configuration file.
z You can execute the fixdisk command for a storage medium on the active main board (AMB), but
you cannot execute the command for a storage medium on the SMB (distributed device).
8-8
Mounting/Unmounting a Storage Medium
For a hot swappable storage medium (excluding flash), such as a CF card, you can use the mount
and umount command to mount or unmount it.
z By default, a storage medium is automatically mounted when connected to the device. However,
when a storage medium is connected to a lower version system, the system cannot recognize the
storage medium. To perform read and write operations to the storage medium, you must mount it.
z When a device is unmounted, it is in a disconnected state, and you can then remove the storage
medium from the system safely. If you plug out a storage medium without unmounting it, files on
the storage medium or even the storage medium may be damaged.
z An unmounted storage medium can be used only when it is mounted again.
Follow the steps below to mount/unmount a storage medium:
Optional
By default, a storage medium is

Mount a storage medium mount device
automatically mounted and in mounted
state when connected to the system.
Optional
By default, a storage medium is

Unmount a storage medium umount device
automatically mounted and in mounted
state when connected to the system.
z When mounting or unmounting a storage medium, or performing file operations on it, do not
unplug or switchover the storage medium or the card where the storage medium resides.
Otherwise, the file system could be damaged.
z Before removing a mounted storage medium from the system, you should first unmount it to avoid
damaging the storage medium.
Setting File System Prompt Modes

The file system provides the following two prompt modes:
z alert: In this mode, the system warns you about operations that may bring undesirable
consequences such as file corruption or data loss.
z quiet: In this mode, the system does not prompt confirmation for any operation.
To prevent undesirable consequence resulting from misoperations, the alert mode is preferred.
8-9
Set the operation prompt mode of Optional

file prompt { alert | quiet }
the file system The default is alert.
File System Operations Example

# Display the files and the subdirectories under the current directory.
<Sysname> dir
Directory of flash:/
0 drw- - Feb 16 2006 11:45:36 logfile

1 -rw- 1218 Feb 16 2006 11:46:19 config.cfg
2 drw- - Feb 16 2006 15:20:27 test
3 -rw- 184108 Feb 16 2006 15:30:20 aaa.app

# Create a new folder called mytest under the test directory.
<Sysname> cd test
<Sysname> mkdir mytest
%Created dir flash:/test/mytest.
# Display the current working directory.
<Sysname> pwd
flash:/test
# Display the files and the subdirectories under the test directory.
<Sysname> dir
Directory of flash:/test/
0 drw- - Feb 16 2006 15:28:14 mytest

# Return to the upper directory.
<Sysname> cd ..
# Display the current working directory.
<Sysname> pwd
flash:
8-10
9 Configuration File Management
The device provides the configuration file management function with a user-friendly command line
interface (CLI) for you to manage the configuration files conveniently.
This section covers these topics:
z Configuration File Overview
z Configuration Display
z Saving the Current Configuration
z Setting Configuration Rollback
z Specifying a Startup Configuration File for the Next System Startup
z Backing Up the Startup Configuration File
z Deleting the Startup Configuration File for the Next Startup
z Restoring the Startup Configuration File
z Displaying and Maintaining Device Configuration
Configuration File Overview

A configuration file contains a set of commands. You can save the current configuration to the
configuration file so that the configuration can take effect after device reboot. In addition, you can view
the configuration information conveniently, or upload/download the configuration file to/from another
device to configure devices in batches.
Types of Configuration
The configuration of a device falls into two types:

z Startup configuration, a configuration file used for initialization when the device boots. If this file
does not exist, the system boots using null configuration, that is, using the default parameters.
z Current configuration, which refers to the currently running configuration of the system. The
current configuration may include the startup configuration if the startup configuration is not
modified during system operation, and it also includes the new configuration added during the
system operation. The current configuration is stored in the temporary storage medium of the
device, and will be removed when the device reboots if not saved.
Format and Content of a Configuration File
A configuration file is saved as a text file. It is saved following these rules:

z The content of a configuration file is command lines, and only non-default configuration settings
are saved.
z Commands in a configuration file are listed in sections by views, usually in the order of system
view, interface view, routing protocol view, and user interface view. Sections are separated with
one or multiple blank lines or comment lines that start with a pound sign #.
9-1
z Ends with a return.
Coexistence of Multiple Configuration Files
Multiple configuration files can be stored on a storage medium of a device. You can save the
configuration used in different environments as different configuration files. In this case, when the
device moves between these networking environments, you just need to specify the corresponding
configuration file as the startup configuration file for the next boot of the device and restart the device,
so that the device can adapt to the network rapidly, saving the configuration workload.
Startup with the Configuration File
The device takes the following steps when it boots:

1) If you have specified a startup configuration file for system startup, and this file exists, the device
will initialize its configuration based on this file.
2) If the specified startup configuration file does not exist, the device will boot with null configuration.
Configuration Display
Follow these steps to display device configurations:
display current-configuration
[ [ configuration [ configuration ] | interface
Display the current validated
[ interface-type ] [ interface-number ] ]
configurations of the device
[ by-linenum ] [ | { begin | exclude |
include } regular-expression ] ] Available in any view.
Display the saved configuration,

that is, the content of the display saved-configuration [ by-linenum ]
configuration file
Saving the Current Configuration

Introduction
You can modify the current configuration on your device using command line interface. However, the
current configuration is temporary. To make the modified configuration take effect at the next boot of
the device, you must save the current configuration to the startup configuration file before the device
reboots.
Enabling Configuration File Auto-Save
1) Distributed device
z After the configuration file auto-save function is enabled, when you save the current configuration
by executing the save [ safely ] command or executing the save filename all command and then
9-2
pressing Enter, the AMB and SMB will automatically save the current configuration to the
specified configuration file, and use the file as the configuration file for the next startup, thus
keeping the consistency of the configuration files on the AMB and SMB.
z If the configuration file auto-save function is not enabled, when you save the current configuration
pressing Enter, only the AMB will automatically save the current configuration to the specified
configuration file, and use the file as the configuration file for the next startup; the SMB will neither
save the configuration file nor configure the file for the next startup.
2) Distributed IRF device
z After the configuration file auto-save function is enabled, when you save the current configuration
pressing Enter, each main board of a IRF will automatically save the current configuration to the
specified configuration file, and use the file as the configuration file for its next startup, thus
keeping the consistency of the configuration files on the AMB and SMBs of the IRF.
z If the configuration file auto-save function is not enabled, when you save the current configuration
pressing Enter, only the AMB of the IRF will automatically save the current configuration to the
specified configuration file, and use the file as the configuration file for the next startup; the SMBs
of the IRF will neither save the configuration file nor reconfigure the file for the next startup.
Follow these steps to configure the configuration file auto-save function:
Optional
Enable configuration file auto-save slave auto-update config
Enabled by default.
If you execute the save filename command and press Enter, the system saves the current
configuration to the specified path, but the SMB does not save the configuration.
Modes in Saving the Configuration
z Fast saving mode. This is the mode when you use the save command without the safely keyword.
The mode saves the file more quickly but is likely to lose the existing configuration file if the device
reboots or the power fails during the process.
z Safe mode. This is the mode when you use the save command with the safely keyword. The
mode saves the file more slowly but can retain the configuration file in the device even if the
device reboots or the power fails during the process.
9-3
The fast saving mode is suitable for environments where power supply is stable. The safe mode,
however, is preferred in environments where stable power supply is unavailable or remote
maintenance is involved.
Follow the steps below to save the current configuration (distributed device):
Save the current configuration to

the specified file, but the save file-url [ all | slot
configuration file will not be set as slot-number ]
the file for the next startup
Required
Save the current configuration to Use either command
the root directories of the storage
Available in any view.
media of the AMB and SMB and
save [ safely ]
specify the file as the startup
configuration file that will be used
at the next system startup
9-4
Follow these steps to save the current configuration (distributed IRF device):
Save the current configuration to

the specified file, but the save file-url [ all | chassis
configuration file will not be set as chassis-number slot slot-number ]
the file for the next startup
Required
Save the current configuration to Use either command
the root directory of the storage
Available in any view.
medium of each main boards of a
save [ safely ]
IRF and specify the file as the
startup configuration file that will
be used at the next system startup
z The configuration file must be with extension .cfg.

z Whether the save [ safely ] command or the save filename all command+Enter takes effect on
both the AMB and SMB or on the AMB only depends on whether the configuration file auto-save
function is enabled. For the configuration file auto-save function, refer to Enabling Configuration
File Auto-Save. (distributed device)
z Whether the save [ safely ] command or the save filename all command+Enter takes effect on all
the main boards or on the AMB of a IRF depends on whether the configuration file auto-save
function is enabled. For the configuration file auto-save function, refer to Enabling Configuration
File Auto-Save. (distributed IRF device)
z During the execution of the save command, the startup configuration file to be used at the next
system startup may be lost if the device reboots or the power supply fails. In this case, the device
will boot with the null configuration, and after the device reboots, you need to re-specify a startup
configuration file for the next system startup (refer to Specifying a Startup Configuration File for
the Next System Startup).
Setting Configuration Rollback

Introduction
Configuration rollback allows you to revert to a previous configuration state based on a specified
configuration file. The specified configuration file must be a valid .cfg file, namely, it can be generated
by using either the backup function (manually or automatically) or the save command, and even the
compatible configuration file of another device. You are recommended to use the configuration file that
is generated by using the backup function (manually or automatically). Configuration rollback is applied
in the following situations:
9-5
z The current configurations are wrong; and there are too many wrong configurations to locate or to
correct one by one. Rolling back the current configuration to a correct one is needed.
z The application environment has changed and the device has to run in a configuration state based
on a previous configuration file without being rebooted.
Set configuration rollback following these steps:
1) Specify the filename prefix and path for saving the current configuration.
2) Save the current running configuration with the specified filename (filename prefix + serial number)
to the specified path. The current running configuration can be saved in two ways: the system
saves the current running configuration at a specified interval; or you can save the current running
configuration as needed.
3) Roll back the current running configuration to the configuration state based on a saved
configuration file. When the related command is entered, the system first compares and then
processes the differences between the current running configuration and the specified
replacement configuration file:
z The rollback operation does not execute the commands that are the same in the replacement
configuration file and in the current configuration file.
z The rollback operation removes the commands only present in the current configuration file but
not in the replacement configuration file; namely, the corresponding undo form commands are
executed.
z The rollback operation executes the commands only present in the replacement configuration file
but not in the current configuration file.
z The rollback operation removes the commands that are different in the replacement configuration
file and in the current configuration file, and then executes them according to the replacement
configuration file.
z The current running configuration is only saved to the AMB, and only the configuration on the AMB
can be rolled back. However, the related configuration will be synchronized to the SMB to ensure
the rollback of the configuration after an active/standby switchover. (distributed device)
z The current running configuration is only saved to the AMB of a IRF, and only the configuration on
the AMB can be rolled back. However, the related configuration will be synchronized to the SMBs
of the IRF to ensure the rollback of the configuration after the AMB of the IRF is changed.
(distributed IRF device)
Configuration Task List
Complete these tasks to configure the configuration rollback:
Task Remarks
Configuring Parameters for Saving the Current Running Configuration Required
9-6
Task Remarks
Saving the Current Running Configuration Automatically Required
Saving the Current Running Configuration Manually Use either approach
Setting Configuration Rollback Required
Configuring Parameters for Saving the Current Running Configuration
Before the current running configuration is saved manually or automatically, the file path and filename
prefix must be configured. After that, the system saves the current running configuration with the
specified filename (filename prefix_serial number.cfg) to the specified path. The filename of a saved
configuration file is like 20080620archive_1.cfg, or 20080620archive_2.cfg. The saved configuration
files are numbered automatically, from 1 to 1,000 (with increment of 1). If the serial number reaches
1,000, it restarts from 1. If you change the path or filename prefix, or reboot the device, the saved file
serial number restarts from 1, and the system recounts the saved configuration files. If you change the
path of the saved configuration files, the files in the original path become common configuration files,
and are not processed as saved configuration files.
The number of saved configuration files has an upper limit. After the maximum number of files is saved,
the system deletes the oldest files when the next configuration file is saved.
Follow these steps to configure parameters for saving the current running configuration:
Required
By default, the path and filename

archive configuration location
Configure the path and filename of the saved configuration file are
directory filename-prefix
prefix of a saved configuration file not configured, and the system
filename-prefix
does not save the configuration file
at a specified interval.
Set the maximum number of

archive configuration max Optional
configuration files that can be
file-number The default number is 5.
saved
9-7
z The saving and rollback operations are executed only on the AMB. To make the configuration
rollback take effect on the new AMB after an active/standby switchover, execute the archive
configuration location command to specify the path and filename prefix of the saved
configuration file on both the AMB and SMB. Therefore, before the execution of this command,
ensure that the specified path is available on both the AMB and SMB, and the path cannot include
any slot number. (distributed device)
z The saving and rollback operations are executed only on the AMB of a IRF. To make the
configuration rollback take effect on the new AMB after an AMB change, execute the archive
configuration location command to specify the path and filename prefix of the saved
configuration file on all the main boards of the IRF. Therefore, before the execution of this
command, ensure that the specified path is available on all the main boards of the IRF, and the
path cannot include any member ID and slot number. (distributed IRF device)
z If the undo archive configuration location command is executed, the current running
configuration can neither be saved manually nor automatically, and the configuration by executing
the archive configuration interval and archive configuration max commands restores to the
default, meanwhile, the saved configuration files are cleared.
z The value of the file-number argument is determined by the memory space. You are
recommended to set a comparatively small value for the file-number argument if the available
memory space is small.
Saving the Current Running Configuration Automatically
You can configure the system to save the current running configuration at a specified interval, and use
the display archive configuration command to view the filenames and save time of the saved
configuration files, so as to roll back the current configuration to a previous configuration state.
Configure an automatic saving interval according to the storage medium performance and the
frequency of configuration modification:
z If the configuration of the device does not change frequently, you are recommended to save the
current running configuration manually as needed
z If a low-speed storage medium (such as a flash) is used, you are recommended either to save the
current running configuration manually, or to configure automatic saving with an interval longer
than 1,440 minutes (24 hours).
z If a high-speed storage medium (such as a CF card) is used and the configuration of the device
changes frequently, you are recommended to set a shorter saving interval.
Follow these steps to automatically save the current running configuration:
9-8
Enable the automatic saving of the

archive configuration interval Optional
current running configuration, and
minutes Disabled by default
set the interval
The path and filename prefix of a saved configuration file must be specified before you configure the
automatic saving period.
Saving the Current Running Configuration Manually
Automatic saving of the current running configuration occupies system resources, and frequent saving
greatly affects system performance. Therefore, if the system configuration does not change frequently,
you are recommended to disable the automatic saving of the current running configuration and save it
manually.
In addition, automatic saving of the current running configuration is performed periodically, and manual
saving can immediately save the current running configuration. Therefore, before performing
complicated configuration, you can manually save the current running configuration so that the device
can revert to the previous state when the configuration fails.
Follow the step below to save the current running configuration manually:
Save the current running Required

archive configuration
configuration manually Available in user view
The path and filename prefix of a saved configuration file must be specified before you save the
current running configuration manually; otherwise, the operation fails.
Setting Configuration Rollback
Follow these steps to set configuration rollback:
9-9
configuration replace file

Set configuration rollback Required
filename
Do not unplug and plug a card during configuration rollback (that is, the system is executing the
configuration replace file command). In addition, configuration rollback may fail if one of the
following situations is present (if a command cannot be rolled back, the system skips it and processes
the next one):
z The complete undo form of a command is not supported, namely, you cannot get the actual undo
form of the command by simply putting the keyword undo in front of the command, so the
complete undo form of the command cannot be recognized by the device.
z The configuration cannot be removed, such as hardware-related commands
z Commands in different views are dependent on each other
z If the replacement configuration file is not a complete file generated by using the save or archive
configuration command, or the file is copied from a different type of device, the configuration
cannot be rolled back. Ensure that the replacement configuration file is correct and compatible
with the current device.
Specifying a Startup Configuration File for the Next System Startup

A startup configuration file is the configuration file to be used at the next system startup. You can
specify a configuration file as the startup configuration file to be used at the next system startup in the
following two ways:
z Use the save command. If you save the current configuration to the specified configuration file in
the interactive mode, the system automatically sets the file as the configuration file to be used at
the next system startup (for a device supporting main/backup startup configuration file, the system
sets the file as the main startup configuration file to be used at the next system startup).
z Use the command dedicated to specify a startup configuration file, which is described in the
following table:
Follow the step below to specify a configuration file as the startup configuration file for the next system
startup (distributed device):
Specify a startup configuration file startup saved-configuration Required

for the next system startup cfgfile Available in user view
Follow the step below to specify a configuration file as the startup configuration file for the next system
startup (distributed IRF device):
9-10
Specify a startup configuration file

startup saved-configuration Required
for the next system startup of all
cfgfile Available in user view.
the main boards of a IRF
A configuration file must use .cfg as its extension name and the startup configuration file must be
saved under the root directory of the storage medium.
Backing Up the Startup Configuration File

The backup function allows you to copy the startup configuration file to be used at the next system
startup from the device to the TFTP server for backup.
Follow the step below to back up the startup configuration file to be used at the next system startup:
Back up the configuration file to be

backup startup-configuration to Required
used at the next system startup to
dest-addr [dest- filename ] Available in user view
the specified TFTP server
Before the backup operation, you should:

z Ensure that the server is reachable and enabled with TFTP service, and the client has the read
and write permission.
z Use the display startup command (in user view) to check whether you have specified a startup
configuration file to be used at the next startup. If the file is set as NULL or does not exist, the
backup operation fails.
Deleting the Startup Configuration File for the Next Startup

You can delete the startup configuration file to be used at the next system startup using commands.
You may need to delete the startup configuration file for the next startup for one of these reasons:
z After you upgrade system software, the existing configuration file does not match the new system
software.
z The configuration file is corrupted (often caused by loading a wrong configuration file).
9-11
After the startup configuration file is deleted, the system will use the null configuration when the device
reboots.
Follow the step below to delete the startup configuration file for the next startup:
Delete the startup configuration file

Required
for the next startup from the reset saved-configuration
storage medium
z This command will permanently delete the configuration files from the AMB and SMB. Use it with
caution. (distributed device)
z This command will permanently delete the configuration files from all the main boards of an IRF.
Use it with caution. (distributed IRF device)
Restoring the Startup Configuration File

z The restore function allows you to copy a configuration file from a TFTP server to the root
directory of the storage media of both the AMB and SMB and specify the file as the startup
configuration file to be used at the next system startup. (distributed device)
z The restore function allows you to copy a configuration file from a TFTP server to the root
directory of the storage medium of each main board in an IRF and specify the file as the startup
configuration file to be used at the next system startup. (distributed IRF device)
Follow the step below to restore the startup configuration file to be used at the next system startup:
Restore the startup configuration

restore startup-configuration Required
file to be used at the next system
from src-addr src-filename Available in user view
startup
z Before restoring a configuration file, ensure that the server is reachable, the server is enabled with
TFTP service, and the client has read and write permission.
z After execution of the command, use the display startup command (in user view) to verify that
the filename of the configuration file to be used at the next system startup is the same with that
specified by the filename argument.
9-12
Displaying and Maintaining Device Configuration
Display the information about

display archive configuration Available in any view
configuration rollback
Display the currently running

display saved-configuration
configuration file saved on the Available in any view
[ by-linenum ]
storage medium of the device
Display the configuration files for

display startup Available in any view
this and the next system startup
Display the validated configuration

display this [ by-linenum ] Available in any view
in current view
display current-configuration
[ [ configuration [ configuration ] |
interface [ interface-type ]
Display the current configuration Available in any view
[ interface-number ] ]
[ by-linenum ] [ | { begin | include
| exclude } text ] ]
9-13
10 Software Upgrade Configuration
z Device Software Overview
z Software Upgrade Methods
z Upgrading the Boot ROM Program Through a System Reboot
z Upgrading the Boot File Through a System Reboot
z Software Upgrade by Installing Hotfixes
Device Software Overview

Device software comprises the Boot ROM program and the system boot file. After powered on, the
device runs the Boot ROM program, initializes the hardware, and displays the hardware information.
Then the device runs the boot file. The boot file provides drivers and adaption for hardware, and
implements service features. The Boot ROM program and system boot file are required for the startup
and running of a device. Figure 10-1 illustrates their relationship.
Figure 10-1 Relationship between the Boot ROM program and the system boot file
Select the Reboot option

to reboot the device
Start
Boot ROM runs
Enter Boot ROM

Yes menu to upgrade the
Press Ctrl+B
Boot ROM program
or boot File
No
Run boot file
Enter CLI
Finish
Software Upgrade Methods

The Boot ROM program and system boot file can both be upgraded at the Boot ROM menu or at the
command line interface (CLI). The following sections describe the upgrading through command lines.
10-1
For instructions about how to upgrade them through the Boot ROM menu, see the installation menu of
your device.
The upgrading at the CLI falls into three categories:
Upgrade method Upgrade object Description
Upgrading the Boot

ROM Program Through Boot ROM program z You need to reboot the whole system to upgrade the
a System Reboot software of a device.
Upgrading the Boot File z This causes running service interruption during the
Through a System System boot file upgrade process, and is not recommended.
Reboot
z Hotfix is a fast, cost-effective method to repair software

defects of a device.
z Compared with software version upgrade, hotfix can
upgrade the software without interrupting the running
Software Upgrade by services of the device. In other words, it can repair the
System boot file
Installing Hotfixes software defects of the current version without
rebooting the device.
z The patch files match the device model and software
version. If they are not matched, the hotfixing operation
fails.
z In-Service Software Upgrade (ISSU) enables software

In-Service Software upgrade while ensuring continues packet forwarding.
System boot file
Upgrade (ISSU) z For more information, see ISSU Configuration in the
Fundamentals Configuration Guide
Upgrading the Boot ROM Program Through a System Reboot

Follow these steps to upgrade the Boot ROM program:
1) Copy the Boot ROM program to the root directory of the device's storage medium by using FTP or
TFTP.
2) Specify the Boot ROM program to be used at the next boot at the CLI.
3) Reboot the device to make the specified Boot ROM program take effect.
z Distributed device
Because the Boot ROM programs of the main boards and line processing units (LPUs) vary with
devices, users are easily confused when upgrading Boot ROM. With the validity check function
enabled, the device can strictly check the Boot ROM upgrade files for correctness and the version
configuration information to ensure a successful upgrade.
z Distributed IRF member device
Because the Boot ROM programs of member devices vary with member devices and cards of an IRF,
virtual device users are easily confused when upgrading the Boot ROM. With the validity check
10-2
function enabled, the device can strictly check the Boot ROM upgrade files for correctness and the
version configuration information to ensure a successful upgrade.
Follow these steps to upgrade the Boot ROM program:
Required
Read, restore, back up, or upgrade bootrom { backup | read | All contents of the Boot ROM file
the Boot ROM program on cards restore | update file file-url } slot are operated if the all and part
or subcards (distributed device) slot-number-list [ all | part ] keywords are not specified.
Read, restore, back up, or upgrade Required

bootrom { backup | read |
the Boot ROM program on a card All contents of the Boot ROM file
restore | update file file-url }
or a subcard of the specified are operated if the all and part
chassis chassis-number slot
member device (distributed IRF keywords are not specified.
slot-number-list [ all | part ]
member device) Available in user view.
z To execute the bootrom command successfully, save the Boot ROM file in the root directory of
the storage media on the active main board (AMB) (distributed device)
z To execute the bootrom command successfully, save the Boot ROM file in a main board's root
directory of the storage medium on a specified member device. (distributed IRF member device)
Upgrading the Boot File Through a System Reboot

Distributed device
Save the boot file to the root directory of the AMB's storage medium by using FTP, TFTP, or other
approaches.
1) Copy the boot file to the root directory of the storage device of the standby main board (SMB).
2) Specify the boot file to be used at the next boot of the AMB and SMB respectively at the CLI.
3) Reboot the device to make the new boot file take effect.
Follow the step below to specify a boot file to be used at the next boot:
10-3
Specify a boot file for the next boot boot-loader file file-url slot Required
of the AMB or the SMB slot-number { main | backup } Available in user view.
Distributed IRF member device

1) Save the boot file to the root directory of the storage medium of the AMB of the IRF virtual device
(the AMB of the master) by using FTP, TFTP, or other approaches.
2) Copy the new boot file to the root directory of the storage medium of the other main boards of the
IRF virtual device, including the SMB of the master, AMB of the slave, and SMB of the slave.
3) Specify the boot file to be used at the next boot of all the main boards of the IRF virtual device at
the CLI.
4) Reboot the device to make the new boot file take effect.
When multiple Boot ROM files are available on the storage media, you can specify a file to be used at
the next device boot by executing the following command. A main boot file boots a device and a
backup boot file boots a device only when a main boot file is unavailable.
Follow the step below to specify a boot file to be used at the next boot:
Specify a boot file to be used at the boot-loader file file-url chassis

Required
next boot of a main board on a chassis-number slot slot-number
member device { main | backup }
z You must save the file to be used at the next device boot in the root directory of the device. You
can copy or move a file to change the path of it to the root directory.
z To execute the boot-loader command successfully, save the file to be used at the next device
boot in the root directory of the storage media on the AMB (distributed device)
z The names of the files for the next boot of the AMB and the SMB may be different, but the
versions of the files must be the same; otherwise, the device may not boot normally. (distributed
device)
z To execute the boot-loader command successfully, save the file to be used at the next device
boot in a main board's root directory of the storage medium on a specified member device.
(distributed IRF member device)
10-4
Software Upgrade by Installing Hotfixes
Hotfix Overview
Hotfix is a fast, cost-effective method to repair software defects of a device. Compared with another
method, software version upgrade, hotfix can upgrade the software without interrupting the running
services of the device. In other words, it can repair the software defects of the current version without
rebooting the device.
Basic Concepts in Hotfix
Patch and patch file

A patch, also called patch unit, is a package to fix software defects. Generally, patches are released as
patch files. A patch file may contain one or more patches for different defects. After loaded from the
storage medium to the memory patch area, each patch is assigned a unique number, which starts from
1, for identification, management and operation. For example, if a patch file has three patch units, they
are numbered as 1, 2, and 3 respectively.
Incremental patch
An incremental patch means that the patch is dependent on the previous patch units. For example, if a
patch file has three patch units, patch 3 can be running only after patch 1 and 2 take effect. You cannot
run patch 3 separately.
The currently released patches are all incremental patches.
Common patch and temporary patch
z Common patches are those formally released through the version release flow.
z Temporary patches are those not formally released through the version release flow, but
temporarily provided to solve the emergent problems.
The common patches always include the functions of the previous temporary patches so as to replace
them. The patch type affects the patch loading process only; the system deletes all the temporary
patches before it loads the common patch.
Patch Status
Each patch has its status, which can be switched only by commands. The relationship between patch
state changes and command actions is shown in Figure 10-2. The patch can be in the state of IDLE,
DEACTIVE, ACTIVE, and RUNNING. Load, run temporarily, confirm running, stop running, delete,
install, and uninstall represent operations, corresponding to commands of patch load, patch active,
patch run, patch deactive, patch delete, patch install, and undo patch install. For example, if you
execute the patch active command for the patches in the DEACTIVE state, the patches turn to the
ACTIVE state.
10-5
Figure 10-2 Relationship between patch state changes and command actions
Information about patch states is saved in file patchstate on the flash. It is recommended not to
operate this file.
IDLE state
Patches in the IDLE state are not loaded. You cannot install or run the patches, as shown in Figure
10-3 (suppose the memory patch area can load up to eight patches).
Figure 10-3 Patches are not loaded to the memory patch area
10-6
Currently, the memory patch area supports up to 200 patches.
DEACTIVE state
Patches in the DEACTIVE state have been loaded to the memory patch area but have not run in the
system yet. Suppose that there are seven patches in the patch file to be loaded. After the seven
patches successfully pass the version check and CRC check, they are loaded to the memory patch
area and are in the DEACTIVE state. At this time, the patch states in the system are as shown in
Figure 10-4.
Figure 10-4 A patch file is loaded to the memory patch area
ACTIVE state
Patches in the ACTIVE state are those that have run temporarily in the system and become
DEACTIVE after system reboot. For the seven patches in Figure 10-4, if you activate the first five
patches, their states change from DEACTIVE to ACTIVE. At this time, the patch states in the system
are as shown in Figure 10-5.
The patches that are in the ACTIVE state are in the DEACTIVE state after system reboot.
Figure 10-5 Patches are activated
RUNNING state
After you confirm the running of the ACTIVE patches, the state of the patches become RUNNING and
are in the RUNNING state after system reboot. For the five patches in Figure 10-5, if you confirm
10-7
running the first three patches, their states change from ACTIVE to RUNNING. At this time, the patch
states of the system are as shown in Figure 10-6.
The patches that are in the RUNNING state are still in the RUNNING state after system reboot.
Figure 10-6 Patches are running
Hotfix Configuration Task List
Task Remarks
One-Step Patch Installation Use either approach.

Install patches The step-by-step patch installation allows you to
Step-by-Step Patch Installation
control the patch status.
Step-by-Step Patch Uninstallation Optional
Configuration Prerequisites
Patches are released per device model or card type. Before patching the system, you need to save the
appropriate patch files to the storage media of the device using FTP or TFTP. When saving the patch
files, note that:
z The patch files match the device model and software version. If they are not matched, the
hotfixing operation fails.
z Name the patch file properly. Otherwise, the system cannot locate the patch file and the hotfixing
operation fails. The name is in the format of "patch_PATCH-FLAG suffix.bin". The PATCH-FLAG
is pre-defined and support for the PATCH-FLAG depends on device model or card type. The first
three characters of the version item (using the display patch information command) represent
the PATCH-FLAG suffix. The system searches the root directory of the storage medium (flash by
default) for patch files based on the PATCH-FLAG. If there is a match, the system loads patches
to or install them on the memory patch area.
Table 10-1 describes the default patch name for each card type.
10-8
Table 10-1 Default patch names for different card types
Product Card type PATCH-FLAG Default patch name
mpu PATCH-MPU patch_mpu.bin
S7500E lpb PATCH-LPB patch_lpb.bin
lpr PATCH-LPR patch_lpr.bin
The loading and installation are performed on all cards that are in position and OAM CPU, so before
these operations, save the patch files for the active main board (AMB) and interface card to the root
directory of the AMB's storage medium, and save the patch files for the standby main board (SMB) to
the root directories of the SMB's storage medium. Make sure the patch files saved on the AMB and
SMB are the same.
One-Step Patch Installation
To install patches in one step, use the patch install command. After you execute the command, the
system displays the message "Do you want to continue running patches after reboot? [Y/N]:".
z Entering y or Y: All the specified patches are installed, and turn to the RUNNING state from IDLE.
This equals execution of the commands patch location, patch load, patch active, and patch
run. The patches remain RUNNING after system reboot.
z Entering n or N: All the specified patches are installed and turn to the ACTIVE state from IDLE.
This equals execution of the commands patch location, patch load and patch active. The
patches turn to the DEACTIVE state after system reboot.
Follow these steps to install the patches in one step:
Install the patches in one step patch install patch-location Required
z The patch matches the card type and software version.

z The patch install command changes the patch file location specified with the patch location
command to the directory specified by the patch-location argument of the patch install command.
z To uninstall all patches in one operation, use the undo patch install command, which has the
same effect as Step-by-Step Patch Uninstallation.
10-9
Step-by-Step Patch Installation
Step-by-Step Patch Installation Task List
Task Remarks
Configuring the Patch File Location Optional
Loading a Patch File Required
Activating Patches Required
Confirming Running Patches Optional
Configuring the Patch File Location

If you save the patch files to other storage media except the flash on the device, you need to specify
the directory where the patch files locate with the patch-location argument. Then the system loads the
appropriate patch files from the specified directory. If the device has only one storage medium, you do
not need to execute this command.
Follow these steps to configure the patch file location:
Optional
Configure the patch file location patch location patch-location
flash: by default
z The directory specified by the patch-location argument must exist on both the AMB and SMB. If
the SMB does not have such directory, the system cannot locate the patch files on the SMB.
(distributed device)
z The patch install command changes patch file location specified with the patch location
command to the directory specified by the patch-location argument of the patch install command.
For example, if you execute the patch location xxx command and then the patch install yyy
command, the patch file location automatically changes from xxx to yyy.
Loading a Patch File

Loading the right patch files is the basis of other hotfixing operations. The system loads a patch file
from the flash by default. If the system cannot find the patch file on the flash, it tries to load the patch
file from the CF card.
10-10
Set the file transfer mode to binary mode before using FTP or TFTP to upload/download patch files
to/from the flash of the device. Otherwise, patch file cannot be parsed properly.
Follow these steps to load a patch file: (distributed device)
Load the patch file on from the

storage medium (such as the flash
patch load slot slot-number Required
or the CF card) to the specified
memory patch area
Follow these steps to load a patch file: (distributed IRF member device)
Load the patch file on from the storage

medium (such as the flash or the CF patch load chassis chassis-number
Required
card) to the specified memory patch slot slot-number
area
Activating Patches
After you activate a patch, the patch takes effect and is in the test-run stage. After the device is reset or
rebooted, the patch becomes invalid.
If you find that an ACTIVE patch is of some problem, reboot the device to deactivate the patch, so as to
avoid a series of running faults resulting from patch error.
Follow these steps to activate patches: (distributed device)
patch active patch-number slot

Activate the specified patches Required
slot-number
Follow these steps to activate patches: (distributed IRF member device)
10-11
patch active patch-number chassis

Activate the specified patches Required
chassis-number slot slot-number
Confirming Running Patches

After you confirm the running of a patch, the patch state becomes RUNNING, and the patch is in the
normal running stage. After the device is reset or rebooted, the patch is still valid.
Follow these steps to confirm the running of patches: (distributed device)
Confirm the running of the patch run patch-number [ slot

Required
specified patches slot-number ]
Follow these steps to confirm the running of patches: (distributed IRF member device)
Confirm the running of the patch run patch-number [ chassis

Required
specified patches chassis-number slot slot-number ]
This operation is applicable to patches in the ACTIVE state only.
Step-by-Step Patch Uninstallation
Step-by-Step Patch Uninstallation Task List
Task Remarks
Stopping Running Patches Required
Deleting Patches Required
Stopping Running Patches

When you stop running a patch, the patch state becomes DEACTIVE, and the system runs in the way
before it is installed with the patch.
Follow these steps to stop running patches: (distributed device)
10-12
patch deactive patch-number slot

Stop running the specified patches Required
slot-number
Follow these steps to stop running patches: (distributed IRF member device)
patch deactive patch-number chassis

Stop running the specified patches Required
Deleting Patches
Deleting patches only removes the patches from the memory patch area, and does not delete them
from the storage medium. The patches turn to IDLE state after this operation. After a patch is deleted,
the system runs in the way before it is installed with the patch.
Follow these steps to delete patches: (distributed device)
Delete the specified patches from patch delete patch-number slot

Required
the memory patch area slot-number
Follow these steps to delete patches: (distributed IRF member device)
Delete the specified patches from patch delete patch-number chassis

Required
the memory patch area chassis-number slot slot-number
Displaying and Maintaining Software Upgrade
Display information about the boot display boot-loader [ slot

Available in any view
file (distributed device) slot-number ]
Display information about the boot

display boot-loader [ chassis
file (distributed IRF member Available in any view
chassis-number [ slot slot-number ] ]
device)
10-13
Display the patch information display patch information Available in any view
Software Upgrade Configuration Example

Immediate Upgrade Configuration Example (Distributed Device)
z As shown in Figure 10-7, the current software version is soft-version1, and Boot ROM version is
bootrom-version1 for the device. Immediately upgrade the software version and Boot ROM
version of the device to soft-version2 and bootrom-version2 respectively through remote
operations.
z The latest applications soft-version2.app and bootrom-version2.btm are both saved in the aaa
directory of the FTP server.
z The IP address of the device is 1.1.1.1/24, the IP address of the FTP server is 2.2.2.2/24, and the
device and the FTP server can reach each other.
z A user has logged in to the device via Telnet and the user and device can reach each other.
Figure 10-7 Network diagram for immediate upgrade
FTP Server
2.2.2.2/24
Internet
Telnet
FTP Client
Device
User
1.1.1.1/24
z Configuration on the FTP server (Configurations may vary with different types of servers)
# Enable the FTP server.
<FTP-Server> system-view
[FTP-Server] ftp server enable
# Set the FTP username to aaa and password to hello.
[FTP-Server] local-user aaa
[FTP-Server-luser-aaa] password cipher hello
# Configure the user to have access to the aaa directory.
[FTP-Server-luser-aaa] service-type ftp
[FTP-Server-luser-aaa] authorization-attribute work-directory flash:/aaa
10-14
z Configuration on the device
If the size of the flash on the device is not large enough, delete the original application programs from
the Flash before downloading.
# Before upgrade, execute the save command to save the current configuration (configuration
procedure is omitted).
# Log in to the FTP server (The prompt may vary with servers.)
<Device> ftp 2.2.2.2
Trying 2.2.2.2 ...
Press CTRL+K to abort
User(2.2.2.2:(none)):aaa
Password:
[ftp]
# Download the soft-version2.app and bootrom-version2.btm programs on the FTP server to the
flash of the device.
[ftp] binary
[ftp] get soft-version2.app
[ftp] get bootrom-version2.btm
[ftp] bye
<Device>
# Enable the validity check function for Boot ROM file upgrade.
<Device> system-view
[Device] bootrom-update security-check enable
[Device] quit
# Upgrade the Boot ROM file of the AMB (resides in slot 0).
<Device> bootrom update file bootrom-version2.btm slot 0
# Upgrade the Boot ROM file of the SMB (resides in slot 1).
<Device> copy bootrom-version2.btm slot1#flash:/bootrom-version2.btm
<Device> bootrom update file slot1#flash:/bootrom-version2.btm slot 1
# Specify the application program for the next boot on the AMB.
<Device> boot-loader file soft-version2.app slot 0 main
# Specify the application program for the next boot on the SMB.
<Device> copy soft-version2.app slot1#flash:/soft-version2.app
<Device> boot-loader file slot1#flash:/soft-version2.app slot 1 main
# Reboot the device. The software version is upgraded now.
<Device> reboot
To check if the upgrade is successful after the device reboots, use the display version command.
10-15
Immediate Upgrade Configuration Example (Distributed IRF Virtual Device)
z As shown in Figure 10-8, the IRF virtual device comprises two member devices, the master with
the member ID of 1 and the slave with the member ID of 2. The AMB of the master is in slot 0, and
the SMB of the master is in slot 1. The AMB of the slave is in slot 0, and the SMB of the slave is in
slot 1.
z The current software version is soft-version1 for the IRF virtual device. Upgrade the software
version of the IRF virtual device to soft-version2 and configuration file to new-config.
z The latest application soft-version2.app and the latest configuration file new-config.cfg are both
saved on the TFTP server.
z The IP address of the IRF virtual device is 1.1.1.1/24, the IP address of the TFTP server is
2.2.2.2/24, and the TFTP server and IRF virtual device can reach each other.
Figure 10-8 Network diagram for immediate upgrade
Master Slave
(Member_ID=1) (Member_ID=2)
Internet
IRF virtual
device
1.1.1.1/24
2.2.2.2/24
The line in orange represents the IRF link.
TFTP server
1) Configuration on the TFTP server (Configurations may vary with different types of servers)
Obtain the boot file and configuration file through legitimate channels, such as the official website of
H3C, agents, and technical staff. Save these files under the working path of the TFTP server for the
access of the TFTP clients.
2) Configuration on the members of the IRF virtual device
# Download file new-config.cfg from the TFTP server to the main boards of the master
(Configurations may vary with different types of servers).
<IRF> tftp 2.2.2.2 get new-config.cfg
..
File will be transferred in binary mode
Downloading file from remote TFTP server, please wait.....
TFTP: 917 bytes received in 1 second(s)
File downloaded successfully.

<IRF> tftp 2.2.2.2 get new-config.cfg chassis1#slot1#flash:/new-config.cfg
# Download file new-config.cfg to the main boards of the slave.
10-16
# Download file soft-version2.app from the TFTP server to the master and slave.
<IRF> tftp 2.2.2.2 get soft-version2.app
...
File will be transferred in binary mode
Downloading file from remote TFTP server, please wait............
TFTP: 10058752 bytes received in 141 second(s)
File downloaded successfully.

<IRF> tftp 2.2.2.2 get soft-version2.app chassis1#slot1#flash:/soft-version2.app
# Specify file new-config.cfg as the boot file to be used at the next boot of all member devices of the
IRF virtual device.
<IRF> startup saved-configuration new-config.cfg main
Please wait ...
Setting the master board ...
... Done!
Setting the slave board ...
Slot 2:
Set next configuration file successfully
# Specify file soft-version2.app as the boot file to be used at the next boot of all main boards.
<IRF> boot-loader file soft-version2.app chassis 1 slot 0 main
0!
<IRF> boot-loader file chassis1#slot1#flash:/soft-version2.app chassis 1 slot 1 main
1!
0!
1!
# Reboot the device. The software version is upgraded now.
<IRF> reboot
To check if the upgrade is successful after the device reboots, use the display version command.
Hotfix Configuration Example
z As shown in Figure 10-9, the software running on the device is of some problem and thus hotfixing
is needed.
z The patch files patch_mpu.bin, patch_lpb.bin and patch_lpr.bin are saved on the TFTP server.
z The IP address of the device is 1.1.1.1/24, and IP address of the TFTP Server is 2.2.2.2/24. The
device and TFTP Server can reach each other.
10-17
Figure 10-9 Network diagram of hotfix configuration
1) Configure FTP Server. The configuration varies depending on server type and the configuration
procedure is omitted.
z Enable the TFTP server function.
z Save the patch files patch_mpu.bin, patch_lpb.bin and patch_lpr.bin to the directory of the
TFTP server.
2) Configure the device.
Make sure the free flash space of the device is big enough to store the patch files.
# Before upgrading the software, use the save command to save the current system configuration.
The configuration procedure is omitted.
# Load the patch files patch_mpu.bin, patch_lpb.bin and patch_lpr.bin from the TFTP server to the
AMB.
<Device> tftp 2.2.2.2 get patch_mpu.bin
<Device> tftp 2.2.2.2 get patch_lpb.bin
<Device> tftp 2.2.2.2 get patch_lpr.bin
# Copy the patch files to the root directory of the SMB in slot 1.
<Device> copy patch_mpu.bin slot1#flash:/
<Device> copy patch_lpb.bin slot1#flash:/
<Device> copy patch_lpr.bin slot1#flash:/
# Install the patches.
<Device> system-view
[Device] patch install flash:
Patches will be installed. Continue? [Y/N]:y
Do you want to continue running patches after reboot? [Y/N]:y
Installing patches........
Installation completed, and patches will continue to run after reboot.
10-18
11 Device Management
The S7500E Series Ethernet Switches are distributed devices supporting Intelligent Resilient
Framework (IRF). Two S7500E series can be connected together to form a distributed IRF device. If
an S7500E series is not in any IRF, it operates as a distributed device; if the S7500E series is in an
IRF, it operates as a distributed IRF device. For introduction of IRF, refer to IRF Configuration in the
IRF Configuration Guide.
When configuring device management, go to these sections for information you are interested in:
z Device Management Overview
z Device Management Configuration Task List
z Configuring the Device Name
z Configuring the System Clock
z Enabling/Disabling the Display of Copyright Information
z Configuring a Banner
z Configuring the Exception Handling Method
z Rebooting a Device
z Scheduled Task Configuration
z Configuring Temperature Alarm Thresholds for a board
z Clearing the 16-bit Interface Indexes Not Used in the Current System
z Configuring the System Load Sharing Function
z Enabling Active/Standby Mode for Service Ports on SRPUs
z Configuring the Traffic Forwarding Mode of SRPUs
z Configuring the Working Mode of LPUs
z Enabling the Port Down Function Globally
z Enabling Expansion Memory Data Recovery Function on a board
z Identifying and Diagnosing Pluggable Transceivers
z Displaying and Maintaining Device Management Configuration
Device Management Overview

Through the device management function, you can view the current working state of a device,
configure running parameters, and perform daily device maintenance and management.
11-1
Device Management Configuration Task List
Complete these tasks to configure device management:
Task Remarks
Configuring the Device Name Optional
Configuring the System Clock Optional
Enabling/Disabling the Display of Copyright Information Optional
Configuring a Banner Optional
Configuring the Exception Handling Method Optional
Rebooting a Device Optional
Scheduled Task Configuration Optional
Configuring Temperature Alarm Thresholds for a board Optional
Clearing the 16-bit Interface Indexes Not Used in the Current System Optional
Configuring the System Load Sharing Function Optional
Enabling Active/Standby Mode for Service Ports on SRPUs Optional
Configuring the Traffic Forwarding Mode of SRPUs Optional
Configuring the Working Mode of LPUs Optional
Enabling the Port Down Function Globally Optional
Enabling Expansion Memory Data Recovery Function on a board Optional
Identifying and Diagnosing Pluggable Transceivers Optional
Configuring the Device Name

The device name is used to identify a device in a network. Inside the system, the device name
corresponds to the prompt of the CLI. For example, if the device name is Sysname, the prompt of user
view is <Sysname>.
Follow these steps to configure the device name:
Optional
Configure the device name sysname sysname
The device name is H3C.
11-2
Configuring the System Clock
Configuring the system clock
The system clock, displayed by system time stamp, is decided by the configured relative time, time
zone, and daylight saving time. You can view the system clock by using the display clock command.
Follow these steps to configure the system clock:
Optional
Set time and date clock datetime time date
Optional
clock timezone zone-name { add
Set the time zone Universal time coordinated (UTC)
| minus } zone-offset
time zone by default.
clock summer-time zone-name

Optional
one-off start-time start-date
end-time end-date add-time Use either command
Set a daylight saving time scheme By default, daylight saving time is
clock summer-time zone-name
configured on the device, and the
repeating start-time start-date
UTC time zone is applied.
end-time end-date add-time
Displaying the system clock
The system clock is decided by the commands clock datetime, clock timezone and clock
summer-time. If these three commands are not configured, the display clock command displays the
original system clock. If you combine these three commands in different ways, the system clock is
displayed in the ways shown in Table 11-1. The meanings of the parameters in the configuration
column are as follows:
z 1 indicates date-time has been configured with the clock datetime.
z 2 indicates time-zone has been configured with the clock timezone command and the offset time
is zone-offset.
z 3 indicates daylight saving time has been configured with the clock summer-time command and
the offset time is summer-offset.
z [1] indicates the clock datetime command is an optional configuration.
z The default system clock is 2005/1/1 1:00:00 in the example.
11-3
Table 11-1 System clock configuration
System clock displayed by the

Configuration Example
display clock command
Configure: clock datetime 1:00

2007/1/1
1 date-time
System clock configured: 01:00:00
UTC Mon 01/01/2007
Configure: clock timezone

The original system clock ± zone-time add 1
2
zone-offset System clock configured: 02:00:00
zone-time Sat 01/01/2005

2007/2/2 and clock timezone
1 and 2 date-time ± zone-offset zone-time add 1

zone-time Fri 02/02/2007

zone-time add 1 and clock
[1], 2 and 1 date-time datetime 3:00 2007/3/3

zone-time Sat 03/03/2007
Configure: clock summer-time ss

If the original system clock is not in
one-off 1:00 2006/1/1 1:00
the daylight saving time range, the
2006/8/8 2
system clock configured is the
original system clock.
UTC Sat 01/01/2005
3
If the original system clock is in the Configure: clock summer-time ss
daylight saving time range, the one-off 00:30 2005/1/1 1:00
system clock configured is the 2005/8/8 2
original system clock + System clock configured: 03:00:00

summer-offset. ss Sat 01/01/2005

2007/1/1 and clock summer-time
If date-time is not in the daylight
ss one-off 1:00 2006/1/1 1:00
1 and 3 saving time range, the system
2006/8/8 2
clock configured is date-time.
UTC Mon 01/01/2007
11-4

If date-time is in the daylight 2007/1/1 and clock summer-time
saving time range, the system ss one-off 1:00 2007/1/1 1:00
clock configured is “date-time” + 2007/8/8 2
“summer-offset”. System clock configured: 10:00:00
ss Mon 01/01/2007

one-off 1:00 2007/1/1 1:00
If date-time is not in the daylight
2007/8/8 2 and clock datetime
saving time range, the system
1:00 2008/1/1
clock configured is date-time.
UTC Tue 01/01/2008

date-time is in the daylight saving one-off 1:00 2007/1/1 1:00
[1], 3 and 1 time range: 2007/8/8 2 and clock datetime
If the value of “date-time” - 1:30 2007/1/1
“summer-offset” is not in the System clock configured: 23:30:00
summer-time range, the system UTC Sun 12/31/2006
clock configured is “date-time” -
“summer-offset”;
one-off 1:00 2007/1/1 1:00
If the value of “date-time” -
2007/8/8 2 and clock datetime
“summer-offset” is in the
3:00 2007/1/1
summer-time range, the system
clock configured is date-time. System clock configured: 03:00:00
ss Mon 01/01/2007

summer-time ss one-off 1:00
2 and 3 or 3 and 2
2007/1/1 1:00 2007/8/8 2
If the value of the original system System clock configured: 02:00:00
clock ± “zone-offset” is not in the zone-time Sat 01/01/2005
clock configured is the original Configure: clock timezone
system clock ± “zone-offset”. zone-time add 1 and clock

2005/1/1 1:00 2005/8/8 2

ss Sat 01/01/2005
11-5

If the value of the original system
2007/1/1, clock timezone
clock ± “zone-offset” is in the
clock configured is the original
2008/1/1 1:00 2008/8/8 2
system clock ± “zone-offset”
+ ”summer-offset”.
zone-time Mon 01/01/2007

If the value of 2007/1/1, clock timezone
"date-time"±"zone-offset" is not in zone-time add 1 and clock
the summer-time range, the summer-time ss one-off 1:00
system clock configured is 2007/1/1 1:00 2007/8/8 2
"date-time"±"zone-offset". System clock configured: 04:00:00
ss Mon 01/01/2007
1, 2 and 3 or 1, 3 and 2
If the value of
zone-time add 1, clock
"date-time"±"zone-offset" is in the
2008/1/1 1:00 2008/8/8 2 and
clock configured is
clock datetime 1:00 2007/1/1
"date-time"±"zone-offset"+”summe
r-offset”.
11-6

zone-time add 1, clock
If date-time is not in the daylight summer-time ss one-off 1:00
saving time range, the system 2008/1/1 1:00 2008/8/8 2 and
clock configured is date-time. clock datetime 1:30 2008/1/1

date-time is in the daylight saving

time range:
[1], 2, 3 and 1 or [1], 3, 2 and 1
If the value of Configure: clock timezone
“date-time”-“summer-offset” is not zone-time add 1, clock
in the summer-time range, the summer-time ss one-off 1:00
system clock configured is 2008/1/1 1:00 2008/8/8 2 and
“date-time”-“summer-offset”; clock datetime 3:00 2008/1/1
If the value of
“date-time”-“summer-offset” is in
ss Tue 01/01/2008
the summer-time range, the
system clock configured is
date-time.
Enabling/Disabling the Display of Copyright Information

z With the display of copyright information enabled, the copyright information is displayed when a
user logs in through Telnet or SSH, or when a user quits user view after logging in to the device
through the console port or AUX port. The copyright information will not be displayed under other
circumstances. The display format of copyright information is as shown below:
****************************************************************************
* Copyright (c) 2004-2009 Hangzhou H3C Tech. Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
****************************************************************************
z With the display of copyright information disabled, under no circumstances will the copyright
information be displayed.
Follow these steps to enable/disable the display of copyright information:
11-7
Enable the display of copyright Optional

Disable the display of copyright Required

undo copyright-info enable
Configuring a Banner
Introduction to banners
Banners are prompt information displayed by the system when users are connected to the device,
perform login authentication, and start interactive configuration. The administrator can set
corresponding banners as needed.
At present, the system supports the following five kinds of welcome information.
z shell banner, also called session banner, displayed when a non TTY Modem user enters user
view.
z incoming banner, also called user interface banner, displayed when a user interface is activated
by a Modem user.
z login banner, welcome information at login authentications, displayed when password and
scheme authentications are configured.
z motd (Message of the Day) banner, welcome information displayed before authentication.
z legal banner, also called authorization information. The system displays some copyright or
authorization information, and then displays the legal banner before a user logs in, waiting for the
user to confirm whether to continue the authentication or login. If entering Y or pressing the Enter
key, the user enters the authentication or login process; if entering N, the user quits the
authentication or login process. Y and N are case insensitive.
Configuring a banner
When you configure a banner, the system supports two input modes. One is to input all the banner
information right after the command keywords. The start and end characters of the input text must be
the same but are not part of the banner information. In this case, the input text, together with the
command keywords, cannot exceed 510 characters. The other is to input all the banner information in
multiple lines by pressing the Enter key. In this case, up to 2000 characters can be input.
The latter input mode can be achieved in the following three ways:
z Press the Enter key directly after the command keywords, and end the setting with the %
character. The Enter and % characters are not part of the banner information.
z Input a character after the command keywords at the first line, and then press the Enter key. End
the setting with the character input at the first line. The character at the first line and the end
character are not part of the banner information.
11-8
z Input multiple characters after the command keywords at the first line (with the first and last
characters being different), then press the Enter key. End the setting with the first character at the
first line. The first character at the first line and the end character are not part of the banner
information.
Follow these steps to configure a banner:
Configure the banner to be

displayed at login (available for header incoming text Optional
Modem login users)

header login text Optional
displayed at login authentication
Configure the authorization

header legal text Optional
information before login

displayed when a user enters user header shell text Optional
view (non Modem login users)

header motd text Optional
displayed before login
Configuring the Exception Handling Method

When the system detects any software abnormality, it handles the situation with one of the following
two methods:
z reboot: The system recovers itself through automatic reboot.
z maintain: The system maintains the current situation, and does not take any measure to recover
itself. Therefore, you need to recover the system manually, such as reboot the system.
Sometimes, it is difficult for the system to recover, or some prompts that are printed during the
failure are lost after the reboot. In this case, you can use this method to maintain the abnormal
state to locate problems and recover the system.
Follow these steps to configure the exception handling method (distributed device):
11-9
Optional
Configure the exception handling
By default, the active SRPU and
method on the active switching system-failure { maintain |
the standby SRPU adopt the
and routing processing unit reboot }
reboot method to handle
(SRPU) and the standby SRPU
exceptions.
z After this command is configured, both the active SRPU and the standby SRPU adopt the same
method to handle exceptions. The system adopts the reboot method to handle exceptions
happened on an interface card or the auxiliary CPU system, that is, the system reboots the failed
card.
z The exception handling method is effective to the failed card only, and does not influence the
functions of other cards.
Follow these steps to configure exception handling method (distributed IRF device):
Optional
Configure exception handling system-failure { maintain | By default, all member devices
method on all member devices reboot } adopt the reboot method to
handle exceptions.
z After this command is configured, all the member devices adopt the same method to handle
exceptions.
z The exception handling method is effective to the failed member device only, and does not
influence the operations of other IRF members.
Rebooting a Device
When a fault occurs to a running device, you can remove the fault by rebooting the device, depending
on the actual situation.
You can reboot a device following any of the three methods:
11-10
z Power on the device after powering it off, which is also called hard reboot or cold start. This
method impacts the device a lot. Powering off a running device will cause data loss and hardware
damages. It is not recommended.
z Trigger the immediate reboot through command lines.
z Enable the scheduled reboot function through command lines. You can set a time at which the
device can automatically reboot, or set a delay so that the device can automatically reboot within
the delay.
The last two methods are command line operations. Reboot through command lines is also called hot
start, which is mainly used to reboot a device in remote maintenance without performing hardware
reboot of the device.
z Distributed device
Follow the step below to reboot a device immediately:
Reboot a card or the whole system Required

reboot [ slot slot-number ]
immediately Available in user view.
Follow these steps to enable the scheduled reboot function:
Enable the scheduled reboot

function of the whole system and Required
schedule reboot at hh:mm [ date ]
specify a specific reboot time and Use either approach.
date
The scheduled reboot function is
Enable the scheduled reboot disabled by default.

schedule reboot delay { hh:mm |
function of the whole system and Available in user view.
mm }
specify a reboot waiting time
z Distributed IRF device

Follow the step below to reboot a device through command lines immediately:
Required
The chassis keyword specifies a IRF

member device. If it is not provided, the
Reboot a member device or reboot [ chassis chassis-number
whole IRF is specified.
all IRF member devices [ slot slot-number ] ]
The slot keyword specifies a card on a
member device.
11-11
Follow these steps to reboot a device at a time through command lines:
Enable the scheduled reboot

schedule reboot at hh:mm
function and specify a specific Required
[ date ]
reboot time and date Use either approach.
Enable the scheduled reboot Disabled by default.

schedule reboot delay { hh:mm |
function and specify a reboot Available in user view.
mm }
waiting time
z Device reboot may result in the interruption of the ongoing services. Use these commands with
caution.
z Before device reboot, use the save command to save the current configurations. For details about
the save command, refer to Configuration File Management Commands in the Fundamentals
Command Reference.
z Before device reboot, use the commands of display startup and display boot-loader to check if
the configuration file and boot file for the next boot are configured. (For details about the display
startup command, refer to Configuration File Management Commands in the Fundamentals
Command Reference.
z The precision of the rebooting timer is 1 minute. One minute before the rebooting time, the device
will prompt “REBOOT IN ONE MINUTE” and will reboot in one minute.
z Use the slave restart command instead of the reboot command to reboot the standby SRPU (for
details about the slave restart command, refer to the Active and Standby Switchover Commands
in the High Availability Command Reference). If you do not specify the slot keyword, the
execution of the reboot command on the device results in the reboot of the device, including the
active SRPU, the standby SRPU and the interface cards. If you reboot the active SRPU when the
standby SRPU operates normally, an active SRPU and standby SRPU switchover will occur.
z If a main boot file fails or does not exist, the device cannot be rebooted with the reboot command.
In this case, you can re-specify a main boot file to reboot the device, or you can power off the
device then power it on and the system automatically uses the backup boot file to restart the
device.
z If you are performing file operations when the device is to be rebooted, the system does not
execute the command for the sake of security.
11-12
Scheduled Task Configuration
What Is a Scheduled Task
A scheduled task defines a command or a group of commands and when such commands are to be
executed. It allows a device to execute specified command(s) at a time when no person is available to
maintain the device.
With a scheduled task configured, the device checks the configured task list every minute; if the device
detects that the time to execute a command is reached, it automatically executes the command.
Configuring a Scheduled Task
Note the following when configuring a scheduled task:
z The commands in a scheduled task must be in the same view.
z You can specify up to 10 commands in one scheduled task. To execute more than 10 commands,
specify multiple scheduled tasks.
Configuring a scheduled task to be executed at a specified time
Follow these steps to configure a scheduled task that will be executed at a specified time
To do… Use the command… Description
Create a scheduled task, and

job job-name Required
enter scheduled task view
Required
Configure the view where the
You can specify only one
specified commands are to be view view
view for each scheduled
executed
task
Execute the task

time time-id { one-off | repeating } at time
repeatedly within a
[ week-day week-daylist | month-date
Configure a specified time
month-day ] command command
scheduled period Use either command.
task Execute the task
time time-id at time date command
at the specified
command
time
11-13
z Modification of the system time affects the execution of a scheduled task.
z The view specified for a schedule task must be supported by the system, and the view name must
be in its complete format. Commonly used view names include monitor for user view, system for
system view, GigabitEthernetx/x/x for Ethernet interface view, and Vlan-interfacex for VLAN
interface view.
Configuring a scheduled task to be executed after a delay time

Follow these steps to configure a scheduled task that will be executed after a delay time
To do… Use the command… Description
Create a scheduled task, and

job job-name Required
enter scheduled task view
Required
Configure the view where the
You can specify only one
specified commands are to be view view
view for each scheduled
executed
task
Configure a scheduled task to be time time-id { one-off | repeating } delay

Required
executed after a delay time time command command
z A scheduled task with a delay time configured is still executed when the specified delay time is
reached even if the system time is changed.
z The view specified for a schedule task must be supported by the system, and the view name must
be in its complete format. Commonly used view names include monitor for user view, system for
system view, GigabitEthernetx/x/x for Ethernet interface view, and Vlan-interfacex for VLAN
interface view.
Configuring a Scheduled Task( user view and system view only)
The scheduled automatic execution function enables the system to automatically execute a specified
command at a specified time in a specified view. This function is used for scheduled system upgrade
or configuration.
Follow these steps to configure the scheduled automatic execution function:
11-14
Automatically execute the

schedule job at time [ date ] view
specified command at the
view command Optional
specified time
Use either command.
Automatically execute the
schedule job delay time view Available in user view.
specified command after the
view command
specified delay
Note that:
z At present, you can specify user view and system view only. To automatically execute the
specified command in another view or automatically execute multiple commands at a time, you
can configure the system to automatically execute a batch file at the specified time (note that you
must provide a complete file path for the system to execute the batch file.).
z The system does not check the values of the view and command arguments. Therefore, ensure
the correctness of the command argument (including the correct format of command and the
correct relationship between the command and view arguments).
z After the specified automatic execution time is reached, the system executes the specified
command in the background without displaying any information except system information such
as log, trap and debug.
z The system does not require any interactive information when it is executing the specified
command. If there is information for you to confirm, the system automatically inputs Y or Yes; if
characters need to be input, the system automatically inputs a default character string, or inputs
an empty character string when there is no default character string.
z For the commands used to switch user interfaces, such as telnet, ftp, and ssh2, the commands
used to switch views, such as system-view, quit, and the commands used to modify status of a
user that is executing commands, such as super, the operation interface, command view and
status of the current user are not changed after the automatic execution function is performed.
z If the system time is modified after the automatic execution function is configured, the scheduled
automatic execution configuration turns invalid automatically.
z Only the last configuration takes effect if you execute the schedule job command repeatedly.
z After you configure this feature on the active SRPU, the configuration is not backed up to the
standby SRPU; after a switchover between the active SRPU and the standby SRPU, this
configuration will be ineffective.
Configuring Temperature Alarm Thresholds for a board

You can set temperature alarm thresholds for a card by using the following commands. When the
temperature of a card reaches the threshold, the device will generate alarms.
11-15
Follow these steps to configure temperature alarm thresholds for a card: (distributed device)
Optional
By default, the temperature alarm

Configure temperature alarm temperature-limit slot-number thresholds for a card are as
thresholds for a card lower-value upper-value follows:
z Upper limit: 80°C (176°F)

z Lower limit: 0°C (32°F)
Follow these steps to configure temperature alarm thresholds for a card: (distributed IRFing device)
Optional
By default, the temperature alarm

temperature-limit chassis
Configure temperature alarm thresholds for a card are as
thresholds for a card follows:
lower-value upper-value
z Upper limit: 80°C (176°F)
z Lower limit: 0°C (32°F)
Clearing the 16-bit Interface Indexes Not Used in the Current

System
In practical networks, the network management software requires the device to provide a uniform,
stable 16-bit interface index. That is, a one-to-one relationship should be kept between the interface
name and the interface index in the same device.
For the purpose of the stability of an interface index, the system will save the 16-bit interface index
when a card or logical interface is removed.
If you repeatedly insert and remove different subcards or interface cards to create or delete a large
number of logical interfaces, the interface indexes will be used up, which will result in interface creation
failures. To avoid such a case, you can clear all 16-bit interface indexes saved but not used in the
current system in user view.
After the above operation,
z For a re-created interface, the new interface index may not be consistent with the original one.
z For existing interfaces, their interface indexes remain unchanged.
Follow these steps to clear the 16-bit interface indexes not used in the current system:
11-16
Clear the 16-bit interface indexes

saved but not in use in the current
Required
systems of the active SRPU and reset unused porttag
the standby SRPU (distributed
device)
Clear the 16-bit interface indexes

saved but not in use in the current Required
reset unused porttag
systems of all member devices Available in user view.
A confirmation is required when you execute this command. If you fail to make a confirmation within 30
seconds or enter N to cancel the operation, the command will not be executed.
Configuring the System Load Sharing Function

The S7500E series Ethernet switches support the load sharing function.
z When the system load sharing function is enabled, the active SRPU and the standby SRPU share
the traffic that needs inter-card forwarding.
z When the system load sharing function is disabled, only the active SRPU forwards the traffic that
needs inter-card forwarding.
Follow the steps below to enable the system load sharing function:
Enable the system load sharing Optional

loadsharing enable
function Disabled by default.
z Load sharing is applicable to unicast traffic only.

z The S7502E switches are designed to work in the load sharing mode, and do not support the
command.
11-17
Enabling Active/Standby Mode for Service Ports on SRPUs
If the switch uses LSQ1SRP2XB or LSQ1SRP12GB SRPUs, it simulates two virtual LPU slots with the
slot numbers following the largest slot number. The virtual LPUs correspond to the SRPUs, and the
Ethernet ports on the virtual LPUs correspond to the Ethernet ports on the SRPUs. If you want to
configure the Ethernet ports on the SRPUs, you need to configure on the virtual LPUs.
The SRPU LSQ1SRP2XB or LSQ1SRP12GB provides Ethernet service ports. When the S7503E,
S7506E, S7506E-V, or S7510E switch uses LSQ1SRP2XB or LSQ1SRP12GB to operate in
dual-SRPU mode, the service ports on the LSQ1SRP2XB or LSQ1SRP12GB work in one of the
following mode:
z Concurrent processing mode: All services ports on both of the two SRPUs can forward data
concurrently. If the active and standby switchover occurs due to software failure, all services ports
on both of the two SRPUs still can forward data; however, if the active and standby switchover
occurs due to hardware failure, the service ports on the failed SRPU may not forward data.
Therefore, this mode is not applicable to the network environment requiring high reliability.
z Active/standby mode: Only the service ports on the active SRPU can forward data, and the
service ports on the standby SRPU function as the backups. After the active and standby
switchover occurs, the state of service ports on the active SRPU changes from up to down, and
that of service ports on the standby SRPU changes from down to up. After that, the service ports
on the standby SRPU forward data. You can realize non-interruptible forwarding through this
mode.
Follow the steps below to enable active/standby mode for service ports on SRPUs:
Enable active/standby mode for Optional

strict-standby enable
service ports on SRPUs Disabled by default.
z Before enabling the active/standby mode for service ports on SRPUs, you need to perform
cross-card port redundancy configurations, such as cross-card port aggregation, cross-card STP,
cross-card dynamic routing.
z This feature is applicable to SRPUs LSQ1SRP2XB and LSQ1SRP12GB only.
11-18
Configuring the Traffic Forwarding Mode of SRPUs
Introduction to SRPU traffic forwarding mode
The S7500E series Ethernet switches support multiple types of SRPUs, which support different traffic
forwarding modes. You can configure the SRPU traffic forwarding mode as needed.
Traffic forwarding modes supported by S7500E SRPUs
Supported
Recommended
traffic
SRPU model Feature application
forwarding
environment
mode
LSQ1SRP2XB Enhanced Layer

Double-tagged VLAN
LSQ1SRPA 2 forwarding Supporting selective QinQ
networks
mode
LSQ1SRPB
LSQ1MPUA
LSQ1CGP24TSC
LSQ1CGV24PSC Standard z Supporting QinQ

Common networks
LSQ1SRPD forwarding mode z Powerful Layer 3 forwarding functions
LSQ1MPUB
LSQ1SRP12GB
Enhanced Layer
Double-VLAN-tag
2 forwarding z Supporting selective QinQ
networks with a large
mode with the z Providing a 128K MAC address table
quantity of MAC
MAC extension and a 4K routing table
addresses
function
Standard Networks having a

z Supporting QinQ
forwarding mode large quantity of MAC
z Powerful Layer 3 forwarding functions
LSQ1SRP1CB with the MAC addresses and low
z Providing a 128K MAC address table
extension requirements on
and a 4K routing table
function routing table size
Standard
z Supporting QinQ
forwarding mode Networks having high
z Powerful Layer 3 forwarding functions
with the route requirements on
z Providing a 32K MAC address table
extension routing table size
and a 128K routing table
function
11-19
Enhanced Layer 2 forwarding does not support route extension.
Configuring SRPU traffic forwarding mode

Follow these steps to configure traffic forwarding mode of LSQ1SRP2XB, LSQ1SRPA, LSQ1SRPB,
LSQ1MPUA, LSQ1CGP24TSC, LSQ1CGV24PSC, LSQ1SRPD, LSQ1MPUB or LSQ1SRP12GB:
Configure the traffic forwarding switch-mode { l2-enhanced | Optional

mode of the SRPU standard } standard by default.
Restore the default traffic

undo switch-mode Optional
forwarding mode
Follow these steps to configure traffic forwarding mode of LSQ1SRP1CB:
switch-mode { l2-enhanced |
Configure the traffic forwarding Optional
standard-bridging |
mode of the SRPU standard-routing by default
standard-routing }
To make the configured forwarding mode take effect, you need to save the configuration and restart
the switch.
Configuring the Working Mode of LPUs

Introduction to the Working Mode of LPUs
The S7500E series Ethernet switches support multiple types of LPUs, each of which provides different
MAC address table and routing table. If you need to extend the MAC address table or the routing table,
you can use EA, EB, or SD LPUs, that is, the LPUs with the last two letters of the LPU model being EA,
EB, or SD, LSQ1GP12EA for example.
11-20
An EA LPU can work in either of the two modes: MAC extension (bridging) and route extension
(routing).
z MAC extension mode: The LPU can provide a 128K MAC address table. It is recommended to use
this mode in a Layer 2 network with a large MAC address table.
z Route extension mode: The LPU can provide a 128K routing table. It is recommended to use this
mode in a Layer 3 network with a large routing table.
An EB or SD LPU can work in either of the four modes: MAC extension (bridging), route extension
(routing), mixed extension (mix-bridging-routing), and normal (normal).
z MAC extension mode: The EB LPU can provide a 512K MAC address table, and the SD LPU can
provide a 128K MAC address table. It is recommended to use this mode in a Layer 2 network with
a large MAC address table.
z Route extension mode: The EB LPU can provide a 256K routing table, and the SD LPU can
provide 128K routing table. It is recommended to use this mode in a Layer 3 network with a large
routing table.
z Mixed extension mode: The EB LPU can provide 258K MAC address table and 258K routing table;
the SD LPU can provide 64K MAC address table and 64K routing table. It is recommended to use
this mode in a network with both a large MAC address table and a large routing table.
z Normal mode: Both the EB LPU and the SD LPU can provide MAC address table and routing
table with their default capacities without any expansion. It is recommended to use this mode in a
network without expansion requirements to both MAC address and routing tables.
z The S7500E series Ethernet switches support multiple types of LPUs, where only EA, EB, and SD
LPUs support working mode configuration.
z After the MAC address table or the routing table is extended, the default capacity of the MAC
address table or the routing table does not take effect any more.
z The working mode configuration of an LPU does not affect the service processing capability of the
whole switch, but that of the LPU only.
Configuring the Working Mode of an EA LPU
Follow these steps to configure the working mode of an EA LPU:
11-21
Optional
By default, the working mode of an

Configure the working mode of an switch-mode { bridging | EA LPU is determined by the
EA LPU routing } slot slot-number SRPU model and the current traffic
forwarding mode of the SRPU.
Refer to Table 11-2 for details.
Table 11-2 Default working mode of EA LPUs
Current traffic forwarding mode Default working mode of EA

SRPU model
of the SRPU LPUs
LSQ1SRP2XB
LSQ1SRPA
LSQ1SRPB
LSQ1MPUA
LSQ1CGV24PSC l2-enhanced or standard routing
LSQ1CGP24TSC
LSQ1SRPD
LSQ1MPUB
LSQ1SRP12GB
l2-enhanced or
bridging
LSQ1SRP1CB standard-bridging
standard-routing routing
11-22
z When the SRPU of the S7500E switch is LSQ1SRP1CB, it is recommended not to modify the
default working mode the EA LPUs as other modes.
z When the SRPU of the S7500E switch is LSQ1SRP2XB, LSQ1SRPA, LSQ1SRPB, LSQ1MPUA,
LSQ1CGP24TSC, LSQ1CGV24PSC, LSQ1SRPD, LSQ1MPUB or LSQ1SRP12GB, if an EA LPU
is connected to a Layer 2 forwarding network with a large number of MAC addresses, you can
modify the working mode of the EA LPU from the default to the MAC extension mode.
z EA LPUs, like LSQ1GP12EA and LSQ1TGX1EA, do not support IPv6 and IRF.
z To make the configured working mode take effect, you need to save the configuration and restart
the LPU.
Configuring the Working Mode of EB and SD LPUs
Follow these steps to configure the working mode of an EB or SD LPU:
switch-mode { bridging | routing Optional

Configure the working mode of an
| mix-bridging-routing | normal } By default, the working mode of an
EB or SD LPU (distributed device)
slot slot-number EB or SD LPU is normal.
switch-mode { bridging | routing

Configure the working mode of an Optional
| mix-bridging-routing | normal }
EB or SD LPU (distributed IRF By default, the working mode of an
chassis chassis-number slot
device) EB or SD LPU is normal.
slot-number
z When there are multiple EB and SD LPUs on the S7500E series, you are recommended to
configure them to work in the same mode.
z To make the configured working mode take effect, you need to save the configuration and restart
the LPU.
z When you change the working mode of an EB or SD LPU for the first time or upgrade the software
version for them for the first time after working mode switch, the EB or SD LPU may be rebooted
for once or twice because of system optimization, which takes six to ten minutes.
11-23
Enabling the Port Down Function Globally
With this function enabled, if the SRPU is plugged out or reboots abnormally, all service ports will be
down immediately.
Follow these steps to enable the port down function globally:
Enable the port down function monitor handshake-timeout Optional

globally disable-port Disabled by default.
Enabling Expansion Memory Data Recovery Function on a board

After this function is enabled, data monitoring of expansion memory on the specified EA LPU or
LSQ1SRP1CB SRPU is performed. When data error occurs, data recovery will start automatically.
Follow these steps to enable expansion memory data recovery function on a card:
Enable expansion memory data

mmu-monitor enable slot Optional
recovery function on a card
slot-number Enabled by default.
Enable expansion memory data

mmu-monitor enable chassis Optional
recovery function on a card
chassis-number slot slot-number Enabled by default.
This function is only available to EA LPUs and LSQ1SRP1CB SRPUs.
Identifying and Diagnosing Pluggable Transceivers

Introduction to pluggable transceivers
At present, four types of pluggable transceivers are commonly used, as shown in Table 11-3. They can
be further divided into optical transceivers and electrical transceivers based on transmission medium.
11-24
Table 11-3 Commonly used pluggable transceivers
Application Whether can be an Whether can be an

Transceiver type
environment optical transceiver electrical transceiver
Generally used for

100M/1000M Ethernet
SFP (Small Form-factor
interfaces or POS Yes Yes
Pluggable)
155M/622M/2.5G
interfaces
Generally used for

GBIC (Gigabit Interface
1000M Ethernet Yes Yes
Converter)
interfaces
XFP (10-Gigabit small Generally used for 10G

Yes No
Form-factor Pluggable) Ethernet interfaces
XENPAK (10-Gigabit
Generally used for 10G
Ethernet Transceiver Yes Yes
Ethernet interfaces
Package)
Identifying pluggable transceivers
As pluggable transceivers are of various types and from different vendors, you can use the following
commands to view the key parameters of the pluggable transceivers, including transceiver type,
connector type, central wavelength of the laser sent, transfer distance and vendor name or name of
the vendor who customizes the transceivers to identify the pluggable transceivers.
Follow these steps to identify pluggable transceivers:
Display key parameters of the display transceiver interface Available for all pluggable
pluggable transceiver(s) [ interface-type interface-number ] transceivers.
Display part of the electrical label display transceiver manuinfo Available for anti-spoofing
information of the anti-spoofing interface [ interface-type pluggable transceiver(s)
transceiver(s) customized by H3C interface-number ] customized by H3C only.
z You can use the Vendor Name field in the prompt information of the display transceiver
command to identify an anti-spoofing pluggable transceiver customized by H3C. If the field is H3C,
it is considered an H3C-customized pluggable transceiver.
z Electrical label information is also called permanent configuration data or archive information,
which is written to the storage component of a card during device debugging or testing. The
information includes name of the card, device serial number, and vendor name or name of the
vendor who customizes the transceiver.
11-25
Diagnosing pluggable transceivers
The system outputs alarm information for you to diagnose and troubleshoot faults of pluggable
transceivers. Optical transceivers customized by H3C also support the digital diagnosis function, which
monitors the key parameters of a transceiver, such as temperature, voltage, laser bias current, TX
power, and RX power. When these parameters are abnormal, you can take corresponding measures
to prevent transceiver faults.
Follow these steps to diagnose pluggable transceivers:
Display the current alarm display transceiver alarm

Available for all pluggable
information of the pluggable interface [ interface-type
transceivers.
transceiver(s) interface-number ]
Display the currently measured

value of the digital diagnosis display transceiver diagnosis Available for anti-spoofing
parameters of the anti-spoofing interface [ interface-type pluggable optical transceiver(s)
optical transceiver(s) customized interface-number ] customized by H3C only.
by H3C
Displaying and Maintaining Device Management Configuration

z Distributed device:
Display information on the system

display clock Available in any view
clock
Display the statistics of the CPU display cpu-usage [ entry-number

usage [ offset ] [ verbose ] [ from-device ] ]
display cpu-usage history [ task

Display history statistics of the
task-id ] [ slot slot-number [ cpu Available in any view
CPU usage in a chart
cpu-number ] ]
display device [ cf-card ] [ [ shelf

Display information about a card, shelf-number ] [ chassis
subcard, CF card on the device chassis-number ] [ slot slot-number
[ subslot subslot-number ] ] | verbose ]
display device manuinfo [ slot

Display electrical label information
slot-number [ subslot Available in any view
of the device
subslot-number ] ]
11-26
Display and save statistics the

display diagnostic-information Available in any view
running status of multiple modules
Display the temperature

display environment Available in any view
information of devices
Display the operating state of fans

display fan [ fan-id ] Available in any view
in the device
Display the usage of the memory display memory [ slot slot-number

of the device [ cpu cpu-number ] ]
Display the power state of the

display power [ power-id ] Available in any view
device
Display the reboot time of a device display schedule reboot Available in any view
Display detailed configurations of

the scheduled automatic execution display schedule job Available in any view
function
Display the exception handling

display system-failure Available in any view
methods
Display information on system

display version Available in any view
version
Display the version update records

of the active SRPU software (Boot display version-update-record Available in any view
ROM file)
Clear the records of updating the

active SRPU software (Boot ROM reset version-update-record Available in any view
file)
z Distributed IRF device
Display information on the system

display clock Available in any view
clock
11-27
display cpu-usage [ task ] [ chassis

chassis-number slot slot-number ]
Display the statistics of the CPU
display cpu-usage number [ offset ] Available in any view
usage
[ verbose ] [ chassis chassis-number slot
slot-number ] [ from-device ]
display cpu-usage history [ task task-id ]

Display history statistics of the
[ chassis chassis-number slot Available in any view
CPU usage in a chart
slot-number ]
display device [ cf-card ] [ [ shelf

Display information about a card, shelf-number ] [ chassis chassis-number
subcard, CF card on the device [ slot slot-number [ subslot
subslot-number ] ] ] | verbose ]
display device manuinfo [ chassis

Display electrical label information
chassis-number [ slot slot-number Available in any view
of the device
[ subslot subslot-number ] ] ]
Display and save statistics the

display diagnostic-information Available in any view
running status of multiple modules
Display the temperature

display environment Available in any view
information of devices
Display the operating state of fans display fan [ chassis chassis-number

in the device [ fan-id ] ]
display memory [ chassis

Display the usage of the memory
chassis-number slot slot-number [ cpu Available in any view
of the device
cpu-number ] ]
Display the power state of the display power [ chassis chassis-number

device [ power-id ] ]
Display detailed configurations of

the scheduled automatic execution display schedule job Available in any view
function
Display the reboot time of a device display schedule reboot Available in any view
Display the exception handling

display system-failure Available in any view
methods
Display information on system

display version Available in any view
version
11-28
Display the version update records

of the active SRPU software (Boot display version-update-record Available in any view
file)
Clear the records of updating the

reset version-update-record Available in any view
active SRPU software
During daily maintenance or when the system is operating abnormally, you need to display the running
status of each functional module to locate the problem. Generally, you need to execute the
corresponding display commands for each module, because each module has independent running
information. To collect more information at one time, you can execute the display
diagnostic-information command to display or save the statistics of the running status of multiple
modules in the system. Execution of the display diagnostic-information command equals execution
of the commands display clock, display version, display device, and display
current-configuration one by one.
11-29
12 Index
A Configuring Password Authentication for
Modem Login 3-36
Accessing History Commands 1-11
Configuring Password Authentication for
B
Telnet Login 3-18
Basic Concepts in Hotfix 10-5 Configuring Scheme Authentication for
C Console Login 3-9

Configuring Scheme Authentication for
Changing the Current Working Directory 8-4
Modem Login 3-37
Coexistence of Multiple Configuration Files
Configuring Scheme Authentication for
9-2
Telnet Login 3-19
Configuration Prerequisites 10-8
Configuring the Device to Log In to Another
Configuration Task List 9-6
Device as a Telnet Client 3-25
Configuring a banner 11-8
Configuring the History Buffer Size 1-12
Configuring a User Privilege Level 1-17
Configuring the SSH Client to Log In to the
Configuring Authentication and Authorization SSH Server3-29
on the FTP Server 6-12
Configuring the SSH Server 3-27
Configuring CLI Hotkeys 1-8
Configuring the system clock 11-3
Configuring Command Aliases 1-7
Configuring the Working Mode of an EA LPU
Configuring Common Settings for Console 11-21
Login (Optional) 3-12
Configuring the Working Mode of EB and SD
Configuring Common Settings for Modem LPUs 11-23
Login (Optional) 3-41
Console Login Authentication Modes 3-5
Configuring Common Settings for VTY User
Copying a File 8-6
Interfaces (Optional) 3-23
Creating a Directory 8-4
Configuring FTP Server Operating
Parameters 6-11 D
Configuring None Authentication for Console Deleting a File 8-6

Login 3-6 Diagnosing pluggable transceivers 11-26
Configuring None Authentication for Modem Displaying Directory Information 8-4
Login 3-35 Displaying File Information 8-5
Configuring None Authentication for Telnet Displaying the Contents of a File 8-5
Login 3-17
Displaying the Current Working Directory
Configuring Parameters for Saving the 8-4
Current Running Configuration 9-7
Displaying the system clock 11-3
Configuring Password Authentication for
E
Console Login 3-7
12-1
Editing Command Lines 1-6 Login Procedure 3-2
Emptying the Recycle Bin 8-7 Login Procedure 3-30
Enabling Configuration File Auto-Save 9-2 M
Entering System View 1-4
Maintaining and Debugging an FTP
Establishing an FTP Connection 6-3
Connection 6-7
Exiting the Current View 1-5
Managing the Space of a Storage Medium
F 8-8
File System Overview 8-1 Modem Login Authentication Modes 3-34
Filename Formats 8-1 Modes in Saving the Configuration 9-3
Filtering Output Information 1-13 Modifying the Level of a Command 1-25
Format and Content of a Configuration File Mounting/Unmounting a Storage Medium

9-1 8-9
FTP Client Configuration Example Moving a File 8-6

(Distributed Device) 6-8 Multi-Screen Display 1-12
FTP Client Configuration Example N
(Distributed IRF Device) 6-9
Numbering User Interfaces 2-3
FTP Server Configuration Example
(Distributed Device) 6-14 O
FTP Server Configuration Example One-Step Patch Installation 10-9

(Distributed IRF Device) 6-16 Operating the Directories on an FTP Server
H 6-5
Operating the Files on an FTP Server 6-5
Hotfix Configuration Example 10-17
Operation of FTP 6-1
Hotfix Configuration Task List 10-8
Operation of TFTP 7-1
Hotfix Overview 10-5
P
I
Patch Status 10-5
Identifying pluggable transceivers 11-25
Immediate Upgrade Configuration Example R
(Distributed Device) 10-14 Redisplaying Input But Not Submitted
Immediate Upgrade Configuration Example Commands 1-10
(Distributed IRF Virtual Device) 10-16 Removing a Directory 8-4
Introduction to banners 11-8 Renaming a File 8-6
Introduction to FTP 6-1 Restoring a File from the Recycle Bin 8-7
Introduction to pluggable transceivers Returning to User View 1-5
11-24
S
Introduction to TFTP 7-1
Saving the Current Running Configuration
Introduction to the Working Mode of LPUs
Automatically 9-8
11-20
Saving the Current Running Configuration
L
Manually 9-9
12-2
Setting Configuration Rollback 9-9
Startup with the Configuration File 9-2
Step-by-Step Patch Installation 10-10
Step-by-Step Patch Uninstallation 10-12
Switching User Privilege Level 1-21
Telnet Login Authentication Modes 3-16

Terminating an FTP Connection 6-7
Types of Configuration 9-1
Typing Incomplete Keywords 1-7
Users and User Interfaces 2-2

Using Another Username to Log In to an FTP
Server 6-6
12-3

99-Book 685795 1285 0

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

99-Book 685795 1285 0

Uploaded by

Copyright:

Available Formats

H3C S7500E Series Ethernet Switches

Hangzhou H3C Technologies Co., Ltd.

Document Version: 20100722-C-1.01

All Rights Reserved

H3C, , Aolynk, , H3Care, , TOP G, , IRF, NetPilot, Neocean, NeoVTL,

Configuration File Upgrading Software Device Management

[] Square brackets enclose syntax choices (keywords or arguments) that are

Braces enclose a set of required syntax choices separated by vertical bars,

Square brackets enclose a set of optional syntax choices separated by vertical

Asterisk marked braces enclose a set of required syntax choices separated by

Asterisk marked square brackets enclose optional syntax choices separated by

# A line that starts with a pound (#) sign is comments.

Multi-level menus are separated by forward slashes. For example,

Means reader be extremely careful. Improper operation may cause bodily

Means an action or information that needs special attention to ensure

Means a complementary description.

About the H3C S7500E Documentation Set

Marketing brochures Describe product specifications and benefits.

Product description and Provide an in-depth description of software features

Card datasheets Describe card specifications, features, and standards.

Provides a complete guide to hardware installation

H3C N68 Cabinet

H3C Pluggable SFP

Describes how to install the DIMM

Single PoE DIMM Describes how to install the 24-port DIMM

Describe software features and configuration

Describe typical network scenarios and provide

Provide information about the product release,

H3C PSR6000-ACV Describes the appearance, specifications, LEDs, and

H3C S7500E Power

1 CLI Configuration ······································································································································1-1

2 Login Methods ···········································································································································2-1

5 User Login Control ····································································································································5-1

7 TFTP Configuration ···································································································································7-1

8 File System Management··························································································································8-1

9 Configuration File Management···············································································································9-1

10 Software Upgrade Configuration ·········································································································10-1

11 Device Management ······························································································································11-1

Entering the CLI

The keywords of a command line are in Boldface. Keep keywords unchanged

[] Items (keywords or arguments) in square brackets [ ] are optional.

Optional alternative items are grouped in square brackets and separated by

Alternative items are grouped in braces and separated by vertical bars. A

Optional alternative items are grouped in square brackets and separated by

# A line starting with the # sign is comments.

The keywords of H3C command lines are case insensitive.

Undo Form of a Command

CLI View Description

Figure 1-3 Command line views

Entering System View

To do… Use the command… Remarks

To do… Use the command… Remarks

Return to the parent view from the Required

Returning to User View

To do… Use the command… Remarks

Using the CLI Online Help

z If finding a unique match, the system substitutes the complete keyword

Typing Incomplete Keywords

Configuring Command Aliases

Enter system view system-view —

command-alias mapping cmdkey Required

Configuring CLI Hotkeys

Follow these steps to configure CLI hotkeys: