20121114_1453160_99-book_761835_1285_0

H3C SR8800 10G Core Routers
Fundamentals Configuration Guide
Hangzhou H3C Technologies Co., Ltd.

http://www.h3c.com
Software version: SR8800-CMW520-R3347

Document version: 6W103-20120224
Copyright © 2011-2012, Hangzhou H3C Technologies Co., Ltd. and its licensors
All rights reserved
No part of this manual may be reproduced or transmitted in any form or by any means without prior
written consent of Hangzhou H3C Technologies Co., Ltd.
Trademarks
H3C, , Aolynk, , H3Care, , TOP G, , IRF, NetPilot, Neocean, NeoVTL,

SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V2G, VnG, PSPT,
XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co.,
Ltd.
All other trademarks that may be mentioned in this manual are the property of their respective owners
Notice
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Preface
The H3C SR8800 documentation set includes 13 configuration guides, which describe the software
features for the H3C SR8800 10G Core Routers and guide you through the software configuration
procedures. These configuration guides also provide configuration examples to help you apply software
features to different network scenarios.
The Fundamentals Configuration Guide tells you how to log in to the router, use the command-line
interface (CLI), manage files with FTP and TFTP, upgrade software, and manage the router.
This preface includes:
• Audience
• Conventions
• About the H3C SR8800 documentation set
• Obtaining documentation
• Technical support
• Documentation feedback
Audience
This documentation is intended for:
• Network planners
• Field technical support and servicing engineers
• Network administrators working with the SR8800
Conventions
This section describes the conventions used in this documentation set.
Command conventions
Convention Description
Boldface Bold text represents commands and keywords that you enter literally as shown.
Italic Italic text represents arguments that you replace with actual values.
[] Square brackets enclose syntax choices (keywords or arguments) that are optional.
Braces enclose a set of required syntax choices separated by vertical bars, from which
{ x | y | ... }
you select one.
Square brackets enclose a set of optional syntax choices separated by vertical bars, from
[ x | y | ... ]
which you select one or none.
Asterisk marked braces enclose a set of required syntax choices separated by vertical
{ x | y | ... } *
bars, from which you select at least one.
Asterisk marked square brackets enclose optional syntax choices separated by vertical
[ x | y | ... ] *
bars, from which you select one choice, multiple choices, or none.
The argument or keyword and argument combination before the ampersand (&) sign can
&<1-n>
be entered 1 to n times.
# A line that starts with a pound (#) sign is comments.
GUI conventions
Window names, button names, field names, and menu items are in Boldface. For
Boldface
example, the New User window appears; click OK.
> Multi-level menus are separated by angle brackets. For example, File > Create > Folder.
Symbols
An alert that calls attention to important information that if not understood or followed can
WARNING result in personal injury.
An alert that calls attention to important information that if not understood or followed can
CAUTION result in data loss, data corruption, or damage to hardware or software.
IMPORTANT An alert that calls attention to essential information.
NOTE An alert that contains additional or supplementary information.
TIP An alert that provides helpful information.
Network topology icons
Represents a generic network device, such as a router, switch, or firewall.
Represents a routing-capable device, such as a router or Layer 3 switch.
Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports
Layer 2 forwarding and other Layer 2 features.
Port numbering in examples

The port numbers in this document are for illustration only and might be unavailable on your router.
About the H3C SR8800 documentation set

The H3C SR8800 documentation set includes:
Category Documents Purposes
Marketing brochures Describe product specifications and benefits.
Product description and Provide an in-depth description of software features

Technology white papers
specifications and technologies.
Card datasheets Describe card specifications, features, and standards.

Category Documents Purposes
Compliance and safety Provides regulatory information and the safety
manual instructions that must be followed during installation.
Provides a complete guide to hardware installation

Installation guide
and hardware specifications.
H3C N68 Cabinet

Guides you through installing and remodeling H3C
Installation and Remodel
N68 cabinets.
Hardware specifications Introduction
and installation
H3C Pluggable SFP
[SFP+][XFP] Transceiver Guides you through installing SFP/SFP+/XFP
Modules Installation transceiver modules.
Guide
H3C High-End Network Describes the hot-swappable modules available for

Products Hot-Swappable the H3C high-end network products, their external
Module Manual views, and specifications.
Describe software features and configuration

Configuration guides
Software configuration procedures.
Command references Provide a quick reference to all available commands.
Provide information about the product release,

including the version history, hardware and software
Operations and
Release notes compatibility matrix, version upgrade information,
maintenance
technical support information, and software
upgrading.
Obtaining documentation
You can access the most up-to-date H3C product documentation on the World Wide Web
at http://www.h3c.com.
Click the links on the top navigation bar to obtain different categories of product documentation:
[Technical Support & Documents > Technical Documents] – Provides hardware installation, software
upgrading, and software feature configuration and maintenance documentation.
[Products & Solutions] – Provides information about products and technologies, as well as solutions.
[Technical Support & Documents > Software Download] – Provides the documentation released with the
software version.
Technical support
service@h3c.com
http://www.h3c.com
Documentation feedback
You can e-mail your comments about product documentation to info@h3c.com.
We appreciate your comments.
Contents
Using the CLI ································································································································································ 1

What is CLI? ······································································································································································ 1
Entering the CLI ································································································································································· 1
Command conventions ····················································································································································· 1
Using the undo form of a command ······························································································································· 2
CLI views ············································································································································································ 2
CLI view introduction ················································································································································ 2
Entering system view ················································································································································ 3
Exiting the current view············································································································································ 3
Returning to user view ·············································································································································· 4
Accessing the CLI online help ·········································································································································· 4
Entering commands··························································································································································· 5
Editing command lines ············································································································································· 5
Entering incomplete keywords ································································································································ 6
Configuring command keyword aliases ················································································································ 6
Configuring CLI hotkeys ··········································································································································· 7
Enabling redisplaying of entered but not submitted commands ········································································· 8
Understanding command-line errors ······························································································································· 8
Using the command history function ······························································································································· 9
Accessing history commands ·································································································································· 9
Configuring the history buffer size ························································································································· 9
Controlling the CLI output ·············································································································································· 10
Pausing between screens of output ····················································································································· 10
Filtering the output information of a display command····················································································· 11
Configuring user privilege and command levels ········································································································ 14
Introduction ···························································································································································· 14
Configuring the user privilege level····················································································································· 14
Switching the user privilege level ························································································································ 18
Modifying the level of a command ····················································································································· 21
Saving the current configuration ·································································································································· 21
Displaying and maintaining CLI ··································································································································· 21
Logging in to the CLI ·················································································································································· 22

Login methods································································································································································· 22
Logging in through the console port ···························································································································· 23
Introduction ···························································································································································· 23
Configuration procedure ······································································································································ 23
Logging in through the AUX port·································································································································· 26
Configuration prerequisites ·································································································································· 26
Configuration procedure ······································································································································ 27
Logging in through Telnet ·············································································································································· 29
Introduction ···························································································································································· 29
Setting up a configuration environment ·············································································································· 29
Logging in through SSH ················································································································································ 33
Introduction ···························································································································································· 33
Logging in to the router from an SSH client ······································································································· 33
Configuring the SSH client to log in to the SSH server ····················································································· 34
Logging in through the AUX port by using modems ·································································································· 35
Introduction ···························································································································································· 35
i
Configurations on the administrator side ············································································································ 36
Configurations on the router ································································································································ 36
Setting up a configuration environment ·············································································································· 37
Configuring user interfaces ······································································································································· 40

User interface overview ················································································································································· 40
Brief introduction ··················································································································································· 40
Users and user interfaces······································································································································ 40
Numbering user interfaces ··································································································································· 41
User interface configuration task list ···························································································································· 41
Configuring asynchronous serial interface attributes ································································································· 42
Configuring terminal attributes ····································································································································· 42
Configuring a command to be automatically executed ····························································································· 43
Configuring user privilege level under a user interface ····························································································· 44
Configuring access control on VTY user interfaces ···································································································· 45
Configuring supported protocols on VTY user interfaces··························································································· 45
Configuring the authentication mode ·························································································································· 46
Configuring command authorization ··························································································································· 48
Configuring command accounting ······························································································································· 48
Defining shortcut keys for starting terminal sessions/aborting tasks ········································································ 49
Sending messages to the specified user interfaces ···································································································· 49
Releasing the connection established on user interfaces ··························································································· 50
Displaying and maintaining user interfaces ················································································································ 50
User interface configuration examples ························································································································ 50
User authentication configuration example ········································································································ 50
Command authorization configuration example ······························································································· 52
Command accounting configuration example ··································································································· 53
Configuring FTP ·························································································································································· 55

FTP overview ··································································································································································· 55
Introduction to FTP ················································································································································· 55
FTP operation ························································································································································· 55
Configuring the FTP client ············································································································································· 56
Establishing an FTP connection ···························································································································· 56
Managing directories on an FTP server ·············································································································· 57
Managing the files on an FTP server ··················································································································· 58
Using another username to log in to an FTP server ··························································································· 59
Maintaining and debugging an FTP connection································································································ 59
Terminating an FTP connection ···························································································································· 59
FTP client configuration example ························································································································· 60
Configuring the FTP server ············································································································································ 62
Configuring FTP server operating parameters···································································································· 62
Configuring authentication and authorization on the FTP server ····································································· 62
FTP server configuration example ························································································································ 63
Displaying and maintaining FTP ··································································································································· 65
Configuring TFTP ························································································································································ 66

TFTP overview ································································································································································· 66
Introduction to TFTP ··············································································································································· 66
TFTP operation ······················································································································································· 66
Configuring the TFTP client············································································································································ 67
Displaying and maintaining the TFTP client ················································································································ 68
TFTP client configuration example ································································································································ 68
Managing the file system ·········································································································································· 70

File system overview ······················································································································································ 70
ii
Naming rules for a storage medium ··················································································································· 70
Filename formats ··················································································································································· 70
Managing directories ···················································································································································· 71
Displaying directory information ························································································································· 71
Displaying the current working directory ············································································································ 71
Changing the current working directory ············································································································· 71
Creating a directory ·············································································································································· 72
Removing a directory ············································································································································ 72
Managing files ······························································································································································· 72
Displaying file information ··································································································································· 72
Displaying the contents of a file··························································································································· 72
Renaming a file······················································································································································ 73
Copying a file ························································································································································ 73
Moving a file·························································································································································· 73
Deleting a file························································································································································· 73
Restoring a file from the recycle bin ···················································································································· 73
Emptying the recycle bin ······································································································································ 74
Computing the digest of a specified file ············································································································· 74
Performing batch operations ········································································································································· 74
Managing storage media ············································································································································· 74
Naming rules ························································································································································· 75
Memory space management································································································································ 75
Mounting and unmounting a storage medium ··································································································· 76
Partitioning a storage medium ····························································································································· 77
Setting the file system operation mode ························································································································ 77
File system management examples ······························································································································ 78
Managing configuration files ···································································································································· 80

Configuration file overview ··········································································································································· 80
Types of configuration ·········································································································································· 80
Format and content of a configuration file ········································································································· 80
Startup with the configuration file ························································································································ 81
Saving the running configuration ································································································································· 81
Enabling configuration file auto-save ·················································································································· 81
Selecting the mode for saving the configuration file ························································································· 81
Erasing the startup configuration file ··················································································································· 82
Setting configuration rollback ······································································································································· 83
Configuration rollback ·········································································································································· 83
Configuration task list ··········································································································································· 83
Configuring parameters for saving the running configuration ········································································· 84
Enabling automatic saving of the running configuration ·················································································· 85
Manually saving the running configuration ········································································································ 85
Setting configuration rollback ······························································································································ 86
Specifying a configuration file for the next startup····································································································· 86
Backing up/restoring the configuration file to be used at the next startup······························································ 87
Backup/restore function overview ······················································································································· 87
Backing up the configuration file to be used at the next startup ······································································ 87
Restoring the startup configuration file to be used at the next startup ····························································· 88
Displaying and maintaining a configuration file ········································································································ 88
Upgrading software ··················································································································································· 90

Router software overview ·············································································································································· 90
Software upgrade configuration task list ····················································································································· 90
Upgrading system software from BootWare menu ···································································································· 91
BootWare main menu ··········································································································································· 91
iii
BootWare submenus ············································································································································· 92
Using TFTP/FTP through Ethernet port ················································································································· 93
Using Xmodem through console port ·················································································································· 94
Upgrading the BootWare program at the CLI ············································································································ 99
Upgrading the system boot file at the CLI ··················································································································· 99
Specifying a boot file to be used at the next boot ····························································································· 99
Upgrading the boot file for the standby MPU ·································································································· 100
Upgrading software through hotfix ···························································································································· 100
Basic concepts in hotfix ······································································································································ 100
Patch state ···························································································································································· 101
Hotfix configuration task list ········································································································································ 104
Configuration prerequisites ································································································································ 104
Installing a patch in one step ····························································································································· 105
Installing a patch step-by-step ···························································································································· 106
Uninstalling all patches in one step ··················································································································· 108
Uninstalling a patch step-by-step ······················································································································· 108
Upgrading clock card·················································································································································· 109
Upgrading card logic ·················································································································································· 109
Displaying and maintaining software upgrade configuration ················································································ 109
Software upgrade configuration examples ··············································································································· 110
Remote upgrade configuration example··········································································································· 110
Hotfix configuration example ····························································································································· 111
Managing the device ·············································································································································· 114

Device management overview···································································································································· 114
Displaying device configuration ································································································································· 114
Configuring the device name ····································································································································· 115
Changing the system time ··········································································································································· 115
Configuring the system time ······························································································································· 115
Configuration guidelines ···································································································································· 115
Configuration procedure ···································································································································· 118
Enabling displaying copyright information ··············································································································· 118
Configuring banners ···················································································································································· 119
Introduction to banners ······································································································································· 119
Configuring procedure ······································································································································· 120
Configuring the exception handling method············································································································· 120
Rebooting the router ···················································································································································· 121
Configuring system working mode····························································································································· 122
Scheduling jobs ···························································································································································· 122
Job configuration approaches ··························································································································· 123
Configuration guidelines ···································································································································· 123
Scheduling a job in the non-modular approach ······························································································ 124
Scheduling a job in the modular approach ····································································································· 124
Scheduled job configuration example ·············································································································· 124
Configuring the port status detection timer················································································································ 126
Configuring temperature alarm thresholds for a card······························································································ 126
Manging power supply ··············································································································································· 127
Starting and stopping power supply to a card ································································································ 127
Enabling the power alarm monitoring function ································································································ 127
Configuring in-service hardware failure diagnosis ·································································································· 128
Configuring the load mode for the active MPU and standby MPU ········································································ 128
Configuring the size of the buffer shared by all interfaces on an interface card ················································· 129
Clearing unused 16-bit interface indexes·················································································································· 129
Enabling automatic forwarding path check ·············································································································· 130
Configuring the working mode of an interface subcard·························································································· 130
iv
Verifying and diagnosing transceiver modules ········································································································ 131
Introduction to transceiver modules ··················································································································· 131
Verifying pluggable transceivers ······················································································································· 131
Diagnosing transceiver modules ························································································································ 132
Displaying and maintaining device management ···································································································· 132
Index ········································································································································································ 135
v
Using the CLI
What is CLI?
The command-line interface (CLI) enables you to interact with your device by entering text commands. At
the CLI, you can instruct your device to perform a given task by entering a text command and then
pressing Enter. Compared with the graphical user interface (GUI) where you use a mouse to perform
configurations, the CLI allows you to input more information in one command line.
Figure 1 CLI example
NOTE:
The information on the router may vary with device model.
Entering the CLI

The device provides multiple methods for entering the CLI, such as through the console port, through
Telnet, and through SSH. For more information, see the chapter “Logging in to the CLI.”
Command conventions
Command conventions help you understand command meanings. Commands in product manuals
comply with the conventions listed in Table 1.
Table 1 Command conventions
Boldface Bold text represents commands and keywords that you enter literally as shown.
Italic Italic text represents arguments that you replace with actual values.
[] Square brackets enclose syntax choices (keywords or arguments) that are optional.
Braces enclose a set of required syntax choices separated by vertical bars, from which
{ x | y | ... }
you select one.
Square brackets enclose a set of optional syntax choices separated by vertical bars, from
[ x | y | ... ]
which you select one or none.
Asterisk marked braces enclose a set of required syntax choices separated by vertical
{ x | y | ... } *
bars, from which you select at least one.
1
Asterisk marked square brackets enclose optional syntax choices separated by vertical
[ x | y | ... ] *
bars, from which you select one choice, multiple choices, or none.
The argument or keyword and argument combination before the ampersand (&) sign can
&<1-n>
be entered 1 to n times.
# A line that starts with a pound (#) sign is comments.
NOTE:
The keywords of command lines are case insensitive.
Take the clock datetime time date command as an example to understand the meaning of the command
line parameters according to Table 1.
Figure 2 Understanding command line parameters
For example, you can type the following command line at the CLI of your device and press Enter to set
the device system time to 10 o’clock 30 minutes 20 seconds, February 23, 2010.
<Sysname> clock datetime 10:30:20 2/23/2010
You can read any command that is more complicated according to Table 1.
Using the undo form of a command

The undo form of a command restores the default, disables a function, or removes a configuration.
Almost all configuration commands have an undo form. For example, the info-center enable command
enables the information center, and the undo info-center enable command disables the information
center.
CLI views
CLI view introduction
Commands are grouped into different classes by function. To use a command, you must enter the class
view of the command.
CLI views adopt a hierarchical structure, as shown in Figure 3.
• After logging in to the switch, you are in user view. The prompt of user view is <device name>. In
user view, you can perform display, debugging, and file management operations, set the system
time, restart your device, and perform FTP and Telnet operations. To change the device name, use
2
the sysname command. For information about this command, see Fundamentals Command
Reference.
• You can enter system view from user view. In system view, you can configure parameters such as
daylight saving time, banners, and short-cut keys.
• From system view, you can enter different function views. For example, enter interface view to
configure interface parameters, create a VLAN and enter its view, enter user interface view to
configure login user attributes, create a local user and enter local user view to configure the
password and level of the local user.
NOTE:
Enter ? in any view to display all the commands that can be executed in this view.
Figure 3 Command line views
……
Entering system view

When you log in to the device, you automatically enter user view, where <device name> is displayed.
You can perform limited operations in user view, for example, display operations, file operations, and
Telnet operations. To perform further configuration for the device, enter system view.
To enter system view:
Task Command Remarks

Enter system view from user view. system-view Available in user view
Exiting the current view

The CLI is divided into different command views. Each view has a set of specific commands and defines
the effective scope of the commands. The commands available to you at any given time depend on the
view you are in.
3
To exit the current view:

Return to the parent view from the
quit Available in any view.
current view.
NOTE:
• The quit command in user view terminates the current connection between the terminal and the device.
• In public key code view, use the public-key-code end command to return to the parent view (public key
view). In public key view, use the peer-public-key end command to return to system view.
Returning to user view

This feature allows you to return to user view from any other view, without using the quit command
repeatedly. You can also press Ctrl+Z to return to user view from the current view.
To exit to user view:

Available in any view except user
Return to user view. return
view
Accessing the CLI online help

Enter a question mark (?) to access online help. See the following examples.
1. Enter ? in any view to display all commands available in this view and brief descriptions of these
commands. For example:
<Sysname> ?
cfd Connectivity fault detection (IEEE 802.1ag)
display Display current system information
ping Ping function
quit Exit from current command view
ssh2 Establish a secure shell client connection
super Set the current user priority level
telnet Establish one TELNET connection
tracert Trace route function
…Part of the output omitted…
2. When you enter part of a command and a ? separated by a space.
If ? is at the position of a keyword, the CLI displays all possible keywords with a brief description
for each keyword. For example:
<Sysname> terminal ?
debugging Send debug information to terminal
logging Send log information to terminal
monitor Send information output to current terminal
trapping Send trap information to terminal
4
If ? is at the position of an argument, the CLI displays a description about this argument. For
example:
<Sysname> system-view
[Sysname] interface vlan-interface ?
<1-4094> VLAN interface number
[Sysname] interface vlan-interface 1 ?
<cr>
[Sysname] interface vlan-interface 1
The string <cr> indicates that the command is a complete command, and you can execute the
command by pressing Enter.
3. If you enter an incomplete character string followed by a ?, the CLI displays all commands starting
with the typed character(s).
<Sysname> f?
fdisk
fixdisk
format
free
ftp
<Sysname> display ftp?

ftp
ftp-server
ftp-user
Entering commands
Editing command lines
Table 2 lists some shortcut keys you can use to edit command lines.
Table 2 Editing functions
Key Function
If the edit buffer is not full, pressing a common key inserts the character at the
Common keys
position of the cursor and moves the cursor to the right.
Deletes the character to the left of the cursor and moves the cursor back one
Backspace
character.
Left arrow key or Ctrl+B The cursor moves one character space to the left.
Right arrow key or Ctrl+F The cursor moves one character space to the right.
5
Key Function
If you press Tab after entering part of a keyword, the system automatically
completes the keyword:
• If finding a unique match, the system substitutes the complete keyword for
the incomplete one and displays it in the next line.
Tab
• If there is more than one match, you can press Tab repeatedly to display
in cycles all the keywords starting with the character string that you typed.
• If there is no match, the system does not modify the incomplete keyword
and displays it again in the next line.
Entering incomplete keywords

You can input a command comprising incomplete keywords that can uniquely identify the complete
command.
In user view, for example, commands starting with an s include startup saved-configuration and
system-view.
• To go to system view, enter sy.
• To set the configuration file to be used at the next startup, enter st s.
You can also press Tab to have an incomplete keyword automatically completed.
Configuring command keyword aliases

The command keyword alias function allows you to replace the first keyword of a non-undo command or
the second keyword of an undo command with your preferred keyword. For example, if you configure
show as the alias for the display keyword, you can enter show instead of display to execute a display
command.
Configuration guide
• When you define a keyword alias, you must enter the cmdkey and alias arguments in their complete
form.
• When you enter a keyword alias, the system displays and saves the keyword instead of its alias.
• When you press Tab after entering part of an alias, the keyword is displayed.
• If you enter a string that partially matches a keyword and an alias, the command indicated by the
alias is executed. To execute the command indicated by the keyword, enter the complete keyword.
• When you enter a string that partially matches multiple aliases, the system gives you prompts.
• You can substitute an alias for only the first keyword of a non-undo command or the second
keyword of an undo command.
Configuration procedure
To configure command keyword aliases:
Step Command Remarks

1. Enter system view. system-view N/A
2. Enable the command By default, the command keyword
keyword alias function. command-alias enable
alias function is disabled.
6
3. Configure a command command-alias mapping cmdkey
keyword alias. Not configured by default.
alias
Configuring CLI hotkeys

To configure CLI hotkeys:

Optional.
hotkey { CTRL_G | CTRL_L |
5. Configure CLI hotkeys. CTRL_O | CTRL_T | CTRL_U } The Ctrl+G, Ctrl+L and Ctrl+O
command hotkeys are specified at the CLI by
default.
display hotkey [ | { begin |

6. Display hotkeys. Available in any view. See Table 3
exclude | include }
for hotkeys reserved by the system.
regular-expression ]
NOTE:
By default, the Ctrl+G, Ctrl+L and Ctrl+O hotkeys are associated with pre-defined commands and the
Ctrl+T and Ctrl+U hotkeys are not.
• Ctrl+G corresponds to the display current-configuration command.
• Ctrl+L corresponds to the display ip routing-table command.
• Ctrl+O corresponds to the undo debugging all command.
Table 3 Hotkeys reserved by the system
Hotkey Function
Ctrl+A Moves the cursor to the beginning of the current line.
Ctrl+B Moves the cursor one character to the left.
Ctrl+C Stops performing a command.
Ctrl+D Deletes the character at the current cursor position.
Ctrl+E Moves the cursor to the end of the current line.
Ctrl+F Moves the cursor one character to the right.
Ctrl+H Deletes the character to the left of the cursor.
Ctrl+K Terminates an outgoing connection.
Ctrl+N Displays the next command in the history command buffer.
Ctrl+P Displays the previous command in the history command buffer.
Ctrl+R Redisplays the current line information.
Ctrl+V Pastes the content in the clipboard.
Ctrl+W Deletes all the characters in a continuous string to the left of the cursor.
Ctrl+X Deletes all the characters to the left of the cursor.
7
Hotkey Function
Ctrl+Y Deletes all the characters to the right of the cursor.
Ctrl+Z Exits to user view.
Ctrl+] Terminates an incoming connection or a redirect connection.
Esc+B Moves the cursor to the leading character of the continuous string to the left.
Deletes all the characters of the continuous string at the current cursor position and
Esc+D
to the right of the cursor.
Esc+F Moves the cursor to the front of the next continuous string to the right.
Esc+N Moves the cursor down by one line (available before you press Enter)
Esc+P Moves the cursor up by one line (available before you press Enter)
Esc+< Specifies the cursor as the beginning of the clipboard.
Esc+> Specifies the cursor as the ending of the clipboard.
NOTE:
The hotkeys in the table above are defined by the switch. If the same hotkeys are defined by the terminal
software that you use to interact with the switch, the hotkeys defined by the terminal software take effect.
Enabling redisplaying of entered but not submitted commands

After you enable redisplaying of entered but not submitted commands:
• If you entered nothing at the command-line prompt before the system outputs system information
such as logs, the system does not display the command-line prompt after the output.
• If you entered some information (except Yes or No for confirmation), the system displays a line
break and then displays what you have entered after the output.
To enable redisplaying of entered but not submitted commands:

2. Enable redisplaying of
entered but not submitted info-center synchronous Disabled by default.
commands.
NOTE:
For more information about the info-center synchronous command, see Network Management and
Monitoring Command Reference.
Understanding command-line errors

If a command line contains syntax errors, the CLI reports error messages. Table 4 lists some common
command-line messages.
8
Table 4 Common command-line error messages
Error message Cause
% Unrecognized command found at '^' position. The command was not found.
% Incomplete command found at '^' position. Incomplete command
% Ambiguous command found at '^' position. Ambiguous command
Too many parameters Too many parameters
% Wrong parameter found at '^' position. Wrong parameters
Using the command history function

The CLI automatically saves the commands recently used in the history command buffer. You can access
and execute them again.
Accessing history commands

Task Command
display history-command [ | { begin | exclude | include }
Display history commands.
Display the previous history command. Up arrow key or Ctrl+P
Display the next history command. Down arrow key or Ctrl+N
NOTE:
You can use arrow keys to access history commands in Windows 200X and XP Terminal or Telnet.
However, in Windows 9X HyperTerminal, you need to use Ctrl+P or Ctrl+N, because they are defined
differently and the up and down arrow keys are invalid.
• The commands saved in the history command buffer are in the same format in which you typed the
commands. If you enter an incomplete command, the command saved in the history command
buffer is also incomplete.
• If you execute the same command repeatedly, the switch saves the earliest record. However, if you
execute the same command in different formats, the system saves them as different commands. For
example, if you execute the display cu command repeatedly, the system saves only one command
in the history command buffer. If you execute the command in the format of display cu and display
current-configuration respectively, the system saves them as two commands.
• By default, the CLI can save up to 10 commands for each user. To set the capacity of the history
command buffer for the current user interface, use the history-command max-size command. (For
more information about the history-command max-size command, see Fundamentals Command
Reference.
Configuring the history buffer size

To configure the history buffer size:
9
user-interface { first-num1
2. Enter user interface view. [ last-num1 ] | { aux | console | tty N/A
| vty } first-num2 [ last-num2 ] }
3. Set the maximum number of Optional.

commands that can be saved history-command max-size
size-value By default, the history buffer can
in the history buffer. save up to 10 commands.
NOTE:
For more information about the user-interface and history-command max-size commands, see
Fundamentals Command Reference.
Controlling the CLI output

Pausing between screens of output
If the output information is more than one screen, the system automatically pauses after displaying a
screen. By default, up to 24 lines can be displayed on a screen. To change the screen length, use the
screen-length command. For more information about the screen-length command, see Fundamentals
Command Reference.
Keys for controlling output

Table 5 Keys for controlling output
Keys Function
Space Displays the next screen.
Enter Displays the next line.
Ctrl+C Stops the displaying and aborts the command execution.
<PageUp> Displays the previous page.
<PageDown> Displays the next page.
Disabling pausing between screens of output

Use the following command to disable pausing between screens of output for the current session. Then,
all output information is displayed at one time and the screen is refreshed continuously until the last
screen is displayed.
To disable pausing between screens of output for the current session:
10
By default, a login user uses the
settings of the screen-length
command. The default settings of the
screen-length command are:
pausing between screens of output
Disable pausing between screens is enabled and up to 24 lines are
screen-length disable displayed on the next screen.
of output for the current session.
This command is executed in user
view, and takes effect for the current
session only. When you relogs into
the switch, the default configuration
is restored.
Filtering the output information of a display command

Introduction
You can filter output information of a display command by using the following methods:
• Following the display command, enter the begin, exclude, or include keyword plus a regular
expression .
• When the system pauses after displaying a screen of output information, use /, - or + plus a regular
expression to filter subsequent output information. / equals the keyword begin, - equals the
keyword exclude, and + equals the keyword include.
The following definitions apply to the begin, exclude, and include keywords:
• begin—Displays the first line that matches the specified regular expression and all lines that follow.
• exclude—Displays all lines that do not match the specified regular expression.
• include—Displays all lines that match the specified regular expression.
A regular expression is a case-sensitive string of 1 to 256 characters, and supports some special
characters.
Table 6 Special characters supported in a regular express
Character Meaning Remarks

For example, regular expression “ûser” only
Starting sign. string appears only at
^string matches a string beginning with “user”, not
the beginning of a line.
“Auser”.
Ending sign. string appears only at For example, regular expression "user$” only
string$
the end of a line. matches a string ending with “user”, not “userA”.
Matches any single character, such

. as a single character, a special For example, “s” matches both “as” and “bs”.
character, and a blank.
Matches the preceding character or

For example, “zo*” matches “z” and “zoo”;
* character group zero or multiple
“(zo)*” matches “zo” and “zozo”.
times.
Matches the preceding character or

For example, “zo+” matches “zo” and “zoo”, but
+ character group one or multiple
not “z”.
times
11
Matches the preceding or For example, “def|int” only matches a character
|
succeeding character string string containing “def” or “int”.
If it is at the beginning or the end of a

regular expression, it equals ^ or $. For example, “a_b” matches “a b” or “a(b”; “_ab”
_ In other cases, it equals comma, only matches a line starting with “ab”; “ab_” only
space, round bracket, or curly matches a line ending with “ab”.
bracket.
It connects two values (the smaller

one before it and the bigger one For example, “1-9” means 1 to 9 (inclusive); “a-h”
-
after it) to indicate a range together means a to h (inclusive).
with [ ].
For example, [16A] matches a string containing

any character among 1, 6, and A; [1-36A] matches
a string containing any character among 1, 2, 3, 6,
Matches a single character and A (- is a hyphen).
[]
contained within the brackets. “]” can be matched as a common character only
when it is put at the beginning of characters within
the brackets, for example [ ]string]. There is no such
limit on “[”.
For example, (123A) means a character group

A character group. It is usually used
() “123A”; “408(12)+” matches 40812 or
with “+” or “*”.
408121212. But it does not match 408.
Repeats the character string

specified by the index. A character
string refers to the string within () For example, (string)\1 repeats string, and a
before \. index refers to the matching string must contain stringstring.
sequence number (starting from 1 (string1)(string2)\2 repeats string2, and a
\index from left to right) of the character matching string must contain string1string2string2.
group before \. If only one character (string1)(string2)\1\2 repeats string1 and string2
group appears before \, index can respectively, and a matching string must contain
only be 1; if n character groups string1string2string1string2.
appear before index, index can be
any integer from 1 to n.
For example, [^16A] means to match a string

containing any character except 1, 6 or A, and the
Matches a single character not matching string can also contain 1, 6 or A, but
[^]
contained within the brackets. cannot contain these three characters only. For
example, [^16A] matches “abc” and “m16”, but
not 1, 16, or 16A.
Matches a character string starting For example, “\<do” matches word “domain” and
\<string
with string. string “doa”.
Matches a character string ending For example, “do\>” matches word “undo” and
string\>
with string. string “abcdo”.
Matches character1character2.
For example, “\ba” matches “-a” with “-“ being
character1 can be any character
\bcharacter2 character1, and “a” being character2, but it does
except number, letter or underline,
not match “2a” or “ba”.
and \b equals [Â-Za-z0-9_].
12
Matches a string containing
For example, “\Bt” matches “t” in “install”, but not
\Bcharacter character, and no space is allowed
“t” in “big top”.
before character.
Matches character1character2.
For example, “v\w” matches “vlan”, with “v” being
character2 must be a number, letter,
character1\w character1, and “l” being character2. v\w also
or underline, and \w equals
matches “service”, with “i” being character2.
[Â-Za-z0-9_].
For example, “\Wa” matches “-a”, with “-” being

\W Equals \b. character1, and “a” being character2, but does not
match “2a” or “ba”.
Escape character. If a special

For example, “\\” matches a string containing “\”,
character listed in this table follows
\ “\^” matches a string containing “^”, and “\\b”
\, the specific meaning of the
matches a string containing “\b”.
character is removed.
Output information filtering examples

1. Example for using the begin keyword
# Display the configuration from the line containing “user-interface” to the last line in the current
configuration (the output information depends on the current configuration).
<Sysname> display current-configuration | begin user-interface
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode none
user privilege level 3
#
return
2. Example for using the exclude keyword
# Display the non-direct routes in the routing table (the output depends on the current
configuration).
<Sysname> display ip routing-table | exclude Direct
Routing Tables: Public
Destination/Mask Proto Pre Cost NextHop Interface
1.1.1.0/24 Static 60 0 192.168.0.0 Vlan1

3. Example for using the include keyword
# Display the route entries that contain Vlan in the routing table (the output depends on the current
configuration).
<Sysname> display ip routing-table | include Vlan
Routing Tables: Public
Destination/Mask Proto Pre Cost NextHop Interface
192.168.1.0/24 Direct 0 0 192.168.1.42 Vlan999
13
Configuring user privilege and command levels
Introduction
To avoid unauthorized access, the switch defines user privilege levels and command levels. User privilege
levels correspond to command levels. When a user at a specific privilege level logs in, the user can only
use commands at that level, or lower levels.
All the commands are categorized into four levels: visit, monitor, system, and manage, and are identified
from low to high, respectively by 0 through 3. Table 7 describes the command levels.
Table 7 Default command levels
Level Privilege Description

Involves commands for network diagnosis and commands for accessing an
external device. Configuration of commands at this level cannot survive a device
0 Visit restart. Upon device restart, the commands at this level will be restored to the
default settings.
Commands at this level include ping, tracert, telnet and ssh2.
Involves commands for system maintenance and service fault diagnosis.

Commands at this level are not saved after being configured. After the switch is
1 Monitor restarted, the commands at this level will be restored to the default settings.
Commands at this level include debugging, terminal, refresh, and send.
Provides service configuration commands, including routing configuration

commands and commands for configuring services at different network levels.
2 System
By default, commands at this level include all configuration commands except for
those at manage level.
Involves commands that influence the basic operation of the system and
commands for configuring system support modules.
3 Manage By default, commands at this level involve the configuration commands of file
system, FTP, TFTP, Xmodem download, user management, level setting, and
parameter settings within a system (which are not defined by any protocols or
RFCs).
Configuring the user privilege level

A user privilege level can be configured by using AAA authentication parameters or under a user
interface.
Configure the user privilege level by using AAA authentication parameters

If the authentication mode of a user interface is scheme, the user privilege level of users logging into the
user interface is specified in AAA authentication configuration.
To configure the user privilege level by using AAA authentication parameters:

14
2. Enter user interface view. [ last-num1 ] | { aux | console | N/A
vty } first-num2 [ last-num2 ] }
By default, the authentication

3. Specify the scheme mode for VTY and AUX users is
authentication mode. authentication-mode scheme password, and no authentication is
needed for console and TTY login
users.
4. Return to system view. quit N/A
5. Configure the authentication Required if users use SSH to log in,
mode for SSH users as For more information, see Security
and username and password are
password. Configuration Guide.
needed at authentication.
• To use local authentication:
a. Use the local-user
command to create a
local user and enter local User either approach.
user view. For local authentication, if you do
b. Use the level keyword in not configure the user privilege
6. Configure the user privilege the level, the user privilege level is 0.
level by using AAA authorization-attribute For remote authentication, if you
authentication parameters. command to configure the do not configure the user privilege
user privilege level. level, the user privilege level
• To use remote authentication depends on the default
(RADIUS, HWTACACS, or configuration of the authentication
LDAP): server.
Configure the user privilege
level on the authentication
server
Example for configuring the user privilege level by using AAA authentication parameters
# You are required to authenticate the users that telnet to the switch through VTY 1, verify their
username and password, and specify the user privilege level as 3.
[Sysname] user-interface vty 1
[Sysname-ui-vty1] authentication-mode scheme
[Sysname-ui-vty1] quit
[Sysname] local-user test
[Sysname-luser-test] password cipher 12345678
[Sysname-luser-test] service-type telnet
When users telnet to the switch through VTY 1, they must enter username test and password
12345678. After passing the authentication, the users can only use the commands of level 0. If the
users want to use commands of levels 0, 1, 2 and 3, the following configuration is required:
[Sysname-luser-test] authorization-attribute level 3
Configure the user privilege level under a user interface

• If the authentication mode of a user interface is scheme, and SSH publickey authentication type
(only username is needed for this authentication type) is adopted, the user privilege level of users
logging into the user interface is the user interface level.
15
• If the authentication mode of a user interface is none or password, the user privilege level of users
logging into the user interface is the user interface level.
To configure the user privilege level under a user interface (SSH publickey authentication type):

Required if the SSH login mode is
adopted, and only username is
1. Configure the authentication needed during authentication.
type for SSH users as For more information, see Security
Configuration Guide. After the configuration, the
publickey. authentication mode of the
corresponding user interface must
be set to scheme.
3. Enter user interface view. [ last-num1 ] | vty first-num2 N/A
[ last-num2 ] }
4. Configure the authentication By default, the authentication
mode for any user that uses mode for VTY and AUX users is
the current user interface to authentication-mode scheme
password, and no authentication is
log in to the switch. needed for console and TTY users.
Optional.
5. Configure the privilege level By default, the user privilege level
for users that log in through user privilege level level for users logged in through the
the current user interface. console user interface is 3, and
that for users logged in through the
other user interfaces is 0.
To configure the user privilege level under a user interface (none or password authentication mode):

2. Enter user interface view. [ last-num1 ] | { aux | console | tty N/A
| vty } first-num2 [ last-num2 ] }
Optional.
3. Configure the authentication By default, the authentication
mode for any user that uses authentication-mode { none | mode for VTY and AUX user
the current user interface to password } interfaces is password, and no
log in to the switch. authentication is needed for
console and TTY login users.
Optional.
4. Configure the privilege level By default, the user privilege level
of users logged in through the user privilege level level for users logged in through the
current user interface. console user interface is 3, and
that for users logged in through the
other user interfaces is 0.
16
Example for configuring the user privilege level under a user interface
# Display the commands that a Telnet user can use after login by default.
<Sysname> ?
User view commands:
display Display current system information
ping Ping function
# Configure the switch to perform no authentication for Telnet users, and to authorize
authenticated Telnet users to use the commands of privilege levels 0 and 1. (Use no authentication
mode only in a secure network environment.)
[Sysname] user-interface vty 0 4
[Sysname-ui-vty0-4] authentication-mode none
[Sysname-ui-vty0-4] user privilege level 1
# Display the commands that a Telnet user can use after login. Because the user privilege level is
1, a Telnet user can use more commands now.
<Sysname> ?
User view commands:
debugging Enable system debugging functions
dialer Dialer disconnect
graceful-restart Graceful restart
ipc Interprocess communication
oap Open application platform operation
ping Ping function
refresh Do soft reset
reset Reset operation
screen-length Specify the lines displayed on one screen
send Send information to other user terminal interface
terminal Set the terminal line characteristics
tracert Trace route function
undo Cancel current setting
# Configure the switch to perform password authentication for Telnet users, and to authorize
authenticated Telnet users to use the commands of privilege levels 0, 1. and 2.
[Sysname-ui-vty1] authentication-mode password
[Sysname-ui-vty0-4] set authentication password cipher 12345678
After the configuration, when users telnet to the switch, they need to input the password 12345678.
After passing authentication, they can use commands of levels 0, 1, and 2.
17
NOTE:
• For more information about user interfaces, see the chapter “Logging in to the CLI.” For more
information about the user-interface, authentication-mode, and user privilege level commands, see
• For more information about AAA authentication, see Security Configuration Guide. For more
information about the local-user and authorization-attribute commands, see Security Command
Reference.
• For more information about SSH, see Security Configuration Guide.
Switching the user privilege level

Introduction
Users can switch to a different user privilege level temporarily without logging out and terminating the
current connection. After the privilege level switching, users can continue to configure the switch without
relogging in, but the commands that they can execute have changed. For example, if the current user
privilege level is 3, the user can configure system parameters. After switching to user privilege level 0, the
user can only execute simple commands, like ping and tracert, and only a few display commands. The
switching operation is effective for the current login. After the user relogs in, the user privilege restores to
the original level.
• To avoid problems, H3C recommends that administrators log in to the switch by using a lower
privilege level and view switch operating parameters, and when they have to maintain the switch,
they can switch to a higher level temporarily
• If the administrators need to leave for a while or ask someone else to manage the switch temporarily,
they can switch to a lower privilege level before they leave to restrict the operation by others.
Setting the authentication mode for user privilege level switching

• A user can switch to a privilege level equal to or lower than the current one unconditionally and is
not required to input a password (if any).
• For security, a user is required to input the password (if any) to switch to a higher privilege level. The
authentication falls into one of the following four categories:
Authentication
Meaning Description
mode
The switch authenticates a user by using the privilege level switching
Local password password input by the user.
local
authentication When this mode is applied, you need to set the password for
privilege level switching with the super password command.
The switch sends the username and password for privilege level
switching to the HWTACACS or RADIUS server for remote
authentication.
Remote AAA When this mode is applied, you need to perform the following
authentication configurations:
scheme through
• Configure HWTACACS or RADIUS scheme and reference the
HWTACACS or
created scheme in the ISP domain. For more information, see
RADIUS
Security Configuration Guide.
• Create the corresponding user and configure password on the
HWTACACS or RADIUS server.
18
Authentication
Meaning Description
mode
Performs the local
The switch authenticates a user by using the local password first,
password
and if no password for privilege level switching is set, for the user
authentication first
local scheme logged in from the console port, the privilege level is switched
and then the
directly; for the user logged in from any of the AUX, TTY, or VTY user
remote AAA
interfaces, the AAA authentication is performed.
authentication
Performs remote
AAA AAA authentication is performed first, and if the remote
authentication first HWTACACS or RADIUS server does not respond or AAA
scheme local
and then the local configuration on the switch is invalid, the local password
password authentication is performed.
authentication
To set the authentication mode for user privilege level switching:

2. Set the authentication mode
super authentication-mode { local Optional.
for user privilege level
switching. | scheme } * local by default.
Required if the authentication

mode is set to local (specify the
3. Configure the password for super password [ level user-level ] local keyword when setting the
user privilege level switching. { simple | cipher } password authentication mode)
By default, no privilege level
switching password is configured.
CAUTION:
• If no user privilege level is specified when you configure the password for switching the user privilege
level with the super password command, the user privilege level defaults to 3.
• If you specify the simple keyword, the password is saved in the configuration file in plain text, which is
easy to be stolen. If you specify the cipher keyword, the password is saved in the configuration file in
cipher text, which is safer.
• If the user logs in from the console user interface (the console port or the AUX port used as the console
port), the privilege level can be switched to a higher level, although the authentication mode is local,
and no user privilege level password is configured.
Switching the user privilege level

To switch the user privilege level:

When logging in to the switch, a
user has a user privilege level,
Switch the user privilege level. super [ level ] which depends on user interface or
authentication user level.
Available in user view.
19
When you switch the user privilege level, the information you must provide varies with combinations of
the user interface authentication mode and the super authentication mode.
Table 8 Information input for user privilege level switching
User privilege level

User interface
switching Information input for the Information input after the
authentication
authentication first authentication mode authentication mode changes
mode
mode
Local user privilege level
local switching password N/A
(configured on the switch).
Username and password for

local scheme privilege level switching
switching password.
none/password (configured on the AAA server).
Username and password for

scheme N/A
privilege level switching.
Username and password for Local user privilege level

scheme local
privilege level switching. switching password.

local N/A
switching password.
Password for privilege level

switching (configured on the
Local user privilege level AAA server). The system uses the
local scheme
switching password. username used for logging in as
the privilege level switching
username.

scheme switching (configured on the
AAA server). The system uses
scheme N/A
the username used for
logging in as the privilege
level switching username.

switching (configured on the
AAA server). The system uses Local user privilege level
scheme local
the username used for switching password.
logging in as the privilege
level switching username.
CAUTION:
• When the authentication mode is set to local, configure the local password before switching to a higher
user privilege level.
• When the authentication mode is set to scheme, configure AAA related parameters before switching to
a higher user privilege level.
• The privilege level switching fails after three consecutive unsuccessful password attempts.
• For more information about user interface authentication, see the chapter “Configuring user interfaces.”
20
Modifying the level of a command
All the commands in a view default to different levels. The administrator can change the default level of
a command to a lower level or a higher level as needed.
To modify the command level:

2. Configure the command level command-privilege level level view
in a specified view. See Table 7 for the default settings.
view command
CAUTION:
H3C recommends you to use the default command level or modify the command level under the guidance
of professional staff. An improper change of the command level may bring inconvenience to your
maintenance and operation, or even potential security problems.
Saving the current configuration

You can input the save command in any view to save all the submitted and executed commands into the
configuration file. Commands saved in the configuration file can survive a reboot. The save command
does not take effect on one-time commands, such as display commands, which display specified
information, and the reset commands, which clear specified information. The one-time commands
executed are never saved.
Displaying and maintaining CLI

display command-alias [ | { begin
Display defined command aliases
| exclude | include } Available in any view
and the corresponding commands.
display clipboard [ | { begin |

Display the clipboard information. exclude | include } Available in any view
21
Logging in to the CLI
Login methods
You can enter the CLI of your router in the following ways to configure and manage your router.
Table 9 Login methods
Login method Default settings

By default, you can log in to your router through the console port, the
Logging in through the console port authentication mode is None (no username or password required),
and the user privilege level is 3.
By default, you cannot log in to your router through the AUX port. To
do so, log in to your router through the console port, and complete the
following configurations:
Logging in through the AUX port • Configure the authentication mode of AUX login users (password
by default).
• Configure the user privilege level of AUX login users (0 by default).
By default, you cannot log in to your router through Telnet. To do so,

log in to your router through the console port, and complete the
following configurations:
• Enable the Telnet function of your router.
• Configure the IP address of the network management port or
Logging in through Telnet Ethernet interface of your router, and make sure that your router
and the Telnet client can reach each other (by default, your router
does not have an IP address.).
• Configure the authentication mode of VTY login users (password
by default).
• Configure the user privilege level of VTY login users (0 by default).
By default, you cannot log in to your router through SSH. To do so, log
in to your router through the console port, and complete the following
configurations:
• Enable the SSH server function of your router. By default, the SSH
server function is disabled.
• Configure the IP address of the network management port or VLAN
Logging in through SSH interface of your router, and make sure that your router and the
SSH client can reach each other (by default, your router does not
have an IP address.).
• Configure the authentication mode of VTY login users as scheme
(password by default).
• Configure the user privilege level of VTY login users (0 by default).
22
Login method Default settings
By default, you cannot log in to your router by using modems through
the AUX port. To do so, log in to your router through the console port,
and complete the following configurations:
Logging in through the AUX port by
using modems • Configure the authentication mode of AUX login users (password
by default).
• Configure the user privilege level of AUX login users (0 by default).
Logging in through the console port

Introduction
Logging in through the console port is the most common way to log in to a router. It is also the
prerequisite to configure other login methods. By default, you can log in to the router through its console
port only.
To log in to the router through its console port, the related configuration of the user terminal must be in
accordance with that of the console port.
Table 10 Default settings of a console port
Setting Default
Bits per second 9600 bps
Flow control None
Parity None
Stop bits 1
Data bits 8
1. As shown in Figure 4, use the console cable shipped with the router to connect the serial port of the
PC or terminal to the console port of your router.
Figure 4 Setting up a configuration environment
2. Launch a terminal emulation program, such as HyperTerminal in Windows XP or Windows 2000.

Here, HyperTerminal of Windows XP is used as an example. Select a serial port to be connected
to the router, and set terminal parameters in this way: set Bits per second to 9600, Data bits to 8,
Parity to None, Stop bits to 1, and Flow control to None, as shown in Figure 5 through Figure 7.
23
NOTE:
On Windows 2003 Server operating system, add the HyperTerminal program first, and then log in to and
manage the device as described in this document. On Windows 2008 Server, Windows 7, Windows
Vista, or some other operating system, obtain a third party terminal control program first, and follow the
user guide or online help of that program to log in to the device.
Figure 5 Connection description
Figure 6 Specifying the serial port used to establish the connection
24
Figure 7 Setting the properties of the serial port
3. Power on the router. You are prompted to press Enter if the router successfully completes the
power-on self test (POST). The following prompt appears when you press Enter:
<Sysname>
#May 24 09:27:29:947 2010 R5 SHELL/4/LOGIN:
Trap 1.3.6.1.4.1.25506.2.2.1.1.3.0.1<hh3cLogIn>: login from Console
%May 24 09:27:29:947 2010 R5 SHELL/5/SHELL_LOGIN: Console logged in from con0.
<Sysname>
4. Execute commands to configure the router or check the running status of the router. To get help,
enter ?.
After the steps above, you can enter the CLI to configure and manage your router. By default, users
that log in from the console port are not authenticated. For security, you are recommended to
change the authentication mode of the console port. The following describes how to configure
password authentication.
[Sysname]user-interface console 0
[Sysname-ui-console0]authentication-mode password
[Sysname-ui-console0]set authentication password cipher 123
After the configuration above, when users log in from the console port, they must enter
authentication password 123 to pass authentication and then log in to the router.
25
NOTE:
• You can set the authentication mode of console login users as to none or scheme (username and
password authentication). For more information about authentication modes, see “Configuring the
authentication mode.”
• When users log in from the console port, you can also set other login parameters besides the
authentication mode. For more information, see “Configuring asynchronous serial interface
attributes“ and “Configuring terminal attributes.”
Logging in through the AUX port

Configuration prerequisites
Modifying the default settings of the AUX port
Before logging in to your router through the AUX port, modify the default settings of the AUX port on the
console port. Otherwise, you cannot log in to your router.
To modify the default settings of the AUX port, follow these steps:
1. Log in to the router through the console port. (For more information, see “Configuration
procedure.”)
2. Set the authentication mode for AUX port login.
3. Set the command level to 3.
[Sysname] user-interface aux 0
[Sysname-ui-aux0] user privilege level 3
NOTE:
When users log in to the router through the AUX port, they can only access commands with the command
level 0 by default. For more information about command levels, see “Configuring user privilege level
under a user interface.”
Configuring terminal parameters

To log in to the router through its AUX port, the related configuration of the user terminal must be in
accordance with that of the AUX port.
Table 11 lists the default settings of an AUX port.
Table 11 Default settings of an AUX port
Setting Default
Bits per second 9,600 bps
Flow control None
Parity None
Stop bits 1
Data bits 8
26
1. As shown in Figure 8, use a console cable to connect the serial port of your PC (or terminal) to the
AUX port of your router.
2. Launch a terminal emulation program, such as HyperTerminal in Windows XP or Windows 2000.

Select a serial port to be connected to the router, and set terminal parameters in this way: set Bits
per second to 9600, Data bits to 8, Parity to None, Stop bits to 1, and Flow control to None, as
shown in Figure 9 through Figure 11.
NOTE:
On Windows 2003 Server operating system, you need to add the HyperTerminal program first, and then
log in to and manage the device as described in this document. On Windows 2008 Server, Windows 7,
Windows Vista, or some other operating system, you need to obtain a third party terminal control
program first, and follow the user guide or online help of that program to log in to the device.
Figure 9 Connection description
27
Figure 10 Specifying the serial port used to establish the connection
Figure 11 Setting the properties of the serial port
3. Power on the router. You are prompted to press Enter if the router successfully completes POST.
After you press Enter, a prompt, such as <sysname> (assuming that the router name is sysname),
is displayed.
<sysname>
4. Execute commands to configure the router or check the running status of the router. To get help,
enter ?.
28
After the steps above, you can enter the CLI to configure and manage the router.
Logging in through Telnet

Introduction
You can telnet to the router to remotely manage and maintain your it.
To log in to your router through Telnet, perform necessary configurations on both your router and the
Telnet client.
Table 12 Telnet login requirements
Router Requirement
• Configure the IP address of the network management or Ethernet interface
of the router, make sure that the router and the Telnet client can reach each
other.
Router • Enable the Telnet server by executing the telnet server enable command in
system view.
Configure the authentication mode for Telnet login. (For more information, see
“Configuring the authentication mode.”
Run the Telnet program.

Telnet client Obtain the IP address of the network management or Ethernet interface of the
router to log in.
Setting up a configuration environment

To log in to your router through Telnet, use either of the following methods:
• Use your PC as the Telnet client to telnet to your router and configure it
• Telnet from one router to another, with the local router as the Telnet client, and the remote router as
the Telnet server.
Telnetting to your router

1. Configure the IP address of the network management port of the router on the console port.
IMPORTANT:
You can also telnet to your router through a service port.
a. Set up a configuration environment through the console port. As shown in Figure 12, use a
console cable to connect the serial port of the PC to the console port of your router.
29
a. Launch a terminal emulation program, such as HyperTerminal in Windows XP or Windows
2000. Set the terminal parameters in this way: set Bits per second to 9600, Data bits to 8,
Parity to None, Stop bits to 1, and Flow control to None.
b. Power on the router. You are prompted to press Enter if the router successfully completes POST.
A prompt appears after you press Enter, as shown in Figure 13.
Figure 13 Configuration page
a. To configure the network management port of the router as 202.38.160.92/24, execute the
following commands on the hyper terminal:
[Sysname] interface M-Ethernet 0/0/0
[Sysname-M-Ethernet0/0/0] ip address 202.38.160.92 255.255.255.0
IMPORTANT:
If you Telnet to your router through its service port, configure the IP address of VLAN-interface 1 as
202.38.160.92/24 because the service port belongs to VLAN 1 by default.
2. Before telnetting to your router, perform necessary configurations on your router according to
different authentication modes. For more information, see “Configuring the authentication mode.”
3. Set up a configuration environment as shown in Figure 14: Connect the Ethernet port of the PC to
the network management port of your router. Make sure that the PC and router can reach each
other.
30
4. Run the Telnet program on the PC, and enter the IP address of the management port of the router,
as shown in Figure 15.
Figure 15 Running the Telnet program
5. If the authentication mode is password, the terminal displays “Login authentication”, and prompts
you to enter the configured login password. If your password is correct, a command line prompt
(for example, <Sysname>) is displayed. If “All user interfaces are used, please try later!” appears,
try again later.
6. Execute commands to configure the router, or check the running status of the router. To get help,
enter ?.
NOTE:
• When configuring your router through Telnet, do not delete or change the IP address of the network
management port or VLAN interface corresponding to the Telnet connection. Otherwise, the Telnet
connection may be terminated.
• Users that Telnet to the router can only execute command with level 0 by default. For more information
about command levels, see “Configuring user privilege level under a user interface.”
Telnetting from a router to another router

You can configure a router by telnetting from another router to it. The local router operates as the Telnet
client, and the remote router as the Telnet server. If the two routers are in the same LAN, you must
31
configure their IP addresses to be in the same segment, or make sure that the two routers can reach each
other.
Set up a configuration environment as shown in Figure 16. After you log in to the Telnet client, you can
execute the telnet command to log in to the Telnet server to configure and manage the server.
Figure 16 Telnetting from a router to another router
1. Configure the router that operates as the Telnet server.

a. Enable Telnet on the Telnet server.
To enable Telnet on the router:

2. Enable Telnet. telnet server enable Disabled by default.
b. Perform corresponding configurations on the Telnet server according to different

authentication modes. For more information, see “Configuring the authentication mode.”
2. Log in to the router that operates as the Telnet client.
3. Execute the telnet command on the Telnet client to log in to the router that operates as the Telnet
server.
<Sysname> telnet xxxx
xxxx is the host name, IP address, or VPN instance name of the router that operates as the Telnet
server. If it is a host name, it must be a host name configured with the ip host command.
To use a router as the Telnet client to log in to another router:

telnet remote-host [ service-port ]
Use the router to log in to another [ [ vpn-instance vpn-instance-name ] |
router in an IPv4 network. [ source { interface interface-type
interface-number | ip ip-address } ] ]
Available in user view
telnet ipv6 remote-host [ -i
Use the router to log in to another interface-type interface-number ]
router in an IPv6 network. [ port-number ] [ vpn-instance
vpn-instance-name ]
4. After login, a prompt appears (for example, <Sysname>). If the “All user interfaces are used,
please try later!” message is displayed, try again later.
5. Execute corresponding commands to configure the router, or check the running status of the router.
To get help, enter ?.
32
Logging in through SSH
Introduction
Secure Shell (SSH) offers an approach to log in to a remote device securely. By providing encryption and
strong authentication, SSH protects devices against malicious attacks such as IP spoofing and plain text
password interception. The router supports SSH, and you can log in to the switch through SSH to remotely
manage and maintain the router, as shown in Figure 17.
Figure 17 SSH login diagram
The following table shows the configuration requirements of SSH login.
Object Requirements
Configure the IP address of the SSH server, and make sure the SSH server and
SSH server client can reach each other.
Configure the authentication mode and other settings.
Run the SSH client program.

SSH client
Obtain the IP address of the SSH server.
The router can operate as either an SSH server or client.

As an SSH server:
• You can perform configurations on the SSH server to control SSH client login.
• By default, the router is disabled with the SSH server function. Before you can log in to the router
through SSH, you need to log in to the router through the console port and configure the
authentication mode, user level, and common settings.
As an SSH client:
• You can log in to an SSH sever from the client to perform operations on the server.
• By default, the switch is enabled with the SSH client function.
Logging in to the router from an SSH client

Log in to the router through the console port. For more information, see “Logging in through the console
port.”
To configure the router that serves as an SSH server:

1. Enters system view. system-view N/A
33
2. Create local key pair(s). By default, no local key pair(s) are

public-key local create { dsa | rsa }
created.
3. Enable the SSH server. ssh server enable By default, SSH server is disabled.
4. Exit to system view. quit N/A
5. Enter one or more VTY user user-interface vty first-number
interface views. N/A
[ last-number ]
6. Specify the scheme By default, authentication mode for
authentication mode. authentication-mode scheme
VTY user interfaces is password.
7. Enable the current user Optional.

interface to support either protocol inbound { all | ssh |
telnet } By default, both protocols are
Telnet, SSH, or both of them. supported.
9. Create a local user and enter
local user view. local-user user-name By default, no local user exists.
10. Set the local password. password { cipher | simple } By default, no local password is
password set.
11. Specifies the command level Optional.

of the local user. authorization-attribute level level
By default, the command level is 0.
12. Specify the service type for the By default, no service type is
local user. service-type ssh
specified.
ssh user username service-type

14. Create an SSH user, and stelnet authentication-type By default, no SSH user exists, and
specify the authentication { password | { any | no authentication mode is
mode for the SSH user. password-publickey | publickey } specified.
assign publickey keyname }
Optional.
15. Configure common settings
for VTY user interfaces. N/A See “Configuring terminal
attributes.”
NOTE:
• Login procedures from an SSH client to the router (SSH server) depend on the model of the device that
serves as the SSH client. For more information, see the user guide of the device that serves as the SSH
client.
• For more information about SSH, see Security Configuration Guide.
Configuring the SSH client to log in to the SSH server

Log in to the router through the console port. For more information, see “Logging in through the console
port.”
34
Figure 18 Logging in to another device from the current device
NOTE:
If the Telnet client and the Telnet server are not in the same subnet, make sure that the two devices can
reach each other.
To configure the SSH client to log in to the SSH server:

ssh2 server [ port-number ]
[ vpn-instance vpn-instance-name ]
[ identity-key { dsa | rsa } |
prefer-ctos-cipher { 3des | aes128
| des } | prefer-ctos-hmac { md5 | server is the IPv4 address or host
Log in to an IPv4 SSH server. md5-96 | sha1 | sha1-96 } | name of the server.
prefer-kex { dh-group-exchange | Available in user view.
dh-group1 | dh-group14 } |
prefer-stoc-cipher { 3des | aes128
| des } | prefer-stoc-hmac { md5 |
md5-96 | sha1 | sha1-96 } ] *
ssh2 ipv6 server [ port-number ]

[ identity-key { dsa | rsa } |
prefer-ctos-cipher { 3des | aes128
| des } | prefer-ctos-hmac { md5 | server is the IPv6 address or host
Log in to an IPv6 SSH server. md5-96 | sha1 | sha1-96 } | name of the server.
prefer-kex { dh-group-exchange | Available in user view.
dh-group1 | dh-group14 } |
prefer-stoc-cipher { 3des | aes128
| des } | prefer-stoc-hmac { md5 |
md5-96 | sha1 | sha1-96 } ] *
NOTE:
You can configure other settings for the router (SSH client) to work with the SSH server. For more
information, see Security Configuration Guide.
Logging in through the AUX port by using modems

Introduction
An administrator can use two modems and the Public Switched Telephone Network (PSTN) to remotely
maintain a remote router through its AUX port. This mode is applicable to remotely configure a router,
query logs and alarms, and locate faults through a PSTN when a network connection is broken.
35
To ensure a successful remote login to a router through the AUX port, perform necessary configurations
at both the router side and administrator side.
Table 13 Requirements on remote login through AUX port by using modem
Router Requirement
The PC is correctly connected to the modem.
The modem is connected to a telephone cable that works normally.

Administrator side
The telephone number of the modem connected to the AUX port of the remote router
is obtained.
The AUX port is correctly connected to the modem.
Configurations have been made on the modem.

Router side The modem is connected to a telephone cable that works properly.
Authentication modes are configured on the remote router. For more information,
see “Configuring the authentication mode.”
Configurations on the administrator side

Perform these configurations on the administrator side:
1. Correctly connect the PC and the modem.
2. Connect the modem to a telephone cable in good working condition.
3. Obtain the telephone number on the modem connected to the AUX port of the remote router.
Configurations on the router

Configuration on the modem that is directly connected to the router
Perform the following configurations on the modem that is directly connected to the router (no
configuration is needed on the modem connected to the terminal):
AT&F ----------------------- Restore the factory defaults
ATS0=1 ----------------------- Configure auto-answer on first ring
AT&D ----------------------- Ignore data Terminal Ready signals
AT&K0 ----------------------- Disable local flow control
AT&R1 ----------------------- Ignore Data Flow Control signals
AT&S0 ----------------------- Force DSR to remain on
ATEQ1&W ----------------------- Disable the modem from response to commands and save
the configuration
To verify your configuration, enter AT&V to display the configuration results.
NOTE:
The configuration commands and the output for different modems may be different. For more information,
see the user guide of your modem.
Configuration on the router

When configuring the router, note the following guidelines:
36
• The transmission speed on the AUX port is lower than that of the modem. Otherwise, packets may
be lost.
• Other attributes, such as parity check, stop bits, and data bits, of the AUX port are set to the default
values.
Setting up a configuration environment

1. Before logging in to your router by using modems, perform corresponding configurations on your
router. For more information, see “Modifying the default settings of the AUX port.”
2. Perform the following configurations on the modem that is directly connected to your router:
AT&F ----------------------- Factory defaults
ATS0=1 ----------------------- Auto-answer on first ring
AT&D ----------------------- Data Terminal Ready
AT&K0 ----------------------- Local flow control
AT&R1 ----------------------- Disables Receive Data Flow Control
AT&S0 ----------------------- DSR action select
ATEQ1&W ----------------------- Disables the modem's response to the command and
saves the configuration
To verify your configuration, execute the AT&V command to display the configuration results.
3. Set up a configuration environment as shown in Figure 19: connect the serial port of the PC and
the AUX port of the router to a modem respectively.
Modem serial cable
Modem
Telephone cable
IP network
Remote telephone
number: 12345678
4. On the PC, dial a number of the modem that is connected to the router to establish a connection
with the router, as shown in Figure 20 through Figure 22.
37
Figure 20 Connection Description
Figure 21 Entering the phone number
38
Figure 22 Dialing the number on the remote PC
5. If the authentication mode is password, a prompt (for example, sysname) appears when you enter
the configured password on the remote terminal. Then you can configure or manage the router. To
get help, enter ?.
39
Configuring user interfaces
User interface overview

Brief introduction
A user interface, also called line, enables you to manage and monitor sessions between the terminal and
the router when you log in to the router through the console port, AUX port, an asynchronous serial
interface, or through Telnet or SSH.
Asynchronous serial interfaces include the following two types:
• Synchronous/asynchronous serial interface operating in asynchronous mode, the interface index of
which begins with Serial.
• Dedicated asynchronous serial interface, the interface index of which begins with Async.
A single user interface corresponds to a single user interface view where you can configure a set of
parameters, such as whether to authenticate users at login, whether to redirect the requests to another
device, and the user privilege level after login.
When the user logs in through a user interface, the connection follows these parameter settings,
implementing centralized management of various sessions.
At present, the system supports the following CLI configuration methods:
• Local configuration via the console port
• Local or remote configuration via the AUX port (Auxiliary port)
• Local or remote configuration through Telnet or SSH
The CLI configuration methods correspond to the following types of user interfaces:
• Console user interface—Manages and monitors users that log in via the console port. The console
port is a line router port. The router provides console ports of EIA/TIA-232 DCE type.
• AUX user interface—Manages and monitors users that log in via the AUX port. The AUX port is also
a line router port. The router provides AUX ports of EIA/TIA-232 DTE type. The port is usually used
for dialup access via a modem.
• VTY (virtual type terminal) user interface—Manages and monitors users logging in via VTY. A VTY
port is a logical terminal line used when you access the router through Telnet or SSH. At present, the
router supports at most 16 concurrent VTY users.
Users and user interfaces

At a time, only one user can use a user interface. The configuration made in a user interface view applies
to any user logged in to that user interface. For example, if user A uses the console port to log in, the
configuration in the console port user interface view applies to user A. If user A logs in through VTY 1,
the configuration in the VTY 1 user interface view applies to user A.
A router can support multiple console ports, AUX ports, asynchronous serial interfaces, and Ethernet
interfaces or a combination of all of these. Hence, a router supports multiple user interfaces. These user
interfaces do not associate with specific users. When a user initiates a connection request, the system
40
automatically assigns an idle user interface with the smallest number to the user based on the login
method. During login, the configuration in the user interface view takes effect. The user interface varies
depending on the login method and login time.
Numbering user interfaces

User interfaces are numbered in two ways: absolute numbering and relative numbering.
Absolute numbering
Absolute numbering identifies a user interface or a group of different types of user interfaces. The
specified user interfaces are numbered from 0 with a step of 1 in this sequence: console, AUX, and VTY
user interfaces. You can use the display user-interface command without any parameters to view
supported user interfaces and their absolute numbers.
Relative numbering
Relative numbering enables you to specify a user interface or a group of user interfaces of a specific type.
The number is valid only when used under that type of user interface. It is invalid when used under any
other type of user interface.
Relative numbering numbers a user interface in the form of “user interface type + number”. The rules of
relative numbering are as follows:
• Console ports are numbered from 0 in the ascending order, with a step of 1.
• AUX ports are numbered from 0 in the ascending order, with a step of 1.
• VTYs are numbered from 0 in the ascending order, with a step of 1.
User interface configuration task list

Complete these tasks to configure a user interface:
Task Remarks
Configuring asynchronous serial interface attributes Optional
Configuring terminal attributes Optional
Configuring a command to be automatically executed Optional
Configuring user privilege level under a user interface Optional
Configuring access control on VTY user interfaces Optional
Configuring supported protocols on VTY user interfaces Optional
Configuring the authentication mode Optional
Configuring command authorization Optional
Configuring command accounting Optional
Defining shortcut keys for starting terminal sessions/aborting tasks Optional
Sending messages to the specified user interfaces Optional
Releasing the connection established on user interfaces Optional
41
Configuring asynchronous serial interface attributes
A serial interface contains the following key attributes:
• Transmission rate—Number of bits that the router transmits to the terminal per second. It measures
the transmission speed. Typically a higher transmission rate is used between closer distances for
communication.
• Data bits—Number of bits representing one character. The setting depends on the contexts to be
transmitted, For example, you can set it to 7 if standard ASCII characters are to be sent; set it to 8
if extended ASCII characters are to be sent.
• Parity check—An error checking technique to detect whether errors occurred in the data
transmission.
• Stop bits—The last bits transmitted in data transmission to unequivocally indicate the end of a
character. The more the bits are, the slower the transmission is.
These attribute settings must be consistent on two user interfaces for communication.
To configure asynchronous attributes of a serial interface:

2. Enter user interface view. [ last-num1 ] | { aux | console } N/A
first-num2 [ last-num2 ] }
3. Configure the transmission Optional.

rate. speed speed-value
9600 bps by default.
Optional.
4. Configure the data bits for 8 by default.
each character. databits { 5 | 6 | 7 | 8 }
The router does not support data
bits 5 and 6.
5. Configure a parity check parity { even | mark | none | odd Optional.

method. | space } None by default.
6. Configure the number of stop Optional.

bits transmitted per byte. stopbits { 1 | 1.5 | 2 }
1 by default.
Optional.
7. Configure the flow control By default, the flow control mode is

flow-control { hardware |
mode. none.
software | none }
The router does not support the
hardware and software keywords.
Configuring terminal attributes

To configure terminal attributes:

42
Optional.
3. Start the terminal service. shell The terminal service is enabled on
all user interfaces by default.
4. Set the idle-timeout
Optional.
disconnection function for idle-timeout minutes [ seconds ]
terminal users. 10 minutes by default.
Optional.
5. Set the number of lines on a By default, up to 24 lines of data

screen. screen-length screen-length are displayed on a screen.
A value of 0 disables pausing
between screens of output.
6. Set the display type of the Optional.

current user terminal. terminal type { ansi | vt100 }
ANSI by default.
7. Set the size of the history Optional.

command buffer of the user history-command max-size
size-value The history buffer can store 10
interface. commands by default.
8. Return to user view. return N/A
9. Lock the user interface to
Optional.
prevent unauthorized users lock
from using this interface. Disabled by default.
NOTE:
The system supports two types of terminal display: ANSI and VT100. If the terminal display of the router
and the client (for example, hyper terminal or Telnet terminal) is inconsistent or is set to ANSI, and if the
total number of the characters of the command line that is being used exceeds 80, anomalies such as
cursor corruption or abnormal display of the terminal display may occur on the client. Therefore, you are
recommended to set the display type of both the router and the client to VT100.
Configuring a command to be automatically

executed
The system automatically executes a command when a user logs in by using the user interface where the
auto-execute command command is configured. The system tears down the user connection after the
command completes. If the auto-execution command command triggers another task or connection, the
system does not tear down the user connection until the task completes or the triggered connection
breaks down.
A good example is configuring the auto-execute command telnet command to let users automatically
telnet to the specified host.
To configure auto-execute command:
43
2. Enter user interface view. [ last-num1 ] | { aux | vty } N/A
first-num2 [ last-num2 ] }
3. Configure the command to be By default, no command is set to be
automatically executed. auto-execute command command
automatically executed.
The auto-execute command command is not supported by the console port, or the AUX port when the
router has only one AUX port and no console port.
CAUTION:
The auto-execute command command may disable you from configuring the system through the user
interface to which the command is applied. Therefore, before configuring the command and saving the
configuration (by using the save command), make sure that you can access the router by other VTY,
console, or AUX user interfaces to remove the configuration in case a problem occurs.
Configuring user privilege level under a user

interface
User privilege levels restrict the access rights of different users to the router.
• If the authentication mode is scheme when a user logs in, which means username and password
are needed, and SSH public key authentication is adopted, the privilege level of the user is the user
interface level, which is configured in user interface view. The default user interface level is 0.
• If the authentication mode is none or password when a user logs in, which means no username is
needed, the privilege level of the user is the user interface level.
To configure the user privilege level under a user interface:

Optional.
3. Configure user’s privilege By default, users logging in
level under the current user user privilege level level through console port have a
interface. privilege level of 3; users logging
in through other user interfaces
have a privilege level of 0.
NOTE:
• For more information about user levels, see the chapter “Using the CLI.”
• The user privilege level can be configured under a user interface or by setting AAA authentication
parameters, and which configuration mode takes effect depends on the authentication mode at user
login. For more information, see the chapter “Using the CLI.”
44
Configuring access control on VTY user interfaces
You can configure access control on the VTY user interface by referencing an ACL. For more information
about ACL, see ACL and QoS Configuration Guide.
To control access to VTY user interfaces:

2. Enter VTY user interface view. [ last-num1 ] | vty first-num2 N/A
[ last-num2 ] }
• Reference a basic/advanced
ACL:
acl [ ipv6 ] acl-number Use either command.
3. Control access to the VTY user { inbound | outbound }
interface. No access control is set by
• Reference a WLAN/Ethernet default.
frame header ACL:
acl acl-number inbound
Configuring supported protocols on VTY user

interfaces
To configure supported protocols on the active VTY user interface:

2. Enter VTY user interface view. [ last-num1 ] | vty first-num2 N/A
[ last-num2 ] }
Optional.
3. Configure the supported Support for the pad keyword
protocols on the current user protocol inbound { all | pad | ssh
depends on the router model.
interface. | telnet }
By default, both Telnet and SSH
are supported.
CAUTION:
• If SSH is configured, you must set the authentication mode to scheme by using the authentication-mode
scheme command to guarantee a successful login. The protocol inbound ssh command fails if the
authentication mode is password or none.
• The protocols configured through the protocol inbound command take effect next time you log in
through that user interface.
45
Configuring the authentication mode
Authentication mode under a user interface determines whether to authenticate users that are logging in
through the user interface. The method enhances the security of the router. The router supports
authentication modes of none, password, and scheme.
• none—Requires no username and password when users log in through the specified user interface.
This mode is insecure.
• password—Requires password authentication on users that are logging in through the user
interface. Always set the password for this mode before terminating your current connection. Next
time when a user attempts to use the user interface to log in, an empty or wrong password fails the
login. If no authentication password is set for this mode on the AUX or VTY user interface, no user
can log in, and the system displays "Login password has not been set!" If no password is set on the
console user interface, login without a password is allowed.
• scheme—Requires username and password authentication on users that are logging in through the
user interface. Always set the username and password for this mode before terminating your current
connection. Next time when a user attempts to use the user interface to log in, an empty or wrong
username or password fails the login.
User authentication falls into local authentication and remote authentication. If local authentication is
adopted, configure a local user and the related parameters as shown in the table for configuring
authentication mode as scheme. If remote authentication is adopted, configure username and password
on the remote authentication server. For more information about the user authentication modes and
parameters, see Security Configuration Guide. By default, the router performs local authentication on
users. If you log in to the router through SSH, the rules apply to password authentication only. For more
information about SSH, see Security Configuration Guide.
To configure the authentication mode as none:

3. Configure not to authenticate
users that are logging in By default, password is for VTY
through the current user authentication-mode none and AUX logins, and none is for
interface. console logins.
To configure the authentication mode as password:

46
3. Configure to perform
password authentication on By default, password is for VTY
users that are logging in authentication-mode password and AUX logins, and none is for
through the current user console logins.
interface.
4. Set the local authentication set authentication password No local authentication password
password. { cipher | simple } password is set by default.
To configure the authentication mode as scheme (local authentication):

3. Configure to perform AAA
authentication on users that By default, password is for VTY
are logging in through the authentication-mode scheme and AUX logins, and none is for
current user interface. console logins.
Optional.
By default, users logging in
4. Set the user privilege level. See “Configuring user privilege through the console port have a
level under a user interface.” privilege level of 3; users logging
in through other user interfaces
have a privilege level of 0.
6. Set the authentication
username and enter local user No local user is set on the router by
local-user user-name
view. default.
7. Set the authentication password { cipher | simple }

password. N/A
password
Users logging in via VTY user

8. Set the service type that can service-type { ssh | telnet | interface use telnet or ssh service.
be used by users. terminal } * Users logging in via console or
AUX port use terminal service.
authorization-attribute { acl
acl-number | callback-number Optional.
9. Configure user attributes. callback-number | idle-cut minute By default, FTP/SFTP users can
| level level | user-profile access the router's root directory
profile-name | vlan vlan-id | with the user level 0.
work-directory directory-name } *
NOTE:
For more information about the local-user, password, service-type, and authorization-attribute
commands, see Security Command Reference.
47
Configuring command authorization
By default, command level for a login user depends on the user level. The user is authorized to execute
commands whose default level is not higher than the user level.
If you configure command authorization, the command level for a login user is determined by both the
user level and AAA authorization. If a user executes a command of the corresponding user level, the
authorization server checks whether the command is authorized. If yes, the command can be executed.
To configure command authorization, you must:
1. Configure the authentication mode as scheme, which requires both the username and password
for login authentication.
2. Enable command authorization.
3. Configure an HWTACACS scheme. Specify the IP addresses of the HWTACACS authorization
servers and other related parameters.
4. Configure the ISP domain to use the HWTACACS scheme for command line users. For more
information about HWTACACS configuration, see Security Configuration Guide.
To enable command authorization:

3. Enable command By default, command authorization

authorization. command authorization is disabled, and users can execute
commands without authorization.
Configuring command accounting

Command accounting allows the HWTACACS server to record all executed commands that are
supported by the router, regardless of the command execution result. This helps control and monitor user
operations on the router.
If command accounting is enabled and command authorization is not enabled, every executed
command is recorded on the HWTACACS server. If both command accounting and command
authorization are enabled, only the authorized and executed commands are recorded on the
HWTACACS server.
To configure command accounting, you must:
1. Enable command accounting.
2. Configure an HWTACACS scheme. Specify the IP addresses of the HWTACACS accounting
servers and other related parameters.
3. Configure the ISP domain to use the HWTACACS scheme for command line users. For more
information about HWTACACS configurations, see Security Configuration Guide.
To enable command accounting:
48
By default, command accounting is

3. Enable command accounting. disabled, and the accounting
command accounting
server does not record the
commands the users execute.
Defining shortcut keys for starting terminal

sessions/aborting tasks
To define shortcut keys for starting terminal sessions/aborting tasks:

Optional.
3. Define a shortcut key for
starting a terminal session. activation-key character Pressing Enter starts the terminal
session by default.
Optional.
4. Define a shortcut key for
aborting a task. escape-key { default | character } By default, the escape key
sequence Ctrl+C is to abort a task.
NOTE:
The activation-key command is not supported on the VTY user interface.
Sending messages to the specified user interfaces

To send messages to the specified user interfaces:

Send messages to the specified send { all | num1 | { aux | console
user interfaces. | vty } num2 }
49
Releasing the connection established on user
interfaces
Multiple users can log in to the system to simultaneously configure the router. In some circumstances,
when the administrator wants to make configurations without interruption from the users that have logged
in through other user interfaces, the administrator can execute the following commands to release the
connection established on the specified user interfaces.
To release the connection established on the user interfaces:

Release the connection established free user-interface { num1 | { aux |
on the specified user interfaces. console | vty } num2 }
NOTE:
You cannot use this command to release the connection that you are using.
Displaying and maintaining user interfaces

Display the Telnet configuration display telnet client configuration [ |
when the router serves as a Telnet { begin | exclude | include } Available in any view
client. regular-expression ]
Display information about all the

display users [ all ] [ | { begin | exclude |
user interfaces supported on the Available in any view
include } regular-expression ]
router.
display user-interface [ num1 | { aux |

Display information about the console | vty } num2 ] [ summary ] [ |
Available in any view
specified or all user interfaces. { begin | exclude | include }
User interface configuration examples

User authentication configuration example
Network requirements
As shown in Figure 23, three administrators need to access Device for device management: one through
a console port, one through an IP network, and one through a public switched telephone
network (PSTN).
Configure Device to:
• Perform no authentication for users who log in through the console port.
• Perform password authentication for users who log in through the IP network.
50
• Use the RADIUS server to authenticate users who log in through the PSTN, and use local
authentication as the backup.
• Assign different command levels to different types of users.
Figure 23 Network diagram
# Assign IP addresses to the interfaces on Device so that Device and Host B can reach each other and
Device and the RADIUS server can reach each other. (Details not shown)
# Enable the Telnet service on Device.
[Sysname] telnet server enable
# Configure Device to perform no authentication for users logging in through the console port and to
allow the users to use commands of privilege level 3 (all commands).
[Sysname] user-interface console 0
[Sysname-ui-console0] authentication-mode none
[Sysname-ui-console0] user privilege level 3
[Sysname-ui-console0] quit
# Configure Device to perform password authentication for users logging in to VTY user interfaces 0
through 4. Set the password to 123, and set the privilege level of the users to 2.
[Sysname-ui-vty0-4] authentication-mode password
[Sysname-ui-vty0-4] set authentication password cipher 123
[Sysname-ui-vty0-4] quit
# Configure Device to use AAA to authenticate users logging in to user interface VTY 5.
[Sysname] user-interface vty 5
[Sysname-ui-vty5] authentication-mode scheme
[Sysname-ui-vty5] quit
51
# Create a RADIUS scheme and configure the IP address and UDP port for the primary authentication
server for the scheme. Make sure that the port number is consistent with that on the RADIUS server. Set
the shared key for authentication packets to expert for the scheme and the RADIUS server type of the
scheme to extended. Configure Device to remove the domain name in the username sent to the RADIUS
server.
[Sysname] radius scheme rad
[Sysname-radius-rad] primary authentication 192.168.2.20 1812
[Sysname-radius-rad] key authentication expert
[Sysname-radius-rad] server-type extended
[Sysname-radius-rad] user-name-format without-domain
[Sysname-radius-rad] quit
# Configure the default ISP domain system to use RADIUS scheme rad for login users and use local
authentication as the backup.
[Sysname] domain system
[Sysname-isp-system] authentication login radius-scheme rad local
[Sysname-isp-system] authorization login radius-scheme rad local
[Sysname-isp-system] quit
# Add a local user named monitor, set the user password to 123, and specify to display the password
in cipher text. Authorize user monitor to use the Telnet service and specify the level of the user as 1, the
monitor level.
[Sysname] local-user monitor
[Sysname-luser-admin] password cipher 123
[Sysname-luser-admin] service-type telnet
[Sysname-luser-admin] authorization-attribute level 1
Command authorization configuration example

As shown in Figure 24, configure Device to use the HWTACACS server to authenticate and perform
command line authorization for users accessing the VTY interfaces 0 through 4, and use local
authentication and authorization as the backup.
HWTACACS server
192.168.2.20/24
IP network
Device
Host A
# Assign an IP address to Device so that Device and Host A, and Device and the HWTACACS server can
reach each other. (Details not shown)
52
# Configure Device to use AAA to control user access to VTY interfaces 0 through 4.
[Sysname-ui-vty0-4] authentication-mode scheme
# Enable command authorization to restrict the command level for login users.
[Sysname-ui-vty0-4] command authorization
# Create an HWTACACS scheme named tac and configure the IP address and TCP port for the primary
authorization server for the scheme. Make sure that the port number is consistent with that on the
HWTACACS server. Set the shared key for authentication packets to expert for the scheme and the
HWTACACS server type of the scheme to standard. Specify Device to remove the domain name in the
username that is sent to the HWTACACS server.
[Sysname] hwtacacs scheme tac
[Sysname-hwtacacs-tac] primary authentication 192.168.2.20 49
[Sysname-hwtacacs-tac] primary authorization 192.168.2.20 49
[Sysname-hwtacacs-tac] key authentication expert
[Sysname-hwtacacs-tac] key authorization expert
[Sysname-hwtacacs-tac] server-type standard
[Sysname-hwtacacs-tac] user-name-format without-domain
[Sysname-hwtacacs-tac] quit
# Configure the default ISP domain system to use HWTACACS scheme tac for login users and use local
authorization as the backup.
[Sysname-isp-system] authentication login hwtacacs-scheme tac local
[Sysname-isp-system] authorization command hwtacacs-scheme tac local
# Add a local user named monitor, set the user password to 123, and specify to display the password
in cipher text. Authorize user monitor to use the Telnet service and specify the level of the user as 1, that
is, the monitor level.
[Sysname] local-user monitor
[Sysname-luser-admin] password cipher 123
[Sysname-luser-admin] service-type telnet
[Sysname-luser-admin] authorization-attribute level 1
Command accounting configuration example

As shown in Figure 25, configure the device to send commands that login users execute to the
HWTACACS server to control and monitor user operations.
53
# Enable command accounting for users logging in through the console port.
[Sysname] user-interface console 0
[Sysname-ui-console0] command accounting
[Sysname-ui-console0] quit
# Enable command accounting for users logging in through Telnet or SSH.

[Sysname-ui-vty0-4] command accounting
# Create an HWTACACS scheme named tac and configure the IP address and TCP port for the primary
authorization server for the scheme. Make sure that the port number is consistent with that on the
HWTACACS server. Set the shared key for authentication packets to expert for the scheme. Specify
Device to remove the domain name in the username that is sent to the HWTACACS server.
[Sysname] hwtacacs scheme tac
[Sysname-hwtacacs-tac] primary accounting 192.168.2.20 49
[Sysname-hwtacacs-tac] key accounting expert
[Sysname-hwtacacs-tac] user-name-format without-domain
[Sysname-hwtacacs-tac] quit
# Create ISP domain system, and configure the ISP domain to use HWTACACS scheme tac for
accounting of command line users
[Sysname-isp-system] accounting command hwtacacs-scheme tac
54
Configuring FTP
FTP overview
Introduction to FTP
The File Transfer Protocol (FTP) is an application layer protocol for sharing files between server and client
over a TCP/IP network.
FTP uses TCP ports 20 and 21 for file transfer. Port 20 is used to transmit data, and port 21 to transmit
control commands. For more information about basic FTP operation, see RFC 959.
FTP transfers files in two modes:
• Binary mode—Transfers files as raw data, such as .app, .bin, and .btm files.
• ASCII mode—Transfers files as text, such as .txt, .bat, and .cfg files.
FTP operation
FTP adopts the client/server model. A device can function either as the client or as the server (as shown
in Figure 26).
• When the device serves as the FTP client, a user can telnet to it from a PC, and execute the ftp
command to establish a connection to the remote FTP server on the PC to upload/download files
to/from the PC.
• When the device serves as the FTP server, a user can FTP to the device from a PC that runs the FTP
client and upload/download files to/from the device.
When the device serves as the FTP client, perform the following configuration:
Table 14 Configuration when the device serves as the FTP client
Device Configuration Remarks

If the remote FTP server supports anonymous
FTP, the device can log in to it directly; if not,
Use the ftp command to establish the
Device (FTP client) the device must obtain the FTP username and
connection to the remote FTP server
password first to log in to the remote FTP
server.
Enable FTP server on the PC, and

PC (FTP server) configure the username, password, N/A
user privilege level, and so on.
When the device serves as the FTP server, perform the following configuration:
55
Table 15 Configuration when the device serves as the FTP server

Disabled by default.
Enable the FTP server function You can use the display ftp-server command to view the
FTP server configuration on the device.
Configure the username, password, authorized working

directory for an FTP user.
Device (FTP
server) Configure authentication and The device does not support anonymous FTP for security
authorization reasons. Therefore, you must use a valid username and
password. By default, authenticated users can access
the root directory of the device.
Configure the FTP server

Parameters such as the FTP connection timeout time
operating parameters
Use the FTP client program to log You can log in to the FTP server only after you input the
PC (FTP client)
in to the FTP server. correct FTP username and password.
CAUTION:
• Make sure that the FTP server and the FTP client can reach each other before establishing the FTP
connection.
• When you use IE to log in to the device serving as the FTP server, some FTP functions is not available. This
is because multiple connections are established during the login process but the device supports only
one connection at a time.
Configuring the FTP client

NOTE:
Only manage level users can use the ftp command to log in to an FTP server, enter FTP client view, and
execute directory and file related commands. However, whether the commands can be executed
successfully depends on the FTP server authorizations.
Establishing an FTP connection

Before you can access the FTP server, you must establish a connection from the FTP client to the FTP
server. You can either use the ftp command to establish the connection directly or use the open
command in FTP client view to establish the connection.
When using the ftp or ftp client source command, you can specify the source interface (such as a
loopback) or source IP address. The primary IP address of the specified source interface or the specified
source IP address is used as the source IP address of sent FTP packets.
The FTP client follows these rules to select the source IP address of packets sent to the FTP server:
• If no source IP address is specified, the IP address of the output interface of the route to the server
is used as the source IP address.
• The source IP address specified with the ftp client source or ftp command is used.
If you first use the ftp client source command to specify a source IP address and then use the ftp command
to specify another source IP address, the latter is used.
56
The source IP address specified with the ftp client source command applies to all FTP connections while
the one specified with the ftp command applies to the current FTP connection only.
To establish an IPv4 FTP connection:

Optional.
2. Specify the source IP address ftp client source { interface interface-type By default, the source IP
of sent FTP packets. interface-number | ip source-ip-address } address is determined
by the route from the FTP
client to the FTP server.
3. Return to user view. quit N/A

• (Approach 1) Log in to the remote FTP
server directly in user view:
ftp [ server-address [ service-port ]
Use either approach.
[ source { interface interface-type The ftp command is
4. Log in to the remote FTP interface-number | ip available in user view;
server. source-ip-address } ] ] and the open command
• (Approach 2) Log in to the remote FTP is available in FTP client
server indirectly in FTP client view: view.
a. ftp
b. open server-address [ service-port ]
NOTE:
• If no primary IP address is configured on the specified source interface, no FTP connection can be
established.
• If you use the ftp client source command to configure a source interface and then use it to configure a
source IP address, the source IP address overwrites the source interface, and vice versa.
To establish an IPv6 FTP connection:

ftp ipv6 [ server-address
[ service-port ] [ vpn-instance
Log in to the remote FTP server
vpn-instance-name ] [ source ipv6
directly in user view.
source-ipv6-address ] [ -i The ftp ipv6 command is available
interface-type interface-number ] ] in user view; and the open ipv6
command is available in FTP client
ftp ipv6
view.
Log in to the remote FTP server open ipv6 server-address
indirectly in FTP client view. [ service-port ] [ -i interface-type
interface-number ]
Managing directories on an FTP server

After a router serving as the FTP client has established a connection with the FTP server, you can create
or delete folders under the authorized directory of the FTP server. For more information about establishing
an FTP connection, see “Establishing an FTP connection.”
57
To manage the directories on an FTP server:
Task Command
Display detailed information about a directory or file on the
dir [ remotefile [ localfile ] ]
remote FTP server.
Query a directory or file on the remote FTP server. ls [ remotefile [ localfile ] ]
Change the working directory of the remote FTP server. cd { directory | .. | / }
Return to the upper level directory of the remote FTP server. cdup
Display the working directory that is being accessed. pwd
Create a directory on the remote FTP server. mkdir directory
Remove the specified working directory on the remote FTP

rmdir directory
server.
Managing the files on an FTP server

After the device serving as the FTP client has established a connection with an FTP server, you can upload
a file to or download a file from the FTP server under the authorized directory of the FTP server by
following these steps. For more information about establishing an FTP connection, see “Establishing an
FTP connection.”
1. Use the dir or ls command to display the directory and the location of the file on the FTP server.
2. Delete useless files for effective use of the storage space.
3. Set the file transfer mode. FTP transmits files in two modes: ASCII and binary. ASCII mode transfers
files as text. Binary mode transfers files as raw data.
4. Use the lcd command to display the local working directory of the FTP client. You can upload the
file under this directory, or save the downloaded file under this directory.
5. Upload or download the file.
To manage the files on an FTP server:

The ls command displays the name of a
Display detailed information
directory or file only, while the dir
about a directory or file on the dir [ remotefile [ localfile ] ]
command displays detailed information
remote FTP server.
such as the file size and creation time.
The ls command displays the name of a

Query a directory or file on the directory or file only, while the dir
ls [ remotefile [ localfile ] ]
remote FTP server. command displays detailed information
such as the file size and creation time.
Delete the specified file on the

delete remotefile N/A
remote FTP server permanently.
Set the file transfer mode to

ascii ASCII by default.
ASCII.
Set the file transfer mode to

binary ASCII by default.
binary.
58
Set the data transmission mode
passive Passive by default.
to passive.
Display the local working

lcd N/A
directory of the FTP client.
Upload a file to the FTP server. put localfile [ remotefile ] N/A
Download a file from the FTP

get remotefile [ localfile ] N/A
server.
Using another username to log in to an FTP server

After the device serving as the FTP client has established a connection with the FTP server, you can use
another username to log in to the FTP server. For more information about establishing an FTP connection,
see “Establishing an FTP connection.”
This feature allows you to switch to different user levels without affecting the current FTP connection; if you
input an incorrect username or password, the current connection will be terminated, and you must log in
again to access the FTP server.
To use another username to log in to the FTP server:
Task Command
Use another username to re-log in after successfully
user username [ password ]
logging in to the FTP server.
Maintaining and debugging an FTP connection

After a device serving as the FTP client has established a connection with the FTP server, you can perform
the following operations to locate and diagnose problems encountered in an FTP connection. For more
information about establishing an FTP connection, see “Establishing an FTP connection.”

Display the help information of
FTP-related commands supported by the remotehelp [ protocol-command ] N/A
remote FTP server.
Enable information display in a detailed

verbose Enabled by default.
manner.
Enable FTP related debugging when the

debugging Disabled by default.
device acts as the FTP client.
Terminating an FTP connection

After the device serving as the FTP client has established a connection with the FTP server, you can use
any of the following commands to terminate an FTP connection. For more information about establishing
an FTP connection, see “Establishing an FTP connection.”
59
Terminate the connection to the FTP server
disconnect Equal to the close command.
without exiting FTP client view.
Terminate the connection to the FTP server Equal to the disconnect

close
without exiting FTP client view. command.
Terminate the connection to the FTP server Equal to the quit command in
bye
and return to user view. FTP client view.
Terminate the connection to the FTP server Available in FTP client view,
quit
and return to user view. equal to the bye command.
FTP client configuration example

As shown in Figure 27, the device acts as an FTP client and the PC acts as the FTP server. The device and
PC can reach each other. An account with the username abc and password abc is already configured on
the FTP server.
Log in to the FTP server from the FTP client, download the system software image file newest.bin from the
PC to the device, and upload the configuration file config.cfg from the device to the PC for backup.
CAUTION:
If the memory space available of the device is insufficient, use the fixdisk command to clear the memory
or use the delete /unreserved file-url command to delete the files not in use and then perform the following
operations.
# Log in to the server through FTP.

<Sysname> dir
Directory of flash:/
0 drw- - Dec 07 2005 10:00:57 filename

1 drw- - Jan 02 2006 14:27:51 logfile
2 -rw- 1216 Jan 02 2006 14:28:59 config.cfg
3 -rw- 1216 Jan 02 2006 16:27:26 backup.cfg
60
2540 KB total (2511 KB free)
<Sysname> delete /unreserved flash:/backup.cfg
# Log in to the server through FTP to download boot files.

<Sysname> ftp 10.1.1.1
Trying 10.1.1.1 ...
Connected to 10.1.1.1.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(10.1.1.1:(none)):abc
331 Give me your password, please
Password:
230 Logged in successfully
# Set the file transfer mode to binary to transmit boot file.

[ftp] binary
200 Type set to I.
# Download the boot file newest.bin from the PC to the device.

• Download the boot file newest.bin to the root directory of the storage medium on the active MPU.
[ftp] get newest.bin
• Download the boot file newest.bin from the PC to the root directory of the storage medium on the
standby MPU (in slot 1).
[ftp] get newest.bin slot1#flash:/newest.bin
# Upload the configuration file config.cfg of the device to the server for backup.
[ftp] ascii
[ftp] put config.cfg back-config.cfg
227 Entering Passive Mode (10,1,1,1,4,2).
125 ASCII mode data connection already open, transfer starting for /config.cfg.
226 Transfer complete.
FTP: 3494 byte(s) sent in 5.646 second(s), 618.00 byte(s)/sec.
[ftp] bye
# Specify newest.bin as the main boot file for next startup.

• Specify newest.bin as the main boot file for next startup for the active MPU.
<Sysname> boot-loader file newest.bin slot 0 main
This command will set the boot file of the specified board. Continue? [Y/N]:y
The specified file will be used as the main boot file at the next reboot on slot
0!
• Specify newest.bin as the main boot file for next startup for the standby MPU (in slot 1).
<Sysname> boot-loader file slot1#flash:/newest.bin slot 1 main
1!
# Reboot the device, and the boot file is updated at the system reboot.
<Sysname> reboot
61
CAUTION:
The boot file used for next startup must be saved on the first partition under the root directory of the storage
medium. You can copy or move a file to the root directory of the storage medium. For more information
about the boot-loader command, see Fundamentals Command Reference.
Configuring the FTP server

Configuring FTP server operating parameters
The FTP server uses one of the two modes to update a file when you upload the file (use the put command)
to the FTP server:
• In fast mode, the FTP server starts writing data to the storage medium after a file is transferred to the
memory. This prevents the existing file on the FTP server from being corrupted in the event that
anomaly, power failure for example, occurs during a file transfer.
• In normal mode, the FTP server writes data to the storage medium while receiving data. This means
that any anomaly, power failure for example, during file transfer might result in file corruption on the
FTP server. This mode, however, consumes less memory space than the fast mode.
To configure the FTP server:

2. Enable the FTP server. ftp server enable Disabled by default.
Optional.
3. Use an ACL to control FTP
ftp server acl acl-number By default, no ACL is used to control
clients’ access to the router.
FTP clients’ access to the router.
Optional.
30 minutes by default.
4. Configure the idle-timeout Within the idle-timeout time, if there is
ftp timeout minutes no information interaction between
timer.
the FTP server and client, the
connection between them is
terminated.
5. Set the file update mode for Optional.

ftp update { fast | normal }
the FTP server. Normal update is used by default.
6. Quit to user view. quit N/A

7. Manually release the FTP Optional.
connection established with free ftp user username
the specified username. Available in user view.
Configuring authentication and authorization on the FTP server

To allow an FTP user to access certain directories on the FTP server, you must create an account for the
user, authorize the user to access the directories, and configure a password for the user.
62
Make the following configuration to perform authentication and authorization on a local FTP user. To
authenticate remote FTP users, you must configure authentication, authorization and accounting (AAA).
For detailed configuration about AAA, see Security Command Reference.
To configure authentication and authorization for FTP server:

No local user exists by default, and the

2. Create a local user and
local-user user-name system does not support FTP anonymous
enter its view.
user access.
3. Assign a password to password { simple | cipher }

N/A
the user. password
By default, the system does not support

anonymous FTP access, and does not
4. Assign the FTP service to
service-type ftp assign any service. If the FTP service is
the user.
assigned, the root directory of the router
is used by default.
authorization-attribute { acl Optional.

acl-number | callback-number By default, the FTP/SFTP users can
5. Configure user callback-number | idle-cut minute access the root directory of the router,
properties. | level level | user-profile and the user level is 0. You can change
profile-name | vlan vlan-id | the default configuration by using this
work-directory directory-name } * command.
NOTE:
• For more information about the local-user, password, service-type ftp, and authorization-attribute
commands, see Security Command Reference.
• When the device serves as the FTP server, to perform write operations (upload, delete, create, and delete
for example) on the device’s file system, the FTP login users must be level 3 users; to perform other
operations, for example, read operation, users of any level from 0 to 3 are allowed.
FTP server configuration example

As shown in Figure 28, the device acts as an FTP server, and the PC acts as the FTP client. The device and
PC are reachable to each other.
Create a local user account with the username abc and password abc and enable FTP server on the
device. Use the user account to log in to the FTP server from the FTP client, upload the file newest.bin from
the FTP client to the FTP server, and download the configuration file config.cfg from the FTP server to the
FTP client for backup.
63
1. Configure the device (FTP server)
# Create an FTP user account abc, set its password to abc and the user privilege level to level 3 (the
manage level). Allow user abc to access the root directory of the flash, and specify abc to use FTP.
[Sysname] local-user abc
[Sysname-luser-abc] password simple abc
[Sysname-luser-abc] authorization-attribute level 3
[Sysname-luser-abc] authorization-attribute work-directory flash:/
To access the root directory of the flash on the standby MPU (in slot 1), replace flash:/ with
slot1#flash:/.
[Sysname-luser-abc] service-type ftp
[Sysname-luser-abc] quit
# Enable FTP.
[Sysname] ftp server enable
[Sysname] quit
# Check files on your device. Remove those redundant to ensure adequate space for the boot file
to be uploaded.
<Sysname> dir
0 drw- - Dec 07 2005 10:00:57 filename

1 drw- - Jan 02 2006 14:27:51 logfile
2 -rw- 1216 Jan 02 2006 14:28:59 config.cfg
3 -rw- 1216 Jan 02 2006 16:27:26 back.cfg

<Sysname> delete /unreserved flash:/back.cfg
2. Configure the PC (FTP client)
# Log in to the FTP server through FTP.
c:\> ftp 1.1.1.1
220 FTP service ready.
User(1.1.1.1:(none)):abc
331 Password required for abc.
Password:
230 User logged in.
# Download the configuration file config.cfg of the device to the PC for backup.
ftp> get config.cfg back-config.cfg
# Upload the configuration file newest.bin to the device.
ftp> put newest.bin
ftp> bye
64
NOTE:
• You can take the same steps to upgrade configuration file with FTP. When upgrading the configuration
file with FTP, put the new file under the root directory of the storage medium (For a router that has been
partitioned, the configuration file must be saved on the first partition.).
• After you finish upgrading the Bootware program through FTP, you must execute the bootrom update
command to upgrade the Bootware.
# You can use the boot-loader command to specify the device to download the main boot file at
the next startup (suppose the device supports main/backup boot files). The boot file is upgraded
at the system reboot.
<Sysname> boot-loader file bbb.app slot 0 main
<Sysname> reboot
CAUTION:
Displaying and maintaining FTP

display ftp client
Display the source IP address configuration of configuration [ | { begin |
the FTP client. exclude | include }
display ftp-server [ | { begin

Display the configuration of the FTP server. | exclude | include } Available in any view
display ftp-user [ | { begin |

Display detailed information about logged-in
exclude | include } Available in any view
FTP users.
65
Configuring TFTP
TFTP overview
Introduction to TFTP
The Trivial File Transfer Protocol (TFTP) provides functions similar to those provided by FTP, but it is less
complex than FTP in interactive access interface and authentication. Therefore, it is more suitable in
environments where complex interaction is not needed between client and server.
TFTP uses the UDP port 69 for data transmission. For information about basic TFTP operation, see RFC
1350.
In TFTP, file transfer is initiated by the client.
• In a normal file downloading process, the client sends a read request to the TFTP server, receives
data from the server, and then sends the acknowledgement to the server.
• In a normal file uploading process, the client sends a write request to the TFTP server, sends data to
the server, and receives the acknowledgement from the server.
TFTP transfers files in two modes:
• Binary mode—Transfers files as raw data, such as .app, .bin, and .btm files.
• ASCII mode—Transfers files as text, such as .txt, .bat, and .cfg files.
TFTP operation
NOTE:
Only the TFTP client service is available with your router.
Before using TFTP, the administrator needs to configure IP addresses for the TFTP client and server, and
make sure that there is a reachable route between the TFTP client and server.
When the device serves as the TFTP client, perform the following configuration:
66
Table 16 Configuration when the device serves as the TFTP client

• Configure the IP address and routing function, TFTP is applicable to
and make sure that the route between the device simple interaction between
and the TFTP server is available. the client and server. Make
Device (TFTP client)
• Use the tftp command to establish a connection sure the TFTP client and
to the remote TFTP server to upload/download TFTP server can reach each
files to/from the TFTP server. other.
Enable TFTP server on the PC, and configure the

PC (TFTP server) N/A
TFTP working directory.
Configuring the TFTP client

When a router acts as a TFTP client, you can upload a file on the router to a TFTP server and download
a file from the TFTP server to the local router. You can use either of the following ways to download a file:
• Normal download—The router writes the obtained file to the storage medium directly. If you
download a remote file using a filename destination-filename that exists in the target directory, the
device deletes the original file and saves the new one. If file download fails due to network
disconnection or other reasons, the original file will never recover because it has been deleted.
• Secure download—The router saves the obtained file to its memory and does not write it to the
storage medium until the whole file is obtained. If you download a remote file using a filename
destination-filename that exists in the target directory, the original file is not overwritten. If file
download fails due to network disconnection or other reasons, the original file still exists. This mode
is more secure but consumes more memory.
H3C recommends that you use the secure mode or, if you use the normal mode, specify a filename
inexistent in the target directory.
When using the tftp client source or tftp command, you can specify the source interface (such as a
loopback) or source IP address. The primary IP address of the specified source interface or the specified
source IP address is used as the source IP address of sent TFTP packets.
The TFTP client follows these rules to select the source IP address of packets sent to the TFTP server:
• If no source IP address is specified, the IP address of the output interface of the route to the server
is used as the source IP address.
• The source IP address specified with the tftp client source or tftp command is used.
• If you first use the tftp client source command to specify a source IP address and then use the tftp
command to specify another source IP address, the latter is used.
• The source IP address specified with the tftp client source command applies to all TFTP connections
while the one specified with the tftp command applies to the current TFTP connection only.
To configure the TFTP client:

67
Optional.
2. Use an ACL to control the
router’s access to TFTP tftp-server [ ipv6 ] acl acl-number By default, no ACL is used
servers. to control the device’s
access to TFTP servers.
Optional.
3. Specify the source IP address tftp client source { interface interface-type By default, the source IP
of sent TFTP packets. interface-number | ip source-ip-address } address is determined by
the route from the TFTP
client to the TFTP server.
4. Return to user view. quit N/A
tftp server-address { get | put | sget }

source-filename [ destination-filename ]
5. Download or upload a file in
[ vpn-instance vpn-instance-name ] [ source Optional.
an IPv4 network.
{ interface interface-type interface-number
| ip source-ip-address } ]
tftp ipv6 tftp-ipv6-server [ -i interface-type

6. Download or upload a file in interface-number ] { get | put }
Optional.
an IPv6 network. source-filename [ destination-filename ]
NOTE:
• If no primary IP address is configured on the source interface, no TFTP connection can be established.
• If you use the ftp client source command to first configure the source interface and then the source IP
address of the packets of the TFTP client, the new source IP address overwrites the current one, and vice
versa.
Displaying and maintaining the TFTP client

display tftp client configuration [ |
Display the source IP address configuration
{ begin | exclude | include } Available in any view
of the TFTP client.
TFTP client configuration example

As shown in Figure 30, the device and PC can reach each other.
Configure the PC as the TFTP server, and use TFTP to download the system software image file newest.bin
from the PC to the device and upload the configuration file config.cfg from the device to the PC for
backup.
68
1. Configure the PC (TFTP server):
a. On the PC, enable the TFTP server. (Details not shown)
b. Configure a TFTP working directory. (Details not shown)
2. Configure the device (TFTP client):
CAUTION:
If the memory available of the device is insufficient, use the fixdisk command to clear the memory or use
the delete /unreserved file-url command to delete the files not in use and then perform the following
operations.
# Download application file newest.bin from the PC to the device.

{ Download application file newest.bin from PC to the root directory of the storage medium on
the active MPU.
<Sysname> tftp 1.2.1.1 get newest.bin
{ Download application file newest.bin from the PC to the root directory of the storage medium
on the standby MPU (in slot 1).
<Sysname> tftp 1.2.1.1 get newest.bin slot1#flash:/newest.bin
# Upload a configuration file config.cfg to the TFTP server.
<Sysname> tftp 1.2.1.1 put config.cfg configback.cfg
# Specify newest.bin as the main boot file for next startup.
{ Specify newest.bin as the main boot file for next startup for the active MPU.
<Sysname> boot-loader file newest.bin slot 0 main
0!
{ Specify newest.bin as the main boot file for next startup for the standby MPU (in slot 1).
<Sysname> boot-loader file slot1#flash:/newest.bin slot 1 main
1!
# Reboot the device and the software is upgraded.
<Sysname> reboot
CAUTION:
69
Managing the file system
NOTE:
Throughout this document, a filename can be entered as either of the following:
• A fully qualified filename with the path included to indicate a file under a specific path. The filename can
be 1 to 135 characters in length.
• A short filename with the path excluded to indicate a file in the current path. The filename can be 1 to
91 characters in length.
File system overview

Files such as host software and configuration files that are necessary for the operation of the router are
saved in the storage media of the router. You can perform operations such as directory create and delete,
and file copy and display. If an operation, delete or overwrite, for example, may cause problems such as
data loss or corruption, the system will ask you to confirm the operation by default.
You can manage files on your router through these operations: Managing directories, Managing
files, Performing batch operations, and Managing storage media.
Naming rules for a storage medium

The name of a storage medium follows the following rules:
• If a storage medium is the only storage medium of its type on the device, it is named by its type. For
example, if the device has only one Flash, the name of the Flash is flash.
• If the active MPU and the standby MPU each have a storage media of the same type, the storage
medium on the active MPU is named by its type (such as flash and cf0), and the storage medium
on the standby MPU is named by its slot number and type (such as slot#flash and slot#cf0).
• If a CF card is partitioned, the name of a partition is composed of the physical device name and the
partition number, such as cf0. The sequence numbers of partitions are numbers such as 0, 1, and
2.
Filename formats
When you specify a file, you must enter the filename in one of the following formats.
Format Description Length Example

a.cfg indicates a file named a.cfg
in the current working directory. If
the current working directory is on
Specifies a file in the current 1 to 91 the active MPU, a.cfg represents
file-name
working directory. characters file a.cfg on the active MPU; if the
current working directory is on the
standby MPU, a.cfg represents file
a.cfg on the standby MPU.
70
Format Description Length Example
Specifies a file in the specified
folder in the current working
test/a.cfg indicates a file named
directory. path represents the 1 to 135
path/file-name a.cfg in the test folder in the current
folder name. You can specify characters
working directory.
multiple folders, indicating a file
under a multi-level folder.
Specifies a file in the specified

storage medium on the router.
drive represents the storage
medium name. The storage flash:/test/a.cfg indicates a file
medium on the active MPU is named a.cfg in the test folder in the
usually flash or cf; the storage root directory of the flash memory
medium on the standby MPU is on the active MPU.
drive:/[path]/file- 1 to 135
usually slot1#flash or slot1#cf, To read and write the a.cfg file in
name characters
where 1 represents the number of the root directory of the flash on the
the slot where the standby MPU standby MPU (with the slot number
resides. For example, slot2#flash. 1), enter slot1#flash:/a.cfg for the
You can use the display device filename.
command to view the
correspondence between a board
and its slot number.
Managing directories
You can perform an extensive set of directory operations, such creating or removing a directory,
displaying the current working directory, displaying a specific directory, or displaying file information.
Displaying directory information

Display directory or file dir [ /all ] [ file-url |
information. /all-filesystems ]
Displaying the current working directory

Display the current working
pwd Available in user view
directory.
Changing the current working directory

Change the current working
cd { directory | .. | / } Available in user view
directory.
71
Creating a directory
Create a directory. mkdir directory Available in user view
Removing a directory
Remove a directory. rmdir directory Available in user view
NOTE:
• The directory to be removed must be empty. Before you remove a directory, you must delete all the files
and the subdirectory in the directory. For more information about file deletion, see the delete command;
for more information about subdirectory deletion, see the rmdir command.
• The rmdir command automatically deletes the files in the recycle bin in the current directory.
Managing files
You can display the specified directory or file information; display file contents; rename, copy, move,
remove, restore, and delete files.
NOTE:
You can create a file by copying, downloading or using the save command.
CAUTION:
When the system is reading, writing, or deleting contents on the storage medium, power-off of the router
may result in space loss and file corruption of the storage medium. In this case, you can try to restore the
storage medium in the following steps:
• Copy the remaining files on the storage medium to another storage medium for backup.
• Format the storage medium using the format command.
For a partition device, you can just format the partition corresponding to the corrupted file.
Displaying file information

dir [ /all ] [ file-url |
Display files or directories. Available in user view
/all-filesystems ]
Displaying the contents of a file
72
Currently only a .txt file can be
Display the contents of a file. more file-url displayed.
Renaming a file
Rename a file. rename fileurl-source fileurl-dest Available in user view
Copying a file
Copy a file. copy fileurl-source fileurl-dest Available in user view
Moving a file
Move a file. move fileurl-source fileurl-dest Available in user view
Deleting a file
Move a file to the recycle bin or
delete [ /unreserved ] file-url Available in user view
delete it permanently.
CAUTION:
• The files in the recycle bin still occupy storage space. To delete a file in the recycle bin, execute the reset
recycle-bin command in the directory to which the file originally belongs. H3C recommends you to
empty the recycle bin timely with the reset recycle-bin command to save storage space.
• The delete /unreserved file-url command deletes a file permanently and the action cannot be undone.
Execution of this command equals execution of the delete file-url command and then the reset
recycle-bin command in the same directory.
Restoring a file from the recycle bin

Restore a file from the recycle bin. undelete file-url Available in user view
73
Emptying the recycle bin
Optional.
If the original directory of the file to
1. Enter the original working
be deleted is not the current
directory of the file to be cd { directory | .. | / }
working directory, this command is
deleted.
required.
2. Delete the file in the current
directory and in the recycle reset recycle-bin [ /force ] Available in user view.
bin.
Computing the digest of a specified file

Computing the digest of a specified file is used to verify the correctness and integrity of the file to prevent
the file from being tampered with. For example, you can compute the digest of the software image file of
a device, and compare the digest with that on the H3C web site to verify whether the file is valid.
To compute the digest of a specified file:
Task Command
Compute the digest of a specified file. crypto-digest sha256 file-url
Performing batch operations

A batch file is a set of executable commands. Executing a batch file is the same as executing the
commands in the batch file one by one.
Before executing a batch file, edit the batch file on your PC, and then download it to the device. If the
suffix of the file is not .bat, use the rename command to change the suffix to .bat.
To execute a batch file:
Step Command
1. Enter system view. system-view
2. Execute a batch file. execute filename
CAUTION:
Execution of a batch file does not guarantee successful execution of every command in the batch file. If a
command has error settings or the conditions for executing the command are not satisfied, this command
fails to be executed, and the system skips to the next one.
Managing storage media

The router supports the following storage media:
74
• Built-in flash memory
• USB disk
• CF card
When a storage medium is recognized, the router manages and manipulates the files in the storage
medium, for example, reading and writing the files.
NOTE:
• The MPU of the router has two USB interfaces, and only the upper one supports USB disk.
• The router supports FAT16 and FAT32 file systems for storage media.
• The router does not support such USB devices as movable disks, USB HUB, MP3 or MP4. Kingston 1G
USB disk is recommended.
Naming rules
Naming rules of the storage media are as follows:
• The name of the partition device includes the physical device name and partition number. The
sequence numbers of partitions are displayed in numbers such as 0, 1 and 2. For example, the
second partition of the CF card is cf1. If there is only one partition on the CF card, the partition
name is the physical device name followed by 0.
• The name of the router not supporting partitioning (like USB disk) is composed of the physical
device name and sequence number. The sequence numbers of partitions are displayed in letters
such as a, b, and c, for example, usba.
Memory space management

To restore the space of a storage medium, use the fixdisk command. To format a specified storage
medium, use the format command.
To manage the space of a storage medium:

Restore the space of a storage
fixdisk device Available in user view
medium.
FAT16 and FAT32 are not

Format a storage medium. format device [ FAT16 | FAT32 ] applicable to a Flash card.
CAUTION:
• When you format a storage medium, all the files stored on it are erased and cannot be restored. In
particular, if there is a startup configuration file on the storage medium, formatting the storage medium
results in loss of the startup configuration file.
• For a partition device, you can only format a partition rather than the whole storage medium.
• You can execute the fixdisk command for a storage medium on the active MPU, but you cannot execute
the command for a storage medium on the standby MPU.
75
Mounting and unmounting a storage medium
For a hot swappable storage medium (excluding flash), such as a CF card, you can use the mount and
umount command to mount or unmount it. When a storage medium is connected to a lower version
system, the system cannot recognize the storage medium. To perform read and write operations to the
storage medium, you must mount it.
When a router is unmounted, it is in a logically disconnected state, and you can then safely remove the
storage medium from the system. To mount a router, you are reconnecting the logically disconnected
router to the system.
To mount or unmount a storage medium:

By default, a storage medium is
automatically mounted and in
Mount a storage medium. mount device
mounted state when connected to
the system.
By default, a storage medium is

automatically mounted. Before
Unmount a storage medium. umount device
unplugging a storage medium,
unmount it.
CAUTION:
• Do not remove the storage medium or swap a card when mounting or unmounting the router, or when
you are processing files on the storage medium. Otherwise, the file system could be damaged.
• When a storage medium is connected to a low version system, the system may not be able to recognize
the router automatically; you need to use the mount command for the storage medium to function
normally.
• Before removing a mounted storage medium from the system, you should first unmount it by using the
umount command. If the unmount operation fails, its means the files in the storage medium are still
being accessed. You need to wait until the file reading/writing operation ends and execute the umount
command again to unmount the storage medium.
• If one or more partitions of a CF card are not unmounted through the umount command, the CF card
will still be powered on. Therefore, make sure you have unmounted all the partitions before removing the
CF card from the system to avoid storage medium damage caused by charged operations.
• For a USB disk inserted into the USB interface, you must not unplug it before the system recognizes it.
Otherwise, the USB interface or the USB disk may work abnormally. To unplug a USB disk, make sure
that the system has recognized it and the USB disk LED does not blink, use the umount command to
unmount it, and unplug it.
• Before removing a partitioned CF card or a USB disk, unmount all the partitions of the CF card or a USB
disk. Otherwise, the file system on the CF card or a USB disk may be damaged.
• Before partitioning a USB disk, make sure that the disk is not write protected; otherwise, the partition
operation fails, and you need to remount or re-plug the disk to restore normal access to the USB disk.
76
Partitioning a storage medium
The storage medium partitioning function enables you to divide a storage medium into several different
logical devices called partitions and you can perform file operations on each partition respectively. This
prevents interaction of files on each partition.
The following two partitioning modes are supported on a storage medium:
• Simple—In this mode, you should specify the number of partitions. The system divides the storage
medium into the specified number of partitions with the same size.
• Interactive—In this mode, you need not specify the number of partitions. The system partitions the
storage medium according to user input. Each partition, however, must be 32 MB at least.
To partition a storage medium:

Only one partition cf0:/ is
Partition a storage medium. fdisk device [ partition-number ]
available on a CF card by default.
CAUTION:
• The fdisk device [ partition-number ] command clears all data in a storage medium. Save the files in the
CF card before partitioning it.
• The fdisk device [ partition-number ] command adds or reduces partition devices. You should reset the
path of the application program as needed.
• If the router starts from the CF card, the startup file and the configuration file must be in the first partition
of the CF card.
• To prevent log file from affecting the startup file and configuration file, you are recommended to set the
path of the log file to partitions other than the first partition if you partition the CF card. By default, the
system automatically sets the path of the log file to the second partition. If the path does not exist on the
CF card, you can use the info-center logfile switch-directory command to change the path to avoid loss
of the log files. For more information about this command, see Network Management and Monitoring
Command Reference.
• After partitioning is completed, the sizes of the partitions are not necessarily consistent with those
specified in an interactive way. The dispersion, however, is smaller than 5% of the total memory of the CF
card.
• Before removing a partitioned storage medium, unmount all the partitions of the storage medium.
Otherwise, the file system on the storage medium may be damaged.
• Before partitioning a USB disk, make sure that the disk is not write protected; otherwise, the partition
operation fails, and you need to remount or re-plug the disk to restore normal access to the USB disk.
Setting the file system operation mode

The file systems support the following operation modes:
• alert—The system warns you about operations that may cause problems such as file corruption and
data loss. To prevent incorrect operations, use the alert mode.
• quiet—The system does not prompt for any operation confirmation.
To set the file system operation mode:
77
4. Set the file system operation Optional.

file prompt { alert | quiet }
mode. The default is alert.
File system management examples

# Display the files and the subdirectory in the current directory.
<Sysname> dir
0 drw- - Feb 16 2006 11:45:36 logfile

1 -rw- 1218 Feb 16 2006 11:46:19 config.cfg
2 drw- - Feb 16 2006 15:20:27 test
3 -rw- 184108 Feb 16 2006 15:30:20 aaa.bin
# Create a new folder called mytest in the test directory.

<Sysname> cd test
<Sysname> mkdir mytest
%Created dir flash:/test/mytest.
# Display the current working directory.

<Sysname> pwd
flash:/test
# Display the files and the subdirectory in the test directory.

<Sysname> dir
Directory of flash:/test/
0 drw- - Feb 16 2006 15:28:14 mytest
# Return to the upper directory.

<Sysname> cd ..

<Sysname> pwd
flash:/
# Display the files and directories in the USB disk.

<Sysname> dir usba:/
Directory of usba:/
0 -rw- 15286272 Jan 16 2008 16:02:16 debug_usb.app

1 -rw- 35487744 Jan 16 2008 16:07:32 test.rar
2 -rw- 29212672 Jan 16 2008 16:07:32 debug_usb_d11.app
3 -rw- 59652 Jan 23 2008 17:21:04 test.app
78
4 -rw- 39067474 Jan 23 2008 17:23:02 debug.app
1951520 KB total (1835072 KB free)
File system type of usba: FAT16
# Enter the root directory of the USB disk.

<Sysname> cd usba:/
<Sysname> dir
Directory of usba:/
0 -rw- 15286272 Jan 16 2008 16:02:16 debug_usb.app

1 -rw- 35487744 Jan 16 2008 16:07:32 test.rar
2 -rw- 29212672 Jan 16 2008 16:07:32 usb_d11.app
3 -rw- 59652 Jan 23 2008 17:21:04 test.app
4 -rw- 39067474 Jan 23 2008 17:23:02 debug.app
1951520 KB total (1835072 KB free)
File system type of usba: FAT16

<Sysname> pwd
usba:
# Copy the file test.app in the USB disk to the flash, and overwrite the file with the same name in the flash.
<Sysname> copy usba:/test.app flash:/
Copy usba:/test.app to flash:/test.app?[Y/N]:y
The file flash:/test.app exists. Overwrite it?[Y/N]:y
......
%Copy file usba:/test.app to flash:/test.app...Done.
79
Managing configuration files
The router provides the configuration file management function. You can manage configuration files at
the command-line interface (CLI).
Configuration file overview

A configuration file saves the router configurations as a set of text commands. You can save the current
configuration to the configuration file so that the configuration takes effect after you reboot the router. In
addition, you can view the configuration information conveniently, or upload or download the
configuration file to or from another router to configure routers in batches.
Types of configuration
The router maintains the following types of configurations: startup configuration and running
configuration.
Startup configuration
Use startup configuration for initialization when the router boots. If this file does not exist, the system
boots using the factory defaults.
You can view the startup configuration in either of the following ways:
• Use the display startup command to view the currently using startup configuration file, and use the
more command to view the content of the configuration file.
• After the reboot of the device and before configuring the router, use the display
current-configuration command to view the startup configuration.
Running configuration
The currently running configuration may include the startup configuration if the startup configuration is
not modified during system operation. It also includes any new configurations performed by users during
router operation.
The running configuration is stored in a temporary storage media of the router. You must save a setting
you have made so it can survive a reboot.
You can use the display current-configuration command to view the current configuration.
Format and content of a configuration file

A configuration file is saved as a text file according to these rules:
• A configuration file contains commands.
• Only non-default configuration settings are saved.
• The commands are listed in sections by views, usually in this order: system view, interface view,
routing protocol view, and user interface view.
• Sections are separated with one or more blank lines or comment lines that start with a pound sign
#.
• A configuration file ends with a return.
80
Startup with the configuration file
If a router supports only one startup configuration file, at startup:
1. If the startup configuration file you specify exists, the router starts up with this configuration file.
2. If the specified startup configuration file does not exist, the router boots using factory defaults.
Saving the running configuration

To make configuration changes take effect at the next startup of the router, you can save the running
configuration to the startup configuration file to be used at the next startup before the router reboots.
Enabling configuration file auto-save

• After enabling the configuration file auto-save function, when you save the current configuration by
executing the save [ safely ] [ force ] command or executing the save filename all command and
then pressing Enter, the active MPU and standby MPU automatically save the current configuration
to the specified configuration file, and use this file for the next startup, thus keeping the consistency
of the configuration files on the active MPU and standby MPU.
• If the configuration file auto-save function is not enabled, when you save the current configuration
by executing the save [ safely ] [ force ] command or executing the save filename all command and
then pressing Enter, only the active MPU automatically saves the current configuration to the
specified configuration file, and uses the file as the configuration file at the next startup. The standby
MPU neither saves the configuration file nor configures the file as the startup configuration file for
the next startup.
To configure the configuration file auto-save function:

2. Enable configuration file Optional.

slave auto-update config
auto-save. Enabled by default.
NOTE:
If you execute the save filename command and press Enter, the system saves the current configuration to
the specified path, but the standby MPU does not save the configuration.
Selecting the mode for saving the configuration file

You can modify the router configuration at the CLI. To use the modified configuration for subsequent
startups, you must save it as a configuration file by using the save command. You can save the
configuration file in two modes:
• Fast saving—In this mode, you use the save command without the safely keyword. The file is saved
more quickly but is likely to be lost if the router reboots or the power fails during the process.
• Safe—In this mode, you use the save command with the safely keyword. The file is saved slowly, but
the system retains the configuration file even if the router reboots or the power fails during the
process.
81
The fast saving mode is suitable for environments where the power supply is stable. The safe mode,
however, is preferred in environments where stable power supply is unavailable or remote maintenance
is required.
CAUTION:
A router reboot or power failure while the configuration file is being saved may result in loss of the
configuration file for next startup. In this case, the router should be started with factory defaults and after
the router starts, you need to re-specify a configuration file to be used at the next startup.
To save the current configuration:

Save the current configuration to
the specified file. This
configuration file will not be set as save file-url [ all | slot slot-number ]
the configuration file for the next
startup. Use either command.
Save the current configuration to Available in any view.
the root directory of the storage
media and specify the file as the save [ safely ]
startup configuration file to be used
at the next system startup.
NOTE:
• The configuration file must have the .cfg extension.
• If you press Enter after entering the save command, you save the configuration file in an interactive way.
In this way, you can use the default path or enter a filename to specify a new path, but the suffix of the
filename must be .cfg and the path must be the path of the storage media on the active MPU.
• If you use the save file-name command, even if the configuration file saving synchronization for the
active MPU and standby MPU function is enabled, the standby MPU does not automatically save the
current configuration to its own configuration file. If you do not specify the file-name argument, the
standby MPU automatically saves the current configuration when the active MPU executes the save
command.
• In interactive mode, if you use the non-default path, which means you enter a new filename, the system
automatically sets the file as the configuration file to be used at the next startup of the router.
Erasing the startup configuration file

When the configuration file is erased, the router starts up with the default configuration next time it is
powered on.
You may need to erase the configuration file for either of the following reasons:
• After you upgrade software, the original configuration file does not match the new software.
• The startup configuration file is corrupted or not the one you need.
To erase the configuration file:
82
Erase the startup configuration file
reset saved-configuration Available in user view
from the storage media.
CAUTION:
The reset saved-configuration command permanently deletes the configuration file from the router. Use it
with caution.
Setting configuration rollback

Configuration rollback
Configuration rollback allows you to revert to a previous configuration state based on a specified
configuration file. The specified configuration file must be a valid .cfg file generated by using either the
backup function (manually or automatically) or the save command. If the configuration file is generated
by another router, the file must comply with the format of the configuration file on the current router. H3C
recommends that you use the configuration file generated by using the backup function (manually or
automatically). You can apply configuration rollback in these situations:
• Running configuration error. Rolling back the running configuration to a correct one is needed.
• The application environment has changed and the router has to run in a configuration state based
on a previous configuration file without being rebooted.
Before setting configuration rollback:
1. Specify the filename prefix and path for saving the running configuration.
2. Save the running configuration with the specified filename (filename prefix + serial number) to the
specified path. You can save the running configuration automatically or manually.
When you execute the configuration replace file command, the system compares the running
configuration and the specified replacement configuration file. The configuration replace file command:
• Preserves all commands present in both the replacement configuration file and the running
configuration.
• Removes commands from the running configuration that are not present in the replacement
configuration file.
• Applies the commands from the replacement configuration file that are not present in the running
configuration.
• Applies the commands from the replacement configuration file that have different configurations in
the running configuration.
NOTE:
The running configuration is only saved to the active MPU. Only the configuration on the active MPU can
be rolled back. However, the related configuration is synchronized to the standby MPU to ensure the
rollback of the configuration after an active/standby switchover.
Configuration task list

Complete these tasks to configure the configuration rollback:
83
Task Remarks
Configuring parameters for saving the running configuration Required.
Enabling automatic saving of the running configuration Required.

Manually saving the running configuration Use either approach.
Setting configuration rollback Required.
Configuring parameters for saving the running configuration

Before you save the running configuration either manually or automatically, you must configure the file
path and filename prefix.
After that, the system saves the running configuration with the specified filename (filename prefix_serial
number.cfg) to the specified path. The filename of a saved configuration file is like
20080620archive_1.cfg, or 20080620archive_2.cfg. The saved configuration files are numbered
automatically, from 1 to 1,000 (with an increment of 1). If the serial number reaches 1,000, it restarts from
1.
• If you change the file path or filename prefix, or reboot the router, the saved file serial number
restarts from 1, and the system recounts the saved configuration files.
• If you change the path of the saved configuration files, the files in the original path become
common configuration files. These files are no longer processed as saved configuration files or
displayed when you view the saved configuration files.
The number of saved configuration files has an upper limit. If the maximum number of files is saved, the
system deletes the oldest files when the next configuration file is saved.
To configure parameters for saving the running configuration:

By default, the path and filename

2. Configure the path and archive configuration location for saving configuration files are
filename prefix for saving directory filename-prefix not configured, and the system
configuration files. filename-prefix does not save the configuration file
at a specified interval.
3. Set the maximum number of Optional.
archive configuration max
configuration files that can be
file-number The default number is 5.
saved.
84
NOTE:
• You can perform the save and rollback operations only on the active MPU. To make the configuration
rollback take effect on the new active MPU after an active/standby switchover, execute the archive
configuration location command to specify the path and filename prefix of the saved configuration file
on both the active MPU and standby MPU. Therefore, before the execution of this command, make sure
that the specified path is available on both the active MPU and standby MPU, and that the path cannot
include any slot number.
• If you execute the undo archive configuration location command, the running configuration cannot be
saved either manually or automatically. The configuration performed by executing the archive
configuration interval and archive configuration max commands is restored to the default, and the
saved configuration files are cleared.
• The value of the file-number argument is determined by memory space. H3C recommends that you set
a comparatively small value for the file-number argument if the available memory space is small.
Enabling automatic saving of the running configuration

You can configure the system to save the running configuration at a specified interval. Then, you can use
the display archive configuration command to view the filenames and save time of the saved
configuration files. This enables you to easily roll back the current configuration to a previous
configuration state.
Configure an automatic save interval based on the storage media’s performance and the frequency of
configuration modification:
• If the router configuration does not change frequently, manually save the running configuration as
needed.
• If a low-speed storage media (such as a Flash) is used, save the running configuration manually, or
configure automatic saving with an interval longer than 1,440 minutes (24 hours).
• If a high-speed storage media (such as a CF card) is used and the router configuration changes
frequently, set a shorter saving interval.
To enable automatic saving of the running configuration:

2. Enable the automatic saving Optional.
archive configuration interval
of the running configuration,
minutes Disabled by default.
and set the interval.
NOTE:
You must specify the path and filename prefix for saving configuration files before configuring the
automatic saving period.
Manually saving the running configuration

Automatic saving the running configuration consumes system resources. Frequent save operations can
hamper system performance. Therefore, if the system configuration does not change frequently, H3C
recommends that you disable the automatic saving of the running configuration and save the
configuration manually.
85
While automatic saving of the running configuration is performed periodically, manual saving can
immediately save the running configuration. Therefore, before performing any complicated configuration,
manually save the running configuration so that the router can revert to the previous state if the
configuration fails.
To manually save the running configuration:

Manually save the running
archive configuration Available in user view
configuration.
NOTE:
Specify the path and filename prefix of a save configuration file before you manually save the running
configuration; otherwise, the operation fails.
Setting configuration rollback

To set configuration rollback:
Step Command
2. Set configuration rollback. configuration replace file filename
CAUTION:
If a command cannot be rolled back, the system skips it and processes the next one.
Configuration rollback may fail if:
• A card is unplugged or plugged during configuration rollback, that is, when the system is executing the
configuration replace file command.
• The complete undo form of a command is not supported, namely, you cannot get the actual undo form
of the command by simply putting the keyword undo in front of the command, so the complete undo
form of the command cannot be recognized by the router.
• The configuration cannot be removed, such as hardware-related commands.
• Commands in different views are dependent on each other.
• The replacement configuration file is not a complete file generated by using the save or archive
configuration command, or the file is copied from a different type of router. Make sure that the
replacement configuration file is correct, complete, and compatible with the current router.
• The configuration file specified is not in simple text. The configuration file specified with the
configuration replace file filename command can only be a configuration file in simple text. Otherwise,
errors may occur in configuration rollback.
Specifying a configuration file for the next startup

To specify a startup configuration to be used at the next system startup, you can:
• Use the save command. If you save the running configuration to the specified configuration file in
the interactive mode, the system automatically sets the file as the startup configuration file to be used
86
at the next system startup. For a router supporting main/backup startup configuration file, the
system sets the file as the main startup configuration file to be used at the next system startup.
• Use the command dedicated to specify a startup configuration file, which is described in the
following table:
To specify a configuration file as the startup configuration file to be used at the next system startup:

Specify a configuration file to be
startup saved-configuration cfgfile Available in user view
used at the next startup.
CAUTION:
• A configuration file must use .cfg as its extension name. The startup configuration file must be saved in
the root directory of the first partition.
• During the router boot process, the router cannot read data from the USB disk. Therefore, do not save the
boot file on the USB disk.
Backing up/restoring the configuration file to be

used at the next startup
Backup/restore function overview
The backup/restore function allows you to backup or restore a configuration file to be used at the next
startup through operations at the CLI.
TFTP is used for intercommunication between the router and the server. The backup function enables you
to backup a configuration file to the TFTP server, while the restore function enables you to download the
configuration file from the TFTP server for the next startup of the system.
When you execute the restore command on your active MPU, you restore the startup configuration file for
both the active MPU and the standby MPU. However, when you execute the backup command on your
active MPU, your operation does not take effect on the standby MPU.
NOTE:
The backup/restore operation applies to the configuration file to be used at the next startup.
Backing up the configuration file to be used at the next startup

Back up the configuration file to be backup startup-configuration to
used at the next startup. dest-addr [ filename ]
87
NOTE:
Before the backup operation:
• Make sure that the router and the server can reach each other, the server is enabled with TFTP service,
and the client has the read and write permission.
• Use the display startup command (in user view) to see if you have set the startup configuration file, and
use the dir command to verify if this file exists. If the file is set as NULL or does not exist, the backup
operation fails.
Restoring the startup configuration file to be used at the next

startup
The restore function allows you to copy a configuration file from a TFTP server to the root directory of the
storage media of both the active MPU and standby MPU and specify the file as the startup configuration
file to be used at the next startup.
To restore a startup configuration file to be used at the next startup:

Restore the startup configuration restore startup-configuration from
file to be used at the next startup. src-addr filename
NOTE:
• Before restoring a configuration file, make sure that the router and the server can reach each other, the
server is enabled with TFTP service, and the client has read and write permission.
• When the command is successfully executed, you can use the display startup command (in user view)
to verify if the filename of the startup configuration file is the same as the filename argument, and use the
dir command to verify if the restored file exists.
Displaying and maintaining a configuration file

Display the currently used display saved-configuration
configuration file saved in the [ by-linenum ] [ | { begin | exclude Available in any view
storage media. | include } regular-expression ]
display archive configuration [ |

Display configuration rollback
information.
display startup [ | { begin |

Display the configuration file used
exclude | include } Available in any view
at this and next startup.
display this [ by-linenum ] [ |

Display the validated configuration
in the current view.
88
display current-configuration
[ [ configuration [ configuration ] |
interface [ interface-type ]
Display the current configuration. [ interface-number ] ] [ by-linenum ] Available in any view
[ | { begin | exclude | include }
text ] ] [ | { begin | exclude |
NOTE:
For more information about the display this and display current-configuration commands, see
89
Upgrading software
Router software overview

The router software comprises the BootWare program and the system boot file. After the router is
powered on, it runs the BootWare program, checks the memory size, tests the memory functionality,
initializes hardware, and displays the hardware information. Then the router runs the boot file. The boot
file provides drivers and adaption for hardware, and implements service features, like forwarding, VLAN,
and SNMP. The BootWare program and system boot file are required to start up and run the
router. Figure 31 illustrates their relationship.
Figure 31 Relationship between the BootWare program and the system boot file
You can upgrade both the BootWare program and system boot file using the BootWare menu or at the
command-line interface (CLI). The following sections cover how to upgrade software at the CLI. For more
information about how to upgrade software using the BootWare menu, see the H3C SR8800 10G Core
Routers Installation Guide.
Software upgrade configuration task list

Task Remarks
Upgrading system software from BootWare menu Optional
Upgrading the BootWare program at the CLI Optional
Upgrading the system boot file at the CLI Optional
90
Task Remarks
Upgrading software through hotfix Optional
Upgrading clock card Optional
Upgrading card logic Optional
Upgrading system software from BootWare menu

You can upgrade the system software from the BootWare menu by using one of the following methods:
• Using TFTP/FTP through Ethernet port
• Using Xmodem through console port
BootWare main menu

Upon startup, the router displays the following information:
SDRAM init successful.
System is starting...
****************************************************************************
* *
* H3C SR8800 BootWare, Version 203 *
* *
****************************************************************************
Copyright (c) 2004-2010 Hangzhou H3C Technologies Co., Ltd.
Compiled Date : Jan 29 2010

CPU Type : MPC7447A
CPU L1 Cache : 32KB
CPU L2 Cache : 512KB
CPU Clock Speed : 998MHz
Memory Type : SDRAM
Memory Size : 2048MB
Memory Speed : 133MHz
BootWare Size : 1MB
Flash Size : 128MB
cfa0 Size : 1024MB
NVRAM Size : 512KB
CPLD Version : 004
PCB Version : Ver.B
Board self testing...........................

Board steady testing... [ PASS ]
Board SlotNo... [ 0 ]
CPLD1 testing... [ PASS ]
CPLD2 testing... [ PASS ]
91
The switch's Mac address... [00:0F:E2:DE:86:00]
BootWare Validating...
Press Ctrl+B to enter extended boot menu...
NOTE:
The output varies with router models.
Press Ctrl+B when "Press Ctrl+B to enter extended BootWare menu..." appears.
Please input BootWare password:
Input the correct password to enter the BootWare main menu. (By default, no password is set, and press
Enter to enter the menu. When a password is set, if you fail to input the correct password three times, the
system hangs up, and you have to reboot the router.)
Note: The current operating device is cfa0
Enter < Storage Device Operation > to select device.
===========================<EXTEND-BOOTWARE MENU>===========================
|<1> Boot System |
|<2> Enter Serial SubMenu |
|<3> Enter Ethernet SubMenu |
|<4> File Control |
|<5> Modify BootWare Password |
|<6> BootWare Operation Menu |
|<7> Storage Device Operation |
|<0> Reboot |
============================================================================
Enter your choice(0-7):
BootWare submenus
Accessing the serial submenu
You can upgrade the system software and modify serial port parameters from the serial submenu.
Enter 2 in the BootWare main menu to access the serial submenu.
===========================<Enter Serial SubMenu>===========================
|Note:the operating device is cfa0 |
|<1> Download Application Program To SDRAM And Run |
|<2> Update Main Application File |
|<3> Update Backup Application File |
|<4> Update User Private File |
|<5> Modify Serial Interface Parameter |
|<0> Exit To Main Menu |
============================================================================
Accessing the Ethernet submenu

Enter 3 in the BootWare main menu to access the Ethernet submenu.
==========================<Enter Ethernet SubMenu>==========================
92
|<5> Modify Ethernet Parameter |
|<Ensure The Parameter Be Modified Before Downloading!> |
============================================================================
Accessing the file control submenu

Enter 4 in the BootWare main menu to access the file control submenu, where you can display files,
modify file names, and delete files.
===============================<File CONTROL>===============================
|<1> Display All File(s) |
|<2> Set Application File type |
|<3> Delete File |
============================================================================
Table 17 File control submenu description
Item Description
<1> Display All File(s) Display all files.
Set system software image type.

Attributes main (M) and backup (B) determine the
image type, such as type M, type B, or type M+B. An
image can have any combination of M and B
<2> Set Application File type attributes, but there can only be one image for the
same attribute. For example, if you specify an attribute
for a new image, the original image with the specified
attribute removes that attribute. If the original image
has only one attribute, its type changes to N/A.
<3> Delete File Delete files.
<0> Exit To Main Menu Return to the BootWare main menu.
Using TFTP/FTP through Ethernet port

1. Enter 3 in the BootWare main menu to access the Ethernet submenu, and then enter 6 to access the
Ethernet parameter set menu.
==========================<ETHERNET PARAMETER SET>==========================
|Note: '.' = Clear field. |
| '-' = Go to previous field. |
| Ctrl+D = Quit. |
============================================================================
Protocol (FTP or TFTP) :ftp
93
Load File Name :
:main.bin
Target File Name :
:main.bin
Server IP Address :192.168.1.1
Local IP Address :192.168.1.2
Gateway IP Address :
FTP User Name :user
FTP User Password :password
Table 18 Parameter description
Field Description
Load File Name Name for the downloaded file.
Name of the target file, identical with the name of the file on the
Target File Name
server.
2. Enter 2 to upgrade the main system software image.

Loading.....................................................................
............................................................................
............................................................................
............................................................................
............................................................................
............................................................................
............................................................................
............................................................................
............................................................................
..............................................................Done!
31911808 bytes downloaded!
Updating File cfa0:/main.bin. ................. ...........
....................................................Done!
==========================<Enter Ethernet SubMenu>==========================
|<5> Modify Ethernet Parameter |
|<Ensure The Parameter Be Modified Before Downloading!> |
============================================================================
3. Enter 0 to return to the BootWare main menu, and then enter 1 to boot the system.
Using Xmodem through console port

1. Enter 2 in the BootWare main menu to access the serial submenu.
94
============================================================================
2. Enter 5 in the serial submenu to change the baud rate.
===============================<BAUDRATE SET>===============================
|Note:'*'indicates the current baudrate |
| Change The HyperTerminal's Baudrate Accordingly |
|---------------------------<Baudrate Available>---------------------------|
|<1> 9600(Default)* |
|<2> 19200 |
|<3> 38400 |
|<4> 57600 |
|<5> 115200 |
|<0> Exit |
============================================================================
Enter your choice(0-5):5
Select the baud rate that you want to use. For example, enter 5 to select 115200 bps. The
following information appears:
Baudrate has been changed to 115200 bps.
Please change the terminal's baudrate to 115200 bps, press ENTER when ready.
NOTE:
If you use the default baud rate 9600 bps, go to Step 7.
3. Disconnect the HyperTerminal from the router by selecting Call/Disconnect in the HyperTerminal
window.
Figure 32 Disconnecting the terminal
4. Select File > Properties in the HyperTerminal window, click Configure in the popup dialog box,
and select the baud rate of 115200 bps in the console port properties dialog box.
95
Figure 33 Router Properties dialog box
Figure 34 Changing the baud rate
5. Click Call/Call to re-connect to the router.
96
Figure 35 Connecting to the router
After you press Enter, the following information appears:

The current baudrate is 115200 bps
===============================<BAUDRATE SET>===============================
|Note:'*'indicates the current baudrate |
| Change The HyperTerminal's Baudrate Accordingly |
|---------------------------<Baudrate Available>---------------------------|
|<1> 9600(Default) |
|<2> 19200 |
|<3> 38400 |
|<4> 57600 |
|<5> 115200* |
|<0> Exit |
============================================================================
6. Type 0 to return to the serial submenu.
============================================================================
7. Enter 2 in the serial submenu to upgrade the main system software image.
Please Start To Transfer File, Press <Ctrl+C> To Exit.
Waiting ...CCCCC
Select Transfer > Send File in the HyperTerminal window. In the Send File dialog box that appears,
click Browse to select the target image update.bin, and select Xmodem as the protocol.
97
Figure 36 Send File dialog box
8. Click Send.
The following dialog box appears:
Figure 37 Sending the file by using XMODEM
When the download is complete, the following information appears:

Download successfully!
31911808 bytes downloaded!
Input the File Name:main.bin
Updating File cfa0:/main.bin..............................................
.....................................................Done!

============================================================================
98
9. Enter 0 to return to the BootWare main menu, and then enter 1 to boot the system.
NOTE:
• After the startup, change the baud rate of the HyperTerminal back to 9600 bps by following Step 3
through Step 5.
• For higher speed, use the Ethernet port instead of the console port to download the system software
image.
Upgrading the BootWare program at the CLI

To upgrade the BootWare program:
1. Copy the new BootWare program to the root directory of the router's storage medium by using FTP
or TFTP.
2. Use the following command to upgrade the BootWare program on a card or a list of cards:

Upgrade the BootWare program bootrom update file file-url slot
on a card or a list of cards. slot-number-list
3. Reboot the router to make the specified BootWare program take effect.
NOTE:
The system boot file (with the file extension.bin) comprises the BootWare program, which is automatically
upgraded when the system boot file is upgraded. You can also manually upgrade the BootWare program
by executing the bootrom update file command.
Upgrading the system boot file at the CLI

Follow the steps to upgrade the boot file:
1. Save the boot file to the root directory of the storage media on the active MPU by using FTP, TFTP,
or other approaches.
2. Copy the boot file to the root directory of the storage media on the standby MPU.
3. Specify the boot file to be used at the next boot of the active MPU and standby MPU respectively
at the CLI.
4. Reboot the router to make the new boot file take effect.
Specifying a boot file to be used at the next boot

When multiple BootWare files are available on the storage media of the router, you can specify a file to
be used at the next router boot by executing the following command. A main boot file is used to boot a
router and a backup boot file is used to boot a router only when a main boot file is unavailable
To specify a file to be used at the next boot of the router:
99
Specify a file to be used at the next boot-loader file file-url slot
router boot on a card. slot-number { main | backup }
CAUTION:
• The file for the next router boot must be saved in the root directory of the router. For a router with a
partitioned storage media, the file must be saved on the first partition. You can copy or move a file to
change the path of it to the root directory.
• The names of the files for the next boot of the active MPU and the standby MPU may be different, but the
versions of the files must be the same. Otherwise, the router may not boot normally.
Upgrading the boot file for the standby MPU

If the versions of the active MPU and the standby MPU of a router are different, the standby MPU cannot
operate normally. With this function, you can upgrade the standby MPU quickly.
If this function is enabled:
1. The router copies the current boot file of the active MPU to the standby MPU.
2. The router specifies this boot file as the boot file to be used at the next router boot for the standby
MPU.
3. The standby MPU reboots automatically.
To upgrade the boot file for the standby MPU:

Upgrade the boot file for the
boot-loader update slot slot-number Available in user view.
standby MPU.
Upgrading software through hotfix

A hotfix is a fast, cost-effective method to repair software defects of a router. Compared with another
method, software version upgrade, a hotfix can upgrade the software without interrupting the services
running on the router. In other words, it can repair the software defects of the current version without the
need for a router reboot.
Basic concepts in hotfix

Patch and patch file
A patch, also called patch unit, is a package to fix software defects. Generally, patches are released as
patch files. A patch file may contain one or more patches for different defects. When loaded from the
storage media to the memory patch area, each patch is assigned a unique number, which starts from 1,
for identification, management and operation. For example, if a patch file has three patch units, they are
numbered as 1, 2, and 3 respectively.
100
Incremental patch
Patches in a patch file are all incremental patches. An incremental patch means that the patch is
dependent on the previous patch units. For example, if a patch file has three patch units, patch 3 can be
running only after patch 1 and 2 take effect. You cannot run patch 3 separately.
Common patch and temporary patch

Patches fall into two types, common patches and temporary patches.
• Common patches are those formally released through the version release flow.
• Temporary patches are those not formally released through the version release flow, but temporarily
provided to solve the emergent problems.
Patch package
A patch package contains patches of the same version but for various types of cards. You can install a
patch package on a distributed device or an IRF virtual device to upgrade the software of multiple cards
at a time. When you execute a patch package, the system automatically finds out the proper patch for
each card, and loads them to the cards, simplifying patch operation and patch version management.
Patch state
Each patch has a state, which can be switched only by commands. The relationship between patch state
changes and command actions is shown in Figure 38. The patch can be in IDLE, DEACTIVE, ACTIVE, or
RUNNING state. Load, run temporarily, confirm running, stop running, delete, install, and uninstall
represent operations, corresponding to commands of patch load, patch active, patch run, patch deactive,
patch delete, patch install, and undo patch install.
For example, if you execute the patch active command for the patches in DEACTIVE state, the patches
switch to ACTIVE state.
IMPORTANT:
Patch state information is saved in Flash memory in the file patchstate. To make sure that the device can
correctly find the patches, do not edit, delete, move the file, or change the file name.
101
Figure 38 Relationship between patch state changes and command actions
IDLE state
Patches in IDLE state are not loaded. You cannot activate or run the patches, as shown in Figure 39
(suppose the memory patch area can load up to eight patches). The patches that are in IDLE state are still
in IDLE state after system reboot.
Figure 39 Patches are not loaded to the memory patch area
Patch 1 IDLE
Patch 2 IDLE
Patch 3 IDLE
Patch 4 IDLE
Patch 5 IDLE
Memory Patch Area Patch 6 IDLE

Patch 7 IDLE
Patch 8 IDLE
NOTE:
Currently, the system patch area supports up to 200 patches.
DEACTIVE state
Patches in DEACTIVE state have been loaded to the memory patch area but have not run in the system
yet. Assume that there are seven patches in the patch file to be loaded. After the seven patches pass the
version check and CRC check, they are loaded to the memory patch area and are in DEACTIVE state.
The patch states in the system are as shown in Figure 40.
102
The patches that are in DEACTIVE state are still in DEACTIVE state after system reboot.
Figure 40 A patch file is loaded to the memory patch area
ACTIVE state
Patches in ACTIVE state are those that have run temporarily in the system and become DEACTIVE after
system reboot. For the seven patches in Figure 40, if you activate the first five patches, their patch states
change from DEACTIVE to ACTIVE. The patch states in the system are as shown in Figure 41.
The patches that are in ACTIVE state are in DEACTIVE state after system reboot.
Figure 41 Patches are activated
Patch 1 ACTIVE
Patch 2 ACTIVE
Patch 3 ACTIVE
Patch 4 ACTIVE
Patch 5 ACTIVE
Patch 6 DEACTIVE
Memory Patch Area
Patch 7 DEACTIVE
Patch 8 IDLE
RUNNING state
After you confirm the running of the ACTIVE patches, the state of the patches changes to RUNNING and
the patches are in RUNNING state after system reboot. For the five patches in Figure 41, if you confirm
running the first three patches, their states change from ACTIVE to RUNNING. The patch states of the
system are as shown in Figure 42.
The patches that are in RUNNING state are still in RUNNING state after system reboot.
103
Figure 42 Patches are running
Patch 1 RUNNING
Patch 2 RUNNING
Patch 3 RUNNING
Patch 4 ACTIVE
Patch 5 ACTIVE
Patch 6 DEACTIVE
Memory Patch Area
Patch 7 DEACTIVE
Patch 8 IDLE
Hotfix configuration task list

Task Remarks
Installing a patch in one step Use either approach.
Install patches The step-by-step patch installation allows you
Installing a patch step-by-step to control the patch status.
Uninstalling all patches in one step Use either approach.

Uninstall patches The step-by-step patch uninstallation allows
Uninstalling a patch step-by-step you to control the patch status.
CAUTION:
Make sure the version of the patch files consistent with that of the current software before loading,
activating, and running the patches.
Before patching the system, save the appropriate patch files to the storage media of the router with FTP
or TFTP.
Patches are released according to card type. Make sure the patch files match the router model and card
type.
Save the patch files to the active MPU and standby MPU so that the patches on the original standby MPU
can run after an active and standby switchover. During patching, the system first searches the root
directory of the storage media on the active MPU for patch files. Then it compares the patch files with the
card type by the patch flag. If they match, the patches are loaded to or installed on the board.
The flag suffix is the first three characters of the version item (with the display patch information
command). Table 19 describes the default patch for some card types.
Table 19 Default patches for different card types
Product Cart type Flag Default patch name

SR8800 SR02SRP2E3 PATCH-M2E patch_m2e.bin
104
Product Cart type Flag Default patch name
SR02SRP1E3
SR02SRP1M3
SR02SRP1F3
PATCH-M2F patch_m2f.bin
SR02SRP2F3
SPE-1010
PATCH-LPA patch_lpa.bin
SPE-1020
SPE-1010-E
SPE-1020-E PATCH-LPE patch_lpe.bin
IM-FW
SPE-1010-II
SPE-1020-II
PATCH-LPL patch_lpl.bin
SPE-1010-E-II
SPE-1020-E-II
IM-NAT PATCH-NAT patch_nat.bin
IM-NAM PATCH-NAM patch_nam.bin
IM-NAT-II PATCH-LNT patch_lnt.bin
IM-NAM-II PATCH-LNS patch_lns.bin
SPC-XP4L
SPC-XP2L
SPC-GP24L PATCH-LC patch_lc.bin
SPC-GP48L
SPC-GT48L
Installing a patch in one step

To install patches in one step, execute the patch install command with specifying either the directory
where the patch file locates or the filename of the patch package.
After you execute the patch install command, the system displays the "Do you want to continue running
patches after reboot? [Y/N]:" message. If you enter:
• y or Y: All the patches are installed, and turn to RUNNING state from IDLE. This equals execution
of the commands patch location, patch load, patch active, and patch run. The patches remain in
RUNNING state after system reboot.
• n or N: All the patches are installed and turn to ACTIVE state from IDLE. This equals execution of the
commands patch location, patch load, and patch active. The patches turn to DEACTIVE state after
system reboot.
To install a patch package, save the patch package file to the storage media of the active MPU. The
standby MPU and all interface cards will load the patch file from the active MPU.
To install the patches in one step:
105
Step Command
2. Install the patches in one step. patch install { patch-location | file patch-package }
NOTE:
• The patch matches the card type and software version.
• If you install a patch file by specifying the directory where the patch file locates, the patch install
command will change the patch file location specified with the patch location command to the directory
specified by the patch-location argument of the patch install command.
• If you install a patch file by specifying the filename of the patch package, the patch install command will
not change the patch file location specified with the patch location command.
• To uninstall all patches in one operation, use the undo patch install command, which is the same as
performing Uninstalling a patch step-by-step.
Installing a patch step-by-step

Step-by-step patch installation enables you to control the patch status during the patch installation
process.
Step-by-step patch installation task list
Task Remarks
Optional.
Configuring the patch file location
To install a patch package, skip this step.
Loading a patch file Required.
Activating patches Required.
running patches Optional.
Configuring the patch file location

If you save the patch files to other storage media except the flash on the router, you need to specify the
directory where the patch files locate with the patch-file argument. Then the system loads the appropriate
patch files from the specified directory.
To configure the path file location:

2. Configure the path to the Optional.

patch location patch-file
source patch files. flash: by default.
106
NOTE:
• The directory specified by the patch-file argument must exist on both the active MPU and standby MPU.
If the standby MPU does not have such directory, the system cannot locate the patch files on the original
standby MPU after an active and standby switchover.
• If you install a patch file by specifying the directory where the patch file locates, after the patch install
command is executed, the system automatically changes patch file location specified with the patch
location command to the directory specified by the patch-location argument of the patch install
command. For example, if you execute the patch location xxx command and then the patch install yyy
command, the patch file location automatically changes from xxx to yyy.
Loading a patch file

Loading the right patch files is the basis of other hotfixing operations.
• If you install a patch from a patch file, the system loads a patch file from the Flash by default. If the
system cannot find the patch file on the Flash, it tries to load the patch file from the CF card.
• If you install a patch from a patch package, the system finds the correct patch file in the patch
package file and loads the patch file.
CAUTION:
• Set the file transfer mode to binary mode before using FTP or TFTP to upload or download patch files to
or from the flash of the router. Otherwise, patch file cannot be parsed properly.
• To hotfix a router with active MPU and standby MPU s, make sure that the patch files on the two boards
are the same. Otherwise, the router cannot backup the patch states, resulting in patch state loss.
To load a patch file:
Step Command
2. Load the patch file on the storage medium
patch load slot slot-number [ file patch-package ]
to the memory patch area.
Activating patches
After you activate a patch, the patch takes effect and is in the test-run stage. After the router is reset or
rebooted, the patch becomes invalid.
If you find that an ACTIVE patch is of some problem, you can reboot the router to deactivate the patch,
so as to avoid a series of running faults resulting from patch error.
To activate patches:
Step Command
2. Activate the specified patches. patch active [ patch-number ] slot slot-number
Confirm running patches

After you confirm that the installed patch is running, the patch state changes to RUNNING, and the
patch is in the normal running stage. After the router is reset or rebooted, the patch is still valid.
To confirm the running of the patches:
107
Step Command
2. Confirm the running of the specified
patch run [ patch-number ] [ slot slot-number ]
patches.
NOTE:
This operation is applicable to patches in ACTIVE state only.
Uninstalling all patches in one step

To uninstall patches from all the cards and OAM CPU in one step, use the undo patch install command.
The patches then turn to IDLE state. This equals the execution of the commands patch deactive and patch
delete on each card.
To uninstall all patches in one step:

2. Uninstall all patches in one Deactivates and deletes all the

undo patch install
step. patches.
Uninstalling a patch step-by-step

Step-by-step patch uninstallation task list
Task Remarks
Stopping patches Required
Deleting patches Required
Stopping patches
When you deactivate a patch, the patch state becomes DEACTIVE, and the system runs in the way before
it is installed with the patch.
To deactivate patches:
Step Command
2. Stop running the specified patches. patch deactive [ patch-number ] slot slot-number
Deleting patches
When a patch is deleted, the system runs in the way before it is installed with the patch.
To delete patches:
108
Step Command
2. Delete the specified patches from the
patch delete [ patch-number ] slot slot-number
memory patch area.
Upgrading clock card

You can use the clock card program saved on the storage medium to upgrade the clock card on the
specified MPU.
To upgrade a clock card:

update clockmcu slot slotnumber
Upgrade the clock card. Available in user view
file filename
Upgrading card logic

To upgrade the logic of the specified card:

logic update file filename slot slot-number Available in user
Upgrade the logic of the specified card.
{ board | subcard } view.
NOTE:
If you plug in a line card during upgrading of a logic, you have to wait a comparatively long time for the
router to power on this line card.
Displaying and maintaining software upgrade

configuration
display boot-loader [ slot
Display information of the boot file. slot-number ] [ | { begin | exclude | Available in any view
Display information about the display patch [ | { begin | exclude |

patch package. include } regular-expression ]
display patch information [ | { begin

Display the patch information. | exclude | include } Available in any view
109
Software upgrade configuration examples
Remote upgrade configuration example
As shown in Figure 43, the router (Device) serves as the FTP client. The SR8800.app application program
and the LPUBTR.app BootWare program are both saved in the SR8800 directory of the FTP server. The
device and the FTP server can reach each other, and the PC and device can reach each other.
Upgrade the software version and Boot ROM version of the device through remote operations.
1. Configure FTP server (the configurations may vary with different types of servers)
# Enable the FTP server.
<FTP-Server> system-view
[FTP-Server] ftp server enable
# Set the FTP username to aaa and the password to hello.
[FTP-Server] local-user aaa
[FTP-Server-luser-aaa] password cipher hello
# Configure the user to have read-write permissions on the aaa directory.
[FTP-Server-luser-aaa] service-type ftp
[FTP-Server-luser-aaa] level 3
[FTP-Server-luser-aaa] authorization-attribute work-directory flash:/
2. Configure Device
CAUTION:
If the size of the Flash memory on the router is not large enough, delete the original application programs
from the Flash before downloading.
# Enter the following command in the user view to log in to the FTP server.
<Device> ftp 2.2.2.2
Trying ...
110
Press CTRL+K to abort
User(2.2.2.2:(none)): aaa
Password:
[ftp]
# Download the SR8800.app and LPUBTR.app files from the FTP server to the Flash memory of
Device.
[ftp] get SR8800.app
[ftp] get LPUBTR.app
# Clear the FTP connection and return to the user view.
[ftp] bye
<Device>
# Upgrade the BootWare file of the MPU using the file downloaded through FTP.
<Device> bootrom update file LPUBTR.app slot 0
# Specify the application program for the next boot on MPU 0.
<Device> boot-loader file SR8800.app slot 0 main
# When the MPUs of the router work in the active/standby mode, you need to upgrade the
program of the standby MPU and specify it as the application program for the next boot. If the
standby MPU is in slot 1, the command is as follows:
<Device> boot-loader file slot1#flash:/SR8800.app slot 1 main
# Reboot the router. The application program is upgraded now.
<Device> reboot
Hotfix configuration example

As shown in Figure 44, Device is using software soft-version1. The latest patches are released to fix the
defects in version 1, and an upgrading is required. The patch_m2e.bin and patch_lpe.bin patch files are
saved in the aaa directory of the FTP server. Device and the FTP server can reach each other.
Hotfix the software on the device.
111
1. Configure FTP server (the configuration varies depending on server type)
# Enable FTP server.
<FTP-Server> system-view
[FTP-Server] ftp server enable
# Configure an FTP user with the name aaa and password hello.
[FTP-Server] local-user aaa
[FTP-Server-luser-aaa] password cipher hello
# Assign read-write rights for the FTP user aaa.
[FTP-Server-luser-aaa] service-type ftp
[FTP-Server-luser-aaa] authorization-attribute work-directory flash:/aaa
2. Configure Device
CAUTION:
Make sure the free flash space of the device is big enough to store the patches.
# Before upgrading the software, use the save command to save the current system configuration.
(Details not shown)
# Log in to the FTP server. Note that the command output varies depending on server type.
<Device> ftp 2.2.2.2
Trying 2.2.2.2 ...
Press CTRL+K to abort
User(2.2.2.2:(none)):aaa
Password:
[ftp]
# Download the patch_m2e.bin and patch_lpe.bin files from FTP Server.
[ftp] binary
[ftp] get patch_m2e.bin
112
[ftp] get patch_lpe.bin
[ftp] bye
<Device>
# Copy the patch files to the root directory of the standby MPU in slot 1.
<Device> copy patch_m2e.bin slot1#flash:/
<Device> copy patch_lpe.bin slot1#flash:/
# Install the patch.
<Device> system-view
[Device] patch install flash:
Patches will be installed. Continue? [Y/N]:y
Do you want to continue running patches after reboot? [Y/N]:y
Installing patches........
%Aug 8 11:15:30:607 2008 Sysname MEM/4/WARNING:
Patch load completed for slot 0.
Patch load completed for slot 3.1
Installation completed, and patches will continue to run after reboot.
113
Managing the device
Device management overview

Device management includes monitoring the operating status of devices and configuring their running
parameters.
NOTE:
Storage media include Flash and compact Flash (CF). Flash is exemplified in this document.
In this document, SPC cards refer to the cards with silkscreen staring with SPC, for example, SPC-GT48L,
and SPE cards refer to the cards with silkscreen staring with SPE, for example, SPE-1020-E-II.
File names in this document comply with the following rules:
• Path + file name (namely, a full file name): File on a specified path. A full file name consists of 1 to 135
characters.
• “File name” (namely, only a file name without a path): File on the current working path. The file name
without a path consists of 1 to 91 characters.
Displaying device configuration

To avoid duplicate configuration, use the display commands to view the current configuration of the
router before configuring the router. The configurations of a router include:
• Current configuration—The running configuration on the router. Unless otherwise noted (such as a
command that takes effect after the router reboots), the current configuration is not effective after the
router reboots.
• Saved configuration—Configuration saved in the configuration file, which helps to restore
configurations conveniently.
To display device configurations:

display default-configuration [ |
Display the factory default
configuration of the router.
display current-configuration
[ [ configuration [ configuration ] |
interface [ interface-type ]
Display the current configuration of [ interface-number ] ] [ by-linenum ]
the router. [ | { begin | exclude | include }
regular-expression ] ] [ | { begin |
exclude | include }
114
more file-url
To display the configuration file The more command is available in
Display the saved configuration, user view.
used at the next startup, use this
or, in other words, the content of
command: The display saved-configuration
the configuration file.
display saved-configuration command is available in any view.
[ by-linenum ]
NOTE:
For more information about the more, display default-configuration, display current-configuration, and
display saved-configuration commands, see the chapters “Managing files” and “Managing
configuration files.”
Configuring the device name

A device name identifies a device in a network and works as the user view prompt at the CLI. For
example, if the device name is Sysname, the user view prompt is <Sysname>.
To configure the device name:

Optional
2. Configure the device name. sysname sysname
H3C by default
Changing the system time

Configuring the system time
You must synchronize your device with a trusted time source by using NTP or changing the system time
before you run it on the network. Network management depends on an accurate system time setting,
because the timestamps of system messages and logs use the system time.
In a small-sized network, you can manually set the system time of each device.
Configuration guidelines
You can change the system time by configuring the relative time, time zone, and daylight saving time. The
configuration result depends on their configuration order (see Table 20). In the first column of this table,
1 represents the clock datetime command, 2 represents the clock timezone command, and 3 represents
the clock summer-time command. To verify the system time setting, use the display clock command. This
table assumes that the original system time is 2005/1/1 1:00:00.
115
Table 20 System time configuration results
Command Effective system time Configuration example System time

clock datetime 1:00 01:00:00 UTC Mon
1 date-time
2007/1/1 01/01/2007
Original system time ± clock timezone 02:00:00 zone-time Sat

2
zone-offset zone-time add 1 01/01/2005
clock datetime 2:00
2007/2/2 03:00:00 zone-time Fri
1, 2 date-time ± zone-offset
clock timezone 02/02/2007
zone-time add 1
clock timezone
zone-time add 1 03:00:00 zone-time Sat
2, 1 date-time
clock datetime 3:00 03/03/2007
2007/3/3
The original system time
outside the daylight
saving time range: clock summer-time ss
one-off 1:00 01:00:00 UTC Sat
The system time does not 2006/1/1 1:00 01/01/2005
change until it falls into 2006/8/8 2
the daylight saving time
range.
03:00:00 ss Sat
01/01/2005
3 NOTE:
If the original system time
The original system time
plus summer-offset is
in the daylight saving time clock summer-time ss
one-off 00:30 beyond the daylight saving
range:
2005/1/1 1:00 time range, the original
The system time increases 2005/8/8 2 system time does not
by summer-offset. change. After you disable
the daylight saving setting,
the system time
automatically decreases by
summer-offset.
clock datetime 1:00
date-time outside the 2007/1/1
daylight saving time 01:00:00 UTC Mon
clock summer-time ss
range: one-off 1:00 01/01/2007
date-time 2006/1/1 1:00
2006/8/8 2
10:00:00 ss Mon
01/01/2007
NOTE:
1, 3
clock datetime 8:00 If the date-time plus
date-time in the daylight 2007/1/1 summer-offset is outside the
saving time range: clock summer-time ss daylight saving time range,
one-off 1:00 the system time equals
date-time + summer-offset 2007/1/1 1:00
2007/8/8 2
date-time. After you disable
the daylight saving setting,
the system time
automatically decreases by
summer-offset.
116
3, 1 one-off 1:00
(date-time outside the 2007/1/1 1:00 01:00:00 UTC Tue
date-time 2007/8/8 2
daylight saving time 01/01/2008
range) clock datetime 1:00
2008/1/1
date-time – summer-offset one-off 1:00
outside the daylight 2007/1/1 1:00 23:30:00 UTC Sun
saving time range: 2007/8/8 2 12/31/2006
3, 1 clock datetime 1:30
date-time – summer-offset
(date-time in the 2007/1/1
daylight saving time clock summer-time ss
date-time – summer-offset one-off 1:00
range)
in the daylight saving time 2007/1/1 1:00 03:00:00 ss Mon
range: 2007/8/8 2 01/01/2007
date-time clock datetime 3:00
2007/1/1
Original system clock ±

clock timezone
zone-offset outside the zone-time add 1
daylight saving time 02:00:00 zone-time Sat
range: one-off 1:00 01/01/2005
Original system clock ± 2007/1/1 1:00
2007/8/8 2
zone-offset
2, 3 or 3, 2
Original system clock ±
zone-offset outside the clock timezone
daylight saving time zone-time add 1
System clock configured:
range: clock summer-time ss 04:00:00 ss Sat
one-off 1:00
Original system clock ± 01/01/2005
2005/1/1 1:00
zone-offset + 2005/8/8 2
summer-offset
clock datetime 1:00
2007/1/1
date-time ± zone-offset
clock timezone
outside the daylight zone-time add 1 02:00:00 zone-time Mon
saving time range: 01/01/2007
date-time ± zone-offset one-off 1:00
2008/1/1 1:00
2008/8/8 2
1, 2 , 3 or 1, 3, 2
clock datetime 1:00
date-time ± zone-offset 2007/1/1
outside the daylight clock timezone
saving time range: zone-time add 1 04:00:00 ss Mon
clock summer-time ss 01/01/2007
date-time ± zone-offset +
one-off 1:00
summer-offset 2007/1/1 1:00
2007/8/8 2
clock timezone
zone-time add 1
date-time outside the
daylight saving time one-off 1:00 01:00:00 zone-time Mon
2, 3, 1 or 3, 2, 1 range: 2008/1/1 1:00 01/01/2007
2008/8/8 2
date-time
clock datetime 1:00
2007/1/1
117
clock timezone
date-time in the daylight zone-time add 1
saving time range, but
date-time – summer-offset one-off 1:00 23:30:00 zone-time Mon
outside the summer-time 2008/1/1 1:00 12/31/2007
range: 2008/8/8 2
date-time – summer-offset clock datetime 1:30

2008/1/1
clock timezone
Both date-time and zone-time add 1
date-time – summer-offset clock summer-time ss
in the daylight saving time one-off 1:00 03:00:00 ss Tue
range:
2008/1/1 1:00 01/01/2008
2008/8/8 2
date-time clock datetime 3:00
2008/1/1
To configure the system time:

Optional.
1. Set the system time and date. clock datetime time date
Optional.
clock timezone zone-name { add |
3. Set the time zone. Universal time coordinated (UTC)
minus } zone-offset
time zone by default.
• Set a non-recurring scheme:

clock summer-time zone-name Optional.
one-off start-time start-date
Use either command.
4. Set a daylight saving time end-time end-date add-time
scheme. • Set a recurring scheme: By default, daylight saving time is
clock summer-time zone-name disabled, and the UTC time zone
repeating start-time start-date applies.
end-time end-date add-time
Enabling displaying copyright information

The device by default displays the copyright statement when a Telnet or SSH user logs in, or when a
console user quits user view. You can disable or enable the function as needed. The following is a sample
copyright statement:
**************************************************************************
* Copyright (c) 2004-2012 Hangzhou H3C Tech. Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
**************************************************************************
118
To enable displaying copyright information:

2. Enable displaying copyright Optional

copyright-info enable
information. Enabled by default
Configuring banners
Introduction to banners
Banners are messages that the system displays when a user connects to the device to perform login
authentication, and start interactive configuration.
Banner types
The system supports the following types of banners:
• Legal banner appears after the system displays the copyright or license statement for a user
attempting to log in. To continue authentication or login, the user must enter Y or press Enter. To quit
the process, the user must enter N. Y and N are case-insensitive.
• Message of the Day (MOTD) banner displays the greeting message, and appears after the legal
banner and before the login banner. Support for this banner depends on the device model.
• Login banner appears only when password or scheme login authentication has been configured.
• Incoming banner appears for Modem dial-in users and the shell banner appears for users that use
any other access method to access the CLI.
Message input modes

The system supports single-line input and multiple-line input for configuring a banner.
• Single-line input
In single-line input mode, all banner information comes after the command keywords in the same
line. The start and end characters of the input text must be the same but are not part of the banner
information. The input text, together with the command keywords, cannot exceed 510 characters.
In this mode, do not press Enter after typing the banner information. For example, to configure a
banner like “Have a nice day.”, use the following command:
<System> system-view
[System] header shell %Have a nice day.%
• Multiple-line input
In multiple-line input mode, you can press Enter to separate the banner information in multiple lines.
In this case, up to 2000 characters can be typed.
Use one of the following methods to implement multi-line input mode:
{ Method I—Press the Enter key after the command keywords, type the banner information, and
finish with the % character. The % character is not part of the banner information. For example,
to configure a banner like “Have a nice day. Please input the Password!”, use the following
commands:
[System] header shell
119
Please input banner content, and quit with the character '%'.――System prompt
Have a nice day.
Please input the Password!%
{ Method II—Type a character after the command keywords at the first line, and press Enter.
Type the banner information, and finish with the character you typed at the first line. The start
character and the end character are not part of the banner information. For example, to
configure a banner like “Have a nice day. Please input the Password!”, use the following
commands:
[System] header shell A
Please input banner content, and quit with the character 'A'.――System prompt
Have a nice day.
Please input the Password!A
{ Method III—Type multiple characters after the command keywords at the first line (with the first
and last characters being different), and press the Enter key. Type the banner information, and
finish with the first character you typed at the first line. The first input character at the first line
and the end character are not part of the banner information. For example, to configure a
banner like “Have a nice day. Please input the Password!”, use the following commands:
[System] header shell AHave a nice day.
Please input banner content, and quit with the character 'A'.――System prompt
Please input the Password!A
Configuring procedure
To configure banners:

2. Configure the incoming
header incoming text Optional
banner.
3. Configure the login banner. header login text Optional
4. Configure the legal banner. header legal text Optional
5. Configure the shell banner. header shell text Optional
6. Configure the MOTD banner. header motd text Optional
Configuring the exception handling method

You can configure the device to handle system exceptions in one of the following methods:
• reboot— The device automatically reboots to recover from the error condition.
• maintain—The device stays in the error condition so you can collect complete data, including error
messages, for diagnosis. In this approach, you must manually reboot the device.
To configure the exception handling method:
120
2. Configure the exception Optional

handling method on the system-failure { maintain | By default, the active MPU and the
active main processing unit reboot } standby MPUs adopt the reboot
(MPU) and the standby MPUs. method to handle exceptions.
NOTE:
• With this command configured, both the active MPU and the standby MPU adopt the same method to
handle exceptions. The device always reboots an interface card or the auxiliary CPU system when an
exception occurs to them.
• The exception handling method is effective to the failed card only, and does not influence the functions
of other cards.
Rebooting the router

You can reboot the router in one of the following ways to recover from an error condition:
• Reboot the router immediately at the CLI.
• At the CLI, schedule a reboot to occur at a specific time and date or after a delay.
• Power off and then re-power on the router. This method might cause data loss, and is the least
preferred method.
Reboot at the CLI enables easy remote device maintenance.
CAUTION:
• Device reboot can interrupt network services.
• To avoid data loss, use the save command to save the current configuration before a reboot.
• Use the display startup and display boot-loader commands to check that you have correctly set the
startup configuration file and the main system software image file. If the main system software image file
has been corrupted or does not exist, the device cannot reboot. You must re-specify a main system
software image file, or power off the device and then power it on so the system can reboot with the
backup system software image file.
To reboot the router immediately at the CLI, perform the following command in user view:

Optional.
Reboot a card or the whole system. reboot [ slot slot-number ] If no card is specified, the
command reboots the whole
device.
To schedule a device reboot, perform one of the following commands in user view :
121
• Schedule a reboot to occur at a
specific time and date: Use either approach.
schedule reboot at hh:mm
The scheduled reboot function is
[ date ]
Schedule a reboot. disabled by default.
• Schedule a reboot to occur
after a delay: Changing any clock setting can
schedule reboot delay { hh:mm cancel the reboot schedule.
| mm }
NOTE:
• If the device has only one MPU, rebooting the MPU causes the device to reboot. If the device has two
MPUs, rebooting the active MPU causes the active MPU to reboot and an active/standby switchover. You
cannot use the reboot command to reboots a standby MPU. To reboot a standby MPU, use the slave
restart command (see High Availability Command Reference).
• For data security, if you are performing file operations at the reboot time, the system does not reboot.
Configuring system working mode

A working mode defines a kind of assignment of hardware resources. You can change the system
working mode to suit different services. The router may work in any of the following three working modes:
• hybrid—In this mode, both the SPC and SPE cards can work normally.
• spc—In this mode, only the SPC cards (for example, SPC-GT48L) can work normally.
• spe—In this mode, only the SPE cards (for example, SPE-1020-E-II) can work normally.
To configure the system working mode:

2. Configure the system working

system working mode { hybrid | spc | spe } Hybrid by default
mode.
NOTE:
A reboot is required after you change the system working mode to make your changes take effect.
Scheduling jobs
You can schedule a job to automatically run a command or a set of commands without administrative
interference. The commands in a job are polled every minute. When the scheduled time for a command
is reached, the job automatically executes the command. If a confirmation is required while the
command is running, the system automatically enters Y or Yes. If characters are required, the system
automatically enters a default character string or an empty character string when no default character
string is available.
122
Job configuration approaches
You can configure jobs in a non-modular or modular approach. Use the non-modular approach for a
one-time command execution and use non-modular approach for complex maintenance work.
Table 21 A comparison of non-modular and modular approaches
Scheduling a job in the non-modular Scheduling a job in the modular

Comparison item
approach approach
Configuration method Configure all elements in one command Separate job, view, and time settings
Can multiple jobs be

No Yes
configured?
No Yes
Can a job have multiple If you use the schedule job command You can use the time command in job
commands? repeatedly, only the last configuration view to configure commands to be
takes effect. executed at different time points.
User view and system view. In the

schedule job command, shell represents All views. In the time command,
Supported views
user view, and system represents system monitor represents user view.
view.
Supported commands Commands in user view and system view Commands in all views
Can a job be repeatedly

No Yes
executed?
Can a job be saved? No Yes
Can a job be backed up

No Yes
to the standby MPU?
Configuration guidelines
• To have a job successfully run a command, check that the specified view and command are valid.
The system does not verify their validity.
• The configuration interface, view, and user status that you have before job execution restores even
if the job has run a command that changes the user interface (for example, telnet, ftp, and ssh2),
the view (for example, system-view and quit), or the user status (for example, super).
• The jobs run in the background without displaying any messages except log, trap and debugging
messages.
• In the modular approach:
{ Every job can have only one view and up to 10 commands. If you specify multiple views, the
one specified last takes effect.
{ Input a view name in its complete form. Most commonly used view names include monitor for
user view, system for system view, GigabitEthernetx/x/x for Ethernet interface view, and
Vlan-interfacex for VLAN interface view.
{ The time ID (time-id) must be unique in a job. If two time and command bindings have the same
time ID, the one configured last takes effect.
123
Scheduling a job in the non-modular approach
To schedule a job, perform one of the following commands in user view:
Schedule a job to run a command at a Use either command.

specific time: NOTE:
schedule job at time [ date ] view view
• If you execute the schedule job command
command
Schedule a job. repeatedly, the last configuration takes
Schedule a job to run a command after a effect.
delay: • Changing any clock setting can cancel
schedule job delay time view view the job set by using the schedule job
command command.
Scheduling a job in the modular approach

To configure a scheduled job:

2. Create a job and enter
job job-name N/A
job view.
3. Specify the view in which You can specify only one view for
the commands in the job view view-name a job. The job executes all
run. commands in the specified view.
• Configure a command to run at a
specific time and date:
time timeid at time1 date command
command
• Configure a command to run at a Use any of the commands.
specific time:
NOTE:
4. Add commands to the time timeid { one-off | repeating } at
job. time1 [ month-date month-day | Changing a clock setting does not
week-day week-daylist ] command affect the schedule set by using the
command time at or time delay command.
• Configure a command to run after a
delay:
time timeid { one-off | repeating }
delay time2 command command
Scheduled job configuration example

Configure scheduled jobs on the device to enable interfaces GigabitEthernet 3/1/1, GigabitEthernet
3/1/2, and GigabitEthernet 3/1/3 at 8:00 and disabled them at 18:00 on working days every week,
to control the access of the PCs connected to these interfaces.
124
# Enter system view.
# Create a job named pc1, and enter its view.

[Sysname] job pc1
# Configure the job to be executed in the view of GigabitEthernet 3/1/1.

[Sysname-job-pc1] view GigabitEthernet 3/1/1
# Configure the router to enable GigabitEthernet 3/1/1 at 8:00 on working days every week.
[Sysname-job-pc1] time 1 repeating at 8:00 week-day mon tue wed thu fri command undo
shutdown
# Configure the router to shut down GigabitEthernet 3/1/1 at 18:00 on working days every week.
[Sysname-job-pc1] time 2 repeating at 18:00 week-day mon tue wed thu fri command shutdown
[Sysname-job-pc1] quit

[Sysname] job pc2

shutdown

[Sysname] job pc3

shutdown
125
# Display information about scheduled jobs.

[Sysname] display job
Job name: pc1
Specified view: GigabitEthernet3/1/1
Time 1: Execute command undo shutdown at 08:00 Mondays Tuesdays Wednesdays Thursdays
Fridays
Time 2: Execute command shutdown at 18:00 Mondays Tuesdays Wednesdays Thursdays Fridays
Job name: pc2
Fridays
Job name: pc3
Fridays
Configuring the port status detection timer

Some protocols might shut down ports under specific circumstances. For example, MSTP shuts down a
BPDU guard–enabled port when the port receives a BPDU. In this case, you can set the port status
detection timer. If the port is still down when the detection timer expires, the protocol module
automatically cancel the shutdown action and restore the port to its original physical status.
To configure the port status detection timer:

2. Configure the port status Optional

shutdown-interval time
detection timer. 30 seconds by default
Configuring temperature alarm thresholds for a

card
You can set temperature alarm thresholds for a card by using the following command. When the
temperature of a card exceeds the threshold, the router will generate alarm signals.
To configure temperature alarm thresholds for a card:

126
temperature-limit slot slot-number hotspot
2. Configure temperature
sensor-number lowerlimit warninglimit Optional
alarm thresholds for a card.
[ alarmlimit ]
Manging power supply

Starting and stopping power supply to a card
When the power supply of the system is insufficient, the device automatically supplies power to the cards
according to a specific mechanism. You can use the display power-supply command to view the power
supply conditions of the router and the cards. You can also start and stop power supply to a card to
adjust the available power of the system according to the actual power supply conditions.
To start or stop power supply to a card, perform the following command in user view:
Start or stop power supply to power-supply { on | off } slot Optional.

a card. slot-number The specified card cannot be an MPU.
Enabling the power alarm monitoring function

The power alarm monitoring function enables the device to monitor the power status. When an exception
occurs to a power module or a power module is not present, the device displays the power status through
the ALARM LED on the MPU. If you do not enable this function, you can only use the display alarm to
check the alarms for troubleshooting.
After you enable the power alarm monitoring function, one of the following occurs:
• When the ALARM LED is steady on, an exception migh have occurred to a power module or a card.
You can use the display alarm command to view detailed alarms.
• When the ALARM LED blinks, one or multiple power modules are not present.
• When the ALARM LED is off, all power modules operate normally.
To enable the power alarm monitoring function:

2. Enable the power
alarm monitoring power alarm enable Disabled by default
function.
NOTE:
If you enable this function and save the configuration, the ALARM LED on the MPU can display the power
status even after the MPU reboots.
127
Configuring in-service hardware failure diagnosis
A hardware failure may cause traffic forwarding failures and service interruption. To improve the
automatic failure detection and handling capabilities of the router, you can configure in-service
hardware failure diagnosis and failure protection.
The in-service hardware failure diagnosis and failure protection feature covers in-service hardware
failure detection for chips, cards, and the forwarding service, and automatic fix actions taken for the
detected failures.
To configure in-service hardware failure diagnosis and failure protection:

The fix actions taken in case of hardware

failures include:
• off—Takes no action.
2. Enable in-service • warning—Sends warning messages.
hardware failure • reset—Resets the failed card.
hardware-failure-detection
detection and • isolate—Shuts down the failed port,
{ chip | board | forwarding }
configure fix actions isolates the failed card, prohibits the failed
{ off | warning | reset | isolate }
taken in case of card from loaded, or powers off the failed
hardware failures.. card to reduce the impact of the failure to
the system.
By default, the fix action taken for all
hardware failures is warning.
NOTE:
• The router does not support the keywords reset and isolate.
• After configuring in-service diagnosis and failure protection, you can use the display
hardware-failure-detection command to check the running information of the feature.
Configuring the load mode for the active MPU and

standby MPU
The active MPU and standby MPU support the following load modes:
• load-balance—Load (processing and forwarding packets) is balanced between the active MPU
and standby MPU.
• load-single—The active MPU processes and forwards packets, whereas the standby MPU only
backs up data and monitors the state of the active MPU.
To configure the load mode for active MPU and standby MPU:

128
Optional.
2. Configure the load mode for
active MPU and standby xbar { load-balance | load-single } The active MPU and standby MPU
MPU. work in load-single mode by
default.
CAUTION:
The load-balance mode is valid only when both the active MPU and standby MPU are in their slots. If only
the active MPU is available, the active MPU automatically switches to the load-single mode after the
load-balance mode is configured.
Configuring the size of the buffer shared by all

interfaces on an interface card
An interface card uses a buffer with a fixed size to buffer the packets received and sent. A buffer
comprises multiple storage units. It is divided into two areas: fixed buffer and shared buffer. The fixed
buffer is allocated to the interfaces according to a certain algorithm, and the shared buffer is shared by
all interfaces. When the traffic of an interface becomes heavy, and the fixed buffer cannot provide
sufficient memory, the shared buffer provides temporary memory for the interface.
By default, the fixed buffer and the shared buffer contain a fixed number of storage units. You can
configure the number of storage units in the shared buffer as needed. Because the total number of
storage units in a buffer is fixed, the number of storage units in the fixed buffer will change after your
configuration. You can tune the shared buffer area depending on traffic patterns. If transient large traffic
bursts occur on some interfaces, you can expand the shared buffer to accommodate the bursts to prevent
traffic loss. If transient small traffic bursts often occur on the interfaces, you can decrease the shared
buffer so that each port can get more dedicated buffer memory.
To set the size in blocks of the receive or transmit buffer shared by all interfaces on an interface card:

1. Enter system view. system-view Available in user view
2. Set the size of the receive or Optional.

buffer-manage { ingress |
transmit buffer shared by all By default, the size of the shared receive
egress } slot slot-number
interfaces on an interface buffer is 1024 blocks, and that of the
share-size size-value
card. shared transmit buffer is 4608 blocks.
Clearing unused 16-bit interface indexes

The device must maintain persistent 16-bit interface indexes and keep one interface index match one
interface name for network management. After deleting a logical interface, the device retains its 16-bit
interface index so the same index can be assigned to the interface at interface re-creation.
To avoid index depletion causing interface creation failures, you can clear all 16-bit indexes that have
been assigned but not in use. The operation does not affect the interface indexes of the interfaces that
have been created but the indexes assigned to re-recreated interfaces might change.
To clear unused 16-bit interface indexes, perform one of the following commands in user view:
129
Task Command
Clear unused 16-bit interface indexes. reset unused porttag
CAUTION:
A confirmation is required when you execute this command. The command will not run if you fail to make
a confirmation within 30 seconds or enter N to cancel the operation.
Enabling automatic forwarding path check

When the router is operating, traffic forwarding exceptions might occur due to hardware failures or other
reasons. You can enable automatic forwarding path check so that the router gives prompts when a
forwarding exception occurs. According to the prompts, you can troubleshoot the problem.
To enable automatic forwarding path check:

2. Enable automatic
forward-path check { enable | disable } Enabled by default
forwarding path check.
Above the configuration, if a forwarding exception occurs, the router gives prompts, for example:
%Aug 20 14:55:54:973 2010 H3C DIAG/3/ERROR: -Slot=8; Forwarding fault: slot 5 to slot 8
%Aug 20 14:55:55:084 2010 H3C DIAG/3/ERROR: -Slot=6; Forwarding fault: slot 6 to slot 6
The output shows that a forwarding exception exists between the cards in slot 8 and slot 5, and an
exception in internal data forwarding exists on the card in slot 6.
Configuring the working mode of an interface

subcard
The router supports multiple interface subcard types. Some subcards have only one function, some have
multifunctional modules, and some other subcards can be configured with different working modes. The
router supports the following switching mode:
• E1/T1—Supports the E1/T1 switch of the entire interface subcard. When this interface subcard
works in E1 mode, all the interfaces on the interface subcard can receive, send and process E1
data flows, and provide CE1 access; when this interface subcard works in T1 mode, all the
interfaces on the interface subcard can receive, send and process T1 data flows, and provide CT1
access.
• CPOS 155 Mbps (E/T)—Supports the E/T switch of the entire interface subcard. When this interface
subcard works in E mode, all the interfaces on this interface subcard can receive, send and process
E3 high speed data flows, and provide E3 access for non-framed data flows at a speed of 34.368
Mbps, and E3 access for framed data flows at a speed of 34.01 Mbps. All the interfaces on the
interface subcard can also receive, send and process E1 data flows, and provide CE1 access, thus
implementing the ISDN PRI function. When this interface subcard works in T mode, all the interfaces
on this interface subcard can receive, send and process T3 high speed data flows, and provide T3
130
access for non-framed data flows at a speed of 44.736 Mbps and T3 access for framed data flows
at a speed of 44.21 Mbps. All the interfaces on the interface subcard can also receive, send and
process T1 data flows, and provide CT1 access, thus implementing the ISDN PRI function.
To configure the working mode of an interface subcard:

Optional.
2. Set the working mode of an card-mode slot slot-number subslot
interface subcard. subslot-number mode-name The mode-name argument might
take the value of e or t.
CAUTION:
• After a mode switching, you must restart the router to make the newly configured working mode take
effect.
• Only interface subcards PIC-CL1G8L, PIC-CL2G8L, PIC-ET8G8L, PIC-ET32G2L, PIC-CLF4G8L, and
PIC-CLF2G8L support switching of working modes.
Verifying and diagnosing transceiver modules

Introduction to transceiver modules
Table 22 lists the commonly used transceiver modules. They can be further divided into optical
transceiver modules and electrical transceiver modules based on transmission medium.
Table 22 Commonly used pluggable transceivers
Application Whether can be an Whether can be an

Transceiver type
environment optical transceiver electrical transceiver
Generally used for
100M/1000M Ethernet
SFP (Small Form-factor
interfaces or POS Yes Yes
Pluggable)
155M/622M/2.5G
interfaces
XFP (10-Gigabit small Generally used for 10G

Yes No
Form-factor Pluggable) Ethernet interfaces
Verifying pluggable transceivers

You can verify the genuineness of a transceiver module in the following ways:
• Display the key parameters of a transceiver module, including its transceiver type, connector type,
central wavelength of the transmit laser, transfer distance and vendor name.
• Display its electronic label. The electronic label is a profile of the transceiver module and contains
the permanent configuration including the serial number, manufacturing date, and vendor name.
The data is written to the storage component during debugging or testing.
To verify transceiver modules, perform the following commands in any view:
131
Task Command
display transceiver { controller [ controller-type controller-number ] |
Display key parameters of the
interface [ interface-type interface-number ] ] } [ | { begin | exclude |
transceiver modules.
display transceiver manuinfo { controller [ controller-type

Display transceiver modules’
controller-number ] | interface [ interface-type interface-number ] ] } [ |
electrical label information.
{ begin | exclude | include } regular-expression ]
NOTE:
The display transceiver manuinfo command cannot display information for some transceiver modules.
Diagnosing transceiver modules

The device provides the alarm function and digital diagnosis function for transceiver modules. When a
transceiver module fails or inappropriately work, you can check for alarms present on the transceiver
module to identify the fault source or examine the key parameters monitored by the digital diagnosis
function, including the temperature, voltage, laser bias current, TX power, and RX power.
To diagnose transceiver modules, perform the following commands in any view:
Task Command
display transceiver alarm { controller [ controller-type controller-number ]
Display alarms present on
| interface [ interface-type interface-number ] ] } [ | { begin | exclude |
transceiver modules.
Display the present measured

display transceiver diagnosis { controller [ controller-type
values of the digital diagnosis
controller-number ] | interface [ interface-type interface-number ] ] } [ |
parameters for transceiver
{ begin | exclude | include } regular-expression ]
modules.
NOTE:
The display transceiver diagnosis command cannot display information for some transceiver modules.
Displaying and maintaining device management

display alarm [ slot slot-number ] [ | { begin
Display alarm information. Available in any view
| exclude | include } regular-expression ]
Display system version display version [ | { begin | exclude |

information. include } regular-expression ]
display clock [ | { begin | exclude |

Display the system time and date. Available in any view
display clipboard [ | { begin | exclude |

Display clipboard information. Available in any view
Display or save running status display diagnostic-information [ | { begin |

data for multiple feature modules. exclude | include } regular-expression ]
132
display buffer-manage configuration [ slot
Display shared buffer
slot-number ] [ | { begin | exclude | Available in any view
configuration.
display cpu-usage [ slot slot-number [ cpu

cpu-number ] ] [ | { begin | exclude |
Display CPU usage statistics. display cpu-usage entry-number [ offset ] Available in any view
[ verbose ] [ slot slot-number ]
[ from-device ] [ | { begin | exclude |
display cpu-usage history [ task task-id ]

Display historical CPU usage [ slot slot-number [ cpu cpu-number ] [ |
statistics in charts. { begin | exclude | include }
display device [ cf-card ] [ [ slot slot-number

[ subslot subslot-number ] ] | verbose ] [ |
Display device information. Available in any view
{ begin | exclude | include }
display device manuinfo [ slot slot-number

Display the electronic label data
[ subslot slot-number ] ] [ | { begin | exclude Available in any view
for the router.
| include } regular-expression ]
Display the electronic label data display device manuinfo power-monitor

for the specified power monitor pmu-id [ | { begin | exclude | include } Available in any view
module. regular-expression ]
display environment [ slot slot-number ] [ |

Display device temperature
information.
Display the operating states of display fan [ fan-id ] [ | { begin | exclude |

fans. include } regular-expression ]
Display hardware failure display hardware-failure-detection [ |

detection and fix operation { begin | exclude | include } Available in any view
records. regular-expression ]
display memory [ slot slot-number [ cpu

Display memory usage statistics. cpu-number ] ] [ | { begin | exclude | Available in any view
Display power supply display power-supply [ verbose ] [ | { begin

information. | exclude | include } regular-expression ]
Display the configuration of the

display schedule job [ | { begin | exclude |
job configured by using the Available in any view
schedule job command.
display schedule reboot [ | { begin |

Display the reboot schedule. Available in any view
exclude | include } regular-expression ]
Display the load mode of the display xbar [ | { begin | exclude |

current active and standby cards. include } regular-expression ]
Display the system working display system working mode [ | { begin |

mode. exclude | include } regular-expression ]
133
Display the exception handling
display system-failure [ | { begin | exclude
method for the active MPU and Available in any view
| include } regular-expression ]
standby MPU.
Display the configuration of jobs

display job [ job-name ] [ | { begin |
configured by using the job Available in any view
exclude | include } regular-expression ]
command.
134
Index
ABCDEFHLMPRSTUVW
A Configuring user privilege and command levels,14
Configuring user privilege level under a user
Accessing the CLI online help,4
interface,44
B Controlling the CLI output,10
Backing up/restoring the configuration file to be used D
at the next startup,87
Defining shortcut keys for starting terminal
C sessions/aborting tasks,49
Changing the system time,115 Device management overview,114
Clearing unused 16-bit interface indexes,129 Displaying and maintaining a configuration file,88
CLI views,2 Displaying and maintaining CLI,21
Command conventions,1 Displaying and maintaining device management,132
Configuration file overview,80 Displaying and maintaining FTP,65
Configuring a command to be automatically Displaying and maintaining software upgrade
executed,43 configuration,109
Configuring access control on VTY user interfaces,45 Displaying and maintaining the TFTP client,68
Configuring asynchronous serial interface attributes,42 Displaying and maintaining user interfaces,50
Configuring banners,119 Displaying device configuration,114
Configuring command accounting,48 E
Configuring command authorization,48
Enabling automatic forwarding path check,130
Configuring in-service hardware failure diagnosis,128
Enabling displaying copyright information,118
Configuring supported protocols on VTY user
Entering commands,5
interfaces,45
Entering the CLI,1
Configuring system working mode,122
Configuring temperature alarm thresholds for a F
card,126 File system management examples,78
Configuring terminal attributes,42 File system overview,70
Configuring the authentication mode,46 FTP overview,55
Configuring the device name,115
H
Configuring the exception handling method,120
Hotfix configuration task list,104
Configuring the FTP client,56
Configuring the FTP server,62 L
Configuring the load mode for the active MPU and Logging in through SSH,33
standby MPU,128 Logging in through Telnet,29
Configuring the port status detection timer,126 Logging in through the AUX port,26
Configuring the size of the buffer shared by all Logging in through the AUX port by using modems,35
interfaces on an interface card,129
Logging in through the console port,23
Configuring the TFTP client,67
Login methods,22
Configuring the working mode of an interface
subcard,130 M
135
Managing directories,71 T
Managing files,72 TFTP client configuration example,68
Managing storage media,74 TFTP overview,66
Manging power supply,127
U
P
Understanding command-line errors,8
Performing batch operations,74 Upgrading card logic,109
R Upgrading clock card,109
Rebooting the router,121 Upgrading software through hotfix,100
Releasing the connection established on user Upgrading system software from BootWare menu,91
interfaces,50 Upgrading the BootWare program at the CLI,99
Router software overview,90 Upgrading the system boot file at the CLI,99
User interface configuration examples,50
S
User interface configuration task list,41
Saving the current configuration,21
User interface overview,40
Saving the running configuration,81
Using the command history function,9
Scheduling jobs,122
Using the undo form of a command,2
Sending messages to the specified user interfaces,49
V
Setting configuration rollback,83
Setting the file system operation mode,77 Verifying and diagnosing transceiver modules,131
Software upgrade configuration examples,110 W
Software upgrade configuration task list,90
What is CLI?,1
Specifying a configuration file for the next startup,86
136

20121114_1453160_99-book_761835_1285_0

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

20121114_1453160_99-book_761835_1285_0

Uploaded by

Copyright:

Available Formats

H3C SR8800 10G Core Routers

Fundamentals Configuration Guide

Hangzhou H3C Technologies Co., Ltd.

Software version: SR8800-CMW520-R3347

All rights reserved

H3C, , Aolynk, , H3Care, , TOP G, , IRF, NetPilot, Neocean, NeoVTL,

# A line that starts with a pound (#) sign is comments.

IMPORTANT An alert that calls attention to essential information.

NOTE An alert that contains additional or supplementary information.

TIP An alert that provides helpful information.

Network topology icons

Represents a generic network device, such as a router, switch, or firewall.

Represents a routing-capable device, such as a router or Layer 3 switch.

Port numbering in examples

About the H3C SR8800 documentation set

Product description and Provide an in-depth description of software features

Card datasheets Describe card specifications, features, and standards.

Provides a complete guide to hardware installation

H3C N68 Cabinet

H3C High-End Network Describes the hot-swappable modules available for

Describe software features and configuration

Command references Provide a quick reference to all available commands.

Provide information about the product release,

Managing configuration files ···································································································································· 80

Entering the CLI

# A line that starts with a pound (#) sign is comments.

Using the undo form of a command

Figure 3 Command line views

Entering system view

Task Command Remarks

Exiting the current view

Task Command Remarks

Returning to user view

Task Command Remarks

Accessing the CLI online help

<Sysname> display ftp?

Entering incomplete keywords

Configuring command keyword aliases

Step Command Remarks

Configuring CLI hotkeys

Step Command Remarks

display hotkey [ | { begin |

Table 3 Hotkeys reserved by the system

Ctrl+B Moves the cursor one character to the left.

Ctrl+C Stops performing a command.

Ctrl+D Deletes the character at the current cursor position.

Ctrl+E Moves the cursor to the end of the current line.

Ctrl+F Moves the cursor one character to the right.

Ctrl+H Deletes the character to the left of the cursor.

Ctrl+K Terminates an outgoing connection.

Ctrl+N Displays the next command in the history command buffer.

Ctrl+P Displays the previous command in the history command buffer.

Ctrl+R Redisplays the current line information.

Ctrl+V Pastes the content in the clipboard.

Ctrl+X Deletes all the characters to the left of the cursor.

Ctrl+Z Exits to user view.

Ctrl+] Terminates an incoming connection or a redirect connection.

Esc+< Specifies the cursor as the beginning of the clipboard.

Esc+> Specifies the cursor as the ending of the clipboard.

Enabling redisplaying of entered but not submitted commands

Step Command Remarks

Understanding command-line errors

Error message Cause

% Incomplete command found at '^' position. Incomplete command