HP Firewalls and UTM Devices Getting Started Command Reference Part number: 5998-4173 Software version: F1000-A-EI: Feature 3722 F1000-S-EI: Feature 3722 F5000: Feature 3211 F1000-E: Feature 3174 Firewall module: Feature 3174 Enhanced firewall module: ESS 3807 U200-A: ESS 5132 U200-S: ESS 5132 Document version: 6PW100-20121228
Legal and notice information © Copyright 2012 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents Login management commands ··································································································································· 1 activation-key ···························································································································································· 1 authentication-mode ················································································································································· 2 a
clock summer-time repeating ································································································································ 42 clock timezone ······················································································································································· 43 configure-user count ·············································································································································· 44 copyright-info
command-privilege ················································································································································ 98 display clipboard ·················································································································································· 99 display command-alias ······································································································································· 100 display history-
Login management commands activation-key Use activation-key to define a shortcut key for starting a terminal session. Use undo activation-key to restore the default. Syntax activation-key character undo activation-key Default Pressing the Enter key starts a terminal session.
****************************************************************************** User interface con0 is available. Please press ENTER. 3. Press Enter. Pressing Enter does not start a session. 4. Enter s. A terminal session is started. %Dec 11 14:04:02:002 2012 Sysname SHELL/5/SHELL_LOGIN: Console logged in from con0. authentication-mode Use authentication-mode to set the authentication mode for a user interface. Use undo authentication-mode to restore the default.
Default command level 3: Manage level Parameters none: Performs no authentication. password: Performs local password authentication. scheme: Performs AAA authentication. For more information about AAA, see Access Control Configuration Guide. Examples # Enable the none authentication mode for user interface VTY 0. system-view [Sysname] user-interface vty 0 [Sysname-ui-vty0] authentication-mode none # Enable password authentication for user interface VTY 0 and set the password to 321.
Default Command auto-execution is disabled. Views User interface view Default command level 3: Manage level Parameters command: Specifies the command to be automatically executed. Usage guidelines This command is not supported on the console user interface. The system automatically executes the specified command when a user logs in to the user interface, and tears down the user connection after the command is executed.
This operation is the same as directly logging in to the device at 192.168.1.41. If the Telnet connection to 192.168.1.41 is broken down, the Telnet connection to 192.168.1.40 breaks down at the same time. command accounting Use command accounting to enable command accounting. Use undo command accounting to restore the default. Syntax command accounting undo command accounting Default Command accounting is disabled, and the accounting server does not record executed commands.
Usage guidelines With command authorization enabled, users can perform only commands authorized by the server. Examples # Enable command accounting for VTY 0 so users logged in to VTY 0 can perform only the commands authorized by the HWTACACS server. system-view [Sysname] user-interface vty 0 [Sysname-ui-vty0] command authorization databits Use databits to specify the number of data bits for each character. Use undo databits to restore the default.
Syntax display ip http [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see the chapter on CLI in Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see the chapter on CLI in Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see the chapter on CLI in Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
vty: Specifies a VTY user interface. num2: Specifies the relative number of a user interface. summary: Displays summary information about user interfaces. |: Filters command output by specifying a regular expression. For more information about regular expressions, see the chapter on CLI in Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Field Description Physical port that corresponds to the user interface. Int The detailed port information is displayed only for TTY user interfaces. For console , AUX, and VTY user interfaces, a hyphen (-) is displayed. # Display summary information about all user interfaces. display user-interface summary User interface type : [CON] 0:U User interface type : [VTY] 49:UXXX X 2 character mode users. 52 UI never used.
Examples # Display information about the user interfaces being used. display users The user application information of the user interface(s): Idx UI Delay 0 CON 0 00:02:47 Type Userlevel 3 + 49 VTY 0 00:00:00 TEL 3 Following are more details. VTY 0 : Location: 192.168.0.214 + : Current operation user. F : Current operation user work in async mode.
begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display information about the Web users.
default: Restores the default escape key sequence Ctrl+C. Usage guidelines If you execute this command multiple times, the most recent configuration takes effect. To display the effective shortcut key definition, use the display current-configuration command.
Parameters num1: Specifies the absolute number of a user interface. The value typically starts from 0. aux: Specifies an AUX user interface. The following matrix shows the keyword aux and firewalls and UTM compatibility: Hardware Keyword compatible F1000-A-EI/F1000-S-EI No F1000-E Yes F5000 Yes Firewall module Yes U200-A No U200-S No console: Specifies the console user interface. vty: Specifies a VTY user interface. num2: Specifies the relative number of a user interface.
Syntax history-command max-size size-value undo history-command max-size Default The buffer of a user interface saves 10 history commands at most. Views User interface view Default command level 2: System level Parameters size-value: Specifies the maximum number of history commands the buffer can store, in the range of 0 to 256. Usage guidelines Each user interface uses a separate command history buffer to save commands successfully executed by its user.
Parameters minutes: Specifies the number of minutes for the idle-timeout time, in the range of 0 to 35791. The default is 10 minutes. seconds: Specifies the number of seconds for the idle-timeout time, in the range of 0 to 59. The default is 0 seconds. Usage guidelines The system automatically terminates the user connection on the user interface if there is no information interaction between the device and the user within the idle-timeout time.
system-view [Sysname] acl number 2001 [Sysname-acl-basic-2001] rule permit source 10.10.0.0 0.0.255.255 [Sysname-acl-basic-2001] quit [Sysname] ip http acl 2001 Related commands • display ip http • acl number (ACL and QoS Command Reference) ip http enable Use ip http enable to enable the HTTP service. Use undo ip http enable to disable the HTTP service. Syntax ip http enable undo ip http enable Default The HTTP service is enabled.
undo ip http port Default The port number of the HTTP service is 80. Views System view Default command level 3: Manage level Parameters port-number: Port number of the HTTP service, which ranges from 1 to 65535. Usage guidelines Verify that the port number is not used by another service, because this command does not check for conflicts with configured port numbers. This command is not supported in FIPS mode. Examples # Configure the port number of the HTTP service as 8080.
ACLs of the same type overwrite each other. If you execute the ip https acl command multiple times to associate the HTTPS service with ACLs of the same type, the HTTPS service is only associated with the last specified ACL. Examples # Associate the HTTPS service with ACL 2001 to only allow the clients within the 10.10.0.0/16 network segment to access the HTTPS server through HTTP. system-view [Sysname] acl number 2001 [Sysname-acl-basic-2001] rule permit source 10.10.0.0 0.0.255.
ip https enable Use ip https enable to enable the HTTPS service. Use undo ip https enable to disable the HTTPS service. Syntax ip https enable undo ip https enable Default The HTTPS service is disabled. Views System view Default command level 3: Manage level Usage guidelines The device can act as the HTTP server that can be accessed only after the HTTP service is enabled.
Parameters port-number: Port number of the HTTPS service, which ranges from 1 to 65535. Usage guidelines Verify that the port number is not used by another service, because this command does not check for conflicts with configured port numbers. Examples # Configure the port number of the HTTPS service as 6000.
lock Use lock to lock the current user interface. Syntax lock Default This function is disabled. Views User view Default command level 3: Manage level Usage guidelines When you must leave the device for a while, use this command to lock the current user interface to prevent unauthorized access. After you enter this command, you are asked to enter a password (up to 16 characters) and then confirm it by entering the password again. To unlock the user interface, press Enter and enter the correct password.
Syntax parity { even | mark | none | odd | space } undo parity Default The setting is none, and no parity check is performed. Views User interface view Default command level 2: System level Parameters even: Performs even parity check. mark: Performs mark parity check. none: Disables parity check. odd: Performs odd parity check. space: Performs space parity check. Usage guidelines This command is only applicable to console and AUX user interfaces.
Views VTY interface view Default command level 3: Manage level Parameters all: Supports all the three protocols (Telnet and SSH) in non-FIPS mode and SSH in FIPS mode. ssh: Supports SSH only. telnet: Supports Telnet only. This keyword is not available for FIPS mode. Usage guidelines This configuration is effective only for a user who logs in to the user interface after the configuration is made.
screen at most. When you press Space, the device sends 40 lines to the terminal, but the screen displays only lines 18 through 40. To view the first 17 lines, press the page up or page down key. To disable pausing between screens of output for the current session, use the screen-length disable command. Examples # Set the maximum number of lines to be displayed on a screen to 30 for user interface Console 0.
Examples # Send message hello abc to your own user interface Console 0. send console 0 Enter message, end with CTRL+Z or Enter; abort with CTRL+C: hello abc^Z Send message? [Y/N]:y *** *** ***Message from con0 to con0 *** hello abc # Before you restart the device, inform other login users so they prepare for the reboot: 1. Display information about the user interfaces that are being used.
set authentication password Use set authentication password to set a password for password authentication. Use undo set authentication password to remove the password. Syntax set authentication password { cipher | simple } password undo set authentication password Default No password is set for password authentication. Views User interface view Default command level 3: Manage level Parameters cipher: Sets a ciphertext password. simple: Sets a plaintext password. password: Specifies the password string.
Views User interface view Default command level 3: Manage level Usage guidelines The console user interface does not support the undo shell command. You cannot disable the terminal service on the user interface you are using. Examples # Disable the terminal service for user interface VTY 0 through VTY 4 so no user can log in to the device through the user interfaces.
Examples # Set the transmission rate on the console user interface to 19200 bps. system-view [Sysname] user-interface console 0 [Sysname-ui-console0] speed 19200 stopbits Use stopbits to specify the number of stop bits for a character. Use undo stopbits to restore the default. Syntax stopbits { 1 | 1.5 | 2 } undo stopbits Default One stop bit is used. Views User interface view Default command level 2: System level Parameters 1: Uses one stop bit. 1.5: Uses one and a half stop bits.
Default command level 0: Visit level Parameters remote-host: Specifies the IPv4 address or host name of a remote host, a case-insensitive string of 1 to 20 characters. service-port: Specifies the TCP port number for the Telnet service on the remote host. It ranges from 0 to 65535 and defaults to 23. vpn-instance vpn-instance-name: Specifies the VPN that the remote host belongs to, where vpn-instance-name is a case-sensitive string of 1 to 31 characters.
Parameters interface interface-type interface-number: Specifies a source interface. The primary IP address of this interface will be used as the source IPv4 address for outgoing Telnet packets. ip ip-address: Specifies a source IPv4 address. Usage guidelines The source IPv4 address or source interface specified by this command is applicable to all Telnet connections.
Hardware Command compatible F1000-A-EI/F1000-S-EI Yes F1000-E Yes F5000 Yes Firewall module Yes U200-A Yes U200-S No Examples # Telnet to the host at 5000::1. telnet ipv6 5000::1 telnet server enable Use telnet server enable to enable the Telnet server function. Use undo telnet server enable to disable the Telnet server function. Syntax telnet server enable undo telnet server enable Default The Telnet server function is disabled.
Default The terminal display type is ANSI. Views User interface view Default command level 2: System level Parameters ansi: Specifies the terminal display type ANSI. vt100: Specifies the terminal display type VT100. Usage guidelines The device supports two terminal display types: ANSI and VT100. To ensure proper display on the terminal, set the display type of both the device and the configuration terminal to VT100.
Examples # Set the command level for users logging in through VTY 0 to 0.
console: Specifies the console user interface. vty: Specifies a VTY user interface. first-num2: Specifies the relative number of the first user interface. last-num2: Specifies the relative number of the last user interface. The value cannot be smaller than first-num2. Usage guidelines If you use this command to enter a single user interface view, your configuration applies only to the user interface.
For Web access security, do not use this feature in production environments. This command is not saved to the configuration file and cannot survive a reboot. Examples # Specify a fixed verification code for Web login web captcha test web https-authorization mode Use web https-authorization mode to specify the authentication mode for users trying to log in to the device through HTTPS. Use undo web https-authorization mode to restore the default.
Syntax web idle-timeout minutes undo web idle-timeout Default The Web user connection timeout time is 10 minutes. Views System view Default command level 2: System level Parameters minutes: Timeout time in minutes, in the range of 1 to 999. Examples # Set the Web user connection timeout time to 20 minutes. system-view [System] web idle-timeout 20 web logbuffer size Use web logbuffer size to set the size of the buffer for Web login logging. Use undo web logbuffer size to restore the default.
Hardware Value range U200-S 0 to 1024 Examples # Set the size of the buffer for Web login logging to 800.
Device management commands The following matrix shows the storage media on different firewalls and UTM devices: Hardware Storage medium F1000-A-EI/F1000-S-EI flash0 F1000-E cfa0 F5000 cfa0 Firewall module cfa0 U200-A cfa0 U200-S cfa0 For description convenience, all examples in this chapter use the storage medium cfa0. clock datetime Use clock datetime to set the system time and date.
• clock summer-time repeating • clock timezone • display clock clock summer-time one-off Use clock summer-time one-off to adopt daylight saving time from the start-time of the start-date to the end-time of the end-date. Daylight saving time adds the add-time to the standard time of the device. Use undo clock summer-time to cancel the configuration of the daylight saving time.
Related commands • clock datetime • clock summer-time repeating • clock timezone • display clock clock summer-time repeating Use clock summer-time repeating to set a recurring daylight saving schedule. Use undo clock summer-time to cancel the configuration of the daylight saving time. Syntax clock summer-time zone-name repeating start-time start-date end-time end-date add-time undo clock summer-time Default Daylight saving time is disabled and UTC time zone applies.
add-time: Specifies a time to be added to the standard time of the device, in the hh:mm:ss format. Zeros can be omitted, unless you specify 00:00:00. Usage guidelines The interval between start-time start-date and end-time end-date must be longer than one day and shorter than one year. If the current system time is in the specified daylight saving days, the add-time value automatically adds to the system time. To verify the setting, use the display clock command.
Usage guidelines To verify the setting, use the display clock command. The timestamps in system messages are adjusted in reference to the time zone and daylight saving schedule. Examples # Set the local time zone to add five hours to UTC time.
Usage guidelines Two users are allowed to enter system view by default. When multiple users enter system view to configure certain attribute, only the last configuration applies. When the number of users has already reached the limit, other users can not enter system view. Examples # Configure to allow up to four users to enter system view concurrently.
****************************************************************************** User interface con0 is available. Please press ENTER. # Disable displaying the copyright statement. system-view [Sysname] undo copyright-info enable • When a Telnet user logs in, the user view prompt appears: • When a console user quits user view, the following message appears: User interface con0 is available. Please press ENTER. display clock Use display clock to display the system time and date.
09:41:23 UTC Thu 12/15/2005 Related commands • clock datetime • clock summer-time one-off • clock summer-time repeating • clock timezone display configure-user Use display configure-user to display the users that have logged in to the device but are not in user view. Syntax display configure-user [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression.
Field Description Idx Absolute ID of the user interface. UI Type and relative ID of the user interface that the user used for login. Delay Delay between the last CLI input and the execution of the display configure-user command, in the format hh:mm:ss Type User type, Telnet or SSH. Userlevel User level, level 0 (visit level), level 1 (monitor level), level 2 (system level), or level 3 (manage level) Following are more details. Detailed information about the login user.
display cpu-usage Use display cpu-usage to display CPU usage statistics. Syntax display cpu-usage [ entry-number [ offset ] [ verbose ] ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters entry-number: Number of entries to be displayed, which ranges from 1 to 60. offset: Offset between the serial number of the first CPU usage rate record to be displayed and that of the last CPU usage rate record to be displayed.
# Display the last fifth and sixth record entries in CPU usage statistics. display cpu-usage 2 4 ===== CPU usage info (no: 0 idx: 58) ===== CPU Usage Stat. Cycle: 60 (Second) CPU Usage : 3% CPU Usage Stat. Time : 2006-07-10 10:56:55 CPU Usage Stat. Tick : 0x1d9d(CPU Tick High) 0x3a659a70(CPU Tick Low) Actual Stat. Cycle : 0x0(CPU Tick High) 0x95030517(CPU Tick Low) ===== CPU usage info (no: 1 idx: 57) ===== CPU Usage Stat. Cycle: 60 (Second) CPU Usage : 3% CPU Usage Stat.
display cpu-usage history Use display cpu-usage history to display historical CPU usage statistics in charts. Syntax display cpu-usage history [ task task-id ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters task task-id: Displays the historical CPU usage statistics for the specified task, where task-id represents the task number.
70%| 65%| 60%| 55%| 50%| 45%| 40%| 35%| 30%| 25%| 20%| 15%| # 10%| 5%| ### # ######## -----------------------------------------------------------10 20 30 40 50 60 (minutes) cpu-usage last 60 minutes(SYSTEM) The output shows the historical CPU usage statistics (with the task name SYSTEM) in the last 60 minutes: • 5%: 12 minutes ago • 10%: 13 minutes ago • 15%: 14 minutes ago • 10%: 15 minutes ago • 5%: 16 and 17 minutes ago • 10%: 18 minutes ago • 5%: 19 minutes ago • 2% or lower
10%| 5%| # -----------------------------------------------------------10 20 30 40 50 60 (minutes) cpu-usage last 60 minutes(T03M) The output shows the historical CPU usage statistics of task 6 (with the task name T03M) in the last 60 minutes: • 5%: 20 minutes ago • 2% or lower than 2%: other time display device Use display device to display device information.
include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display device information. display device Status :OK Type :RPU Hardware :B Driver :1.0 CPLD :3.0 SubCard Num :3 CFCard Num :0 Usb Num :1 Table 9 Command output Field Description Status Card status. Type Card type. Hardware Hardware version of the card. Driver Driver version of the card.
Hardware Slot number F1000-E 0, indicates the PCB. F5000 0 to 4, 0 for the MPU and 1 to 4 for an interface module. Firewall module 0, indicates the module itself. U200-A 0, indicates the PCB. U200-S 0, indicates the PCB. |: Filters command output by specifying a regular expression. For more information about regular expressions, see the chapter on CLI in Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines For diagnosis or troubleshooting, you can use separate display commands to collect running status data module by module, or use the display diagnostic-information command to bulk collect running data for multiple modules.
exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines This command displays temperature information for all sensors.
Syntax display environment [ cpu ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters cpu: Displays CPU temperature information. |: Filters command output by specifying a regular expression. For more information about regular expressions, see the chapter on CLI in Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Field Description Temperature Current temperature. LowerLimit Lower temperature threshold. Warning-UpperLimit Warning temperature threshold. Alarm-UpperLimit Alarming temperature threshold. Shutdown-UpperLimit Shut-down temperature threshold. When the sensor temperature reaches this limit, the system shuts down automatically. # Display temperature information for all CPUs.
Hardware Value range F5000 1 Firewall module No fan. The display fan command is not supported. U200-A 1 to 2 U200-S 1 verbose: Displays detailed information. |: Filters command output by specifying a regular expression. For more information about regular expressions, see the chapter on CLI in Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
The following matrix shows the display flowengine-usage command and firewalls and UTM devices compatibility: Hardware Command compatible F1000-A-EI/F1000-S-EI No F1000-E Yes F5000 Yes Firewall module Yes U200-A No U200-S No Examples # Display the usage statistics for the flow engine. display flowengine-usage Flow Engine usage: 1% in last 5 seconds display flowengine-usage history Use display flowengine-usage history to display historical flow engine usage statistics in charts.
• Consecutive pound signs (#) indicate the flow engine usage at a specific time. The value on the vertical axis for the topmost # sign at a specific time represents the flow engine usage at that time. The following matrix shows the display flowengine-usage history command and firewalls and UTM devices compatibility: Hardware Command compatible F1000-A-EI/F1000-S-EI No F1000-E Yes F5000 Yes Firewall module Yes U200-A No U200-S No Examples # Display historical flow engine usage statistics.
display job Use display job to display information about scheduled jobs configured by using the job command. Syntax display job [ job-name ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters job-name: Specifies the job name, which is a string of 1 to 32 characters. |: Filters command output by specifying a regular expression. For more information about regular expressions, see the chapter on CLI in Getting Started Guide.
display memory Use display memory to display memory usage statistics. Syntax display memory [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see the chapter on CLI in Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Parameters power-id: Displays information about the specified power supply, where power-id represents the power supply number.. The following matrix shows the value range for the power-id argument on different firewalls and UTM devices: Hardware Value range F1000-A-EI/F1000-S-EI 1 to 2 F1000-E 1 F5000 1 to 2 Firewall module No power supply. This command is not supported. U200-A 1 U200-S 1 |: Filters command output by specifying a regular expression.
include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines If no subcard is specified, this command displays the mode of the last reboot of the device. Examples # Display the mode of the last reboot. display reboot-type The rebooting type this time is: Cold The output shows that the last reboot mode is Cold boot (cold boot will restart a device by powering it on).
Examples # Display RPS status information. display rps RPS 2 State: Normal The output shows that RPS 2 works normally. display schedule job Use display schedule job to display the job configured by using the schedule job command. Syntax display schedule job [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression.
display schedule reboot Use display schedule reboot to display the reboot schedule. Syntax display schedule reboot [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 3: Manage level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see the chapter on CLI in Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display the exception handling method. display system-failure System failure handling method: reboot Related commands system-failure display transceiver Use display transceiver to display the key parameters of transceiver modules.
Table 17 Command output Field Description transceiver information Transceiver module information. Transceiver Type Transceiver module type. Connector type options: Connector Type • LC—1.25 mm/RJ-45 fiber connector developed by Lucent. • RJ-45. • Fiber transceiver: central wavelength (in nm) of the transmit laser. If the transceiver supports multiple wavelengths, every two wavelength values are separated by a comma. Wavelength(nm) • Copper transceiver: displayed as N/A.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see the chapter on CLI in Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Field Remarks TX CDR loss of lock TX clock cannot be recovered. TX bias high TX bias current is high. TX bias low TX bias current is low. TX power high TX power is high. TX power low TX power is low. Module not ready Module is not ready. APD supply fault APD (Avalanche Photo Diode) supply fault. TEC fault TEC (Thermoelectric Cooler) fault. Wavelength unlocked Wavelength of optical signal exceeds the manufacturer's tolerance. Temp high Temperature is high. Temp low Temperature is low.
Syntax display transceiver diagnosis interface [ interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 2: System level Parameters interface [ interface-type interface-number ]: Displays the measured values of the digital diagnosis parameters for the transceiver module in an interface. The interface-type interface-number argument specifies an interface by its type and number.
display transceiver manuinfo Use display transceiver manuinfo to display the electronic label data for transceiver modules. Syntax display transceiver manuinfo interface [ interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 2: System level Parameters interface [ interface-type interface-number ]: Displays the electronic label data for the transceiver module in an interface.
Syntax display version [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see the chapter on CLI in Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Usage guidelines Banners are greeting or alert messages that the system displays during the login process of a user. Examples # Configure banners. system-view [Sysname] header incoming % Please input banner content, and quit with the character '%'. Welcome to incoming(header incoming)% [Sysname] header legal % Please input banner content, and quit with the character '%'. Welcome to incoming(header incoming)% [Sysname] header legal % Please input banner content, and quit with the character '%'.
Press Y or ENTER to continue, N to exit. Welcome to motd(header motd) Welcome to login(header login) Login authentication Password: Welcome to shell(header shell) job Use job to create a job or enter job view. Use undo job to delete a scheduled job. Syntax job job-name undo job job-name Default No job is created. Views System view Default command level 3: Manage level Parameters job-name: Specifies the name for a job, a string of 1 to 32 characters.
nms monitor-interface Use nms primary monitor-interface to configure the primary monitored interface. Use nms secondary monitor-interface to configure the secondary monitored interface. Use undo nms monitor-interface to remove the configurations. Syntax nms { primary | secondary } monitor-interface interface-type interface-number undo nms { primary | secondary } monitor-interface Default A network management system (NMS) does not monitor any interface on the device.
reboot Use reboot to reboot the device or the specified subcard. Syntax reboot Views User view Default command level 3: Manage level Usage guidelines CAUTION: • Device reboot can interrupt network services. • If the main system software image file has been corrupted or does not exist, the device cannot reboot. You must re-specify a main system software image file, or power off the device and then power it on so the system can reboot with the backup system software image file.
schedule job Use schedule job to schedule a job in the non-modular approach. Use undo schedule job to remove the scheduled job. Syntax schedule job { at time1 [ date ] | delay time2 } view view-name command undo schedule job Views User view Default command level 3: Manage level Parameters at time1 [ date ]: Specifies the time and/or date to execute a command. • time1: Sets time to execute the command, in the hh:mm format. The hh value ranges from 0 to 23, and the mm value ranges from 0 to 59.
• If you specify both the time1 and date arguments, the execution time or date must be later than the current system time or date. • If you specify the time1 argument, but not the date argument: { When time1 is earlier than the current system time, the command runs at time1 the next day. { When time1 is later than the current system time, the command runs at time1 of the current day. • The interval between the scheduled time and the current system time cannot exceed 720 hours, or 30 days.
Usage guidelines CAUTION: • Device reboot can interrupt network services. • Changing any clock setting can cancel the reboot schedule. The interval between the reboot date and the current date cannot exceed 30 x 24 hours, or 30 days. When no reboot date is specified: • If the reboot time is later than the current time, a reboot occurs at the reboot time of the current day. • If the reboot time is earlier than the current time, a reboot occurs at the reboot time the next day.
Default command level 3: Manage level Parameters hh:mm: Specifies a delay for the device reboot, in the hh:mm format. The hh value ranges from 0 to 720, and the mm value ranges from 0 to 59. When the hh value is 720, the mm value cannot be more than 0. mm: Specifies a delay for the device reboot in minutes, which ranges from 0 to 43200. Usage guidelines CAUTION: • Device reboot can interrupt network services. • Changing any clock setting can cancel the reboot schedule.
Views System view Default command level 2: System level Parameters time: Specifies the port status detection timer in seconds, which ranges from 0 to 300. Usage guidelines Some protocols might shut down ports under specific circumstances. For example, MSTP shuts down a BPDU guard–enabled port when the port receives a BPDU. In this case, you can set the port status detection timer.
Usage guidelines A device name identifies a device in a network and works as the user view prompt at the CLI. For example, if the device name is Sysname, the user view prompt is . Examples # Set the name of the device to Device. system-view [Sysname] sysname Device [Device] system-failure Use system-failure to configure the exception handling method. Use undo system-failure to restore the default.
Views System view Default command level 2: System level Parameters slot slot-number: See Table 22. hotspot: Specifies a hotspot sensor, which is used for temperature monitoring and is typically placed near the chip that generates a great amount. sensor-number: Specifies the sensor number. It is an integer starting from 1, each number representing a temperature sensor of a device or card. lowerlimit: Lower temperature threshold in Celsius degrees. The value range depends on the hotspot sensor.
Related commands display environment (advanced) temperature-limit (basic) Use temperature-limit to set basic temperature alarm thresholds for a card. Use undo temperature-limit to restore the default. Syntax temperature-limit slot-number lower-value upper-value undo temperature-limit slot-number Default The lower threshold is 0°C (32°F), and the upper threshold is 50°C (122°F). Views System view Default command level 2: System level Parameters slot-number: See Table 23.
time at Use time at to add a command to run at a specific time and date in the job schedule. Use undo time to remove a command from the job schedule. Syntax time time-id at time date command command time time-id { one-off | repeating } at time [ month-date month-day | week-day week-daylist ] command command undo time time-id Views Job view Default command level 3: Manage level Parameters time timeid: Time setting entry, an integer that ranges from 1 to 10.
Table 24 Command schedule options Command Description time timeid at time date command command Schedules a command to run at a specific time and date. The time or date must be later than the current system time or date. time timeid one-off at time command command Schedules a command to run at a specific time on the current day. If the specified time has passed, the command runs the next day. The command runs only once.
# Schedule a job to save the configuration file at 8:00 AM on Friday and Saturday in the current week, which might be delayed to the next week if the time has passed. system-view [Sysname] job saveconfig [Sysname-job-saveconfig] view monitor [Sysname-job-saveconfig] time 1 one-off at 8:00 week-day fri sat command save a.cfg # Schedule a job to save the configuration file at 8:00 every Fridays and Saturdays.
The time ID (time-id) must be unique in a job. If two time and command bindings have the same time ID, the one configured last takes effect. Changing a clock setting does not affect the schedule set by using the time delay command. Use Table 25 when you add commands in a job. Table 25 Command schedule options Command Description time timeid one-off delay time2 command command Schedules a command to run after a delay time. time timeid repeating delay time2 command command The command runs only once.
Views System view Default command level 3: Manage level Usage guidelines If you install a transceiver module whose vendor name is not HP, the system repeatedly outputs traps and logs to notify you to replace the module. To continue to use such a transceiver module that is manufactured or customized by HP but has no vendor information, you can disable alarm traps so that the system stops outputting alarm traps. Examples # Disable alarm traps for transceiver modules.
Related commands • job • time 93
User management commands acl (user interface view) Use acl to reference ACLs to control access to the VTY user interface. Use undo acl to cancel the ACL application. Syntax To use a basic or advanced ACL: acl [ ipv6 ] acl-number { inbound | outbound } undo acl [ ipv6 ] acl-number { inbound | outbound } To use an Ethernet frame header ACL: acl acl-number inbound undo acl acl-number inbound Default Access to the VTY user interface is not restricted.
inbound: Restricts Telnet or SSH connections established in the inbound direction through the VTY user interface. If the received packets for establishing a Telnet or SSH connection are permitted by an ACL rule, the connection is allowed to be established. When the device functions as a Telnet server or SSH server, use this keyword to control access of Telnet clients or SSH clients. outbound: Restricts Telnet connections established in the outbound direction through the VTY user interface.
Press CTRL+K to abort Connected to 192.168.1.41 ... free web-users Use free web-users to log out Web users. Syntax free web-users { all | user-id user-id | user-name user-name } Views User view Default command level 2: System level Parameters all: Specifies all Web users. user-id: Web user ID, a hexadecimal number of eight digits. user-name: Web user name, a string of 1 to 80 characters. Examples # Log out all Web users.
CLI configuration commands command-alias enable Use command-alias enable to enable the command keyword alias function. Use undo command-alias enable to disable the command keyword alias function. Syntax command-alias enable undo command-alias enable Default The command keyword alias function is disabled. Views System view Default command level 2: System level Usage guidelines Disabling the command keyword alias function does not delete the configured aliases, but the aliases do not take effect anymore.
Views System view Default command level 2: System level Parameters cmdkey: Complete form of the first keyword of a non-undo command, or the second keyword of an undo command. alias: Alias for the keyword, which must be different from the first keyword of any non-undo command. Usage guidelines Command keyword aliases take effect only after you enable the command keyword alias function. Examples # Define show as the alias of the display keyword.
Usage guidelines Command levels include four privileges: visit (0), monitor (1), system (2), and manage (3). You can assign a privilege level according to the user's need. When logging in to the device, the user can access the assigned level and all levels below it. Level changes can cause maintenance, operation, and security problems. HP recommends using the default command level or modifying the command level under the guidance of professional staff.
exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines To copy some content to the clipboard: 1. Move the cursor to the starting position of the content and then press the Esc+Shift+, combination. 2. Move the cursor to the ending position of the content and then press the Esc+Shift+.
Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see the chapter on CLI in Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
display hotkey ----------------- HOTKEY ----------------=Defined hotkeys= Hotkeys Command CTRL_G display current-configuration CTRL_L display ip routing-table CTRL_O undo debug all =Undefined hotkeys= Hotkeys Command CTRL_T NULL CTRL_U NULL =System hotkeys= Hotkeys Function CTRL_A Move the cursor to the beginning of the current line. CTRL_B Move the cursor one character left. CTRL_C Stop current command function. CTRL_D Erase current character.
undo hotkey { CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U } Default • Ctrl_G: display current-configuration (display the running configuration). • Ctrl_L: display ip routing-table (display the IPv4 routing table information). • Ctrl_O: undo debugging all (disable all debugging functions). • Ctrl_T: No command is assigned to this hotkey. • Ctrl_U: No command is assigned to this hotkey. Views System view Default command level 2: System level Parameters CTRL_G: Assigns a command to Ctrl+G.
return Use return to return to user view from any other view. Pressing Ctrl+Z has the same effect. Syntax return Views Any view except user view Default command level 2: System level Examples # Return to user view from GigabitEthernet 0/1 interface view. [Sysname-GigabitEthernet0/1] return Related commands quit screen-length disable Use screen-length disable to disable pausing between screens of output for the current session.
Related commands screen-length super Use super to switch from the current user privilege level to a specified user privilege level. Syntax super [ level ] Views User view Default command level 0: Visit level Parameters level: User level, which ranges from 0 to 3 and defaults to 3. Usage guidelines If a level is not specified, the command switches the user privilege level to 3. There are four user privilege levels: visit (0), monitor (1), system (2), and manage (3).
Use undo super authentication-mode to restore the default. Syntax super authentication-mode { local | scheme } * undo super authentication-mode Default The authentication mode for the user privilege level switching is local. Views System view Default command level 2: System level Parameters local: Uses the local password set with the super password command for user privilege level switching authentication.
Default No password is set for switching to a higher privilege level. Views System view Default command level 2: System level Parameters level user-level: User privilege level, which ranges from 1 to 3 and defaults to 3. cipher: Sets a ciphertext password. simple: Sets a plaintext password. password: Specifies the password string. This argument is case sensitive. If simple is specified, it must be a string of 1 to 16 characters.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents a firewall product or a UTM device. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device.
Index ACDEFHIJLNPQRSTUVW display ip https,7 A display job,63 acl (user interface view),94 display memory,64 activation-key,1 display power,64 authentication-mode,2 display reboot-type,65 auto-execute command,3 display rps,66 C display schedule job,67 clock datetime,40 display schedule reboot,68 clock summer-time one-off,41 display system-failure,68 clock summer-time repeating,42 display telnet client configuration,8 clock timezone,43 display transceiver,69 command accounting,5 display
ip https port,21 Subscription service,108 ip https ssl-server-policy,22 super,105 J super authentication-mode,105 super password,106 job,77 sysname,84 L system-failure,85 lock,23 system-view,107 N T nms monitor-interface,78 telnet,30 P telnet client source,31 telnet ipv6,32 parity,23 telnet server enable,33 protocol inbound,24 temperature-limit (advanced),85 Q temperature-limit (basic),87 quit,103 terminal type,33 time at,88 R time delay,90 reboot,79 transceiver phony-alarm-disa
