HP Firewalls and UTM Devices System Management and Maintenance Command Reference Part number: 5998-4180 Software version: F1000-A-EI: Feature 3722 F1000-S-EI: Feature 3722 F5000: Feature 3211 F1000-E: Feature 3174 Firewall module: Feature 3174 Enhanced firewall module: ESS 3807 U200-A: ESS 5132 U200-S: ESS 5132 Document version: 6PW100-20121228
Legal and notice information © Copyright 2012 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents Ping, tracert, and system debugging commands······································································································· 1 Ping and tracert commands ············································································································································· 1 ping ············································································································································································ 1 pin
rmdir ······································································································································································· 46 undelete ·································································································································································· 47 Software upgrade commands ··································································································································· 4
info-center logfile size-quota································································································································· 94 info-center logfile switch-directory ······················································································································· 95 info-center loghost ················································································································································· 96 info-center loghost
RMON configuration commands ··························································································································· 139 display rmon alarm ············································································································································· 139 display rmon event ·············································································································································· 140 display rmon eventlog····
ssh user ································································································································································· 200 SSH client configuration commands ·························································································································· 202 bye ········································································································································································ 202
cdup ······································································································································································ 241 close ······································································································································································ 242 debugging ·····················································································································································
Websites······························································································································································· 280 Conventions ·································································································································································· 281 Index ··························································································································································
Ping, tracert, and system debugging commands Ping and tracert commands ping Use ping to verify whether the destination in an IP network is reachable, and to display the related statistics.
-n: Disables domain name resolution for the host argument. When this keyword is not provided, if the host argument represents the host name of the destination, the device translates host into an address. -p pad: Specifies the value of the pad field in an ICMP echo request, in hexadecimal format, 1 to 8 bits, in the range 0 to ffffffff. If the specified value is less than 8 bits, 0s are added in front of the value to extend it to 8 bits.
Reply from 1.1.2.2: bytes=56 Sequence=5 ttl=254 time=1 ms --- 1.1.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/41/205 ms The output shows the following: • The destination is reachable. • All ICMP echo requests sent by the source have got responses. • The minimum time, average time, and maximum time for the packet’s roundtrip time are 1 ms, 41 ms, and 205 ms, respectively. # Test whether the device with an IP address of 1.1.2.
1.1.2.1 1.1.2.2 1.1.1.2 1.1.1.1 Reply from 1.1.2.2: bytes=56 Sequence=2 ttl=254 time=1 ms Record Route: 1.1.2.1 1.1.2.2 1.1.1.2 1.1.1.1 Reply from 1.1.2.2: bytes=56 Sequence=3 ttl=254 time=1 ms Record Route: 1.1.2.1 1.1.2.2 1.1.1.2 1.1.1.1 Reply from 1.1.2.2: bytes=56 Sequence=4 ttl=254 time=1 ms Record Route: 1.1.2.1 1.1.2.2 1.1.1.2 1.1.1.1 Reply from 1.1.2.2: bytes=56 Sequence=5 ttl=254 time=1 ms Record Route: 1.1.2.1 1.1.2.2 1.1.1.2 1.1.1.1 --- 1.1.2.
Field Description Received the ICMP reply from the device whose IP address is 1.1.2.2. If no reply is received during the timeout period, "Request time out" is displayed. Reply from 1.1.2.2 : bytes=56 Sequence=1 ttl=255 time=1 ms • bytes—Number of data bytes in the ICMP reply. • Sequence—Packet sequence, used to determine whether a segment is lost, disordered or repeated. • ttl—TTL value in the ICMP reply. • time—Response time. Record Route Devices through which the ICMP echo request passed.
• If no response from the destination is received within the timeout time, the interval to send the next echo request equals the timeout value plus the value of interval. -s packet-size: Specifies length (in bytes) of an ICMPv6 echo request, which ranges from 20 to 8100 and defaults to 56. -t timeout: Specifies the timeout value (in milliseconds) of an ICMPv6 echo reply, which ranges from 0 to 65535 and defaults to 2000.
bytes=56 Sequence=5 hop limit=64 time = 16 ms --- 2001::2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 4/25/62 ms # Verify whether the IPv6 address 2001::1 in VPN 1 is reachable.
-f first-ttl: Specifies the first TTL (the allowed number of hops for the first packet). It ranges from 1 to 255 and defaults to 1, and must be less than the maximum TTL. -m max-ttl: Specifies the maximum TTL, or, the maximum allowed number of hops for a packet. It ranges from 1 to 255 and defaults to 30, and must be greater than the first TTL. -p port: Specifies the UDP port number of the destination, which ranges from 1 to 65535 and defaults to 33434. You do not need to modify this parameter.
tracert ipv6 Use tracert ipv6 to view the path the IPv6 packets traverse from source to destination. Syntax tracert ipv6 [ -f first-ttl | -m max-ttl | -p port | -q packet-number | -vpn-instance vpn-instance-name | -w timeout ] * host Views Any view Default command level 0: Visit level Parameters -f first-ttl: Specifies the first TTL, or, the allowed number of hops for the first packet. It ranges from 1 to 255 and defaults to 1, and must be less than the maximum TTL.
Hardware Command compatible U200-S No Examples # View the path the packets traverse from source to destination with IPv6 address 2001::1. tracert ipv6 2001::1 traceroute to 2001::1 1 30 hops max,60 bytes packet, press CTRL_C to break 2001::1 3 ms <1 ms 19 ms # View the path the packets traverse from source to destination with IPv6 address 2001::1 in VPN 1.
Usage guidelines Output of the debugging information may degrade system efficiency, so you should enable the debugging of the corresponding module for diagnosing network failure, and not to enable debugging of multiple modules at the same time. Default command level describes the default level of the debugging all command. Different debugging commands may have different default levels.
IP performance optimization commands display icmp statistics Use display icmp statistics to display ICMP statistics. Syntax display icmp statistics [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
display ip socket Use display ip socket to display socket information. Syntax display ip socket [ socktype sock-type ] [ task-id socket-id ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters socktype sock-type: Displays the socket information about this type. The sock type is in the range of 1 to 3, corresponding to TCP, UDP, and raw IP respectively. task-id: Displays the socket information about this task.
sb_maxcc = 0, rb_maxcc = 0, socket option = SO_ACCEPTCONN SO_REUSEADDR SO_REUSEPORT SO_SENDVPNID(0), socket state = SS_PRIV SS_ASYNC Task = VTYD(38), socketid = 4, Proto = 6, LA = 192.168.1.40:23, FA = 192.168.1.52:1917, sndbuf = 8192, rcvbuf = 8192, sb_cc = 237, rb_cc = 0, sb_maxcc = 0, rb_maxcc = 0, socket option = SO_KEEPALIVE SO_OOBINLINE SO_REUSEPORT SO_SENDVPNID(0) SO_SETKEEPALIVE, socket state = SS_ISCONNECTED SS_PRIV SS_ASYNC Task = VTYD(38), socketid = 3, Proto = 6, LA = 192.168.1.
LA = 0.0.0.0:1025, FA = 0.0.0.0:0, sndbuf = 9216, rcvbuf = 0, sb_cc = 0, rb_cc = 0, sb_maxcc = 0, rb_maxcc = 0, socket option = SO_UDPCHECKSUM, socket state = SS_PRIV Task = RDSO(56), socketid = 2, Proto = 17, LA = 0.0.0.0:1812, FA = 0.0.0.0:0, sndbuf = 9216, rcvbuf = 41600, sb_cc = 0, rb_cc = 0, sb_maxcc = 0, rb_maxcc = 0, socket option = SO_UDPCHECKSUM, socket state = SS_PRIV SOCK_RAW: Task = ROUT(69), socketid = 8, Proto = 89, LA = 0.0.0.0, FA = 0.0.0.
Table 3 Command output Field Description SOCK_STREAM TCP socket. SOCK_DGRAM UDP socket. SOCK_RAW Raw IP socket. Task Task number. socketid Socket ID. Proto Protocol number of the socket, indicating the protocol type that IP carries. LA Local address and local port number. FA Remote address and remote port number. sndbuf Sending buffer size (in bytes) of the socket. rcvbuf Receiving buffer size (in bytes) of the socket.
display ip statistics Input: Output: sum 7120 local 112 bad protocol 0 bad format 0 bad checksum 0 bad options 0 forwarding 0 local 27 dropped 0 no route 2 output 0 compress fails 0 Fragment:input 0 dropped 0 fragmented 0 couldn't fragment 0 0 timeouts Reassembling:sum 0 Table 4 Command output Field Input Output Fragment Reassembling Description sum Total number of packets received. local Total number of packets with destination being local.
Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Table 5 Command output Field Received packets Sent packets Description Total Total number of packets received. packets in sequence Number of packets arriving in sequence. window probe packets Number of window probe packets received. window update packets Number of window update packets received. checksum error Number of checksum error packets received. offset error Number of offset error packets received. short error Number of received packets with length being too small.
Field Description Closed connections Number of connections closed. In brackets are connections closed accidentally (before receiving SYN from the peer) and connections closed initiatively (after receiving SYN from the peer). Packets dropped with MD5 authentication Number of packets dropped by MD5 authentication. Packets permitted with MD5 authentication Number of packets permitted by MD5 authentication.
Table 6 Command output Field Received packets Sent packets Description Total Total number of UDP packets received. checksum error Total number of packets with incorrect checksum. shorter than header Number of packets with data shorter than head. data length larger than packet Number of packets with data longer than packet. unicast(no socket on port) Number of unicast packets with no socket on port.
[Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ip forward-broadcast acl 2001 ip forward-broadcast (system view) Use ip forward-broadcast to enable the device to receive directed broadcasts. Use undo ip forward-broadcast to disable the device from receiving directed broadcasts. Syntax ip forward-broadcast undo ip forward-broadcast Default The device is not allowed to receive directed broadcasts.
ip ttl-expires enable Use ip ttl-expires enable to enable sending ICMP timeout packets. Use undo ip ttl-expires to disable sending ICMP timeout packets. Syntax ip ttl-expires enable undo ip ttl-expires Default Sending ICMP timeout packets is disabled. Views System view Default command level 2: System level Usage guidelines If the feature is disabled, the device does not send TTL timeout ICMP packets, but still sends "reassembly timeout" ICMP packets. Examples # Enable sending ICMP timeout packets.
reset ip statistics Use reset ip statistics to clear statistics of IP packets. Syntax reset ip statistics Views User view Default command level 1: Monitor level Parameters None Examples # Clear statistics of IP packets. reset ip statistics Related commands • display ip statistics • display ip interface reset tcp statistics Use reset tcp statistics to clear statistics of TCP traffic.
Default command level 1: Monitor level Examples # Clear statistics of UDP traffic. reset udp statistics tcp mss Use tcp mss to configure the TCP MSS. Use undo tcp mss to restore the default. Syntax tcp mss value undo tcp mss Default The TCP MSS is 1460 bytes. Views Interface view Default command level 2: System level Parameters value: TCP maximum segment size (MSS) in bytes, in the range of 128 to 2048.
Views System view Default command level 2: System level Parameters aging minutes: Sets the aging time of the path MTU, in the range of 10 to 30 minutes. The default aging time is 10 minutes. no-aging: Does not age out the path MTU. Examples # Enable TCP path MTU discovery and set the path MTU aging time to 20 minutes. system-view [Sysname] tcp path-mtu-discovery aging 20 tcp timer fin-timeout Use tcp timer fin-timeout to configure the TCP finwait timer.
tcp timer syn-timeout Use tcp timer syn-timeout to configure the TCP synwait timer. Use undo tcp timer syn-timeout to restore the default. Syntax tcp timer syn-timeout time-value undo tcp timer syn-timeout Default The TCP synwait timer is 75 seconds. Views System view Default command level 2: System level Parameters time-value: Specifies the TCP synwait timer in seconds, in the range of 2 to 600. Examples # Set the TCP synwait timer to 80 seconds.
Examples # Configure the size of the TCP send/receive buffer as 3 KB.
File system management commands In the following examples, the current working directory is the root directory of the storage medium on the device. For information about the qualified file name formats, see Getting Started Guide. The following matrix shows the storage media on different firewalls and UTM devices: Hardware Storage medium F1000-A-EI/F1000-S-EI flash0 F1000-E cfa0 F5000 cfa0 Firewall module cfa0 U200-A cfa0 U200-S cfa0 All examples in this chapter use the storage medium cfa0.
# Return to the upper directory. (A space is required after the keyword cd.) cd .. # Return to the root directory. cd / After you change the current directory by using the cd command, you can use the pwd command to view the path of the current working directory. copy Use copy to copy a file. Syntax copy fileurl-source fileurl-dest Views User view Default command level 3: Manage level Parameters fileurl-source: Name of the source file.
Description Use the crypto-digest command to compute the digest of a specified file. The computed digest is used to verify the correctness and integrity of the file to prevent the file from being tampered with. For example, you can use the command to compute the digest of the software image file of a device, and compare the digest with that on the web site of the device vendor to verify whether the file is valid. Examples # Use the SHA-256 algorithm to compute the digest of the file cc.bin.
dir Use dir to display files or folders. Syntax dir [ /all ] [ file-url | /all-filesystems ] Views User view Default command level 3: Manage level Parameters /all: Displays all files and folders in the current directory, including hidden files, hidden folders, files moved from the current directory to the recycle bin. Files in the recycle bin are enclosed in square brackets [ ]. file-url: Displays the specified file. Asterisks (*) are acceptable as wildcards. For example, to display files with the .
Table 7 Command output Field Description Directory of Current working directory. d Directory. If this field does not exist, it indicates a file. r The file or directory is readable. w The file or directory is writable. h The file or directory is hidden. [] The file is in the recycle bin.
Usage guidelines The displayed information includes all the physical pages corresponding to the logical pages of the specified file. The following matrix shows the display nandflash file-location command and firewalls and UTM devices compatibility: Hardware Command compatible F1000-A-EI/F1000-S-EI Yes F1000-E No F5000 No Firewall module No U200-A No U200-S No Examples # Display the location of the file test.cfg in the NAND Flash memory. display nandflash file-location test.
Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see the chapter on CLI in Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Views Any view Default command level 1: Monitor level Parameters page-value: Serial number of a physical page. |: Filters command output by specifying a regular expression. For more information about regular expressions, see the chapter on CLI in Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
execute Use execute to execute the specified batch file. Syntax execute filename Views System view Default command level 2: System level Parameters filename: Name of a batch file with the .bat extension. To change the extension of a configuration file to .bat, use the rename command. Usage guidelines Batch files are command line files. Executing a batch file is to execute a set of command lines in the file. Do not include invisible characters in a batch file.
Usage guidelines If partition-number is specified, the storage medium is divided into the specified number of partitions; otherwise, partitioning is performed in an interactive way. The device automatically formats each partition after partitioning is completed and all data on the storage medium is lost after this command is successfully executed. Before removing a partitioned storage medium, unmount all the partitions. Otherwise, the file system on the storage medium might be damaged.
The capacity of cfa: : 256M bytes Partition 1 (32MB~224MB, 256MB, CTRL+C to quit, Enter to use all space left): // Enter 128 to specify the size of the first partition as 128 MB. Partition 2 (32MB~96MB, 128MB, CTRL+C to quit, Enter to use all space left): // Enter 31 to specify the size of the second partition as 31 MB. The partition size should be greater than or equal to 32MB.
Usage guidelines When the operation mode is set to quiet, the system does not warn for any file operation. To avoid misoperation, use the alert mode. Examples # Set the file system operation mode to alert. system-view [Sysname] file prompt alert fixdisk Use fixdisk to examine a storage medium for damage and repair any damage. Syntax fixdisk medium-name Views User view Default command level 3: Manage level Parameters medium-name: Storage medium name.
Syntax format medium-name [ FAT16 | FAT32 ] Views User view Default command level 3: Manage level Parameters medium-name: Name of a storage medium (for example, flash0) that does not support partition or name of a partition (for example, cfa0) of a storage medium that has been partitioned.
mkdir Use mkdir to create a folder under a specified directory on the storage medium. Syntax mkdir directory Views User view Default command level 3: Manage level Parameters directory: Name of a folder. Usage guidelines The name of the folder to be created must be unique in the specified directory. Otherwise, you will fail to create the folder in the directory. To use this command to create a folder, the specified directory must exist.
exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, which is a case-sensitive string of 1 to 256 characters. Usage guidelines It the content is more than will fit on one screen: • Pressing Enter displays the next line. • Pressing Space displays the next screen. • Pressing Ctrl+C or any other key exits the display.
You cannot move files between storage media of different types or between different partitions of a CF card. Examples # Move file cfa0:/test/sample.txt to cfa0:/, and save it as 1.txt. move test/sample.txt 1.txt Move cfa0:/test/sample.txt to cfa0:/1.txt?[Y/N]:y ... % Moved file cfa0:/test/sample.txt to cfa0:/1.txt # Move file b.cfg to the subfolder test2. move b.cfg test2 Move cfa0:/b.cfg to cfa0:/test2/b.cfg?[Y/N]:y . %Moved file cfa0:/b.cfg to cfa0:/test2/b.cfg.
Examples # Rename file sample.txt as sample.bat. rename sample.txt sample.bat Rename cfa0:/sample.txt to cfa0:/sample.bat? [Y/N]:y % Renamed file cfa0:/sample.txt to cfa0:/sample.bat reset recycle-bin Use reset recycle-bin to permanently delete the files in the recycle bin in the current directory.
//The output shows that the current directory is cfa0:, and there are two files a.cfg and b.cfg in the recycle bin. 2. Delete file b.cfg in the current directory and in the recycle bin. reset recycle-bin Clear cfa0:/~/a.cfg ?[Y/N]:n Clear cfa0:/~/b.cfg ?[Y/N]:y Clearing files from cfa0 may take a long time. Please wait... ...... %Cleared file cfa0:/~/b.cfg... 3. In directory cfa0:, check in the recycle bin whether the file b.cfg is deleted.
Syntax rmdir directory Views User view Default command level 3: Manage level Parameters directory: Name of the folder. Usage guidelines The folder must be an empty one. If not, delete all files and subfolders under it by using the delete command. After you execute the rmdir command successfully, the files in the recycle bin in the folder will be automatically deleted. Examples # Remove folder mydir. rmdir mydir Rmdir cfa0:/mydir?[Y/N]:y %Removed directory cfa0:/mydir.
# Restore file b.cfg in directory cfa0:/test from the recycle bin. undelete cfa0:/test/b.cfg Undelete cfa0:/test/b.cfg?[Y/N]:y ....... %Undeleted file cfa0:/test/b.cfg. Or: cd test undelete b.cfg Undelete cfa0:/test/b.cfg?[Y/N]:y ..... %Undeleted file cfa0:/test/b.cfg.
Software upgrade commands The following matrix shows the storage medium for system software image files on different firewalls and UTM devices: Hardware Storage medium F1000-A-EI/F1000-S-EI flash0 F1000-E cfa0 F5000 cfa0 Firewall module cfa0 U200-A cfa0 U200-S cfa0 All examples in this chapter use the storage medium cfa0. boot-loader Use boot-loader to specify a startup system software image for the device.
In FIPS mode, the signature of the boot file is verified first. If the signature is invalid, the configuration fails. Examples # Specify test.bin as the main startup system software image file. This example assumes that this file has been saved in the root directory of the storage medium. boot-loader file test.bin main This command will set the boot file.
Read basic bootrom completed! Start reading extended bootrom! Read extended bootrom completed! Read bootrom completed! Please check the file! After the BootWare image is read, you can find extbtm.bin and basbtm.bin on the storage medium of the device. dir Directory of cfa0:/ 0 -rw- 37961708 Jul 27 2012 11:38:04 main.bin 1 -rw- 14668 Aug 03 2012 10:00:58 config.cwmp 2 drw- - Jun 14 2012 11:31:16 seclog 3 -rw- 17539 Aug 03 2012 10:00:58 system.
................................................ Restore extended bootrom completed! Restore bootrom completed! # Use the a.btw file to upgrade the BootWare image of the device. bootrom update file a.btw This command will update bootrom file, Continue? [Y/N]:y Now updating bootrom, please wait... Updating basic bootrom! ................................ Update basic bootrom success! Updating extended bootrom! ........................
Views Any view Default command level 2: System level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Default command level 3: Manage level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Field Description Slot Ignored. This field always displays 0. Version Patch version. The first three characters represent the suffix of the PATCH-FLAG. For example, if the PATCH-FLAG of the device or module is PATCH-RPE, "RPE" is displayed. The following three digits, if any, represent the patch number. (The patch number can be read after the patch is loaded.) Temporary Number of temporary patches. These patches are interim solutions for fixing critical bugs. They are not formally released.
patch deactive Use patch deactive to stop running patches. Syntax patch deactive [ patch-number ] Views System view Default command level 3: Manage level Parameters patch-number: Specifies the sequence number of a patch. The value range is 1 to 200. If no sequence number is specified, this command deactivates all ACTIVE patches. If a sequence number is specified, this command deactivates the specified patch and all its subsequent ACTIVE patches.
Examples # Remove patch 3 and all its subsequent patches from the patch memory area. system-view [Sysname] patch delete 3 # Remove all patches from the patch memory area. system-view [Sysname] patch delete patch install Use patch install to install and run patches in one step. Use undo patch install to remove all ACTIVE and RUNNING patches from the patch memory area.
Examples # Install files from the CF card. system-view [Sysname] patch-install cfa0: Patches will be installed. Continue? [Y/N]:y Do you want to continue running patches after reboot? [Y/N]:y Installing patches.. Installation completed, and patches will continue to run after reboot. [Sysname] # Install patches from a patch package file. system-view [Sysname] patch install file:/patch_packeg.bin Patches will be installed.
system-view [Sysname] patch load file cfa0:/patchpackege.bin Related commands patch location patch location Use patch location to configure the patch file location. Syntax patch location patch-location Default The patch file location is the root directory of the storage medium. Views System view Default command level 3: Manage level Parameters patch-location: Specifies the patch file location, a string of 1 to 64 characters.
Parameters patch-number: Specifies the sequence number of a patch. The value range is 1 to 200. If no sequence number is specified, this command confirms all ACTIVE patches and changes their state to RUNNING. If a sequence number is specified, this command confirms the specified ACTIVE patch and all its previous patches, and changes their state to RUNNING. Usage guidelines After being confirmed, ACTIVE patches are set in RUNNING state and can continue to run after a reboot.
Configuration file management commands The following matrix shows the storage medium for configuration files on different firewalls and UTM devices: Hardware Storage medium F1000-A-EI/F1000-S-EI flash0 F1000-E cfa0 F5000 cfa0 Firewall module cfa0 U200-A cfa0 U200-S cfa0 All examples in this chapter use the storage medium cfa0. archive configuration Use archive configuration to manually archive the running configuration to the configuration archive directory.
• If a high-speed storage medium (such as a CF card) is used and the device configuration changes frequently, set a shorter saving interval. Examples # Archive the running configuration. archive configuration Warning: Save the running configuration to an archive file. Continue? [Y/N]: Y Please wait... Info: The archive configuration file myarchive_1.cfg is saved.
• If a low-speed storage medium (such as a Flash) is used, archive the running configuration manually, or configure automatic archiving with an interval longer than 1440 minutes (24 hours). • If a high-speed storage medium (such as a CF card) is used and the device configuration changes frequently, set a shorter saving interval. • Change the archiving interval depending on the amount of available storage space. The shorter the interval, the more free storage space is required.
archive configuration command does not display them. The serial number for new configuration archives starts from 1. The undo archive configuration location command not only removes the configuration archive directory and file name prefix settings, but also disables the configuration archive function (both manual and automatic approaches), restores the default settings of the archive configuration interval and archive configuration max commands, and clears all configuration archives.
Changing the limit setting to a lower value does not cause immediate deletion of exceeding archives. Instead, the configuration archive function deletes the oldest n files when a new archive is manually or automatically saved, where n = current archive count – new archive limit + 1. Suppose seven configuration archives have been saved before the archive limit is set to 4. When saving a new configuration archive, the system first deletes the oldest four (7 – 4 + 1) archives.
Use undo configuration encrypt to restore the default. Syntax configuration encrypt { private-key | public-key } undo configuration encrypt Default Configuration encryption is disabled. The running configuration is saved to a configuration file without encryption. Views System view Default command level 3: Manage level Parameters private-key: Encrypts configuration with a private key. Only the encrypting device can decrypt the encrypted configuration file.
Usage guidelines To replace the running configuration with the configuration in a configuration file without rebooting the device, use the configuration rollback function. This function helps you revert to a previous configuration state or adapt the running configuration to different network environments. To avoid rollback failure: • Make sure the replacement configuration file is created by using the configuration archive function or the save command on the device.
Saved archive files: No. TimeStamp FileName 1 Jan 05 2012 20:24:54 my_archive_1.cfg 2 Jan 05 2012 20:34:54 my_archive_2.cfg # 3 Jan 05 2012 20:44:54 my_archive_3.cfg '#' indicates the most recent archive file. Next archive file to be saved: my_archive_4.cfg Table 12 Command output Field Description Location Directory for saving running-configuration archives. Filename prefix File name prefix for configuration archives.
exclude modules: Excludes the configuration of specific modules. The modules argument can be acl, acl6, or both separated by a space. • acl: Excludes the IPv4 ACL configuration. • acl6: Excludes the IPv6 ACL configuration. by-linenum: Displays the number of each line. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
display default-configuration Use display default-configuration to display the factory defaults. Syntax display default-configuration [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 2: System level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Parameters by-linenum: Identifies each line of displayed information with a line number. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
2: 3: version 5.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines Current startup configuration file is the configuration file used at this startup. Next-startup configuration file is the configuration file used at the next startup. Examples # Display the startup configuration files. display startup Current startup saved-configuration file: cfa0:/testcfg.cfg Next startup saved-configuration file: cfa0:/testcfg.
For some parameters that can be successfully configured even if their dependent features are not enabled, this command displays their settings after the dependent features are enabled. Executed in any user interface view, this command displays the running configuration of all user view interfaces. Executed in any VLAN view, this command displays the running configuration of all VLANs. Examples # Display the running configuration on interface GigabitEthernet 0/1.
Examples # Delete the next-startup configuration file. reset saved-configuration The saved configuration file will be erased. Are you sure? [Y/N]:y Configuration file in cfa0 is being cleared. Please wait ........... Configuration file is cleared. Related commands • display saved-configuration • save restore startup-configuration Use restore startup-configuration to download a configuration file from a TFTP server and specify it as the next-startup configuration file.
Use save [ safely ] [ force ] to save the running configuration to the root directory of storage medium, and specify the file as a next startup configuration file. Syntax save file-url save [ safely ] [ force ] Views Any view Default command level 2: System level Parameters file-url: Specifies a file path, where the file extension must be .cfg. If the file specified for file-url does not exist, the system creates the file before saving the configuration.
Current startup saved-configuration file: cfa0:/hmr.cfg Next startup saved-configuration file: cfa0:/startup.cfg The output shows that the next-startup configuration file has changed from aa.cfg to startup.cfg. # Save the running configuration to the next-startup configuration file without any confirmation required. save force Configuration is saved to device successfully.
Information center configuration commands display channel Use display channel to display channel information. Syntax display channel [ channel-number | channel-name ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters channel-number: Specifies a channel by its number in the range of 0 to 9. channel-name: Specifies a channel by its name, a default name or a self-defined name.
display channel 0 channel number:0, channel name:console MODU_ID NAME ffff0000 default ENABLE LOG_LEVEL ENABLE TRAP_LEVEL ENABLE DEBUG_LEVEL Y Y Y informational debugging debugging The output shows that the system is allowed to output log information with a severity from 0 to 4, trap information with a severity from 0 to 7, and debug information with a severity from 0 to 7 to the console. The information source modules are all modules (default).
Examples # Display information center configuration information. display info-center Information Center:enabled Log host: 1.1.1.
Table 16 Severity description Severity Value Description Corresponding keyword in commands Emergency 0 The system is unusable. emergencies Alert 1 Action must be taken immediately. alerts Critical 2 Critical condition. critical Error 3 Error condition. errors Warning 4 Warning condition. warnings Notification 5 Normal but significant condition. notifications Informational 6 Informational message. informational Debug 7 Debug message.
Field Description Channel name Channel name of the log buffer. The default channel name is logbuffer. Dropped messages Number of dropped messages. Overwritten messages Number of overwritten messages (when the buffer size is not big enough to hold all messages, the latest messages overwrite the old ones). Current messages Number of current messages. display logbuffer summary Use display logbuffer summary to display the summary of the log buffer.
Field Description NOTIF Represents notice. See Table 16 for details. INFO Represents informational. See Table 16 for details. DEBUG Represents debug. See Table 16 for details. display logfile buffer Use display logfile buffer to display the contents of the log file buffer. Syntax display logfile buffer [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression.
Trap 1.3.6.1.6.3.1.1.5.4: Interface 983040 is Up, ifAdminStatus is 1, ifOperStatus is 1 … display logfile summary Use display logfile summary to display the log file configuration. Syntax display logfile summary [ | { begin | exclude | include } regular-expression ] Views System view for security log management Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Table 19 Command output Field Description Log file is State of the log file feature, enabled or disabled. Channel number Log file channel number, which defaults to 9. Log file size quota Maximum storage space of a log file. Log file directory Log file directory. Writing frequency Log file writing frequency. display security-logfile buffer Use display security-logfile buffer to display the contents of the security log file buffer.
display security-logfile summary Use display security-logfile summary to display the summary of the security log file. Syntax display security-logfile summary [ | { begin | exclude | include } regular-expression ] Views System view for security log management Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
display trapbuffer Use display trapbuffer to display the state and the trap information of the trap buffer. Without the size buffersize argument, the command displays all trap information. Syntax display trapbuffer [ reverse ] [ size buffersize ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters reverse: Displays trap entries chronologically, with the most recent entry at the top.
#Aug 7 08:05:32:425 2009 Sysname IFNET/4/INTERFACE UPDOWN: Trap 1.3.6.1.6.3.1.1.5.3: Interface 983048 is Down, ifAdminStatus is 1, ifOperStatus is 2 #Aug 7 08:39:53:302 2009 Sysname SHELL/4/LOGIN: Trap 1.3.6.1.4.1.25506.10.2.2.1.1.3.0.1: login from VTY #Aug 7 08:43:25:583 2009 Sysname CFGMAN/4/TRAP: 1.3.6.1.4.1.25506.10.2.4.2.
info-center channel name Use info-center channel name to name a channel. Use undo info-center channel to command to restore the default name for a channel. Syntax info-center channel channel-number name channel-name undo info-center channel channel-number Default See Table 14 for information about default channel names and channel numbers. Views System view Default command level 2: System level Parameters channel-number: Specifies a channel by its number in the range of 0 to 9.
channel-name: Specifies a channel by its name, a default name or a self-defined name. For information about configuring a channel name, see info-center channel name. Usage guidelines The info-center console channel command takes effect only when the information center has been enabled with the info-center enable command. Examples # Specify the console output channel as channel 0.
Views System view Default command level 2: System level Parameters unicom: Specifies the unicom format. china-telecom: Specifies the china-telecom format. china-unicom-nat444: Specifies the china-unicom-nat444 format. Usage guidelines System information sent to the log host can be in HP, unicom, china-telecom, or china-unicom-nat444 format. The china-telecom and china-unicom-nat444 formats are available only for NAT444.
undo info-center logbuffer [ channel | size ] Default The system outputs information to the log buffer through channel 4 (logbuffer). Views System view Default command level 2: System level Parameters channel-number: Specifies a channel by its number in the range of 0 to 9. channel-name: Specifies a channel by its name, a default name or a self-defined name. For information about configuring a channel name, see info-center channel name.
Default The log file feature is enabled. Views System view Default command level 2: System level Usage guidelines The following matrix shows the info-center logfile enable command and hardware compatibility: Hardware info-center logfile enable F1000-A-EI/F1000-S-EI No F1000-E Yes F5000 Yes Firewall module Yes U200-A No U200-S No Examples # Enable the log file feature.
Usage guidelines The following matrix shows the info-center logfile frequency command and firewalls and UTM devices compatibility: Hardware info-center logfile frequency F1000-A-EI/F1000-S-EI No F1000-E Yes F5000 Yes Firewall module Yes U200-A No U200-S No Examples # Configure the interval for saving system information to the log file as 60000 seconds.
Use undo info-center logfile size-quota to restore the default. Syntax info-center logfile size-quota size undo info-center logfile size-quota Default The storage space reserved for a log file is 10 MB. Views System view Default command level 2: System level Parameters size: Specifies the maximum storage space reserved for a log file, in the range of 1 to 10 MB.
Default command level 2: System level Parameters dir-name: Specifies a directory by its name, a string of 1 to 64 characters. Usage guidelines The specified directory must have been created. The configuration made by this command cannot survive a system restart.
Default command level 2: System level Parameters vpn-instance vpn-instance-name: Specifies a VPN by its name, a case-sensitive string of 1 to 31 characters. If the log host is on the public network, do not specify this option. ipv6 host-ipv6-address: Specifies the IPv6 address of a log host.
[Sysname] info-center loghost vpn-instance vpn1 1.1.1.2 # Output log information to the log host 1::1. system-view [Sysname] info-center loghost ipv6 1::1 info-center loghost source Use info-center loghost source to specify the source IP address for output log information. Use undo info-center loghost source to restore the default.
After the above configuration, log in to the FTP server by using the username ftp. The following log information is displayed on the log host (the -DevIP=2.2.2.2 field identifies the source IP address): <189>May 31 05:38:14 2003 Sysname %%10FTPD/5/FTPD_LOGIN(l): -DevIP=2.2.2.2; User ftp (192.168.1.23) has logged in successfully. info-center monitor channel Use info-center monitor channel to configure the monitor channel. The system uses this channel to output information to the monitor.
Views System view Default command level 2: System level Parameters usage: Specifies an alarm threshold in the range of 1 to 100. Usage guidelines When the size of the security log file reaches the upper limit, the system deletes the oldest information and then writes the new information into the security log file buffer. This feature can avoid security log loss by setting an alarm threshold. When the threshold is reached, the system outputs log information to inform the administrator.
info-center security-logfile frequency Use info-center security-logfile frequency to configure the interval for saving security logs to the security log file. Use undo info-center security-logfile frequency to restore the default interval. Syntax info-center security-logfile frequency freq-sec undo info-center security-logfile frequency Default The default saving interval is 600 seconds.
Examples # Set the maximum storage space reserved for the security log file to 6 MB. system-view [Sysname] info-center security-logfile size-quota 6 Related commands info-center security-logfile alarm-threshold info-center security-logfile switch-directory Use info-center security-logfile switch-directory to configure the directory where the security log file is saved.
Syntax info-center snmp channel { channel-number | channel-name } undo info-center snmp channel Default The system outputs information to the SNMP module through channel 5 (snmpagent). Views System view Default command level 2: System level Parameters channel-number: Specifies a channel by its number in the range of 0 to 9. channel-name: Specifies a channel by its name, a default name or a self-defined name. For information about configuring a channel name, see the info-center channel name command.
log: Specifies log information. trap: Specifies trap information. level severity: Specifies a severity level. For more information, see Table 16. state state: Specifies whether to output the specified system information, on (enabled) or off (disabled). channel-number: Specifies a channel by its number in the range of 0 to 9. channel-name: Specifies a channel by its name, a default name or a self-defined name. For information about configuring a channel name, see info-center channel name.
Output destination Source modules Trap buffer Trap Log Debug Enabled/d isabled Severity Enabled/d isabled Severity Enabled/d isabled Severity All supported modules Disabled Informati onal Enabled Informati onal Disabled Debug Log buffer All supported modules Enabled Informati onal Disabled Debug Disabled Debug SNMP module All supported modules Disabled Debug Enabled Informati onal Disabled Debug Log file All supported modules Enabled Debug Enabled Debug Disabled Deb
Examples # Enable synchronous information output, and then execute the display current-configuration command to view the current configuration of the device. system-view [Sysname] info-center synchronous % Info-center synchronous output is on [Sysname] display current- At this time, the system receives log information. It displays the log information first, and then displays your previous input, which is display current- in this example.
channel-name: Specifies a channel by its name, a default name or a self-defined name. For information about configuring a channel name, see info-center channel name. Examples # Output system information to the Web interface through channel 7. system-view [Sysname] info-center syslog channel 7 info-center timestamp Use info-center timestamp to configure the time stamp format for system information sent to all destinations except the log host. Use undo info-center timestamp to restore the default.
At this time, if you log in to the FTP server by using the username ftp, the log information generated is as follows: %0.109391473 Sysname FTPD/5/FTPD_LOGIN: User ftp (192.168.1.23) has logged in successfully. # Configure the time stamp format for log information as date.
Examples # Configure the time stamp format for system information sent to the log host as no-year-date. system-view [Sysname] info-center timestamp loghost no-year-date Related commands info-center timestamp info-center trapbuffer Use info-center trapbuffer to configure information output to the trap buffer. Use undo info-center trapbuffer to disable information output to the trap buffer.
Default The system automatically saves logs from the log buffer to the log file at the interval configured by the info-center logfile frequency command. The directory for the log file can be specified by using the info-center logfile switch-directory command. Views Any view Default command level 2: System level Usage guidelines The system clears the log file buffer after saving logs from the buffer to the log file automatically or manually.
Syntax reset trapbuffer Views User view Default command level 3: Manage level Examples # Clear the trap buffer. reset trapbuffer security-logfile save Use security-logfile save to manually save security logs from the security log file buffer into the security log file. Syntax security-logfile save Default The system automatically saves security logs from the security log file buffer into the security log file at the interval configured by the info-center security-logfile frequency command.
Syntax terminal debugging undo terminal debugging Default The display of debug information is disabled on both the console and the current terminal. Views User view Default command level 1: Monitor level Usage guidelines To view debug information, execute the terminal monitor and terminal debugging commands, enable the information center (enabled by default), and use a debugging command to enable the related debugging.
Examples # Disable the display of log information on the current terminal. undo terminal logging Info: Current terminal logging is off. terminal monitor Use terminal monitor to enable the monitoring of system information on the current terminal. Use undo terminal monitor to disable the monitoring of system information on the current terminal. Syntax terminal monitor undo terminal monitor Default Monitoring of the system information is enabled on the console and disabled on the monitor terminal.
Default command level 1: Monitor level Usage guidelines To view the trap information, execute the terminal monitor and terminal trapping commands, and then enable the information center (enabled by default). The configuration of this command is only valid for the current connection between the terminal and the device. If a new connection is established, the display of trap information on the terminal restores the default. Examples # Enable the display of trap information on the current terminal.
Logging management configuration commands display userlog export Use display userlog export to view the configuration and statistics for flow logs exported to the log server. Syntax display userlog export [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Table 23 Command output Field Description flow Configuration and statistics about flow logs. No userlog export is enabled Flow logs are not sent to the log server. It may be because exporting flow logs to the log server is not configured, or flow logs are sent to the information center. Export Version 1 logs to log server Export flow log packets of version 1.0 to the log server.
Views User view Default command level 2: System level Usage guidelines Flow logs are saved in the cache before being exported to the information center or log server. Clearing flow logs in the cache might cause loss of log information. Use this command with caution. Examples # Clear flow logs in the cache. reset userlog flow logbuffer userlog flow export host Use the userlog flow export host command to configure the IPv4 address and UDP port number of the log server.
Examples # Export flow logs to the log server with IP address 1.2.3.6, and port number 2000. system-view [Sysname] userlog flow export host 1.2.3.6 2000 Related commands userlog flow export host ipv6 userlog flow export host ipv6 Use userlog flow export host to configure the IPv6 address and UDP port number of the log server. Use the undo userlog flow export host command to remove the configuration.
Hardware userlog flow export host ipv6 F1000-A-EI/F1000-S-EI Yes F1000-E Yes F5000 Yes Firewall module Yes U200-A Yes U200-S No Examples # Export flow logs to the log server with the IPv6 address 1::1, and port number 2000. system-view [Sysname] userlog flow export host ipv6 1::1 2000 Related commands userlog flow export host userlog flow export source-ip Use userlog flow export source-ip to configure the source IP address of flow logging packets.
Use undo userlog flow export version to restore the default. Syntax userlog flow export version version-number undo userlog flow export version Default Flow logging version is 1.0. Views System view Default command level 2: System level Parameters version-number: Specifies the flow logging version number, 1 or 3. Usage guidelines If you configure the flow logging version multiple times, only the most recent configuration takes effect. Examples # Set the flow logging version to 3.0.
system-view [Sysname] userlog flow syslog 121
NTP configuration commands display ntp-service sessions Use display ntp-service sessions to display information about all NTP sessions. Syntax display ntp-service sessions [ verbose ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters verbose: Displays detailed information about all NTP sessions. If you do not specify this keyword, only brief information about the NTP sessions is displayed.
Field Description stra Stratum level of the clock source, which determines the clock precision. The value is in the range of 1 to 16. The clock precision decreases from stratum 1 to stratum 16. A stratum 1 clock has the highest precision, and a stratum 16 clock is not synchronized. reach Reachability count of the clock source. 0 indicates that the clock source is unreachable. poll Poll interval in seconds, namely, the maximum interval between successive NTP messages.
Table 25 Command output Field Description clock source IP address of the clock source. clock stratum Stratum level of the clock source, which determines the clock precision. The value is in the range of 1 to 16. The clock precision decreases from stratum 1 to stratum 16. A stratum 1 clock has the highest precision, and a stratum 16 clock is not synchronized.
Field Description Operation mode of the peer device: peer mode • • • • • • • • unspec—The mode is unspecified. active—Active mode. passive—Passive mode. client—Client mode. server—Server mode. bdcast—Broadcast server mode. control—Control query mode. private—Private message mode. peer poll Poll interval of the peer device, in seconds. The value displayed is a power of 2. For example, if the displayed value is 6, the poll interval of the local device is 26, or 64 seconds.
Field Description timecode Time code. Total associations Total number of associations. NOTE: When a device is operating in NTP broadcast/multicast server mode, using the display ntp-service sessions command on the device does not display NTP session information corresponding to the broadcast/multicast server, but the sessions are counted in the total number of associations. display ntp-service status Use display ntp-service status to display NTP service status information.
Table 26 Command output Field Description Status of the system clock: Clock status • Synchronized—The system clock has been synchronized. • Unsynchronized—The system clock has not been synchronized. Clock stratum Stratum level of the system clock. Reference clock ID When the system clock is synchronized to a remote time server, this field indicates the address of the remote time server.
Usage guidelines The display ntp-service trace command takes effect only when the local device and all the devices on the NTP server chain can reach one another. Otherwise, this command is unable to display all the NTP servers on the NTP chain due to timeout. Examples # Display brief information about each NTP server from the local device back to the primary reference source. display ntp-service trace server 127.0.0.1,stratum 2, offset -0.013500, synch distance 0.03154 server 133.1.1.
Parameters peer: Permits full access. This level of right permits the peer devices to perform synchronization and control query to the local device and also permits the local device to synchronize its clock to that of a peer device. Control query refers to query of NTP status information, such as alarm information, authentication status, and clock source information. query: Permits control query.
Default command level 3: Manage level Examples # Enable NTP authentication. system-view [Sysname] ntp-service authentication enable Related commands • ntp-service authentication-keyid • ntp-service reliable authentication-keyid ntp-service authentication-keyid Use ntp-service authentication-keyid to set the NTP authentication key. Use undo ntp-service authentication-keyid to remove the set NTP authentication key.
If an NTP authentication key is specified as a trusted key, the key automatically changes to untrusted after you delete the key. In this case, you do not need to execute the undo ntp-service reliable authentication-keyid command. Examples # Set an MD5 authentication key, with the key ID of 10 and key value of BetterKey.
Default The device does not operate in any NTP operation mode. Views Interface view Default command level 3: Manage level Parameters authentication-keyid keyid: Specifies the key ID to be used for sending broadcast messages to broadcast clients, where keyid is in the range of 1 to 4294967295. This parameter is not meaningful if authentication is not required. version number: Specifies the NTP version, where number is in the range of 1 to 3 and defaults to 4.
Use undo ntp-service max-dynamic-sessions to restore the maximum number of dynamic NTP sessions to the system default. Syntax ntp-service max-dynamic-sessions number undo ntp-service max-dynamic-sessions Default The number is 100. Views System view Default command level 3: Manage level Parameters number: Maximum number of dynamic NTP sessions that are allowed to be established, in the range of 0 to 100.
Default command level 3: Manage level Parameters ip-address: Multicast IP address, which defaults to 224.0.1.1. Examples # Configure the device to operate in multicast client mode and receive NTP multicast messages on GigabitEthernet 0/1, and set the multicast address to 224.0.1.1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ntp-service multicast-client 224.0.1.
ntp-service refclock-master Use ntp-service refclock-master to configure the local clock as a reference source for other devices. Use undo ntp-service refclock-master to remove the configuration. Syntax ntp-service refclock-master [ ip-address ] [ stratum ] undo ntp-service refclock-master [ ip-address ] Views System view Default command level 3: Manage level Parameters ip-address: IP address of the local clock, which is 127.127.1.u, where u is the NTP process ID that is in the range of 0 to 3.
Parameters keyid: Specifies an authentication key number in the range of 1 to 4294967295. Examples # Enable NTP authentication, specify to use MD5 encryption algorithm, with the key ID of 37 and key value of BetterKey. system-view [Sysname] ntp-service authentication enable [Sysname] ntp-service authentication-keyid 37 authentication-mode md5 BetterKey # Specify this key as a trusted key.
Use undo ntp-service unicast-peer to remove the symmetric-passive peer designated for the device. Syntax ntp-service unicast-peer [ vpn-instance vpn-instance-name ] { ip-address | peer-name } [ authentication-keyid keyid | priority | source-interface interface-type interface-number | version number ] * undo ntp-service unicast-peer [ vpn-instance vpn-instance-name ] { ip-address | peer-name } Default No symmetric-passive peer is designated for the device.
ntp-service unicast-server Use ntp-service unicast-server to designate an NTP server for the device. Use undo ntp-service unicast-server to remove an NTP server designated for the device.
RMON configuration commands display rmon alarm Use display rmon alarm to display RMON alarm entries. Syntax display rmon alarm [ entry-number ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters entry-number: Specifies the index of an RMON alarm entry, in the range of 1 to 65535. If no entry is specified, the command displays all alarm entries. |: Filters command output by specifying a regular expression.
Table 28 Command output Field Description Status of the alarm entry entry-number created by the owner is status. • entry-number—Alarm entry, corresponding to the MIB node alarmIndex. AlarmEntry entry-number owned by owner is status • owner—Entry owner, corresponding to the MIB node alarmOwner. • status—Entry status, corresponding to the MIB node alarmStatus. { VALID—The entry is valid. { UNDERCREATION—The entry is invalid.
begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Syntax display rmon eventlog [ entry-number ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters entry-number: Specifies the index of an event entry, in the range of 1 to 65535. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Field Description Generates eventLog at Time when the log was created (time passed since the device was booted), corresponding to the MIB node logTime. Description Log description, corresponding to the MIB node logDescription. This example shows that event 1 generated two logs. display rmon history Use display rmon history to display RMON history control entry and history sampling information.
fragments : 0 , jabbers : 0 collisions : 0 , utilization : 0 Sampled values of record 2 : dropevents : 0 , octets : 834 packets : 8 , broadcast packets : 1 multicast packets : 6 , CRC alignment errors : 0 undersize packets : 0 , oversize packets : 0 fragments : 0 , jabbers : 0 collisions : 0 , utilization : 0 Sampled values of record 3 : dropevents : 0 , octets : 1001 packets : 9 , broadcast packets : 1 multicast packets : 7 , CRC alignment errors : 0 undersize packets
Field Description Sampled values of record number The (number)th statistics recorded in the system cache. Statistics records are numbered according to the order of time they are saved into the cache. dropevents Dropped packets during the sampling period, corresponding to the MIB node etherHistoryDropEvents. octets Number of octets received during the sampling period, corresponding to the MIB node etherHistoryOctets.
Parameters entry-number: Specifies a private alarm entry index in the range of 1 to 65535. If no entry is specified, the configuration of all private alarm entries is displayed. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Field Description This entry will exist Lifetime of the entry, which can be forever or span the specified period. Latest value Count result of the last sample. Related commands rmon prialarm display rmon statistics Use display rmon statistics to display RMON statistics.
Table 33 Command output Field Description EtherStatsEntry Entry of the statistics table, which corresponds to MIB node etherStatsIndex. Entry status: • VALID—The entry is valid. VALID • UNDERCREATION—The entry is invalid. The display rmon command can display invalid entries, but the display current-configuration and display this commands do not display their settings. Status value is stored in the MIB node etherStatsStatus.
Field Description Incoming-packet statistics by packet length for the statistical period: • 64—Number of 64-byte packets. The value is stored in the MIB node etherStatsPkts64Octets. • 65-127—Number of 65- to 127-byte packets. The value is stored in the MIB node etherStatsPkts65to127Octets. • 128-255—Number of 128- to 255-byte packets. to the value is stored in the Packets received according to length: MIB node etherStatsPkts128to255Octets. • 256-511—Number of 256- to 511-byte packets.
delta: Sets the sampling type to delta. The system obtains the variation value of the variable during the sampling interval when the sampling time is reached. rising-threshold threshold-value1 event-entry1: Sets the rising threshold, where the threshold-value1 argument represents the rising threshold, in the range of –2,147,483,648 to +2,147,483,647, and the event-entry1 argument represents the index of the event triggered when the rising threshold is reached.
[Sysname] rmon alarm 1 1.3.6.1.2.1.16.1.1.1.4.1 10 absolute rising-threshold 5000 1 falling-threshold 5 2 owner user1 1.3.6.1.2.1.16.1.1.1.4 is the OID of the leaf node etherStatsOctets. It represents the incoming packet statistics in bytes for interfaces. In this example, you can use etherStatsOctets.1 to replace the parameter 1.3.6.1.2.1.16.1.1.1.4.1, where 1 indicates the serial number of the interface statistics entry. If you execute the rmon statistics 5 command, you can use etherStatsOctets.
owner text: Specifies the entry owner, a case-sensitive string of 1 to 127 characters that can contain spaces. Usage guidelines When creating an event entry, you can define the actions that the system takes when the event is triggered by its associated alarm in the alarm table. The system can log the event, send a trap, do both, or do neither at all, depending on your configuration.
record for the latest one. The statistics include total number of received packets on the interface, total number of broadcast packets, and total number of multicast packets in a sampling period. You can successfully create a history control entry, even if the specified bucket size exceeds the history table size supported by the device. However, the effective bucket size will be the actual value supported by the device. To view the configuration result, use the display rmon history command.
obtain the variation value of the variable during the sampling interval when the sampling time is reached. Change ratio sampling is not supported at present. rising-threshold threshold-value1 event-entry1: Sets the rising threshold, where the threshold-value1 argument represents the rising threshold, in the range –2,147,483,648 to +2,147,483,647, and the event-entry1 argument represents the index of the event triggered when the rising threshold is reached.
[Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] rmon statistics 1 [Sysname-GigabitEthernet0/1] quit [Sysname] rmon prialarm 1 (.1.3.6.1.2.1.16.1.1.1.6.1*100/.1.3.6.1.2.1.16.1.1.1.5.1) BroadcastPktsRatioOfGE0/1 10 absolute rising-threshold 80 1 falling-threshold 5 2 entrytype forever owner user1 1.3.6.1.2.1.16.1.1.1.6.1 is the OID of the node etherStatsBroadcastPkts.1, and 1.3.6.1.2.1.16.1.1.1.5.1 is the OID of the node etherStatsPkts.1.
To display the RMON statistics table, use the display rmon statistics command. Examples # Create an entry with an index 20 and the owner user1 in the RMON statistics table for GigabitEthernet 0/1.
SNMP commands display snmp-agent community Use display snmp-agent community to display SNMPv1 and SNMPv2c community information. Syntax In non-FIPS mode: display snmp-agent community [ read | write ] [ | { begin | exclude | include } regular-expression ] This command is not available for FIPS mode. Views Any view Default command level 1: Monitor level Parameters read: Displays information about SNMP read-only communities. write: Displays information about SNMP read and write communities.
Group name: testv1 Storage-type: nonVolatile Table 34 Command output Field Description Community name Displays the community name created by using the snmp-agent community command or the username created by using the snmp-agent usm-user { v1 | v2c } command. SNMP group name: • If the community is created by using the snmp-agent community command, the group Group name name is the same as the community name.
begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines If no group is specified, the command displays information about all SNMP groups. Examples # Display information about all SNMP groups.
display snmp-agent local-engineid Use display snmp-agent local-engineid to display the local SNMP engine ID. Syntax display snmp-agent local-engineid [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Field Description MIB Subtree MIB subtree covered by the MIB view. Subtree mask MIB subtree mask. Storage-type Type of the medium where the subtree view is stored. Access privilege for the MIB subtree in the MIB view: View Type • Included—All objects in the MIB subtree are accessible in the MIB view. • Excluded—None of the objects in the MIB subtree is accessible in the MIB view. View status Status of the MIB view.
7 GetNextRequest-PDU accepted and processed 1653 GetBulkRequest-PDU accepted and processed 1669 GetResponse-PDU accepted and processed 2 SetRequest-PDU accepted and processed 0 Trap PDUs accepted and processed 0 Alternate Response Class PDUs dropped silently 0 Forwarded Confirmed Class PDUs dropped silently Table 37 Command output Field Description Messages delivered to the SNMP entity Number of messages that the SNMP agent has received.
Field Description Forwarded Confirmed Class PDUs dropped silently Number of forwarded packets that have been dropped. display snmp-agent sys-info Use display snmp-agent sys-info to display the current SNMP system information. Syntax display snmp-agent sys-info [ contact | location | version ] * [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters contact: Displays the system contact. location: Displays the system location.
Syntax display snmp-agent trap queue [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
username user-name: Displays information about the specified SNMPv3 user. The username is case-sensitive. group group-name: Displays SNMPv3 user information for an SNMP group. The group name is case-sensitive. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Related commands snmp-agent usm-user v3 enable snmp trap updown Use enable snmp trap updown to enable link state traps on an interface. Use undo enable snmp trap updown to disable link state traps on an interface. Syntax enable snmp trap updown undo enable snmp trap updown Default Link state traps are enabled.
Views System view Default command level 3: Manage level Usage guidelines The snmp-agent command is optional for an SNMP configuration task. The SNMP agent is automatically enabled when you execute any command that begins with snmp-agent except for the snmp-agent calculate-password command. Examples # Enable the SNMP agent.
• md5: Converts the plaintext authentication key to an encrypted key for MD5 authentication, or converts the plaintext privacy key to an encrypted key for AES or DES encryption used in conjunction with MD5. • sha: Converts the plaintext authentication key to an encrypted key for SHA-1 authentication, or converts the plaintext privacy key to an encrypted key for AES or DES encryption used in conjunction with SHA-1 authentication. local-engineid: Uses the local engine ID to calculate the encrypted key.
Default command level 3: Manage level Parameters read: Assigns the specified community the read only access to MIB objects. A read-only community can only inquire MIB information. write: Assigns the specified community the read and write access to MIB objects. A read and write community can configure MIB information. cipher: Saves the specified community name in cipher text. If this keyword is not specified, the command saves the community name in plain text. community-name: Sets a community name.
Examples # Create the read-only community readaccess so an NMS can use the protocol SNMPv1 or SNMPv2c and community name readaccess to read the MIB objects in the default view ViewDefault. system-view [Sysname] snmp-agent sys-info version v1 v2c [Sysname] snmp-agent community read readaccess # Create the read and write community writeaccess so only the host at 1.1.1.1 can use the protocol SNMPv2c and community name writeaccess to read and set the MIB objects in the default view ViewDefault.
snmp-agent group v3 group-name [ authentication | privacy ] [ read-view view-name ] [ write-view view-name ] [ notify-view view-name ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * undo snmp-agent group v3 group-name [ authentication | privacy ] Default No SNMP group exists. SNMPv3 groups use the no authentication, no privacy security model if neither authentication nor privacy is specified. Views System view Default command level 3: Manage level Parameters v1: Specifies SNMPv1.
Hardware Option compatible Firewall module Yes U200-A Yes U200-S No Usage guidelines All the users in an SNMP group share the security model and access rights of the group. Examples # Create the SNMPv3 group group1 and assign the no authentication, no privacy security model to the group.
Examples # Configure the local engine ID as 123456789A. system-view [Sysname] snmp-agent local-engineid 123456789A Related commands snmp-agent usm-user snmp-agent log Use snmp-agent log to enable SNMP logging. Use undo snmp-agent log to restore the default. Syntax snmp-agent log { all | get-operation | set-operation } undo snmp-agent log { all | get-operation | set-operation } Default SNMP logging is disabled.
Syntax snmp-agent mib-view { excluded | included } view-name oid-tree [ mask mask-value ] undo snmp-agent mib-view view-name Default The system creates the ViewDefault view when the SNMP agent is enabled. In the default MIB view, all MIB objects in the iso subtree but the snmpUsmMIB, snmpVacmMIB, and snmpModules.18 subtrees are accessible. Views System view Default command level 3: Manage level Parameters excluded: Denies access to any node in the specified MIB subtree.
Related commands • snmp-agent community • snmp-agent group snmp-agent packet max-size Use snmp-agent packet max-size to set the maximum size (in bytes) of SNMP packets that the SNMP agent can receive or send. Use undo snmp-agent packet max-size to restore the default packet size. Syntax snmp-agent packet max-size byte-count undo snmp-agent packet max-size Default The SNMP agent can receive and send SNMP packets up to 1500 bytes.
snmp-agent sys-info { contact sys-contact | location sys-location | version v3 } undo snmp-agent sys-info { contact | location | version v3 } Default • Contact—Null • Location—Null • Version—SNMPv3. Views System view Default command level 3: Manage level Parameters contact sys-contact: Specifies the system contact, a string of 1 to 200 characters. location sys-location: Specifies the system location, a string of 1 to 200 characters. version: Specifies SNMP versions.
undo snmp-agent target-host trap address udp-domain { ip-address | ipv6 ipv6-address } params securityname security-string [ vpn-instance vpn-instance-name ] In FIPS mode: snmp-agent target-host trap address udp-domain { ip-address | ipv6 ipv6-address } [ udp-port port-number ] [ vpn-instance vpn-instance-name ] params securityname security-string v3 [ authentication | privacy ] undo snmp-agent target-host trap address udp-domain { ip-address | ipv6 ipv6-address } params securityname security-string [ vpn-i
• privacy: Specifies the security model to be authentication with privacy. You must specify the authentication key and privacy key when you create the SNMPv3 user. Usage guidelines You can specify up to 20 trap target hosts. Make sure the SNMP agent uses the same UDP port number as the target host for traps. If udp-port port-number is not specified, UDP port 162 is used by default. Port 162 is the SNMP-specified port used for receiving traps, and is used by most NMSs, including IMC and MIB Browser.
electedbsrlostelection | interfaceelection | invalidjoinprune | invalidregister | neighborloss | rpmappingchange ] * | standard [ authentication | coldstart | linkdown | linkup | warmstart ]* | system | vrrp [ authfailure | newmaster ] ] Default By default, all supported traps are enabled except for the default-route trap. Views System view Default command level 3: Manage level Parameters bfd: Enables SNMP traps for the BFD module.
• ifrxbadpkt: Traps for receiving incorrect packets. • ifstatechange: Interface state change traps. • iftxretransmit: Traps for packet receiving and forwarding events on interfaces. • lsdbapproachoverflow: Traps for approaching LSDB overflow. • lsdboverflow: LSDB overflow traps. • maxagelsa: Traps for LSA max age. • nbrstatechange: Traps for neighbor state change. • originatelsa: Traps for local LSA generation. • vifcfgerror: Traps for virtual interface configuration error.
Examples # Enable the SNMP agent to send SNMP authentication failure traps to 10.1.1.1 in the community public. system-view [Sysname] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public [Sysname] snmp-agent trap enable standard authentication Related commands • snmp-agent target-host • enable snmp trap updown snmp-agent trap if-mib link extended Use snmp-agent trap if-mib link extended to configure the SNMP agent to send extended linkUp/linkDown traps.
Trap 1.3.6.1.6.3.1.1.5.3: Interface 983555 is Down, ifAdminStatus is 2, ifOperStatus is 2, ifDescr is GigabitEthernet0/1, ifType is 6 Examples # Extend standard linkUp/linkDown traps. system-view [Sysname] snmp-agent trap if-mib link extended snmp-agent trap life Use snmp-agent trap life to configure the holding time of the traps in the queue. Use undo snmp-agent trap life to restore the default holding time of traps in the queue.
Default Up to 100 traps can be stored in the trap sending queue. Views System view Default command level 3: Manage level Parameters size: Specifies the number of traps that can be stored in the trap sending queue. The value range is 1 to 1000. Usage guidelines Traps are saved into the trap sending queue when generated. The size of the queue determines the maximum number of the traps that can be stored in the queue.
Usage guidelines Upon the execution of this command, the system uses the primary IP address of the specified interface as the source IP address of the traps, and the NMS uses this IP address to uniquely identify the agent. Even if the agent sends out traps through different interfaces, the NMS uses this IP address to filter all traps sent from the agent.
with the IPv6 addresses permitted in the ACL can use the specified username (community name) to access the SNMP agent. The following matrix shows the acl ipv6 ipv6-acl-number option and firewalls and UTM compatibility: Hardware Option compatible F1000-A-EI/F1000-S-EI Yes F1000-E Yes F5000 Yes Firewall module Yes U200-A Yes U200-S No Usage guidelines Make sure you have created the SNMPv1 or SNMPv2c group.
snmp-agent usm-user v3 Use snmp-agent usm-user v3 to add an SNMPv3 user to an SNMP group. Use undo snmp-agent usm-user v3 to delete an SNMPv3 user from an SNMP group.
priv-password: Specifies a case-sensitive plaintext or encrypted privacy key. A plaintext key is a string of 1 to 64 characters. If the cipher keyword is specified, the encrypted privacy key length requirements differ by authentication algorithm and key string format, as shown in Table 40.
command is consistent with the SNMP entity engine ID specified in the snmp-agent calculate-password command. When you execute this command repeatedly to configure the same user (the usernames remain the same, no limitation to other keywords and arguments), the last configuration takes effect. For secrecy, all keys, including keys configured in plain text, are saved in cipher text. Remember the username and the plaintext password when you create a user.
RSH configuration commands rsh Use rsh to execute an OS command on a remote host. Syntax rsh host [ user username ] command remote-command Views User view Default command level 0: Visit level Parameters host: IP address or host name of the remote host, a string of 1 to 20 characters. user username: Specifies the username for remote login, a string of 1 to 20 characters. If you do not specify a username, the system name of the device, which can be set by using the sysname command, applies.
2003-06-21 10:51 192,512 wrshdnt.cpl 2001-12-09 16:41 38,991 wrshdnt.hlp 2001-12-09 16:26 1,740 wrshdnt.cnt 2003-06-22 11:14 452,230 wrshdnt.htm 2003-06-23 18:18 2003-06-23 18:18 2003-06-22 11:13 2001-09-02 15:41 2003-06-21 10:32 2004-01-02 15:54 196,608 wrshdsp.exe 2004-01-02 15:54 102,400 wrshdnt.exe 2001-07-30 18:05 766 wrshdnt.ico 2004-07-13 09:10 4,803 wrshdnt_header.htm 178 wrshdnt_filelist.xml 156,472 wrshdnt.pdf 49,152 wrshdrdr.exe 69,632 wrshdrun.exe 3,253 INSTALL.
SSH configuration commands SSH server configuration commands display ssh server Use the display ssh server command on an SSH server to display the status or session information of the SSH server. Syntax display ssh server { session | status } [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters session: Displays the session information of the SSH server. status: Displays the status information of the SSH server.
Field Description SSH protocol version. SSH version When the SSH supports SSH1, the protocol version is 1.99. Otherwise, the protocol version is 2. SSH authentication-timeout Authentication timeout timer. SSH server key generating interval SSH server key pair update interval. SSH Authentication retries Maximum number of SSH authentication attempts. SFTP Server Whether the Secure FTP (SFTP) server function is enabled. SFTP Server Idle-Timeout SFTP connection idle timeout timer.
Syntax display ssh user-information [ username ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters username: SSH username, a string of 1 to 80 characters. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Use undo sftp server enable to disable the SFTP server function. Syntax sftp server enable undo sftp server enable Default The SFTP server function is disabled. Views System view Default command level 3: Manage level Usage guidelines You can use the display ssh server command to view the status or session information of the SFTP server. Examples # Enable the SFTP server function.
Examples # Set the idle timeout timer for SFTP user connections to 500 minutes. system-view [Sysname] sftp server idle-timeout 500 Related commands display ssh server ssh server authentication-retries Use ssh server authentication-retries to set the maximum number of SSH connection authentication attempts. Use undo ssh server authentication-retries to restore the default.
ssh server authentication-timeout Use ssh server authentication-timeout to set the SSH user authentication timeout timer on the SSH server. If a user does not finish the authentication when the timer expires, the connection is down. Use undo ssh server authentication-timeout to restore the default. Syntax ssh server authentication-timeout time-out-value undo ssh server authentication-timeout Default The authentication timeout timer is 60 seconds.
Usage guidelines The configuration takes effect only for the clients at next login. Examples # Enable the SSH server to support SSH1 clients. system-view [Sysname] ssh server compatible-ssh1x enable Related commands display ssh server ssh server enable Use ssh server enable to enable the SSH server function so that the SSH clients use SSH to communicate with the server. Use undo ssh server enable to disable the SSH server function.
Default The update interval of the RSA server key is 0. That is, the system does not update the RSA server key pairs. Views System view Default command level 3: Manage level Parameters hours: Server key update interval in hours, in the range of 1 to 24. Usage guidelines Updating the RSA server key periodically can prevent malicious hacking of the key and enhance security of the SSH connections. The system does not update any DSA key pair periodically.
• sftp: Specifies the service type as SFTP. • stelnet: Specifies the service type of Stelnet. authentication-type: Specifies the authentication method of an SSH user, which can be one of the following: • password: Performs password authentication. This authentication method features easy and fast encryption, but it is vulnerable. It can work with AAA to implement user authentication, authorization, and accounting. • any: Performs either password authentication or publickey authentication.
Examples # Create an SSH user named user1, setting the service type as sftp, the authentication method as publickey, assigning a public key named key1 to the client, and the work folder of the SFTP server as cfa0: system-view [Sysname] ssh user user1 service-type sftp authentication-type publickey assign publickey key1 work-directory cfa0: Related commands • display ssh user-information • pki domain SSH client configuration commands bye Use bye to terminate the connection with the SFTP server
Parameters remote-path: Name of a path on the server. Usage guidelines You can use the cd .. command to return to the upper-level directory. You can use the cd / command to return to the root directory of the system. Examples # Change the working path to new1. sftp-client> cd new1 Current Directory is: /new1 cdup Use cdup to return to the upper-level directory.
Examples # Delete file temp.c from the server. sftp-client> delete temp.c The following files will be deleted: /temp.c Are you sure to delete it? [Y/N]:y This operation might take a long time. Please wait... File successfully Removed dir Use dir to display information about the files and sub-directories under a specified directory.
display sftp client source Use display sftp client source to display the source IP address or source interface set for the SFTP client. Syntax display sftp client source [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines If neither source IP address nor source interface is specified for the Stelnet client, the system displays the message "Neither source IP address nor source interface was specified for the Stelnet client.
Server Name(IP) Server public key name ______________________________________________________ 192.168.0.1 abc_key01 192.168.0.2 abc_key02 Table 44 Command output Field Description Server Name(IP) Name or IP address of the server. Server public key name Name of the host public key of the server. Related commands ssh client authentication server exit Use exit to terminate the connection with the remote SFTP server and return to user view.
local-file: Name for the local file. Usage guidelines If you do not specify the local-file argument, the file will be saved locally with the same name as that on the SFTP server. Examples # Download file temp1.c and save it as temp.c locally. sftp-client> get temp1.c temp.c Remote file:/temp1.c ---> Local file: temp.c Downloading file successfully ended help Use help to display all commands or the help information of an SFTP client command.
Parameters -a: Displays the filenames and the folder names of the specified directory. -l: Displays in a list form detailed information of the files and folders of the specified directory. remote-path: Name of the directory to be queried. Usage guidelines With the –a and –l keywords not specified, the command displays detailed information of files and folders under the specified directory in the form of a list.
Syntax put local-file [ remote-file ] Views SFTP client view Default command level 3: Manage level Parameters local-file: Name of a local file. remote-file: Name for the file on an SFTP server. Usage guidelines If you do not specify the remote-file argument, the file will be saved remotely with the same name as the local one. Examples # Upload local file temp.c to the SFTP server and save it as temp1.c. sftp-client> put temp.c temp1.c Local file:temp.c ---> Remote file: /temp1.
Default command level 3: Manage level Usage guidelines This command functions as the bye and exit commands. Examples # Terminate the connection with the SFTP server. sftp-client> quit Connection closed. remove Use remove to delete files from a remote server. Syntax remove remote-file&<1-10> Views SFTP client view Default command level 3: Manage level Parameters remote-file&<1-10>: Names of files on an SFTP server.
Default command level 3: Manage level Parameters oldname: Name of an existing file or directory. newname: New name for the file or directory. Examples # Change the name of a file on the SFTP server from temp1.c to temp2.c. sftp-client> rename temp1.c temp2.c File successfully renamed rmdir Use rmdir to delete the specified directories from an SFTP server.
Parameters ipv6: Specifies the type of the server as IPv6. If this keyword is not specified, the server is an IPv4 server. The following matrix shows the ipv6 keyword and firewalls and UTM compatibility: Hardware Keyword compatible F1000-A-EI/F1000-S-EI Yes F1000-E Yes F5000 Yes Firewall module Yes U200-A Yes U200-S No server: Specifies an IPv4 or IPv6 server by its address or host name. For an IPv4 server, it is a case-insensitive string of 1 to 20 characters.
• dh-group14: Specifies the key exchange algorithm diffie-hellman-group14-sha1. prefer-stoc-cipher: Specifies the preferred encryption algorithm from server to client, defaulted to aes128. prefer-stoc-hmac: Specifies the preferred HMAC algorithm from server to client, defaulted to sha1-96. Usage guidelines When the server adopts publickey authentication to authenticate a client, the client must get the local private key for digital signature.
prefer-compress: Specifies the preferred compression algorithm. By default, the compression algorithm is not used. • zlib: Specifies the compression algorithm ZLIB. • zlib-openssh: Specifies the compression algorithm ZLIB@openssh.com. prefer-ctos-cipher: Specifies the preferred encryption algorithm from client to server, defaulted to aes128. • 3des: Specifies the encryption algorithm 3des-cbc. • aes128: Specifies the encryption algorithm aes128-cbc. • aes256: Encryption algorithm aes256-cbc.
The preferred HMAC algorithm from server to client is sha1-96. • Examples # Connect to SFTP server 10.1.1.2, using the following connection scheme: • The preferred key exchange algorithm: dh-group1. • The preferred encryption algorithm from server to client: aes128. • The preferred HMAC algorithm from client to server: md5. • The preferred HMAC algorithm from server to client: sha1-96. sftp 10.1.1.
Hardware Command compatible U200-A Yes U200-S No Examples # Specify the source IPv6 address of the SFTP client as 2:2::2:2. system-view [Sysname] sftp client ipv6 source ipv6 2:2::2:2 Related commands display sftp client source sftp client source Use sftp client source to specify the source IPv4 address or interface of an SFTP client. Use undo sftp client source to remove the configuration.
sftp ipv6 Use sftp ipv6 to establish a connection to an IPv6 SFTP server and enter SFTP client view.
• sha1: Specifies the HMAC algorithm hmac-sha1. • sha1-96: Specifies the HMAC algorithm hmac-sha1-96. prefer-kex: Specifies the preferred key exchange algorithm. The default is dh-group-exchange in non-FIPS mode, and is dh-group14 in FIPS mode. • dh-group-exchange: Specifies the key exchange algorithm diffie-hellman-group-exchange-sha1. • dh-group1: Specifies the key exchange algorithm diffie-hellman-group1-sha1. • dh-group14: Specifies the key exchange algorithm diffie-hellman-group14-sha1.
Examples # Connect to server 2:5::8:9, using the following connection scheme: • The preferred key exchange algorithm: dh-group1. • The preferred encryption algorithm from server to client: aes128. • The preferred HMAC algorithm from client to server: md5. • The preferred HMAC algorithm from server to client: sha1-96.
ssh client first-time enable Use ssh client first-time enable to enable the first-time authentication function. Use undo ssh client first-time to disable the function. Syntax ssh client first-time enable undo ssh client first-time Default The function is enabled. Views System view Default command level 2: System level Usage guidelines Without first-time authentication, a client not configured with the server's host public key does not access the server.
Default command level 3: Manage level Parameters interface interface-type interface-number: Specifies a source interface by its type and number. ipv6 ipv6-address: Specifies a source IPv6 address. Usage guidelines To make sure the Stelnet client and the Stelnet server can communicate with each other, and to improve the manageability of Stelnet clients in the authentication service, HP recommends you to specify a loopback interface or dialer interface as the source interface.
Default command level 3: Manage level Parameters interface interface-type interface-number: Specifies a source interface by its type and number. ip ip-address: Specifies a source IPv4 address. Usage guidelines To make sure the Stelnet client and the Stelnet server can communicate with each other, and to improve the manageability of Stelnet clients in the authentication service, HP recommends you to specify a loopback interface or dialer interface as the source interface.
vpn-instance vpn-instance-name: Specifies the VPN that the server belongs to, where the vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the server is on the public network, do not specify this option. identity-key: Specifies the algorithm for publickey authentication. In non-FIPS mode, the algorithm is either dsa or rsa and the default is dsa. In FIPS mode, the algorithm is rsa. • dsa: Specifies the public key algorithm dsa. • rsa: Specifies the public key algorithm rsa.
In FIPS mode, the default algorithms are as follows: • The public key algorithm is rsa. • The preferred encryption algorithm from client to server is aes128. • The preferred HMAC algorithm from client to server is sha1-96. • The preferred key exchange algorithm is dh-group14. • The preferred encryption algorithm from server to client is aes128. • The preferred HMAC algorithm from server to client is sha1-96. Examples # Log in to Stelnet server 10.214.50.
identity-key: Specifies the algorithm for publickey authentication. In non-FIPS mode, the algorithm is either dsa or rsa and the default is dsa. In FIPS mode, the algorithm is rsa. • dsa: Specifies the public key algorithm dsa. • rsa: Specifies the public key algorithm rsa. prefer-compress: Specifies the preferred compression algorithm. By default, the compression algorithm is not used. • zlib: Specifies the compression algorithm ZLIB. • zlib-openssh: Specifies the compression algorithm ZLIB@openssh.
• The preferred encryption algorithm from client to server is aes128. • The preferred HMAC algorithm from client to server is sha1-96. • The preferred key exchange algorithm is dh-group14. • The preferred encryption algorithm from server to client is aes128. • The preferred HMAC algorithm from server to client is sha1-96.
VD configuration commands The following matrix shows the feature and hardware compatibility: Hardware VD compatible F1000-A-EI/F1000-S-EI Yes F1000-E Yes F5000 Yes Firewall module Yes U200-A Yes U200-S No allocate interface Use allocate interface to assign a Layer 3 interface to a VD. Use undo allocate interface to reclaim a Layer 3 interface assigned to a VD.
[Sysname-vd-test] allocate interface gigabitethernet 0/1 Related commands vd allocate vlan Use allocate vlan to assign a VLAN to a non-default VD. Use undo allocate vlan to reclaim a VLAN assigned to a non-default VD. Syntax allocate vlan vlan-list undo allocate vlan vlan-list Default All VLANs belong to the default VD, and a non-default VD has no VLAN to use. Views VD view Default command level 2: System level Parameters vlan vlan-list: Specifies the VLANs to be assigned to the VD.
Syntax limit-resource session max-entries max-entries undo limit-resource session max-entries Default The maximum number of sessions that can be set up on a non-default VD equals the maximum number of sessions supported by the physical device. Views VD view Default command level 2: System level Parameters max-entries: Specifies the maximum number of sessions that can be set up on a non-default VD.
Syntax session max-entries max-entries undo session max-entries Default The maximum number of concurrent sessions for the default VD equals the maximum number of sessions supported by the physical device, and the maximum number of concurrent sessions for a non-default VD equals the maximum number of sessions specified for the VD by using the limit-resource session max-entries command.
• switchto switchto Use switchto to log in to a non-default VD from the system view of the default VD and enter VD system view. Syntax switchto vd vd-name Views System view Default command level 2: System level Parameters vd-name: Specifies the VD name, a case-insensitive string of 1 to 20 characters. Usage guidelines To return from a VD system view to the system view of the default VD, use the quit command. Examples # Enter the system view of existing VD vdtest.
Parameters vd-name: Specifies the VD name, a case-insensitive string of 1 to 20 characters that contains no question mark (?), less-than sign (<), greater-than sign (>), backward slash (\), quotation mark ("), percentage sign (%), apostrophe ('), ampersand (&), or number sign (#). vd-id: Specifies the VD ID.
FTP configuration commands NOTE: FTP configuration commands are not supported in FIPS mode. FTP server commands display ftp-server Use display ftp-server to display the FTP server configuration and status information. Syntax display ftp-server [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 3: Manage level Parameters |: Filters command output by specifying a regular expression.
Field Description User count Number of the current login users. Timeout value (in minute) Allowed idle time of an FTP connection. If there is no packet exchange between the FTP server and client during this period, the FTP connection will be broken. Put Method File update method of the FTP server, fast or normal. Related commands • ftp server enable • ftp timeout • ftp update display ftp-user Use display ftp-user to display the detailed information of current FTP users.
Table 46 Command output Field Description UserName Name of the user. HostIP IP address of the user. Port Port number of the user. Idle Duration time of the current FTP connection in minutes. HomeDir Authorized directory for the user. free ftp user Use free ftp user to manually release the FTP connection established by using a specific user account. Syntax free ftp user username Views User view Default command level 3: Manage level Parameters username: Username.
Default command level 3: Manage level Parameters acl-number: Basic ACL number, in the range of 2000 to 2999. Usage guidelines You can use this command to permit FTP requests from specific FTP clients only. This configuration takes effect for FTP connections to be established only, and does not impact existing FTP connections. If you execute the command multiple times, the last specified ACL takes effect. Examples # Use ACL 2001 to allow only the client 1.1.1.1 to access the FTP server.
Syntax ftp timeout minute undo ftp timeout Default The FTP idle-timeout timer is 30 minutes. Views System view Default command level 3: Manage level Parameters minute: Idle-timeout time, in the range of 1 to 35791 minutes. Usage guidelines If no packet is exchanged on an FTP connection within the idle-timeout time, the FTP connection is broken. Examples # Set the idle-timeout timer to 36 minutes.
Examples # Set the FTP update mode to normal. system-view [Sysname] ftp update normal [Sysname] FTP client configuration commands Before executing FTP client configuration commands, make sure you have made proper authority configurations for users on the FTP server. Authorized operations include view the files under the current directory, read/download the specified files, create directory/upload files, and rename/remove files.
binary Use binary to set the file transfer mode to binary, which is also called the "flow mode". Syntax binary Default The transfer mode is ASCII mode. Views FTP client view Default command level 3: Manage level Examples # Set the file transfer mode to binary. [ftp] binary 200 Type set to I. [ftp] Related commands ascii bye Use bye to disconnect from the remote FTP server and return to user view.
• quit cd Use cd to change the current working directory to another directory on the FTP server. Syntax cd { directory | .. | / } Views FTP client view Default command level 3: Manage level Parameters directory: Name of the target directory, in the format [drive:][/]path, where drive represents the storage medium name. If the target directory does not exist, the cd command does not change the current working directory.
Syntax cdup Views FTP client view Default command level 3: Manage level Usage guidelines This command does not change the working directory if the current directory is the FTP root directory. Examples # Change the working directory to the upper directory. [ftp] pwd 257 "/ftp/subdir" is current directory. [ftp] cdup 200 CDUP command successful. [ftp] pwd 257 "/ftp" is current directory.
debugging Use debugging to enable FTP client debugging. Use undo debugging to disable FTP client debugging. Syntax debugging undo debugging Default FTP client debugging is disabled. Views FTP client view Default command level 1: Monitor level Examples # The device serves as the FTP client. Enable FTP client debugging and use the active mode to download file sample.file from the current directory of the FTP server. terminal monitor terminal debugging ftp 192.168.1.
.226 Transfer complete. FTP: 3304 byte(s) received in 4.889 second(s), 675.00 byte(s)/sec. [ftp] Table 47 Command output Field Description ---> PORT 192,168,1,44,4,21 FTP command. 192,168,1,44 specifies the destination IP address, and 4,21 is used to calculate the data port number by using the formula 4*256+21. The parsed reply is Received reply code, which is defined in RFC 959. ---> RETR Download the file. FTPC: File transfer started with the signal light turned on.
Use dir remotefile localfile to save detailed information about a specific file or directory on the FTP server to a local file. Syntax dir [ remotefile [ localfile ] ] Views FTP client view Default command level 3: Manage level Parameters remotefile: Name of the file or directory on the remote FTP server. localfile: Name of the local file used to save the displayed information. Usage guidelines The Is command displays only the names of files and directories.
Syntax disconnect Views FTP client view Default command level 3: Manage level Usage guidelines This command is equal to the close command. Examples # Disconnect from the remote FTP server but remain in FTP client view. [ftp] disconnect 221 Server closing. [ftp] display ftp client configuration Use display ftp client configuration to display the source IP address configuration of the FTP client.
ftp Use ftp to log in to an FTP server and enter FTP client view. Syntax ftp [ server-address [ service-port ] [ vpn-instance vpn-instance-name ] [ source { interface interface-type interface-number | ip source-ip-address } ] ] Views User view Default command level 3: Manage level Parameters server-address: IP address or host name of the FTP server, a string of 1 to 20 characters. service-port: TCP port number of the FTP server, in the range of 0 to 65535. The default value is 21.
[ftp] ftp client source Use ftp client source to specify a source IP address for outgoing FTP packets. Use undo ftp client source to restore the default. Syntax ftp client source { interface interface-type interface-number | ip source-ip-address } undo ftp client source Default The primary IP address of the output interface is used as the source IP address.
ftp ipv6 Use ftp ipv6 to log in to an FTP server and enter FTP client view. Syntax ftp ipv6 [ server-address [ service-port ] [ vpn-instance vpn-instance-name ] [ source ipv6 source-ipv6-address ] [ -i interface-type interface-number ] ] Views User view Default command level 3: Manage level Parameters server-address: IP address or host name of the remote FTP server. service-port: TCP port number of the FTP server, in the range of 0 to 65535. The default value is 21.
Examples # Log in to the FTP server at 3000::200. ftp ipv6 3000::200 Trying 3000::200 ... Press CTRL+K to abort Connected to 3000::200. 220 Welcome! User(3000::200:(none)): MY_NAME 331 Please specify the password. Password: 230 Login successful. [ftp] # Log in to the FTP server at 3000::200 in VPN 1. ftp ipv6 3000::200 vpn-instance vpn1 Trying 3000::200 ... Press CTRL+K to abort Connected to 3000::200. 220 Welcome! User(3000::200:(none)): MY_NAME 331 Please specify the password.
lcd Use lcd to display the local working directory of the FTP client. Syntax lcd Views FTP client view Default command level 3: Manage level Examples # Display the local working directory. [ftp] lcd FTP: Local directory now cfa0:/clienttemp. The output shows that the working directory of the FTP client before execution of the ftp command is cfa0:/clienttemp. ls Use ls to list files and subdirectories in the current directory of the FTP server.
logfile mainar.bin arbasicbtm.bin ftp test bb.cfg testcfg.cfg 226 Transfer complete. FTP: 87 byte(s) received in 0.132 second(s) 659.00 byte(s)/sec. # List all files in subdirectory logfile. [ftp] ls logfile 227 Entering Passive Mode (192,168,1,50,10,49). 125 ASCII mode data connection already open, transfer starting for /logfile/*. logfile.log a.cfg 226 Transfer complete. FTP: 20 byte(s) received in 0.075 second(s), 266.00 byte(s)/sec. . # Save the names of all files in subdirectory logfile to file aa.
Usage guidelines You must have permissions to perform this operation on the FTP server. Examples # Create subdirectory mytest in the current directory of the remote FTP server. [ftp] mkdir mytest 257 "/mytest" new directory created. [ftp] open Use open to log in to the IPv4 FTP server under FTP client view. Syntax open server-address [ service-port ] Views FTP client view Default command level 3: Manage level Parameters server-address: IP address or host name of a remote FTP server.
open ipv6 Use open ipv6 to log in to the IPv6 FTP server in FTP client view. Syntax open ipv6 server-address [ service-port ] [ -i interface-type interface-number ] Views FTP client view Default command level 3: Manage level Parameters server-address: IP address or host name of the remote FTP server. service-port: Port number of the remote FTP server, in the range of 0 to 65535. The default value is 21. -i interface-type interface-number: Specifies an output interface by its type and number.
Related commands close passive Use passive to set the FTP operation mode to passive. Use undo passive to set the FTP operation mode to active. Syntax passive undo passive Default The FTP operation mode is passive. Views FTP client view Default command level 3: Manage level Usage guidelines FTP can operate in either of the following modes: • Active mode—The FTP server initiates the TCP connection. • Passive mode—The FTP client initiates the TCP connection.
remotefile: File name used after a file is uploaded and saved on the FTP server. Usage guidelines When a file is uploaded, it is saved in the user's authorized directory, which can be set with the authorization-attribute command on the remote server. Examples # Upload source file cc.txt to the remote FTP server and save it as dd.txt. [ftp] put cc.txt dd.txt 227 Entering Passive Mode (192,168,1,50,17,169). 125 ASCII mode data connection already open, transfer starting for /dd.txt. 226 Transfer complete.
remotehelp Use remotehelp to display the help information of FTP-related commands supported by the remote FTP server. Syntax remotehelp [ protocol-command ] Views FTP client view Default command level 3: Manage level Parameters protocol-command: FTP command. Usage guidelines If no argument is specified, FTP-related commands supported by the remote FTP server are displayed. Examples # Display FTP commands supported by the remote FTP server.
Field Description PORT Port number. PASV Passive mode. TYPE Request type. STRU* File structure. MODE* Transmission mode. RETR Download a file. STOR Upload a file. STOU* Store unique. APPE* Appended file. ALLO* Allocation space. REST* Restart. RNFR* Rename the source. RNTO* Rename the destination. ABOR* Abort the transmission. DELE Delete a file. RMD Delete a folder. MKD Create a folder. PWD Print working directory. LIST List files. NLST List file description.
Syntax rmdir directory Views FTP client view Default command level 3: Manage level Parameters directory: Directory name on the remote FTP server. Usage guidelines Only authorized users are allowed to use this command. Delete all files and subdirectories under a directory before you delete the directory. For how to delete files, see the delete command. When you execute the rmdir command, the files in the remote recycle bin in the directory will be automatically deleted.
Examples # User ftp1 has logged in to the FTP server. Use username ftp2 to log in to the current FTP server: (Assume username ftp2 and password 123123123123 have been configured on the FTP server.) • Method 1: [ftp] user ftp2 331 Password required for ftp2. Password: 230 User logged in. [ftp] • Method 2: [ftp] user ftp2 123123123123 331 Password required for ftp. 230 User logged in. [ftp] verbose Use verbose to enable display of detailed prompt information received from the server.
# Enable display of detailed prompt information. and perform a Get operation. [ftp] verbose FTP: verbose is on [ftp] get startup.cfg aa.cfg 227 Entering Passive Mode (192,168,1,46,5,85). 125 ASCII mode data connection already open, transfer starting for /startup.cfg. 226 Transfer complete. FTP: 3608 byte(s) received in 0.193 second(s), 18.00K byte(s)/sec.
TFTP configuration commands NOTE: TFTP configuration commands are not supported in FIPS mode. display tftp client configuration Use display tftp client configuration to display source IP address configuration of the TFTP client. Syntax display tftp client configuration [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression.
Syntax tftp-server [ ipv6 ] acl acl-number undo tftp-server [ ipv6 ] acl Default No ACL is used to control the device's access to a TFTP server. Views System view Default command level 3: Manage level Parameters ipv6: References an IPv6 ACL. If it is not specified, an IPv4 ACL is referenced.
tftp Use tftp to download a specified file from the TFTP server to the local device or upload a specified local file to the TFTP server in an IPv4 network. Syntax tftp server-address { get | put | sget } source-filename [ destination-filename ] [ vpn-instance vpn-instance-name ] [ source { interface interface-type interface-number | ip source-ip-address } ] Views User view Default command level 3: Manage level Parameters server-address: IP address or host name of a TFTP server.
File will be transferred in binary mode Sending file to remote TFTP server. Please wait... TFTP: 345600 bytes sent in 1 second(s). File uploaded successfully. tftp client source Use tftp client source to specify a source IP address for outgoing TFTP packets. Use undo tftp client source to restore the default.
Related commands display tftp client configuration tftp ipv6 Use tftp ipv6 to download a specified file from a TFTP server or upload a specified local file to a TFTP server in an IPv6 network.
... File will be transferred in binary mode Downloading file from remote TFTP server, please wait.... TFTP: 411100 bytes received in 2 second(s) File downloaded successfully.
CWMP configuration commands The following matrix shows the feature and hardware compatibility: Hardware CWMP (TR-069) compatible F1000-A-EI/F1000-S-EI Yes F1000-E No F5000 No Firewall module No U200-A Yes U200-S Yes cwmp Use cwmp to enter CWMP view. Syntax cwmp Views System view Default command level 2: System level Examples # Enter CWMP view. system-view [Sysname] cwmp cwmp acs password Use cwmp acs password to configure the password used for connecting to the ACS.
Default command level 2: System level Parameters cipher: Specifies a ciphertext password. simple: Specifies a plaintext password. password: Specifies the password string. This argument is case sensitive. If simple is specified, it must be a string of 1 to 255 characters. If cipher is specified, it must be a ciphertext string of 1 to 373 characters. If neither cipher nor simple is specified, you set a plaintext password string.
Examples # Specify the ACS URL http://www.acs.com:80/acs. system [Sysname] cwmp [Sysname-cwmp] cwmp acs url http://www.acs.com:80/acs cwmp acs username Use cwmp acs username to configure the username used for connecting to the ACS. Use undo cwmp acs username to restore the default. Syntax cwmp acs username username undo cwmp acs username Default No username is configured for connecting to the ACS.
Default No limit is set on the maximum number of connection attempts. The CPE regularly attempts to connect to the ACS until the connection is set up. Views CWMP view Default command level 2: System level Parameters times: Specifies the maximum number of attempts made to retry a connection. The value range is 0 to 100. 0 indicates that no attempt is made to retry a connection. Examples # Set the maximum number of connection attempts to 5 for the CPE.
Use undo cwmp cpe inform interval to restore the default. Syntax cwmp cpe inform interval seconds undo cwmp cpe inform interval Default The Inform message sending interval is 600 seconds. Views CWMP view Default command level 2: System level Parameters seconds: Sets the Inform message sending interval in the range of 10 to 86400 seconds. Examples # Configure the CPE to send an Inform message every 3600 seconds.
Use undo cwmp cpe inform time to restore the default. Syntax cwmp cpe inform time time undo cwmp cpe inform time Default The CPE is not configured to send an Inform message at a specific time. Views CWMP view Default command level 2: System level Parameters time: Time at which the CPE sends an Inform message. The specified time must be in the format of yyyy-mm-ddThh:mm:ss, and in the range of 1970-01-01T00:00:00 to 2105-12-31T23:59:59. The specified time must be greater than the current system time.
Usage guidelines Make sure the CPE username and password are the same as configured on the ACS. If not, the ACS cannot establish a CWMP connection to the CPE. If you use the command multiple times, the password configured most recently takes effect. For secrecy, all keys, including keys configured in plain text, are saved in cipher text. Examples # Configure the password used for connecting to the CPE as newpsw.
cwmp cpe wait timeout Use cwmp cpe wait timeout to configure the close-wait timer for the CPE to close the idle connection to ACS. Use undo cwmp cpe wait timeout to restore the default. Syntax cwmp cpe wait timeout seconds undo cwmp cpe wait timeout Default The CPE close-wait timer is 30 seconds. Views CWMP view Default command level 2: System level Parameters seconds: Sets the CPE close-wait timer in the range of 30 to 1800 seconds.
Parameters device: Sets the device to operate in device mode. Use this keyword if no lower-level CPEs attach to the device. gateway: Sets the device to operate in gateway mode. If the device is the egress to the WAN and has CPEs attached to it, use this keyword to enable the ACS to manage the device and all the attached CPEs. Examples # Configure the device to operate in gateway mode.
Default command level 2: System level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
display cwmp status Use display cwmp status to display the current status of CWMP. Syntax display cwmp status [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 2: System level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Field Description Connection status: Connection status • connected—The connection is established. • disconnected—The connection is not established. • waiting response—The device is waiting for a response. Data transfer status: Data transfer status • uploading—The device is uploading data. • downloading—The device is downloading data. • none—The device is not transferring data. Time of last successful connection Time at which the last successful connection was established.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents a firewall product or a UTM device. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device.
Index ABCDEFGHILMNOPQRSTUVW cwmp cpe username,274 A cwmp cpe wait timeout,275 allocate interface,228 cwmp device-type,275 allocate vlan,229 cwmp enable,276 archive configuration,61 archive configuration interval,62 D archive configuration location,63 debugging,10 archive configuration max,64 debugging,243 ascii,239 delete,31 delete,203 B delete,244 backup startup-configuration,65 dir,244 binary,240 dir,32 boot-loader,49 dir,204 bootrom,50 disconnect,245 bootrom-update security-check
display ntp-service trace,127 free ftp user,236 display patch,53 ftp,247 display patch information,54 ftp client source,248 display rmon alarm,139 ftp ipv6,249 display rmon event,140 ftp server acl,236 display rmon eventlog,141 ftp server enable,237 display rmon history,143 ftp timeout,237 display rmon prialarm,145 ftp update,238 display rmon statistics,147 G display saved-configuration,70 get,207 display security-logfile buffer,85 get,250 display security-logfile summary,86 display sf
ip unreachables enable,23 put,209 L put,255 pwd,210 lcd,251 pwd,256 limit-resource session max-entries,229 pwd,44 logfile save,109 ls,208 Q ls,251 quit,256 M quit,210 mkdir,209 R mkdir,252 remotehelp,257 mkdir,42 remove,211 more,42 rename,211 move,43 rename,44 N reset ip statistics,24 reset logbuffer,110 ntp-service access,128 reset recycle-bin,45 ntp-service authentication enable,129 reset saved-configuration,74 ntp-service authentication-keyid,130 reset tcp statistics,24 nt
snmp-agent,168 switchto,232 snmp-agent calculate-password,169 T snmp-agent community,170 tcp mss,25 snmp-agent group,172 tcp path-mtu-discovery,25 snmp-agent local-engineid,174 tcp timer fin-timeout,26 snmp-agent log,175 tcp timer syn-timeout,27 snmp-agent mib-view,175 tcp window,27 snmp-agent packet max-size,177 terminal debugging,111 snmp-agent sys-info,177 terminal logging,112 snmp-agent target-host,178 terminal monitor,113 snmp-agent trap enable,180 terminal trapping,113 snmp-agent
