HP High-End Firewalls System Management and Maintenance Command Reference Part number: 5998-2644 Software version: F1000-E/Firewall module: R3166 F5000-A5: R3206 Document version: 6PW101-20120706
Legal and notice information © Copyright 2012 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents System maintenance and debugging commands ······································································································ 1 System maintenance commands ······································································································································ 1 ping ············································································································································································ 1 tracert ···
undelete ·································································································································································· 41 Configuration file management commands ············································································································· 43 archive configuration ············································································································································ 43 archive configurat
info-center timestamp loghost ······························································································································· 86 info-center trapbuffer ············································································································································· 87 logfile save ····························································································································································· 88 reset log
display snmp-agent statistics ······························································································································ 137 display snmp-agent sys-info ································································································································ 139 display snmp-agent trap queue·························································································································· 139 display snmp-agent trap-list ·····
display sftp client source····································································································································· 182 exit ········································································································································································ 182 get ······································································································································································
System maintenance and debugging commands System maintenance commands ping Syntax ping [ ip ] [ -a source-ip | -c count | -f | -h ttl | -i interface-type interface-number | -m interval | -n | -p pad | -q | -r | -s packet-size | -t timeout | -tos tos | -v | -vpn-instance vpn-instance-name ] * host View Any view Default level 0: Visit level Parameters ip: Supports IPv4 protocol. If this keyword is not provided, IPv4 is also supported.
extend it to 8 bits. For example, if pad is configured as 0x2f, then the packets will be padded with 0x0000002f repeatedly to make the total length of the packet meet the requirements of the device. By default, the padded value starts from 0x01 up to 0xff, where another round starts again if necessary, like 0x010203…feff01…. -q: Presence of this keyword indicates that only statistics are displayed. Absence of this keyword indicates that all information is displayed. -r: Records routing information.
PING 1.1.2.2: 56 data bytes, press CTRL_C to break Reply from 1.1.2.2: bytes=56 Sequence=1 ttl=254 time=205 ms Reply from 1.1.2.2: bytes=56 Sequence=2 ttl=254 time=1 ms Reply from 1.1.2.2: bytes=56 Sequence=3 ttl=254 time=1 ms Reply from 1.1.2.2: bytes=56 Sequence=4 ttl=254 time=1 ms Reply from 1.1.2.2: bytes=56 Sequence=5 ttl=254 time=1 ms --- 1.1.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.
1.1.1.2 1.1.1.1 Reply from 1.1.2.2: bytes=56 Sequence=4 ttl=254 time=1 ms Record Route: 1.1.2.1 1.1.2.2 1.1.1.2 1.1.1.1 Reply from 1.1.2.2: bytes=56 Sequence=5 ttl=254 time=1 ms Record Route: 1.1.2.1 1.1.2.2 1.1.1.2 1.1.1.1 --- 1.1.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/11/53 ms The above information indicates the following: • The destination was reachable. • The route is 1.1.1.1 <-> {1.1.1.2; 1.1.2.1} <-> 1.1.2.2.
Field Description round-trip min/avg/max = 0/4/20 ms Minimum/average/maximum response time, in ms tracert Syntax tracert [ -a source-ip | -f first-ttl | -m max-ttl | -p port | -q packet-number | -vpn-instance vpn-instance-name | -w timeout ] * host View Any view Default level 0: Visit level Parameters -a source-ip: Specifies the source IP address of a tracert packet. It must be a legal IP address configured on the device.
[Sysname] ip unreachables enable [Sysname] tracert 1.1.2.2 traceroute to 1.1.2.2(1.1.2.2) 30 hops max,40 bytes packet, press CTRL_C to break 1 1.1.1.2 673 ms 425 ms 30 ms 2 1.1.2.2 580 ms 470 ms 80 ms Table 2 Output description Field Description traceroute to 1.1.2.2(1.1.2.2) Display the route the IP packets traverse from the current device to the device whose IP address is 1.1.2.2.
Description Use the debugging command to enable the debugging of a specific module. Use the undo debugging command to disable the debugging of a specific module. By default, debugging functions of all modules are disabled. Note the following: • Output of the debugging information may degrade system efficiency, so HP recommends that you enable the debugging of the corresponding module for diagnosing network failure, and not to enable the debugging of multiple modules at the same time.
IP performance optimization configuration commands display fib Syntax display fib [ vpn-instance vpn-instance-name ] [ | { begin | include | exclude } regular-expression | acl acl-number | ip-prefix ip-prefix-name ] View Any view Default level 1: Monitor level Parameters vpn-instance vpn-instance-name: Displays FIB entries of the specified VPN instance. The vpn-instance-name is a string of 1 to 31 case-sensitive characters. |: Uses a regular expression to match FIB entries.
Destination/Mask Nexthop Flag OutInterface InnerLabel Token 10.2.0.0/16 10.2.1.1 U GE0/0 Null Invalid 10.2.1.1/32 127.0.0.1 UH InLoop0 Null Invalid 127.0.0.0/8 127.0.0.1 U InLoop0 Null Invalid 127.0.0.1/32 127.0.0.1 UH InLoop0 Null Invalid # Display FIB information passing ACL 2000. system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000] rule permit source 10.2.0.0 0.0.255.
Field Description Destination/Mask Destination address/length of mask Nexthop Address of next hop Flags of routes: • • • • • • • Flag “U”—Usable route “G”—Gateway route “H”—Host route “B”—Blackhole route “D”—Dynamic route “S”—Static route “R”—Relay route OutInterface Outbound interface InnerLabel Inner label Token LSP index number display fib ip-address Syntax display fib [ vpn-instance vpn-instance-name ] ip-address [ mask | mask-length ] View Any view Default level 1: Monitor level Param
Flag: U:Useable G:Gateway H:Host B:Blackhole D:Dynamic S:Static R:Relay Destination/Mask Nexthop Flag OutInterface InnerLabel Token 10.2.1.1/32 127.0.0.1 UH InLoop0 Null Invalid For the output description, see Table 3. display icmp statistics Syntax display icmp statistics View Any view Default level 1: Monitor level Parameters None Description Use the display icmp statistics command to display ICMP statistics. Related commands: reset ip statistics.
Field Description destination unreachable Number of input/output destination unreachable packets source quench Number of input/output source quench packets redirects Number of input/output redirection packets echo reply Number of input/output replies parameter problem Number of input/output parameter problem packets timestamp Number of input/output time stamp packets information request Number of input information request packets mask requests Number of input/output mask requests mask repl
LA = 0.0.0.0:80, FA = 0.0.0.0:0, sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0, socket option = SO_ACCEPTCONN SO_REUSEPORT, socket state = SS_PRIV SS_NBIO Task = ROUT(69), socketid = 10, Proto = 6, LA = 0.0.0.0:179, FA = 192.168.1.45:0, sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0, socket option = SO_ACCEPTCONN SO_REUSEADDR SO_REUSEPORT SO_SENDVPNID(0), socket state = SS_PRIV SS_ASYNC Task = VTYD(38), socketid = 4, Proto = 6, LA = 192.168.1.40:23, FA = 192.168.1.
Task = TRAP(52), socketid = 1, Proto = 17, LA = 0.0.0.0:1025, FA = 0.0.0.0:0, sndbuf = 9216, rcvbuf = 0, sb_cc = 0, rb_cc = 0, socket option = SO_UDPCHECKSUM, socket state = SS_PRIV Task = RDSO(56), socketid = 2, Proto = 17, LA = 0.0.0.0:1812, FA = 0.0.0.0:0, sndbuf = 9216, rcvbuf = 41600, sb_cc = 0, rb_cc = 0, socket option = SO_UDPCHECKSUM, socket state = SS_PRIV SOCK_RAW: Task = ROUT(69), socketid = 8, Proto = 89, LA = 0.0.0.0, FA = 0.0.0.
Field Description SOCK_RAW Raw IP socket Task Task number socketid Socket ID Proto Protocol number of the socket, indicating the protocol type that IP carries LA Local address and local port number FA Remote address and remote port number sndbuf Sending buffer size of the socket, in bytes rcvbuf Receiving buffer size of the socket, in bytes sb_cc Current data size in the sending buffer (It is available only for TCP that can buffer data) rb_cc Data size currently in the receiving buffer
Reassembling:sum 0 timeouts 0 Table 6 Output description Field Input: Output: Fragment: Reassembling Description sum Total number of packets received local Total number of packets with destination being local bad protocol Total number of unknown protocol packets bad format Total number of packets with incorrect format bad checksum Total number of packets with incorrect checksum bad options Total number of packets with incorrect option forwarding Total number of packets forwarded local
display tcp statistics Received packets: Total: 8457 packets in sequence: 3660 (5272 bytes) window probe packets: 0, window update packets: 0 checksum error: 0, offset error: 0, short error: 0 duplicate packets: 1 (8 bytes), partially duplicate packets: 0 (0 bytes) out-of-order packets: 17 (0 bytes) packets of data after window: 0 (0 bytes) packets received after close: 0 ACK packets: 4625 (141989 bytes) duplicate ACK packets: 1702, too much ACK packets: 0 Sent packets: Total: 6726 urgent packets
Field Sent packets: Description packets received after close Number of packets that arrived after connection is closed ACK packets Number of ACK packets received duplicate ACK packets Number of duplicate ACK packets received too much ACK packets Number of ACK packets for data unsent Total Total number of packets sent urgent packets Number of urgent packets sent control packets Number of control packets sent window probe packets Number of window probe packets sent; in the brackets are resent
Parameters None Description Use the display tcp status command to display status of all TCP connections for monitoring TCP connections. Examples # Display status of all TCP connections. display tcp status *: TCP MD5 Connection TCPCB Local Add:port Foreign Add:port State 03e37dc4 0.0.0.0:4001 0.0.0.0:0 Listening 04217174 100.0.0.204:23 100.0.0.
shorter than header: 0, data length larger than packet: 0 unicast(no socket on port): 0 broadcast/multicast(no socket on port): 0 not delivered, input socket full: 0 input packets missing pcb cache: 0 Sent packets: Total: 0 Table 9 Output description Field Received packets: Sent packets: Description Total Total number of UDP packets received checksum error Total number of packets with incorrect checksum shorter than header Number of packets with data shorter than head data length larger than packe
[Sysname] ip redirects enable ip ttl-expires enable Syntax ip ttl-expires enable undo ip ttl-expires View System view Default level 2: System level Parameters None Description Use the ip ttl-expires enable command to enable sending of ICMP timeout packets. Use the undo ip ttl-expires command to disable sending of ICMP timeout packets. Sending ICMP timeout packets is disabled by default.
Examples # Enable sending of ICMP destination unreachable packets. system-view [Sysname] ip unreachables enable reset ip statistics Syntax reset ip statistics View User view Default level 2: System level Parameters None Description Use the reset ip statistics command to clear statistics of IP packets. Related commands: display ip statistics. Examples # Clear statistics of IP packets.
reset udp statistics Syntax reset udp statistics View User view Default level 2: System level Parameters None Description Use the reset udp statistics command to clear statistics of UDP traffic. Examples # Display statistics of UDP traffic.
tcp mss Syntax tcp mss value undo tcp mss View Interface view Default level 2: System level Parameters value: TCP maximum segment size (MSS) in bytes, ranging from 128 to 2048. Description Use the tcp mss command to configure the TCP MSS. Use the undo tcp mss command to restore the default. By default, the TCP MSS is 1460 bytes. As the default MTU on an interface is 1500 bytes, and there are link layer cost and IP packet header, so the recommended TCP MSS is about 1200 bytes.
last-ack: LAST_ACK state of a TCP connection. syn-received: SYN_RECEIVED state of a TCP connection. connected-number number: Maximum number of TCP connections in a certain state. The argument number is in the range of 0 to 500. Description Use the tcp state command to configure the maximum number of TCP connections in a state. When this number is exceeded, the aging of TCP connections in this state will be accelerated. Use the undo tcp state command to restore the default.
system-view [Sysname] tcp syn-cookie enable tcp timer check-state Syntax tcp timer check-state time-value undo tcp timer check-state View System view Default level 2: System level Parameters time-value: TCP connection state check interval in seconds, in the range of 1 to 60. Description Use the tcp timer check-state command to configure the TCP connection state check interval. Use the undo tcp timer check-state command to restore the default.
Parameters time-value: Length of the TCP finwait timer in seconds, in the range 76 to 3,600. Description Use the tcp timer fin-timeout command to configure the length of the TCP finwait timer. Use the undo tcp timer fin-timeout command to restore the default. By default, the length of the TCP finwait timer is 675 seconds.
undo tcp window View System view Default level 2: System level Parameters window-size: Size of the send/receive buffer in KB, in the range 1 to 32. Description Use the tcp window command to configure the size of the TCP send/receive buffer. Use the undo tcp window command to restore the default. The size of the TCP send/receive buffer is 8 KB by default. Related commands: tcp timer fin-timeout and tcp timer syn-timeout. Examples # Configure the size of the TCP send/receive buffer as 3 KB.
File system management commands cd Syntax cd { directory | .. | / } View User view Default level 3: Manage level Parameters directory: Name of the target directory, in the format of [drive:/]path. For the detailed introduction to the drive and path arguments, see the chapter “File management configuration.” If no drive information is provided, the argument represents a folder or subfolder in the current directory. ..: Returns to an upper directory.
Parameters fileurl-source: Name of the source file. fileurl-dest: Name of the target file or folder. Description Use the copy command to copy a file. If you specify a target folder, the system will copy the file to the specified folder and use the name of the source file as the file name. Examples # Copy file testcfg.cfg in the current folder and save it as testbackup.cfg. copy testcfg.cfg testbackup.cfg Copy cfa0:/test.cfg to cfa0:/testbackup.cfg?[Y/N]:y .... %Copy file cfa0:/test.
Delete cfa0:/tt.cfg? [Y/N]:y . %Delete file cfa0:/tt.cfg...Done. dir Syntax dir [ /all ] [ file-url ] View User view Default level 3: Manage level Parameters /all: Displays all files and folders in the current directory, including hidden files, hidden folders, files moved from the current directory to the recycle bin. Files in the recycle bin are enclosed in square brackets [ ]. file-url: Displays the specified file. Asterisks (*) are acceptable as wildcards. For example, to display files with the .
Field Description w Indicates that the file or directory is writable. h Indicates that the file or directory is hidden. [] Indicates that the file is in the recycle bin. execute Syntax execute filename View System view Default level 2: System level Parameters filename: Name of a batch file with a .bat extension. You can use the rename command to change the suffix of the configuration file to .bat to use it as a batch file. Description Use the execute command to execute the specified batch file.
Default level 3: Manage level Parameters alert: Enables the system to warn you about operations that may bring undesirable results such as file corruption or data loss. quiet: Disables the system from warning you about any operation. Description Use the file prompt command to set a prompt mode for file operations. By default, the prompt mode is alert, which is recommended to avoid mis-operations. When the prompt mode is set to quiet, the system does not warn for any file operation.
Parameters device: Name of a storage medium. FAT16: Formats a storage medium using the FAT16 format. FAT16 does not support Tab matching but needs to be input completely if used. FAT32: Formats a storage medium using the FAT32 format. FAT32 does not support Tab matching but needs to be input completely if used. Description Use the format command to format a storage medium. CAUTION: Formatting a storage medium results in loss of all the files on the storage medium and these files cannot be restored.
%Created dir cfa0:/test/subtest. more Syntax more file-url View User view Default level 3: Manage level Parameters file-url: File name. Description Use the more command to display the contents of the specified file. It indicates that there are more lines that the screen can display. • Pressing Enter displays the next line. • Pressing Space displays the next screen. • Pressing Ctrl+C or any other key exits the display. This command is valid only for text files.
View User view Default level 3: Manage level Parameters device: Name of a storage medium. Description Use the mount command to mount a hot swappable storage medium, such as a CF card. This command is effective only when the device is in unmounted state. By default, a storage medium is automatically mounted and in the mounted state after connected to the device, which means you can use it without mounting it.
If you specify a target folder, the system will move the source file to the specified folder, with the file name unchanged. Examples # Move file cfa0:/test/sample.txt to cfa0:/, and save it as 1.txt. move test/sample.txt 1.txt Move cfa0:/test/sample.txt to cfa0:/1.txt?[Y/N]:y ... % Moved file cfa0:/test/sample.txt to cfa0:/1.txt # Move file b.cfg to the subfolder test2. move b.cfg test2 Move cfa0:/b.cfg to cfa0:/test2/b.cfg?[Y/N]:y . %Moved file cfa0:/b.cfg to cfa0:/test2/b.cfg.
fileurl-dest: Name of the target file or folder. Description Use the rename command to rename a file or folder. The target file name must be unique in the current path. Examples # Rename file sample.txt as sample.bat. rename sample.txt sample.bat Rename cfa0:/sample.txt to cfa0:/sample.bat? [Y/N]:y % Renamed file cfa0:/sample.txt to cfa0:/sample.
5 -rwh 716 Apr 24 2007 16:17:30 hostkey 6 -rwh 572 Apr 24 2007 16:17:44 serverkey 7 -rw- 2386 May 08 2008 11:14:20 [a.cfg] 8 -rw- 3608 Dec 03 2007 17:29:30 [b.cfg] 14605 KB total (6730 KB free) //The output shows that the current directory is cfa0:, and there are two files a.cfg and b.cfg in the recycle bin. Delete file b.cfg in the current directory and in the recycle bin. • reset recycle-bin Clear cfa0:/~/a.cfg ?[Y/N]:n Clear cfa0:/~/b.
%Cleared file cfa0:/test/~/aa.cfg... rmdir Syntax rmdir directory View User view Default level 3: Manage level Parameters directory: Name of the folder. Description Use the rmdir command to remove a folder. The folder must be an empty one. If not, you need to delete all files and subfolders under it with the delete command. After you execute the rmdir command successfully, the files in the recycle bin in the folder will be automatically deleted. Examples # Remove folder mydir.
When mounting or unmounting a storage medium, or performing file operations on it, do not unplug or switchover the storage medium or the card where the storage medium resides. Otherwise, the file system could be damaged. When a storage medium is connected to a lower version system, the system may not be able to recognize the device automatically, and you need to use the mount command for the storage medium to function normally.
cd test undelete b.cfg Undelete cfa0:/test/b.cfg?[Y/N]:y ..... %Undeleted file cfa0:/test/b.cfg.
Configuration file management commands archive configuration Syntax archive configuration View User view Default level 3: Manage level Parameters None Description Use the archive configuration command to save the running configuration manually. With this command executed, the system saves the running configuration with the specified filename —filename prefix + serial number—to the specified path.
Description Use the archive configuration interval command to enable the automatic saving of the running configuration and set the interval. Use the undo archive configuration interval command to restore the default. By default, the system does not automatically save the running configuration. With this command executed, the system saves the running configuration with the specified filename to the specified path at a specified interval (the value of the minutes argument).
By default, the path and filename prefix for saving configuration files are not configured, and the system does not save the configuration file periodically. Before the running configuration is saved either manually or automatically, the file path and filename prefix must be configured. If the undo archive configuration location command is executed, the running configuration cannot be saved manually or automatically.
Before executing this command, configure the path and filename prefix for saving configuration files by using the archive configuration location command; otherwise, the execution of this command fails. If the undo archive configuration location command is executed, the maximum number of configuration files that can be saved also restores to the default. Examples # Set the maximum number of configuration files that can be saved to 10.
View System view Default level 3: Manage level Parameters private-key: Encrypts a configuration file with a private key. The encrypted configuration file can only be decrypted and recognized by the local device. public-key: Encrypts a configuration file with a public key. The encrypted configuration file can be decrypted and recognized by all devices supported the configuration file encryption function. Description Use the configuration encrypt command to enable configuration file encryption.
Info: Succeeded in replacing current configuration with the file my_archive_1.cfg. display archive configuration Syntax display archive configuration View Any view Default level 1: Monitor level Parameters None Description Use the display archive configuration command to display information about configuration rollback. Examples # Display information about configuration rollback.
View Any view Default level 2: System level Parameters by-linenum: Identifies each line of displayed information with a line number. Description Use the display saved-configuration command to display the contents of the configuration file saved for the next startup of the device. During device management and maintenance, you can use this command to check whether important configurations are saved to the configuration file to be used at the next startup of the device.
The configurations are displayed in the order of global, port, and user interface. The More prompt indicates that there are more line that the screen can display. Pressing Enter displays the next line; pressing Space displays the next screen; pressing Ctrl+C or any other key exits the display. # Display the contents of the configuration file saved for the next startup of the device with a number identifying each line.
Description Use the display startup command to display the configuration files for the system startup and the configuration file(s) for the next system startup, and also the enabled/disabled status of the Boot ROM access control function if the function is supported on the device. Related commands: startup saved-configuration. Examples # Display the startup configuration file used at the current system startup and the one to be used at the next system startup.
restore startup-configuration Syntax restore startup-configuration from src-addr src-filename View User view Default level 3: Manage level Parameters src-addr: IP address or name of a TFTP server. src-filename: Filename of the configuration file to be downloaded from the specified server. Description Use the restore startup-configuration command to download a configuration file from the specified TFTP server to the device and specify it as the startup configuration file for the next system startup.
Related commands: saved-configuration. display current-configuration, display saved-configuration, and reset Examples # Save the current configuration file to the specified directory, but do not specify the configuration file as the startup configuration file to be used at the next startup. save test.cfg The current configuration will be saved to cfa0:/test.cfg. Continue? [Y/N]:y Now saving current configuration to the device. Saving configuration cfa0:/test.cfg. Please wait... ............
Software upgrade commands boot-loader Syntax boot-loader file file-url { main | backup } View User view Default level 3: Manage level Parameters file file-url: Specifies a file name, a string of 1 to 63 characters. If you enter a relative path here, the system automatically converts it to an absolute path. The absolute path should contain no more than 63 characters; otherwise, the command cannot be successfully executed.
View User view Default level 3: Manage level Parameters read: Reads Boot ROM, or in other words, copies the Boot ROM codes from the normal partition of the Boot ROM memory to the CF card as the backup, which will be used to restore Boot ROM when the Boot ROM memory is broken. Support for this keyword depends on the device model. restore: Restores Boot ROM, or in other words, restores the Boot ROM codes from the backup partition to the normal partition of the Boot ROM memory.
2 -rw- 891 Jul 02 2010 11:04:36 default_ca.cer 3 -rw- 1411 Jul 02 2010 11:04:36 default_local.cer 4 drw- - Jul 02 2010 11:04:38 logfile 5 drw- - Jul 02 2010 11:04:38 seclog 6 -rw- 0 Jul 02 2010 11:11:00 svpn.cfg 7 drw- - Jul 02 2010 11:11:00 domain0 8 -rw- 1328 Dec 10 2010 15:01:28 startup.cfg 9 -rw- 14694360 Dec 10 2010 11:31:56 test.bin 10 -rw- 524288 Dec 13 2010 10:40:38 basbtm.bin 11 -rw- 524288 Dec 13 2010 10:40:38 extbtm.
bootrom-update security-check enable Syntax bootrom-update security-check enable undo bootrom-update security-check enable View System view Default level 2: System level Parameters None Description Use the bootrom-update security-check enable command to enable the validity check function when upgrading Boot ROM. Use the undo bootrom-update security-check enable command to disable the validity check function when upgrading Boot ROM.
display boot-loader The boot file used this time:cfa0:/main.bin attribute: main The boot file used next time:cfa0:/main.
Table 14 Output description Field Description The location of patches Patch file location. To configure the location, use the patch location command. Slot Meaningless Version Patch version. The first three characters represent the suffix of the PATCH-FLAG. For example, if the PATCH-FLAG of the a card is PATCH-RPE, “RPE” is displayed. The following three digits, if any, represent the patch number. (The patch number can be read after the patch is loaded.
[Sysname] patch active 3 patch deactive Syntax patch deactive [ patch-number ] View System view Default level 3: Manage level Parameters patch-number: Sequence number of a patch. Description Use the patch deactive command to stop running patches and the system will run at the original software version. • If you execute the command with specifying the sequence number of a patch, all the ACTIVE patches (including the specified patch) after the specified patch turn to the DEACTIVE state.
If you execute the command without specifying the sequence number of a patch, all the patches will be deleted. This command only removes the patches from the memory patch area, and it does not delete them from the storage media. The patches are in the IDLE state after this command is executed. Examples # Delete patch 3 and all the patches after patch 3. system-view [Sysname] patch delete 3 # Delete all the patches.
Examples # Install the patches located on the CF card. system-view [Sysname] patch-install cfa0:/ Patches will be installed. Continue? [Y/N]:y Do you want to run patches after reboot? [Y/N]:y Installing patches… Installation completed, and patches will continue to run after reboot.
Parameters patch-location: Specifies the patch file location. It is a string of 1 to 64 characters. It can be a root directory of a storage media or be in the format of “root directory + patch file name”. Description Use the patch location command to configure the patch file location. By default, the patch file location is cfa0:. If you want to install a patch package, you do not need to configure this command.
Information center configuration commands display channel Syntax display channel [ channel-number | channel-name ] View Any view Default level 1: Monitor level Parameters channel-number: Displays information of the channel with a specified number, where channel-number represents the channel number, in the range 0 to 9. channel-name: Displays information of the channel with a specified name, where channel-name represents the channel name, which could be a default name or a self-defined name.
The above information indicates to output log information with the severity from 0 to 4, trap information with the severity from 0 to 7 and debugging information with the severity from 0 to 7 to the console. The information source modules are all modules (default). Table 16 Output description Field Description channel number A specified channel number, in the range 0 to 9. channel name A specified channel name, which varies with user’s configuration.
1.1.1.
Field Description Trap buffer: Configurations on the trap buffer destination, including whether information output to this destination is enabled or disabled, the maximum capacity, the current capacity, the current number of messages, the number of dropped messages, the number of messages that have been overwritten, and the channel number and channel name used.
Severity Value Description Debug 7 Debug-level messages size buffersize: Displays specified number of the latest log messages in the log buffer, where buffersize represents the number of the latest log messages to be displayed in the log buffer, in the range 1 to 1,024. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Field Description Overwritten messages The number of overwritten messages (when the buffer size is not big enough to hold all messages, the latest messages overwrite the old ones). Current messages The number of the current messages display logbuffer summary Syntax display logbuffer summary [ level severity ] View Any view Default level 1: Monitor level Parameters level severity: Displays the summary of the log buffer, where severity represents information level, in the range 0 to 7.
View Any view Default level 1: Monitor level Parameters None Description Use the display logfile buffer command to display contents of the logfile buffer. Note that all contents in the logfile buffer will be cleared after they are successfully saved into the log file automatically or manually. Examples # Display the contents of the log file buffer. display logfile buffer %@387986%Jun 20 10:52:03 2006 Sysname %%10IC/7/SYS_RESTART: System restarted -- The rest is omitted here.
Field Description Channel number The channel number of a log file, defaults to 9. Log file size quota The maximum storage space reserved for a log file Log file directory Log file directory Writing frequency Log file writing frequency display trapbuffer Syntax display trapbuffer [ reverse ] [ size buffersize ] View Any view Default level 1: Monitor level Parameters reverse: Displays trap entries chronologically, with the most recent entry at the top.
#Jun 3 15:18:39:964 2011 HP SHELL/4/LOGOUT: Trap 1.3.6.1.4.1.25506.2.2.1.1.3.0.2: logout from VTY #Jun 3 15:22:13:454 2011 HP SHELL/4/LOGOUT: Trap 1.3.6.1.4.1.25506.2.2.1.1.3.0.2: logout from VTY #Jun 3 15:22:31:527 2011 HP SHELL/4/LOGIN: Trap 1.3.6.1.4.1.25506.2.2.1.1.3.0.1: login from Console Table 22 Output description Field Description Trapping buffer configuration and contents Indicates the current state of the trap buffer and its contents, which could be enabled or disabled.
system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] undo enable log updown info-center channel name Syntax info-center channel channel-number name channel-name undo info-center channel channel-number View System view Default level 2: System level Parameters channel-number: Specifies a channel number, in the range 0 to 9. channel-name: Specifies a channel name, a string of 1 to 30 characters.
Description Use the info-center console channel command to specify the channel to output system information to the console. Use the undo info-center console channel command to restore the default output channel to the console. By default, output of information to the console is enabled with channel 0 as the default channel (known as console). Note that the info-center console channel command takes effect only after the information center is enabled first with the info-center enable command.
View System view Default level 2: System level Parameters channel-number: A specified channel number, in the range 0 to 9. channel-name: Specifies a channel name, which could be a default name or a self-defined name. The user needs to specify a channel name first before using it as a self-defined channel name. For more information, see the info-center channel name command.
By default, the output of system information to the log file is enabled. Examples # Enable the logfile feature. system-view [Sysname] info-center logfile enable info-center logfile frequency Syntax info-center logfile frequency freq-sec undo info-center logfile frequency View System view Default level 2: System level Parameters freq-sec: Frequency with which the system saves the log file, in the range 1 to 86,400 seconds.
Use the undo info-center logfile size-quota command to restore the default maximum storage space reserved for a log file. By default, the storage space reserved for a log file is 10 MB. Examples # Set the maximum storage space reserved for a log file to 6 MB.
Default level 2: System level Parameters host-ip: The IP address of the log host. port port-number: Specifies the number of the port that receives the system information on the log host. The value ranges from 1 to 65535 and defaults to 514. Besides, the value of the port-number argument should be the same as the value configured on the log host, otherwise, the log host cannot receive system information. channel: Specifies the channel through which system information can be output to the log host.
Default level 2: System level Parameters interface-type interface-number: Specifies the egress interface for log information by the interface type and interface number. Description Use the info-center loghost source command to specify the source IP address for log information. Use the undo info-center loghost source command to restore the default.
Default level 2: System level Parameters channel-number: Specifies a channel number, in the range 0 to 9. channel-name: Specifies a channel name, which could be a default name or a self-defined name. The user needs to specify a channel name first before using it as a self-defined channel name. For more information, see the info-center channel name command. Description Use the info-center monitor channel command to configure the channel to output system information to the monitor.
By default, output of system information to the SNMP module is enabled with a default channel name of snmpagent and a default channel number of 5. For more information, see the display snmp-agent command. Examples # Output system information to the SNMP module through channel 6.
For example, the user can set to output log information with severity higher than warning to the log host, and information with severity higher than informational to the log buffer. The user can also set to output trap information of the IP module to a specified output destination.
Output destinatio n Modules allowed Log file default (all modules) LOG DEBUG TRAP Enabled/ disabled Severity Enabled/ disabled Severity Enabled/ disabled Severity Enabled Debug Enabled Debug Disabled Debug Examples # Set the output channel for the log information of VLAN module to snmpagent and to output information with severity being emergency.
NOTE: • If system information, such as log information, is output before you input any information under a current command line prompt, the system will not display the command line prompt after the system information output. • If system information is output when you are inputting some interactive information (non Y/N confirmation information), then after the system information output, the system will not display the command line prompt but your previous input in a new line.
Default level 2: System level Parameters channel-number: Specifies a channel number, in the range 0 to 9. channel-name: Specifies a channel name, which could be a default name or a self-defined name. You need to specify a channel name first before using it as a self-defined channel name. For more information, see the info-center channel name command. Description Use the info-center syslog channel command to enable the output of system information to the Web interface.
none: Indicates no time information is provided. Description Use the info-center timestamp command to configure the timestamp format. Use the undo info-center timestamp command to restore the default. By default, the timestamp format of log, trap and debugging information is date. Examples # Configure the timestamp format for log information as boot.
none: Indicates that no time stamp information is provided. Description Use the info-center timestamp loghost command to configure the time stamp format of the system information sent to the log host. Use the undo info-center timestamp loghost command to restore the default. By default, the time stamp format for system information sent to the log host is date. Examples # Configure that the system information output to the log host does not include the year information.
logfile save Syntax logfile save View Any view Default level 2: System level Parameters None Description Use the logfile save command to save all the contents in the logfile buffer into the log file. By default, the system automatically saves the log file based on a frequency configured by the info-center logfile frequency command into a directory configured by the info-center logfile switch-directory command.
reset trapbuffer Syntax reset trapbuffer View User view Default level 3: Manage level Parameters None Description Use the reset trapbuffer command to reset the trap buffer contents. Examples # Reset the trap buffer contents. reset trapbuffer terminal debugging Syntax terminal debugging undo terminal debugging View User view Default level 1: Monitor level Parameters None Description Use the terminal debugging command to enable the display of debugging information on the current terminal.
Examples # Enable the display of debugging information on the current terminal. terminal debugging Info: Current terminal debugging is on. terminal logging Syntax terminal logging undo terminal logging View User view Default level 1: Monitor level Parameters None Description Use the terminal logging command to enable the display of log information on the current terminal. Use the undo terminal logging command to disable the display of log information on the current terminal.
Parameters None Description Use the terminal monitor command to enable the monitoring of system information on the current terminal. Use the undo terminal monitor command to disable the monitoring of system information on the current terminal. By default, monitoring of the system information on the console is enabled and that on the monitor terminal is disabled. Note that: • You need to configure the terminal monitor command before you can display the log, trap, and debugging information.
• The configuration of this command is valid for only the current connection between the terminal and the device. If a new connection is established, the display of trap information on the terminal restores the default. Examples # Enable the display of trap information on the current terminal. terminal trapping Info: Current terminal trapping is on.
Flow logging configuration commands display userlog export Syntax display userlog export View Any view Default level 1: Monitor level Parameters None Description Use the display userlog export command to view the configuration and statistics about flow logs exported to the log server. Before using this command, configure the IP address and UDP port number of the log server with the userlog flow export host command. Otherwise, the system may prompt you "No userlog export is enabled".
Field Description Export Version 1 logs to log server Export flow log packets of version 1.0 to the log server. Source address of exported logs Source IP address of the flow logging packets (this field will not be displayed if the source IP address is not configured) Address of log server Address of the log server, including IP address and port number VPN-instance VPN instance name of the VPN to which the flow logging server belongs.
View User view Default level 2: System level Parameters None Description Use the reset userlog flow logbuffer command to clear flow logs in the cache. Flow logs are saved in the cache before being exported to the information center or log server. CAUTION: Clearing flow logs in the cache causes the loss of log information, so you are recommended not to clear the cache unless you are sure you want to clear it. Examples # Clear flow logs in the cache.
• To avoid collision with general UDP port numbers, UDP port numbers in the range 1025 to 65535 are recommended. • The specified VPN instance should be created, otherwise packets delivery fails. • You can select at most two log servers from three types of log servers (which are flow logging server in a VPN, IPv4 flow logging server) to receive flow logs for each device. If you specify two log servers for a device, the servers can be of the same type or of different types.
userlog flow export version Syntax userlog flow export version version-number undo userlog flow export version View System view Default level 2: System level Parameters version-number: Flow logging version number. The value is either 1 or 3. Description Use the userlog flow export version command to configure the flow logging version. Use the undo userlog flow export version command to restore the default. By default, flow logging version is 1.0.
• Exporting flow logs to the information center takes up storage space of the device, so adopt this export approach when there are a small amount of logs. Examples # Export flow logs to the information center.
NTP configuration commands display ntp-service sessions Syntax display ntp-service sessions [ verbose ] View Any view Default level 1: Monitor level Parameters verbose: Displays the detailed information of all NTP sessions. If you do not specify this keyword, only the brief information of the NTP sessions will be displayed. Description Use the display ntp-service sessions command to view the information of all NTP sessions. Examples # View the brief information of all NTP sessions.
Field Description poll Poll interval in seconds, namely, the maximum interval between successive NTP messages. The length of time from when the last NTP message was received or when the local clock was last updated to the current time now The time is in second by default. If the time length is greater than 2048 seconds, it is displayed in minute; if greater than 300 minutes, in hour; if greater than 96 hours, in day.
Field Description clock stratum Stratum level of the clock source, which determines the clock precision. The value range is 1 to 16. The clock precision decreases from stratum 1 to stratum 16. A stratum 1 clock has the highest precision, and a stratum 16 clock is not synchronized and cannot be used as a reference clock. Status of the clock source corresponding to this session, including clock status • • • • • • • • configured: The session was created by a configuration command.
Field Description Operation mode of the peer device, including peer mode • • • • • • • • unspec: The mode is unspecified. active: Active mode. passive: Passive mode. client: Client mode. server: Server mode. bdcast: Broadcast server mode. control: Control query mode. private: Private message mode. peer poll Poll interval of the peer device, in seconds.
Field Description Total associations Total number of associations NOTE: When a device is working in the NTP broadcast/multicast server mode, the display ntp-service sessions command executed on the device will not display the NTP session information corresponding to the broadcast/multicast server, but the sessions will be counted in the total number of associations.
Field Reference clock ID Description After the system clock is synchronized to a remote time server, this field indicates the address of the remote time server; after the system clock is synchronized to a local reference source, this field indicates the address of the local clock source: • When the local clock has a stratum level of 1, the value of this field is “LOCL”; • When the stratum of the local clock has another value, the value of this field is the IP address of the local clock.
server 127.0.0.1,stratum 2, offset -0.013500, synch distance 0.03154 server 133.1.1.1,stratum 1, offset -0.506500, synch distance 0.03429 refid LOCL The information above shows an NTP server chain for the server 127.0.0.1: The server 127.0.0.1 is synchronized to the server 133.1.1.1, and the server 133.1.1.1 is synchronized to the local clock source.
Description Use the ntp-service access command to configure the access-control right for the peer devices to access the NTP services of the local device. Use the undo ntp-service access command to remove the configured NTP service access-control right to the local device. By default, the access-control right for the peer devices to access the NTP services of the local device is set to peer. From the highest NTP service access-control right to the lowest one are peer, server, synchronization, and query.
Examples # Enable NTP authentication. system-view [Sysname] ntp-service authentication enable ntp-service authentication-keyid Syntax ntp-service authentication-keyid keyid authentication-mode md5 value undo ntp-service authentication-keyid keyid View System view Default level 2: System level Parameters keyid: Authentication key ID, in the range of 1 to 4294967295.
ntp-service broadcast-client Syntax ntp-service broadcast-client undo ntp-service broadcast-client View Interface view Default level 2: System level Parameters None Description Use the ntp-service broadcast-client command to configure the device to work in the NTP broadcast client mode and use the current interface to receive NTP broadcast packets. Use the undo ntp-service broadcast-client command to remove the configuration. By default, the device does not work in the NTP broadcast client mode.
Use the undo ntp-service broadcast-server command to remove the configuration. By default, the device does not work in the NTP broadcast server mode. Examples # Configure the device to work in the broadcast server mode and send NTP broadcast messages on GE0/1, using key 4 for encryption, and set the NTP version to 3.
Parameters number: Maximum number of dynamic NTP sessions that are allowed to be established, in the range of 0 to 100. Description Use the ntp-service max-dynamic-sessions command to set the maximum number of dynamic NTP sessions that are allowed to be established locally. Use the undo ntp-service max-dynamic-sessions command to restore the maximum number of dynamic NTP sessions to the system default. By default, the number is 100.
Examples # Configure the device to work in the multicast client mode and receive NTP multicast messages on GE0/1, and set the multicast address to 224.0.1.1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ntp-service multicast-client 224.0.1.
undo ntp-service refclock-master [ ip-address ] View System view Default level 2: System level Parameters ip-address: IP address of the local clock, which is 127.127.1.u, where u is the NTP process ID, in the range of 0 to 3. If you do not specify ip-address, it defaults to 127.127.1.0. stratum: Stratum level of the local clock, in the range of 1 to 15 and defaulting to 8. Description Use the ntp-service refclock-master command to configure the local clock as a reference source for other devices.
No authentication key is configured to be trusted by default. Examples # Enable NTP authentication, specify to use MD5 encryption algorithm, with the key ID of 37 and key value of BetterKey. system-view [Sysname] ntp-service authentication enable [Sysname] ntp-service authentication-keyid 37 authentication-mode md5 BetterKey # Specify this key as a trusted key.
View System view Default level 2: System level Parameters vpn-instance vpn-instance-name: Specifies a VPN instance by its name, where vpn-instance-name is a string of 1 to 31 characters. ip-address: IP address of the symmetric-passive peer. It must be a unicast address, rather than a broadcast address, a multicast address or the IP address of the local clock. peer-name: Host name of the symmetric-passive peer, a string of 1 to 20 characters.
Default level 2: System level Parameters vpn-instance vpn-instance-name: Specifies a VPN instance by its name, where vpn-instance-name is a string of 1 to 31 characters. ip-address: IP address of the NTP server. It must be a unicast address, rather than a broadcast address, a multicast address or the IP address of the local clock. server-name: Host name of the NTP server, a string of 1 to 20 characters.
RMON configuration commands display rmon alarm Syntax display rmon alarm [ entry-number ] View Any view Default level 1: Monitor level Parameters entry-number: Index of an RMON alarm entry, in the range 1 to 65535. If no entry is specified, the configuration of all alarm entries is displayed. Description Use the display rmon alarm command to display the configuration of the specified or all RMON alarm entries. Related commands: rmon alarm.
Field Description Samples type The sampling type (the value can be absolute or delta), corresponding to the MIB node alarmSampleType. Variable formula Alarm variable, namely, the monitored MIB node, corresponding to the MIB node alarmVariable. Sampling interval Sampling interval, in seconds, corresponding to the MIB node alarmInterval. Rising threshold Alarm rising threshold (When the sampling value is bigger than or equal to this threshold, a rising alarm is triggered.
Table 30 Output description Field Description EventEntry Event entry, corresponding to the MIB node eventIndex. owned by Owner of the entry, corresponding to the MIB node eventOwner. VALID Status of the entry identified by the index (VALID means the entry is valid, and UNDERCREATION means invalid. You can use the display rmon command to view the invalid entry; while with the display current-configuration and display this commands you cannot view the corresponding rmon commands.
LogEntry 1 owned by null is VALID. Generates eventLog 1.1 at 0day(s) 00h:00m:33s. Description: The alarm formula defined in prialarmEntry 1, uprise 80 with alarm value 85. Alarm sample type is absolute. Generates eventLog 1.2 at 0day(s) 00h:42m:03s. Description: The alarm formula defined in prialarmEntry 2, less than(or =) 5 with alarm value 0. Alarm sample type is delta. Table 31 Output description Field Description LogEntry Event log entry, corresponding to the MIB node logIndex.
You can configure the number of history sampling records that can be displayed and the history sampling interval through the rmon history command. Related commands: rmon history. Examples # Display RMON history control entry and history sampling information for interface GigabitEthernet 0/1. display rmon history gigabitethernet 0/1 HistoryControlEntry 1 owned by null is VALID Samples interface : GigabitEthernet0/1
Field Description VALID Status of the entry identified by the index (VALID means the entry is valid, and UNDERCREATION means invalid. You can use the display rmon command to view the invalid entry; while with the display current-configuration and display this commands you cannot view the corresponding rmon commands.), corresponding to the MIB node historyControlStatus.
Field Description utilization Bandwidth utilization during the sampling period, corresponding to the MIB node etherHistoryUtilization. display rmon prialarm Syntax display rmon prialarm [ entry-number ] View Any view Default level 1: Monitor level Parameters entry-number: Private alarm entry index, in the range 1 to 65535. If no entry is specified, the configuration of all private alarm entries is displayed.
Field Description Sampling interval Sampling interval, in seconds. The system performs absolute sample or delta sample to sampling variables according to the sampling interval. Rising threshold Alarm rising threshold. An event is triggered when the sampled value is greater than or equal to this threshold. Falling threshold Alarm falling threshold. An event is triggered when the sampled value is less than or equal to this threshold.
Table 34 Output description Field Description EtherStatsEntry The entry of the statistics table, corresponding to the MIB node etherStatsIndex. VALID Status of the entry identified by the index (VALID means the entry is valid, and UNDERCREATION means invalid. You can use the display rmon command to view the invalid entry; while with the display current-configuration and display this commands you cannot view the corresponding rmon commands.), corresponding to the MIB node etherStatsStatus.
Field Description Statistics of packets received according to length during the statistical period (Hardware support is needed for the statistics. If the hardware does not support the function, all statistics are displayed as 0.
represents the index of the event triggered when the rising threshold is reached. event-entry1 ranges from 0 to 65,535, with 0 meaning no corresponding event is triggered and no event action is taken when an alarm is triggered. falling-threshold threshold-value2 event-entry2: Sets the falling threshold, where threshold-value2 represents the falling threshold, in the range –2,147,483,648 to +2,147,483,647 and event-entry2 represents the index of the event triggered when the falling threshold is reached.
falling-threshold 5 2 owner user1 1.3.6.1.2.1.16.1.1.1.4 is the OID of the leaf node etherStatsOctets. It represents the statistics of the received packets on the interface, in bytes. In the above example, you can use etherStatsOctets.1 to replace the parameter 1.3.6.1.2.1.16.1.1.1.4.1, where 1 indicates the serial number of the interface statistics entry. Therefore, if you execute the rmon statistics 5 command, you can use etherStatsOctets.5 to replace the parameter.
Related commands: display rmon event, rmon alarm, and rmon prialarm. NOTE: • An entry cannot be created if the values of the specified event description (description string), event type (log, trap, logtrap or none), and community name (trap-community or log-trapcommunity) are identical to those of the existing event entry in the system. • You can create up to 60 event entries. Examples # Create event 10 in the RMON event table.
NOTE: • An entry cannot be created if the value of the specified sampling interval (interval sampling-interval) is identical to that of the existing history entry in the system. • You can create up to 100 history entries. Related commands: display rmon history. Examples # Create RMON history control entry 1 for interface Ethernet 1/1.
represents the index of the event triggered when the falling threshold is reached. event-entry2 ranges from 1 to 65,535. forever: Indicates that the lifetime of the private alarm entry is infinite. cycle cycle-period: Sets the lifetime period of the private alarm entry, in the range 0 to 2,147,483,647 seconds. owner text: Owner of the entry, a string of 1 to 127 characters. It is case sensitive and space is supported.
[Sysname] rmon prialarm 1 (.1.3.6.1.2.1.16.1.1.1.6.1*100/.1.3.6.1.2.1.16.1.1.1.5.1) BroadcastPktsRatioOfGE0/1 10 absolute rising-threshold 80 1 falling-threshold 5 2 entrytype forever owner user1 1.3.6.1.2.1.16.1.1.1.6.1 is the OID of the node etherStatsBroadcastPkts.1, and 1.3.6.1.2.1.16.1.1.1.5.1 is the OID of the node etherStatsPkts.1. 1 indicates the serial number of the interface statistics entry. Therefore, if you execute the rmon statistics 5 command, you should use 1.3.6.1.2.1.16.1.1.1.6.5 and 1.3.
Examples # Create an entry in the RMON statistics table for interface GE0/1. The index of the entry is 20, and the owner of the entry is user1.
SNMP configuration commands display snmp-agent community Syntax display snmp-agent community [ read | write ] View Any view Default level 1: Monitor level Parameters read: Displays the information of communities with read-only access right. write: Displays the information of communities with read and write access right. Description Use the display snmp-agent community command to display community information for SNMPv1 or SNMPv2c.
Field Description SNMP group name. • If a community name is created by using the snmp-agent community command, the group name and the community name are the same, which means the community name will be displayed. Group name • If a community name is created by using the snmp-agent usm-user { v1 | v2c } command, the name of the group to which the user belongs will be displayed. The number of the ACL in use.
Storage-type: nonVolatile Table 36 Output description Field Description Group name SNMP group name Security model Security model of the SNMP group, which can be: authPriv (authentication with privacy), authNoPriv (authentication without privacy), or noAuthNoPriv (no authentication no privacy).
Default level 1: Monitor level Parameters exclude: Displays MIB view information of the excluded type. include: Displays MIB view information of the included type. viewname view-name: Displays MIB view information with a specified MIB view name, where view-name is the name of the specified MIB view. Description Use the display snmp-agent mib-view command to display MIB view information. Absence of parameters indicates that information for all MIB views will be displayed.
Table 37 Output description Field Description View name MIB view name MIB Subtree MIB subtree corresponding to the MIB view Subtree mask MIB subtree mask Storage-type Storage type View type (that is, the relationship between this view and the MIB subtree), which can be included or excluded: • Included indicates that all nodes of the MIB subtree are included in current view, namely, you are allowed to access all the MIB objects of the subtree View Type • Excluded indicates that none of the nodes
2 MIB objects altered successfully 7 GetRequest-PDU accepted and processed 7 GetNextRequest-PDU accepted and processed 1653 GetBulkRequest-PDU accepted and processed 1669 GetResponse-PDU accepted and processed 2 SetRequest-PDU accepted and processed 0 Trap PDUs accepted and processed 0 Alternate Response Class PDUs dropped silently 0 Forwarded Confirmed Class PDUs dropped silently Table 38 Output description Field Description Messages delivered to the SNMP entity Number of packets delivered to the SNMP
Field Description Alternate Response Class PDUs dropped silently Number of dropped response packets Forwarded Confirmed Class PDUs dropped silently Number of forwarded packets that have been dropped display snmp-agent sys-info Syntax display snmp-agent sys-info [ contact | location | version ] * View Any view Default level 1: Monitor level Parameters contact: Displays the contact information of the current network administrator. location: Displays the location information of the current device.
Parameters None Description Use the display snmp-agent trap queue command to display basic information of the trap queue, including trap queue name, queue length and the number of traps in the queue currently. Related commands: snmp-agent trap life and snmp-agent trap queue-size. Examples # Display the current configuration and usage of the trap queue.
ospf trap enable standard trap enable system trap enable vrrp trap enable Enable traps: 7; Disable traps: 0 In the above output, enable indicates that the module is allowed to generate traps whereas disable indicates the module is not allowed to generate traps. You can configure the trap function (enable or disable) of each module through command lines.
Table 40 Output description Field Description User name SNMP user name Group name SNMP group name Engine ID Engine ID for an SNMP entity Storage type, which can be the following: • volatile • nonvolatile Storage-type • permanent • readOnly • other For more information, see Table 35.
system-view [Sysname] snmp-agent trap enable [Sysname] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] enable snmp trap updown snmp-agent Syntax snmp-agent undo snmp-agent View System view Default level 3: Manage level Parameters None Description Use the snmp-agent command to enable SNMP agent. Use the undo snmp-agent command to disable SNMP agent. By default, SNMP agent is disabled.
mode: Specifies the encryption algorithm and authentication algorithm. The three encryption algorithms Advanced Encryption Standard (AES), triple data encryption standard (3DES), and Data Encryption Standard (DES) are in descending order in terms of security. Higher security means more complex implementation mechanism and lower speed. DES is enough to meet general requirements. Message-Digest Algorithm 5 (MD5) and Secure Hash Algorithm (SHA-1) are the two authentication algorithms.
system-view [Sysname] snmp-agent calculate-password authkey mode md5 local-engineid The secret key is: 09659EC5A9AE91BA189E5845E1DDE0CC snmp-agent community Syntax snmp-agent community { read | write } community-name [ acl acl-number | mib-view view-name ] * undo snmp-agent community { read | write } community-name View System view Default level 3: Manage level Parameters read: Indicates that the community has read only access right to the MIB objects; that is, the NMS can perform read-only op
Related commands: snmp-agent mib-view. Examples # Create a community with the name of readaccess, allowing read-only access right using this community name.
The following syntax applies to SNMPv3: snmp-agent group v3 group-name [ authentication | privacy ] [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ] undo snmp-agent group v3 group-name [ authentication | privacy ] View System view Default level 3: Manage level Parameters v1: SNMPv1. v2c: SNMPv2c. v3: SNMPv3. group-name: Group name, a string of 1 to 32 characters.
snmp-agent local-engineid Syntax snmp-agent local-engineid engineid undo snmp-agent local-engineid View System view Default level 3: Manage level Parameters engineid: Engine ID, an even number of hexadecimal characters, in the range 10 to 64. Its length must not be an odd number, and the all-zero and all-F strings are invalid. Description Use the snmp-agent local-engineid command to configure a local engine ID for an SNMP entity.
Default level 3: Manage level Parameters all: Enables logging of SNMP GET and SET operations. get-operation: Enables logging of SNMP GET operation. set-operation: Enables logging of SNMP SET operation. Description Use the snmp-agent log command to enable SNMP logging. Use the undo snmp-agent log command to restore the default. By default, SNMP logging is disabled.
mask mask-value: Mask for a MIB subtree, in the range 1 to 32 hexadecimal digits. It must be an even digit. Description Use the snmp-agent mib-view command to create or update MIB view information so that MIB objects can be specified. Use the undo snmp-agent mib-view command to delete the current configuration. By default, four MIB views are created on the device, and they have the same view name ViewDefault.
Description Use the snmp-agent packet max-size command to configure the maximum size of the SNMP packets that can be received or sent by the agent. Use the undo snmp-agent packet max-size command to restore the default packet size. By default, the maximum size of the SNMP packets that can be received or sent by the agent is 1,500 bytes.
By default, the location information is null, version is SNMPv3, and the contact is null. The device can process the SNMP packets of the corresponding version only if SNMP of a specific version is enabled. If SNMPv1 is enabled, the device will drop the received SNMPv2c packets; if SNMPv2c is enabled, the device will drop the received SNMPv1 packets. To enable the device to communicate with different NMSs, you can enable SNMP of different versions on a device. Related commands: display snmp-agent sys-info.
v2c: SNMPv2c. This keyword must be the same with the SNMP version on the NMS; otherwise, the NMS cannot receive any trap. v3: SNMPv3. This keyword must be the same with the SNMP version on the NMS; otherwise, the NMS cannot receive any trap. • authentication: Specifies the security model to be authentication without privacy. Authentication is a process to check whether the packet is integral and whether it has been tampered. You need to configure the authentication password when creating an SNMPv3 user.
viriftxretransmit | virnbrstatechange ] * | standard [ authentication | coldstart | linkdown | linkup | warmstart ]* | system | vrrp [ authfailure | newmaster ] ] View System view Default level 3: Manage level Parameters bgp: Enables the sending of traps of the BGP module. configuration: Enables the sending of configuration traps. flash: Enables the sending of FLASH-related traps. ospf: Enables the sending of traps of the OSPF module. • process-id: OSPF process ID, in the range 1 to 65535.
• newmaster: Enables the sending of VRRP newmaster traps when the device becomes the master. Description Use the snmp-agent trap enable command to enable the trap function globally. Use the undo snmp-agent trap enable command to disable the trap function globally. By default, the trap function of each module is enabled. Only after the trap function is enabled can each module generate corresponding traps.
is 1 An extended linkUp trap is in the following format: • #Apr 24 11:43:09:896 2008 Sysname IFNET/4/INTERFACE UPDOWN: Trap 1.3.6.1.6.3.1.1.5.4: Interface 983555 is Up, ifAdminStatus is 1, ifOperStatus is 1, ifDescr is GigabitEthernet0/1, ifType is 6 A standard linkDown trap is in the following format: • #Apr 24 11:47:35:224 2008 Sysname IFNET/4/INTERFACE UPDOWN: Trap 1.3.6.1.6.3.1.1.5.
Related commands: snmp-agent trap enable and snmp-agent target-host. Examples # Configure the holding time of traps in the queue as 60 seconds. system-view [Sysname] snmp-agent trap life 60 snmp-agent trap queue-size Syntax snmp-agent trap queue-size size undo snmp-agent trap queue-size View System view Default level 3: Manage level Parameters size: Number of traps that can be stored in the trap sending queue, in the range 1 to 1,000.
Parameters interface-type { interface-number | interface-number.subnumber }: Specifies the interface type and interface number. The parameter interface-number represents the main interface number. The parameter subnumber represents the subinterface number and ranges from 1 to 4,094. Description Use the snmp-agent trap source command to specify the source IP address contained in the trap. Use the undo snmp-agent trap source command to restore the default.
acl acl-number: Associates a basic ACL with the user. acl-number is in the range 2000 to 2999. By using a basic ACL, you can restrict the source IP address of SNMP packets, that is, you can configure to allow or prohibit SNMP packets with a specific source IP address, so as to allow or prohibit the specified NMS to access the agent by using this user name. Description Use the snmp-agent usm-user { v1 | v2c } command to add a user to an SNMP group.
undo snmp-agent usm-user v3 user-name group-name { local | engineid engineid-string } View System view Default level 3: Manage level Parameters user-name: User name, a string of 1 to 32 characters. It is case sensitive. group-name: Group name, a string of 1 to 32 characters. It is case sensitive. cipher: Specifies that auth-password and priv-password are cipher text passwords, which can be calculated by using the snmp-agent calculate-password command.
Description Use the snmp-agent usm-user v3 command to add a user to an SNMP group. Use the undo snmp-agent usm-user v3 command to delete a user from an SNMP group. The user name configured by using this command is applicable to the SNMPv3 networking environments, If the agent and the NMS use SNMPv3 packets to communicate with each other, you need to create an SNMPv3 user. To make the configured user valid, create an SNMP group first.
# Add a user testUser to the SNMPv3 group testGroup. Configure the security model as authentication and privacy, the authentication protocol as MD5, the privacy protocol as DES56, the plain-text authentication password as authkey, and the plain-text privacy password as prikey.
RSH configuration commands rsh Syntax rsh host [ user username ] command remote-command View User view Default Level 0: Visit level Parameters host: IP address or host name of the remote host, a string of 1 to 20 characters. user username: Specifies the username for remote login, which is a string of 1 to 20 characters. If you specify no username, the system name of the firewall, which can be set by using the sysname command, applies. remote-command: Command to be executed remotely.
2003-06-21 10:51 192,512 wrshdnt.cpl 2001-12-09 16:41 38,991 wrshdnt.hlp 2001-12-09 16:26 1,740 wrshdnt.cnt 2003-06-22 11:14 452,230 wrshdnt.htm 2003-06-23 18:18 2003-06-23 18:18 2003-06-22 11:13 2001-09-02 15:41 2003-06-21 10:32 2004-01-02 15:54 196,608 wrshdsp.exe 2004-01-02 15:54 102,400 wrshdnt.exe 2001-07-30 18:05 766 wrshdnt.ico 2004-07-13 09:10 4,803 wrshdnt_header.htm 178 wrshdnt_filelist.xml 156,472 wrshdnt.pdf 49,152 wrshdrdr.exe 69,632 wrshdrun.exe 3,253 INSTALL.
SSH2.0 configuration commands SSH2.0 server configuration commands display ssh server Syntax display ssh server { session | status } View Any view Default level 1: Monitor level Parameters session: Displays the session information of the SSH server. status: Displays the status information of the SSH server. Description Use the display ssh server command on an SSH server to display SSH server status information or session information.
Field Description SSH protocol version SSH version When the SSH supports SSH1, the protocol version is 1.99. Otherwise, the protocol version is 2.0.
Related commands: ssh user. NOTE: This command is also available on an SFTP server. Examples # Display information about all SSH users. display ssh user-information Total ssh users : 2 Username Authentication-type User-public-key-name yemx password null test publickey pubkey Service-type stelnet|sftp sftp Table 43 Output description Field Description Username Name of the user Authentication-type Authentication method.
Related commands: display ssh server. Examples # Set the maximum number of SSH connection authentication attempts to 4. system-view [Sysname] ssh server authentication-retries 4 ssh server authentication-timeout Syntax ssh server authentication-timeout time-out-value undo ssh server authentication-timeout View System view Default level 2: System level Parameters time-out-value: Authentication timeout period in seconds, in the range 1 to 120.
Description Use the ssh server compatible-ssh1x command to enable the SSH server to support SSH1 clients. Use the undo ssh server compatible-ssh1x command to disable the SSH server from supporting SSH1 clients. By default, the SSH server supports SSH1 clients. This configuration takes effect only for users logging in after the configuration. Related commands: display ssh server. Examples # Enable the SSH server to support SSH1 clients.
Default level 2: System level Parameters hours: Server key pair update interval in hours, in the range 1 to 24. Description Use the ssh server rekey-interval command to set the interval for updating the RSA server key. Use the undo ssh server rekey-interval command to remove the configuration. By default, the update interval of the RSA server key is 0, that is, the RSA server key is not updated. Related commands: display ssh server.
• password-publickey: Specifies that SSH2 clients perform both password authentication and publickey authentication and that SSH1 clients perform either type of authentication. • publickey: Performs publickey authentication. assign publickey keyname: Assigns an existing public key to an SSH user. keyname indicates the name of the client public key and is a string of 1 to 64 characters. work-directory directory-name: Specifies the working folder for an SFTP user.
Parameters None Description Use the display ssh client source command to display the source IP address or source interface set for the SSH client. If neither source IP address nor source interface is specified for the SSH client, the system will prompt you to specify the source information. Related commands: ssh client source. Examples # Display the source IP address of the SSH client. display ssh client source The source IP address you specified is 192.168.0.
Table 44 Output description Field Description Server Name(IP) Name or IP address of the server Server public key name Name of the host public key of the server ssh client authentication server Syntax ssh client authentication server server assign publickey keyname undo ssh client authentication server server assign publickey View System view Default level 2: System level Parameters server: IP address or name of the server, a string of 1 to 80 characters.
View System view Default level 2: System level Parameters None Description Use the ssh client first-time enable command to enable the first authentication function. Use the undo ssh client first-time command to disable the function. By default, the function is enabled. With first-time authentication, when an SSH client not configured with the server host public key accesses the server for the first time, the user can continue accessing the server, and save the host public key on the client.
By default, the client uses the source address specified by the route of the device to access the SSH server. Related commands: display ssh client source. Examples # Specify the source IPv6 address as 2:2::2:2 for the SSH client.
Default level 0: Visit level Parameters server: IPv4 address or host name of the server, a case-insensitive string of 1 to 20 characters. port-number: Port number of the server, in the range 0 to 65535. The default is 22. identity-key: Specifies the algorithm for publickey authentication, either dsa or rsa. The default is dsa. prefer-ctos-cipher: Preferred encryption algorithm from client to server, defaulted to aes128. • 3des: Encryption algorithm 3des-cbc.
ssh2 ipv6 Syntax ssh2 ipv6 server [ port-number ] [ identity-key { dsa | rsa } | prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] * View User view Default level 0: Visit level Parameters server: IPv6 address or host name of the server, a case-insensitive string of 1 to 46 characters.
• Preferred key exchange algorithm: DH-group1 • Preferred encryption algorithm from server to client: AES128 • Preferred HMAC algorithm from client to server: MD5 • Preferred HMAC algorithm from server to client: SHA1-96.
Parameters time-out-value: Timeout period in minutes. It ranges from 1 to 35,791. Description Use the sftp server idle-timeout command to set the idle timeout period for SFTP user connections. Use the undo sftp server idle-timeout command to restore the default. By default, the idle timeout period is 10 minutes. Related commands: display ssh server. Examples # Set the idle timeout period for SFTP user connections to 500 minutes.
Default level 3: Manage level Parameters remote-path: Name of a path on the server. Description Use the cd command to change the working path on a remote SFTP server. With the argument not specified, the command displays the current working path. NOTE: • You can use the cd .. command to return to the upper-level directory. • You can use the cd / command to return to the root directory of the system. Examples # Change the working path to new1.
Default level 3: Manage level Parameters remote-file&<1-10>: Name of a file on the server. &<1-10> means that you can provide up to 10 filenames, which are separated by space. Description Use the delete command to delete the specified file(s) from a server. This command functions as the remove command. Examples # Delete file temp.c from the server. sftp-client> delete temp.c The following files will be deleted: /temp.c Are you sure to delete it? [Y/N]:y This operation may take a long time. Please wait...
-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2 -rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1 -rwxrwxrwx 1 noone nogroup 225 Sep 28 08:28 pub1 drwxrwxrwx 1 noone nogroup 0 Sep 28 08:24 new1 drwxrwxrwx 1 noone nogroup 0 Sep 28 08:18 new2 -rwxrwxrwx 1 noone nogroup 225 Sep 28 08:30 pub2 display sftp client source Syntax display sftp client source View Any view Default level 1: Monitor level Parameters None Description Use the display sftp client source command to display
Examples # Terminate the connection with the remote SFTP server. sftp-client> exit Bye Connection closed. get Syntax get remote-file [ local-file ] View SFTP client view Default level 3: Manage level Parameters remote-file: Name of a file on the remote SFTP server. local-file: Name for the local file. Description Use the get command to download a file from a remote SFTP server and save it locally.
Description Use the help command to display a list of all commands or the help information of an SFTP client command. With neither the argument nor the keyword specified, the command displays a list of all commands. Examples # Display the help information of the get command. sftp-client> help get get remote-path [local-path] Download file.
mkdir Syntax mkdir remote-path View SFTP client view Default level 3: Manage level Parameters remote-path: Name for the directory on a remote SFTP server. Description Use the mkdir command to create a directory on a remote SFTP server. Examples # Create a directory named test on the remote SFTP server. sftp-client> mkdir test New directory created put Syntax put local-file [ remote-file ] View SFTP client view Default level 3: Manage level Parameters local-file: Name of a local file.
pwd Syntax pwd View SFTP client view Default level 3: Manage level Parameters None Description Use the pwd command to display the current working directory of a remote SFTP server. Examples # Display the current working directory of the remote SFTP server. sftp-client> pwd / quit Syntax quit View SFTP client view Default level 3: Manage level Parameters None Description Use the quit command to terminate the connection with a remote SFTP server and return to user view.
View SFTP client view Default level 3: Manage level Parameters remote-file&<1-10>: Name of a file on an SFTP server. &<1-10> means that you can provide up to 10 filenames, which are separated by space. Description Use the remove command to delete the specified file(s) from a remote server. This command functions as the delete command. Examples # Delete file temp.c from the server. sftp-client> remove temp.c The following files will be deleted: /temp.
rmdir Syntax rmdir remote-path&<1-10> View SFTP client view Default level 3: Manage level Parameters remote-path&<1-10>: Name of the directory on the remote SFTP server. &<1-10> means that you can provide up to 10 directory names that are separated by space. Description Use the rmdir command to delete the specified directories from an SFTP server. Examples # On the SFTP server, delete directory temp1 in the current directory.
• sha1: HMAC algorithm hmac-sha1. • sha1-96: HMAC algorithm hmac-sha1-96. prefer-kex: Preferred key exchange algorithm, defaulted to dh-group-exchange. • dh-group-exchange: Key exchange algorithm diffie-hellman-group-exchange-sha1. • dh-group1: Key exchange algorithm diffie-hellman-group1-sha1. • dh-group14: Key exchange algorithm diffie-hellman-group14-sha1. prefer-stoc-cipher: Preferred encryption algorithm from server to client, defaulted to aes128.
Use the undo sftp client ipv6 source command to remove the configuration. By default, the client uses the interface address specified by the route of the device to access the SFTP server. Related commands: display sftp client source. Examples # Specify the source IPv6 address of the SFTP client as 2:2::2:2.
Default level 3: Manage level Parameters server: IPv6 address or host name of the server, a case-insensitive string of 1 to 46 characters. port-number: Port number of the server, in the range 0 to 65535. The default is 22. identity-key: Specifies the algorithm for publickey authentication, either dsa or rsa. The default is dsa. prefer-ctos-cipher: Preferred encryption algorithm from client to server, defaulted to aes128. • 3des: Encryption algorithm 3des-cbc. • aes128: Encryption algorithm aes128-cbc.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents a firewall chassis or a firewall module. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device.
Index ABCDEFGHILMNPQRSTUW display logfile buffer,69 A display logfile summary,70 archive configuration,43 display ntp-service sessions,99 archive configuration interval,43 display ntp-service status,103 archive configuration location,44 display ntp-service trace,104 archive configuration max,45 display patch information,58 B display rmon alarm,116 backup startup-configuration,46 display rmon event,117 boot-loader,54 display rmon eventlog,118 bootrom,54 display rmon history,119 bootrom-upd
ntp-service access,105 exit,182 ntp-service authentication enable,106 F ntp-service authentication-keyid,107 file prompt,32 ntp-service broadcast-client,108 fixdisk,33 ntp-service broadcast-server,108 format,33 ntp-service in-interface disable,109 G ntp-service max-dynamic-sessions,109 get,183 ntp-service multicast-client,110 H ntp-service multicast-server,111 ntp-service refclock-master,111 help,183 ntp-service reliable authentication-keyid,112 I ntp-service source-interface,113 info-c
rmdir,188 ssh client source,175 rmon alarm,125 ssh server authentication-retries,167 rmon event,127 ssh server authentication-timeout,168 rmon history,128 ssh server compatible-ssh1x enable,168 rmon prialarm,129 ssh server enable,169 rmon statistics,131 ssh server rekey-interval,169 rsh,163 ssh user,170 S ssh2,175 ssh2 ipv6,177 save,52 Subscription service,192 sftp,188 sftp client ipv6 source,189 T sftp client source,190 tcp anti-naptha enable,23 sftp ipv6,190 tcp mss,24 sftp server
