HP High-End Firewalls Getting Started Command Reference Part number: 5998-2656 Software version: F1000-A-EI&F1000-S-EI: R3721 F5000: F3210 F1000-E: F3171 Firewall module: F3171 Document version: 6PW101-20120719
Legal and notice information © Copyright 2012 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents Login management commands ··································································································································· 1 acsei-client enable ···················································································································································· 1 activation-key ····························································································································································
clock timezone ······················································································································································· 40 configure-user count ·············································································································································· 41 copyright-info enable ············································································································································ 42 display c
quit ·········································································································································································· 92 return ······································································································································································· 93 screen-length disable······································································································································
Login management commands IMPORTANT: The FIPS mode is available only for the firewall modules. For more information about FIPS, see Access Control Configuration Guide. acsei-client enable Syntax acsei-client enable undo acsei-client enable View System view Default level 2: System level Description Use acsei-client enable to enable ACSEI client. Use undo acsei-client enable to disable ACSEI client. By default, ACSEI client is disabled.
Parameters character: Shortcut key for starting a terminal session, a single character (or its corresponding ASCII code value that ranges from 0 to 127) or a string of 1 to 3 characters. However, only the first character functions as the shortcut key. For example, if you enter an ASCII code value of 97, the system uses its corresponding character a as the shortcut key. If you enter string b@c, the system uses the first character b as the shortcut key.
authentication-mode Syntax In non-FIPS mode: authentication-mode { none | password | scheme } undo authentication-mode In FIPS mode: authentication-mode scheme undo authentication-mode View User interface view Default level 3: Manage level Parameters none: Performs no authentication. password: Performs local password authentication. scheme: Performs AAA authentication. For more information about AAA, see Access Control Configuration Guide.
[Sysname-ui-vty0] authentication-mode scheme [Sysname-ui-vty0] quit [Sysname] local-user 123 [Sysname-luser-123] password cipher 321 [Sysname-luser-123] service-type telnet [Sysname-luser-123] authorization-attribute level 3 auto-execute command Syntax auto-execute command command undo auto-execute command View User interface view Default level 3: Manage level Parameters command: Specifies a command to be automatically executed.
[Y/N]:y [Sysname-ui-vty0] # Telnet to 192.168.1.40 to verify the configuration: The device automatically. Telnets to 192.168.1.41. The following output is displayed: C:\> telnet 192.168.1.40 ****************************************************************************** * Copyright (c) 2010-2011 Hewlett-Packard Development Company, L.P. * * Without the owner's prior written consent, * * no decompiling or reverse-engineering shall be allowed.
When both command accounting and command authorization are enabled, only the authorized and executed commands are recorded on the HWTACACS server. Examples # Enable command accounting on VTY 0. Then the HWTACACS server records the commands executed by users that have logged in through VTY 0.
Default level 2: System level Parameters 5: Sets 5 data bits for each character. 6: Sets 6 data bits for each character. 7: Sets 7 data bits for each character. 8: Sets 8 data bits for each character. Description Use databits to set data bits for each character. Use undo databits to restore the default. By default, 8 data bits are set for each character. NOTE: • The command is only applicable to console ports.
Examples # Display ACSEI client information. display acsei-client information Client Description: SecBlade FW Hardware: A.0 System Software: COMWAREV500R002B98D010 Application Software: V300R001B01D409 CPU: RMI XLR732 1000MHz PCB Version: A.0 CPLD Version: 3.0 Bootrom Version: Basic BootRom Version:1.28,Extend BootRom Version:1.
Table 1 Command output Field Description Status of the ACSEI client: Status • Open—The ACSEI client is enabled. • Closed—The ACSEI client is disabled. • Regsent—The ACSEI client is registering. display ip http Syntax display ip http [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Field Description Operation status: Operation status • Running—The HTTP service is enabled. • Stopped—The HTTP service is disabled. display ip https Syntax display ip https [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Field Description Operation status: Operation status • Running—The HTTPS service is enabled. • Stopped—The HTTPS service is disabled. display telnet client configuration Syntax display telnet client configuration [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Parameters num1: Absolute number of a user interface. The value range varies with devices, and typically starts from 0. console: Specifies the console user interface. vty: Specifies the VTY user interface. num2: Relative number of a user interface. The value range varies with devices. summary: Displays summary about user interfaces. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Field Description Type Type and relative number of the user interface. Tx/Rx Transmission/Receive rate of the user interface Whether the modem is allowed to dial in (in), dial out (out), or both (inout) Modem By default, a hyphen (-) is displayed to indicate that this function is disabled. Privi Indicates the command level of a user under that user interface Auth Authentication mode for the users, which can be A, P, L, and N. Int The physical port that corresponds to the user interface.
display users Syntax display users [ all ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters all: Displays information about all user interfaces that the device supports. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Field Description Delay Time elapsed since the user's last input, in the format of hh:mm:ss. Type User type, such as Telnet or SSH Userlevel User level: 0 for visit, 1 for monitor, 2 for system, and 3 for manage.
escape-key Syntax escape-key { default | character } undo escape-key View User interface view Default level 3: Manage level Parameters character: Specifies the shortcut key for terminating a task, a single character (or its corresponding ASCII code value in the range of 0 to 127) or a string of 1 to 3 characters. Only the first character of a string functions as the shortcut key. For example, if you enter an ASCII code value of 113, the system uses its corresponding character q as the shortcut key.
Enter a. 2. The task terminates immediately and the system returns to system view. --- 192.168.1.49 ping statistics --2 packet(s) transmitted 2 packet(s) received 0.00% packet loss round-trip min/avg/max = 3/3/3 ms free user-interface Syntax free user-interface { num1 | { console | vty } num2 } View User view Default level 3: Manage level Parameters num1: Absolute number of a user interface, which typically starts from 0. console: Specifies the console user interface.
// To make configurations without interruption from the user using VTY 1, you can release the connection established on VTY 1. history-command max-size Syntax history-command max-size size-value undo history-command max-size View User interface view Default level 2: System level Parameters size-value: Specifies the maximum number of history commands that the buffer can store. The value ranges from 0 to 256.
Parameters minutes: Specifies the timeout time in minutes, which ranges from 0 to 35791, and defaults to 10 minutes. seconds: Specifies timeout time in seconds, which ranges from 0 to 59, and defaults to 0 seconds. Description Use idle-timeout to set the idle-timeout timer. Use undo idle-timeout to restore the default. The default idle-timeout is 10 minutes.
Examples # Associate the HTTP service with ACL 2001 to only allow the clients within the 10.10.0.0/16 network to access the device through HTTP. system-view [Sysname] acl number 2001 [Sysname-acl-basic-2001] rule permit source 10.10.0.0 0.0.255.255 [Sysname-acl-basic-2001] quit [Sysname] ip http acl 2001 ip http enable Syntax ip http enable undo ip http enable View System view Default level 2: System level Parameters None Description Use ip http enable to enable the HTTP service.
View System view Default level 3: Manage level Parameters port-number: Port number of the HTTP service, which ranges from 1 to 65535. Description Use ip http port to configure the port number of the HTTP service. Use undo ip http port to restore the default. By default, the port number of the HTTP service is 80. Verify that the port number is not used by another service, because this command does not check for conflicts with configured port numbers. This command is not supported in FIPS mode.
Related commands: display ip https and acl number. Examples # Associate the HTTPS service with ACL 2001 to only allow the clients within the 10.10.0.0/16 network segment to access the HTTPS server through HTTP. system-view [Sysname] acl number 2001 [Sysname-acl-basic-2001] rule permit source 10.10.0.0 0.0.255.
Default level 3: Manage level Parameters None Description Use ip https enable to enable the HTTPS service. Use undo ip https enable to disable the HTTPS service. By default, the HTTPS service is disabled. The device can act as the HTTP server that can be accessed only after the HTTP service is enabled. Enabling the HTTPS service triggers an SSL handshake negotiation process. • If the local certificate of the device exists, the SSL negotiation succeeds, and the HTTPS service can be started.
Examples # Configure the port number of the HTTPS service as 6000. system-view [Sysname] ip https port 6000 ip https ssl-server-policy Syntax ip https ssl-server-policy policy-name undo ip https ssl-server-policy View System view Default level 3: Manage level Parameters policy-name: Name of an SSL server policy, a string of 1 to 16 characters. Description Use ip https ssl-server-policy to associate the HTTPS service with an SSL server-end policy.
Description Use lock to lock the user interface. This method prevents unauthorized users from using the user interface. When entering the lock command, you are asked to enter a password (up to 16 characters) and then confirm it by entering the password again. After locking the user interface, you must press Enter and input the correct password next time you enter this user interface. By default, this function is disabled. This command is not supported in FIPS mode.
space: Performs a space parity check. Description Use parity to set a parity check method. Use undo parity to restore the default. By default, no parity check is performed. NOTE: • The command is applicable to the console port. • The parity check setting must be the same for the user interfaces of the connecting ports on the device and the target terminal device for communication. Examples # Configure the console port to perform odd parity check.
Before configuring a user interface to support SSH, set the authentication mode to scheme for the user interface; otherwise, the protocol inbound ssh command fails. For more information, see authentication-mode. By default, the authentication mode of the Telnet protocol is password. Examples # Enable the VTYs 0 through 4 to support SSH only.
send Syntax send { all | num1 | { console | vty } num2 } View User view Default level 1: Monitor level Parameters all: Sends messages to all user interfaces. console: Specifies the console user interface. vty: Specifies the VTY user interface. num1: Absolute number of a user interface, which typically starts from 0. num2: Relative number of a user interface. Description Use send to send messages to the specified user interfaces. To end message input, press Ctrl+Z.
50 VTY 1 00:00:03 TEL 3 Following are more details. VTY 0 : Location: 192.168.1.26 VTY 1 : Location: 192.168.1.20 + : Current operation user. F : Current operation user work in async mode. // The output shows that a user is using VTY 1. 2. Send a notification to the user of VTY 1. send vty 1 Enter message, end with CTRL+Z or Enter; abort with CTRL+C: Your attention please.
Description Use set authentication password to set an authentication password. Use undo set authentication password to remove the local authentication password. By default, no local authentication password is set. No matter whether the password format is plain text or cipher text, you must enter the password in plain text during authentication. A plain text password easily gets cracked. Therefore, a cipher text password is recommended. This command is not supported in FIPS mode.
% Disable ui-vty0-4 , are you sure? [Y/N]:y [Sysname-ui-vty0-4] The following message appears when a terminal tries to Telnet to the device: The connection was closed by the remote host! speed (user interface view) Syntax speed speed-value undo speed View User interface view Default level 2: System level Parameters speed-value: Transmission rate in bps.
[Sysname] user-interface console 0 [Sysname-ui-console0] speed 19200 stopbits Syntax stopbits { 1 | 1.5 | 2 } undo stopbits View User interface view Default level 2: System level Parameters 1: One stop bit. 1.5: One and a half stop bits. 2: Two stop bits. Description Use stopbits to set the number of stop bits transmitted per byte. Use undo stopbits to restore the default. By default, the stop bit is one. NOTE: • The command is only applicable to the console port.
Parameters remote-host: IPv4 address or host name of a remote host, a case-insensitive string of 1 to 20 characters. service-port: TCP port number of the Telnet service on the remote host. It ranges from 0 to 65535 and defaults to 23. vpn-instance vpn-instance-name: Specifies the VPN that the remote system belongs to, where vpn-instance-name is a case-sensitive string of 1 to 31 characters. If the remote system is on the public network, do not specify this option.
By default, no source IPv4 address or source interface for sending Telnet packets is specified. The source IPv4 address is selected by routing. The source IPv4 address or source interface specified by this command is applicable all Telnet connections. If you use both this command and the telnet command to specify the source IPv4 address or source interface, the source IPv4 address or interface specified by the telnet command takes effect. This command is not supported in FIPS mode.
telnet server enable Syntax telnet server enable undo telnet server enable View System view Default level 3: Manage level Parameters None Description Use telnet server enable to enable the Telnet server. Use undo telnet server enable to disable the Telnet server. The Telnet server is disabled by default. This command is not supported in FIPS mode. Examples # Enable the Telnet server.
types (for example, hyper terminal or Telnet terminal) or both are set to ANSI, when the total number of characters of the currently edited command line exceeds 80, an anomaly such as cursor corruption or abnormal display of the terminal display may occur on the client. Examples # Set the terminal display type to VT100.
ping Ping function quit Exit from current command view rsh Establish one RSH connection ssh2 Establish a secure shell client connection super Set the current user priority level telnet Establish one TELNET connection tracert Trace route function user-interface Syntax user-interface { first-num1 [ last-num1 ] | { console | vty } first-num2 [ last-num2 ] } View System view Default level 2: System level Parameters first-num1: Absolute number of the first user interface, which typically starts
Device management commands clock datetime Syntax clock datetime time date View User view Default level 3: Manage level Parameters time: Configured time, in the hh:mm:ss format. The hh value ranges from 00 to 23, the mm value ranges from 00 to 59, and the ss value ranges from 00 to 59. Zeros can be omitted, unless you specify 00:00:00. date: Configured date, in the MM/DD/YYYY or YYYY/MM/DD format.
Parameters zone-name: Specifies a daylight saving time schedule by a zone name, a case-sensitive string of 1 to 32 characters. start-time: Specifies a start time, in the hh:mm:ss format. Zeros can be omitted, unless you specify 00:00:00. start-date: Specifies a start date, in the MM/DD/YYYY or YYYY/MM/DD format. end-time: Specifies an end time, in the hh:mm:ss format. Zeros can be omitted, unless you specify 00:00:00. end-date: Specifies an end date, in the MM/DD/YYYY or YYYY/MM/DD format.
start-time: Specifies a start time, in the hh:mm:ss format. Zeros can be omitted, unless you specify 00:00:00. start-date: Specifies a start date, which can be set in the following ways: • Enter the year, month and date at one time, in the MM/DD/YYYY or YYYY/MM/DD format. • Enter the year, month and date one by one, separated by spaces.
View System view Default level 3: Manage level Parameters zone-name: Specifies a time zone by its name, a case-sensitive string of 1 to 32 characters. add: Adds a specified offset to UTC. minus: Subtracts a specified offset to UTC. zone-offset: Specifies an offset to the UTC, in the hh:mm:ss format. Zeros can be omitted, unless you specify 00:00:00. Description Use clock timezone to set the local time zone. Use undo clock timezone to restore the default UTC time zone.
When multiple users enter system view to configure a parameter, only the last configuration applies. When the number of users has already reached the limit, other users can not enter system view. Related commands: display configure-user. All firewalls support the number argument, and the argument has different value ranges: F1000-A-EI/S-EI F1000-E F5000 Firewall module 1 to 54 1 to 55 1 to 55 1 to 55 Examples # Set the maximum number of users to 4.
* Copyright (c) 2010-2011 Hewlett-Packard Development Company, L.P. * * Without the owner's prior written consent, * * no decompiling or reverse-engineering shall be allowed. * **************************************************************************** User interface con0 is available. Please press ENTER. # Disable displaying the copyright statement.
Related commands: clock datetime, clock summer-time one-off, clock summer-time repeating, and clock timezone. Examples # Display the current time and date. display clock 09:41:23 UTC Thu 12/15/2005 display configure-user Syntax display configure-user [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters |: Filters command output by specifying a regular expression.
display cpu-usage Syntax display cpu-usage [ entry-number [ offset ] [ verbose ] [ from-device ] ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters entry-number: Specifies the number of entries to be displayed, which ranges from 1 to 60. offset: Specifies an offset in the range of 0 to 59. The offset specifies the record to be displayed first in the output.
CPU Usage Stat. Cycle: 60 (Second) CPU Usage : 3% CPU Usage Stat. Time : 2006-07-10 10:56:55 CPU Usage Stat. Tick : 0x1d9d(CPU Tick High) 0x3a659a70(CPU Tick Low) Actual Stat. Cycle : 0x0(CPU Tick High) 0x95030517(CPU Tick Low) ===== CPU usage info (no: 1 idx: 57) ===== CPU Usage Stat. Cycle: 60 (Second) CPU Usage : 3% CPU Usage Stat. Time : 2006-07-10 10:55:55 CPU Usage Stat. Tick : 0x1d9c(CPU Tick High) 0xa50e5351(CPU Tick Low) Actual Stat.
View Any view Default level 1: Monitor level Parameters task task-id: Displays the historical CPU usage statistics for the specified task, where task-id represents the task number. If the task-id argument is not provided, this command displays the historical CPU usage statistics for the entire system (the CPU usages of the entire system is the sum of CPU usages of all tasks). |: Filters command output by specifying a regular expression.
35%| 30%| 25%| 20%| 15%| # 10%| ### 5%| # ######## -----------------------------------------------------------10 20 30 40 50 60 (minutes) cpu-usage last 60 minutes(SYSTEM) The output shows the historical CPU usage statistics (with the task name SYSTEM) in the last 60 minutes: • 5%: 12 minutes ago • 10%: 13 minutes ago • 15%: 14 minutes ago • 10%: 15 minutes ago • 5%: 16 and 17 minutes ago • 10%: 18 minutes ago • 5%: 19 minutes ago • 2% or lower than 2%: other time # Display th
• 5%: 20 minutes ago • 2% or lower than 2%: other time display device Syntax display device [ cf-card | usb ] [ slot slot-number | verbose ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 2: System level Parameters cf-card: Displays CF card information. usb: Displays information about the device connected with the universal serial bus (USB) interface. slot slot-number: Displays information about the specified card.
Table 9 Command output Field Description Status Status of the card Type Type of the card Hardware Hardware version of the card Driver Driver version of the card CPLD CPLD version of the card SubCard Num Number of subcards CFCard Num Number of CF cards Usb Num Number of USB slots display device manuinfo Syntax display device manuinfo [ slot slot-number ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 3: Manage level Parameters slot slot-number: Display
MAC_ADDRESS:3CE5-A6CC-8D21 MANUFACTURING_DATE:2011-01-06 VENDOR_NAME:HP display diagnostic-information Syntax display diagnostic-information [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
===============display version=============== =================================================== … display environment Syntax display environment [ cpu ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters cpu: Displays temperature information for the CPUs on the firewall. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
display fan Syntax display fan [ fan-id ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters fan-id: Displays the operating state of the specified fan, where the fan-id argument represents the built-in fan number. The value ranges from 1 to 2. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display flowengine-usage to display the flow engine usage statistics. The system regularly (typically at 5-second intervals) collects the flow engine usage statistics and saves the statistical results in the history record area. A record contains the average usage of the flow engine in the specified interval.
Consecutive pound signs (#) indicate the flow engine usage at a specific time. The value on the vertical axis for the topmost # sign at a specific time represents the flow engine usage at that time. • The following matrix shows the command and firewall compatibility: Command F1000-A-EI/S-EI F1000-E F5000 Firewall module display flowengine-usage history No Yes Yes Yes Examples # Display the historical flow engine usage statistics.
Parameters job-name: Specifies the job name, which is a string of 1 to 32 characters. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display memory to display memory usage statistics.for the firewall. Examples # Display memory usage statistics.
Examples # Display power supply information. display power Power Information: Power 1 Status: Normal Power 2 Status: AbNormal display reboot-type Syntax display reboot-type [ | { begin | exclude | include } regular-expression ] View Any view Default level 2: System level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display schedule reboot to display the reboot schedule. Related commands: schedule reboot at and schedule reboot delay. Examples # Display the reboot schedule. display schedule reboot System will reboot at 16:00:00 03/10/2006 (in 2 hours and 5 minutes).
Default level 2: System level Parameters interface [ interface-type interface-number ]: Displays the key parameters of the transceiver module in an interface. The interface-type interface-number argument specifies an interface by its type and number. If no interface is specified, this command displays the key parameters of the transceiver modules in all interfaces. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Field Transfer distance(xx) Description Transfer distance, with xx representing km for single-mode transceiver modules and m for other transceiver modules. If the transceiver module supports multiple transfer media, every two transfer distance values are separated by a comma. The corresponding transfer medium is included in the bracket following the transfer distance value. The following are the supported transfer media: • • • • • 9 um—9/125 um single-mode fiber. 50 um—50/125 um multi-mode fiber. 62.
Table 14 Command output Field Remarks GBIC/SFP RX loss of signal Incoming (RX) signal is lost. RX power high Incoming (RX) power level is high. RX power low Incoming (RX) power level is low. TX fault Transmit (TX) fault TX bias high TX bias current is high. TX bias low TX bias current is low. TX power high TX power is high. TX power low TX power is low. Temp high Temperature is high. Temp low Temperature is low. Voltage high Voltage is high. Voltage low Voltage is low.
Field Remarks Wavelength unlocked Wavelength of optical signal exceeds the manufacturer's tolerance. Temp high Temperature is high. Temp low Temperature is low. Voltage high Voltage is high. Voltage low Voltage is low. Transceiver info I/O error Transceiver information read and write error Transceiver info checksum error Transceiver information checksum error Transceiver type and port configuration mismatch Transceiver type does not match port configuration.
Field Remarks Transceiver type and port configuration mismatch Transceiver type does not match port configuration. Transceiver type not supported by port hardware Transceiver type is not supported on the port. Examples # Display the alarms present on the transceiver module in interface GigabitEthernet 0/1.
Description Use display transceiver diagnosis to display the present measured values of the digital diagnosis parameters for transceiver modules. Examples # Display the present measured values of the digital diagnosis parameters for the transceiver module in interface GigabitEthernet 0/2. display transceiver diagnosis interface gigabitethernet 0/2 GigabitEthernet0/2 transceiver diagnostic information: Current diagnostic parameters: Temp(°C) Voltage(V) Bias(mA) RX power(dBM) 36 3.31 6.
begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display transceiver manuinfo to display the electronic label data for transceiver modules.
Examples # Display system version information. display version header Syntax header { incoming | legal | login | motd | shell } text undo header { incoming | legal | login | motd | shell } View System view Default level 2: System level Parameters incoming: Configures the banner displayed before a Modem dial-in user accesses user view. legal: Configures the banner displayed before a user inputs the username and password to access the CLI.
Please input banner content, and quit with the character '%'. Welcome to shell(header shell)% In this example, the percentage sign (%) is the starting and ending characters of text. Entering % after the displayed test quits the header command. As the starting and ending characters, % is not part of the banners. # Verify the configuration by using Telnet. (Password authentication is configured.
nms monitor-interface Syntax nms { primary | secondary } monitor-interface interface-type interface-number undo nms { primary | secondary } monitor-interface View System view Default level 3: Manage level Parameters primary: Specifies the primary NMS-connected interface. secondary: Specifies the secondary NMS-connected interface. interface-type interface-number: Type and number of the interface to be monitored. Description Use nms primary monitor-interface to specify the primary NMS-connected interface.
Default level 3: Manage level Parameters None Description Use reboot to reboot the firewall. CAUTION: • Device reboot can interrupt network services. • If the main system software image file has been corrupted or does not exist, the device cannot reboot. You must re-specify a main system software image file, or power off the device and then power it on so the system can reboot with the backup system software image file.
undo schedule job View User view Default level 3: Manage level Parameters at time1 [ date ]: Specifies the time and/or date to execute a command. • time1: Sets time to execute the command, in the hh:mm format. The hh value ranges from 0 to 23, and the mm value ranges from 0 to 59. • date: Sets the date to execute the command, in the MM/DD/YYYY or YYYY/MM/DD format. The YYYY value ranges from 2000 to 2035, the MM value ranges from 1 to 12, and the DD value ranges from 1 to 31.
• The interval between the scheduled time and the current system time cannot exceed 720 hours, or 30 days. • Changing any clock setting can cancel the job set by using the schedule job command. • After job execution, the configuration interface, view, and user status that you have before job execution restore even if the job has run a command that changes the user interface (for example, telnet, ftp, and ssh2), the view (for example, system-view and quit), or the user status (for example, super).
The device supports only one device reboot schedule. If you configure the schedule reboot at command multiple times, the last configuration takes effect. The schedule reboot at command and the schedule reboot delay command overwrite each other, and whichever is configured last takes effect. The alert "REBOOT IN ONE MINUTE" appears one minute before the reboot time. For data security, if you are performing file operations at the reboot time, the system does not reboot.
The device supports only one device reboot schedule. If you configure the schedule reboot delay command multiple times, the last configuration takes effect. The schedule reboot at command and the schedule reboot delay command overwrite each other, and whichever is configured last takes effect. The alert "REBOOT IN ONE MINUTE" appears one minute before the reboot time. For data security, if you are performing file operations at the reboot time, the system does not reboot.
recovered after T1-T time. If T>=T1, the down port is recovered immediately. For example, if the detection timer is set to 30 seconds and you change it to 10 seconds (T1=10) two seconds after the port is shut down (T=2), this port will be recovered 8 seconds later. If the detection timer is set to 30 seconds and you change it to 2 seconds ten seconds after the port is shut down, this port is recovered immediately.
View System view Default level 3: Manage level Parameters maintain: Specifies that when the system detects any software abnormality, it maintains the current situation, and does not take any measure to recover itself. reboot: Specifies that when the system detects any software abnormality, it recovers itself through automatic reboot. Description Use system-failure to configure the exception handling method. By default, the system adopts the reboot method to handle exceptions.
Examples # Set the lower temperature threshold on card 1 to 10°C (50°F) and the upper temperature threshold to 75°C (167°F). system-view [Sysname] temperature-limit 1 10 75 Setting temperature limit succeeded.
The time ID (time-id) must be unique in a job. If two time and command bindings have the same time ID, the one configured last takes effect. Changing a clock setting does not affect the schedule set by using the time at command. Use Table 18 when you add commands in a job. Table 18 Command schedule options Command Description time timeid at time date command command Schedules a command to run at a specific time and date. The time or date must be later than the current system time or date.
[Sysname-job-saveconfig] time 1 one-off at 8:00 month-date 5 command save a.cfg # Schedule a job to save the configuration file at 8:00 AM on 5th every month. system-view [Sysname] job saveconfig [Sysname-job-saveconfig] view monitor [Sysname-job-saveconfig] time 1 repeating at 8:00 month-date 5 command save a.cfg # Schedule a job to save the configuration file at 8:00 AM on Friday and Saturday in the current week, which might be delayed to the next week if the time has passed.
The time ID (time-id) must be unique in a job. If two time and command bindings have the same time ID, the one configured last takes effect. Changing a clock setting does not affect the schedule set by using the time delay command. Use Table 19 when you add commands in a job. Table 19 Command schedule options Command Description time timeid one-off delay time2 command command Schedules a command to run after a delay time. time timeid repeating delay time2 command command The command runs only once.
Enter a view name in its complete form and make sure the view name is available on the device. Most commonly used view names include monitor for user view, system for system view, and Vlan-interfacex for VLAN interface view. Related commands: job and time. Examples # Specify system view for the job creatvlan.
User management commands acl (user interface view) Syntax To use a basic or advanced ACL: acl [ ipv6 ] acl-number { inbound | outbound } undo acl [ ipv6 ] acl-number { inbound | outbound } To use an Ethernet frame header ACL: acl acl-number inbound undo acl acl-number inbound View VTY user interface view Default level 2: System level Parameters ipv6: When this keyword is present, the command supports IPv6; otherwise, it supports IPv4.
The system regards the basic/advanced ACL with the inbound keyword, the basic/advanced ACL with the outbound keyword, and Ethernet frame header ACL as different types of ACLs, which can coexist in one VTY user interface. The match order is basic/advanced ACL, Ethernet frame header ACL. At most one ACL of each type can be referenced in the same VTY user interface, and the last configured one takes effect. Examples # Allow only the user with the IP address of 192.168.1.
user-id: Web user ID, which is a hexadecimal number of eight digits. user-name: Web user name, which is a string of 1 to 80 characters. Description Use free web-users to log out web users. Related commands: display web users. Examples # Log out all web users.
CLI configuration commands IMPORTANT: The FIPS mode is available only for the firewall modules. For more information about FIPS, see Access Control Configuration Guide. command-alias enable Syntax command-alias enable undo command-alias enable View System view Default level 2: System level Parameters None Description Use command-alias enable to enable the command alias function. Use undo command-alias enable to disable the command alias function. By default, the command alias function is disabled.
Default level 2: System level Parameters cmdkey: The complete form of the first keyword of a command. alias: Specifies the command alias, which cannot be the same as the first keyword of an existing command. Description Use command-alias mapping to configure command aliases. Use undo command-alias mapping to delete command aliases. By default, a command has no alias. Examples # Configure command aliases by specifying show as the replacement of the display keyword.
Command levels include four privileges: visit (0), monitor (1), system (2), and manage (3). You can assign a privilege level according to the user's need. When logging in to the switch, the user can access the assigned level and all levels below it. • Level changes can cause maintenance, operation, and security problem. HP recommends that you use the default command level or that you modify the command level under the guidance of professional staff.
exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display clipboard to view the contents of the clipboard. To copy the specified content to the clipboard: • Move the cursor to the starting position of the content and press the combination.
display history-command Syntax display history-command [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display hotkey to display hotkey information. Examples # Display hotkey information.
hotkey Syntax hotkey { CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U } command undo hotkey { CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U } View System view Default level 2: System level Parameters CTRL_G: Associates hot key Ctrl+G to the specified command. CTRL_L: Associates hot key Ctrl+L to the specified command. CTRL_O: Associates hot key Ctrl+O to the specified command. CTRL_T: Associates hot key Ctrl+T to the specified command. CTRL_U: Associates hot key Ctrl+U to the specified command.
Parameters None Description Use quit to return to a lower-level view. In user view, the quit command terminates the connection and reconnects to the switch. Examples # Switch from GigabitEthernet 0/1 interface view to system view, and then to user view.
Description Use screen-length disable to disable the multiple-screen output function. Use undo screen-length disable to enable the multiple-screen output function. By default, a login user uses the settings of the screen-length command. The default settings of the screen-length command are: multiple-screen output is enabled and 24 lines are displayed on the next screen. When the user logs out, the settings restore to their default values. Examples # Disable multiple-screen output for the current user.
User privilege level is 3, and only those commands can be used whose level is equal or less than this. Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE super authentication-mode Syntax super authentication-mode { local | scheme } * undo super authentication-mode View System view Default level 2: System level Parameters local: Authenticates a user by using the local password set with the super password command.
super password Syntax super password [ level user-level ] { simple | cipher } password undo super password [ level user-level ] View System view Default level 2: System level Parameters level user-level: User privilege level, which ranges from 1 to 3 and defaults to 3. simple: Plain text password. cipher: Cipher text password. password: Password, a case-sensitive string of characters. • A simple password is a string of 1 to 16 characters.
# Display the configured password for level switching. [Sysname] display current-configuration | include super super password level 3 cipher ;)<01%^&;YGQ=^Q`MAF4<1!! system-view Syntax system-view View User view Default level 2: System level Parameters None Description Use system-view to enter system view from the current user view. Related commands: quit and return. Examples # Enter system view from the current user view. system-view System View: return to User View with Ctrl+Z.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents a firewall. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device.
Index ACDEFHIJLNPQRSTUVW display ip http,9 A display ip https,10 acl (user interface view),83 display job,55 acsei-client enable,1 display memory,56 activation-key,1 display power,57 authentication-mode,3 display reboot-type,58 auto-execute command,4 display schedule job,58 C display schedule reboot,59 clock datetime,38 display system-failure,60 clock summer-time one-off,38 display telnet client configuration,11 clock summer-time repeating,39 display transceiver,60 clock timezone,40 di
ip https port,23 shutdown-interval,75 ip https ssl-server-policy,24 speed (user interface view),31 J stopbits,32 Subscription service,98 job,69 super,94 L super authentication-mode,95 lock,24 super password,96 N sysname,76 system-failure,76 nms monitor-interface,70 system-view,97 P T parity,25 telnet,32 protocol inbound,26 telnet client source,33 Q telnet ipv6,34 telnet server enable,35 quit,92 temperature-limit,77 R terminal type,35 reboot,70 time at,78 reset unused porttag,71
