tcp ipv6 window 1190
ping ipv6 1191
telnet ipv6 1192
tftp ipv6 1193
tracert ipv6 1193
display smart-link flush 1201
display smart-link group 1202
flush enable control-vlan 1202
smart-link flush enable 1205
display monitor-link group 1209
am enable 1215
am ip-pool 1215
web-authentication web-server 1219
web-authentication enable 1219
display password-control 1227
reset password-control blacklist 1239
ALPHABETICAL LISTING OF COMMANDS
A B C D E F G H I J K
L M N O P Q R S T U V W X
A abr-summary 347 access-limit 591 accounting 591 accounting domain
705 accounting optional 592 accounting optional 617 accounting-on
enable 617 acl 773 acl 87 active region-configuration 263
add-member 907 address-check 745 administrator-address 908
aggregate 391 am enable 1215 am ip-pool 1215 am trap enable 1216 am
user-bind 235 apply as-path 451 apply community 451 apply cost 441
apply cost 452 apply cost-type 453 apply ip next-hop 454 apply
local-preference 454 apply origin 455 apply poe-profile 951 apply
qos-profile 825 apply tag 441 apply tag 455 area 348 arp check
enable 687 arp detection enable 687 arp detection trust 688 arp
protective-down recover enable
688 arp protective-down recover interval
689 arp proxy enable 701 arp rate-limit 690
arp rate-limit enable 690 arp restricted-forwarding enable 691 arp
send-gratuitous enable vrrp 692 arp static 692 arp timer aging 693
asbr-summary 348 ascii 1065 attribute 593 authentication 594
authentication super 595 authentication super 598
authentication-mode 349 authentication-mode 61 authorization 596
authorization vlan 597 auto-build 908 auto-execute command 62
B backup current-configuration 1055 bgp 392 bims-server 705 binary
1065 black-list 931 boot attribute-switch 1049 boot boot-loader
1050 boot boot-loader 855 boot boot-loader backup-attribute
A B C D E F G H I J K L M N O P Q R S T U V W X
38 ALPHABETICAL LISTING OF COMMANDS
C cache-sa-enable 517 calling-station-id mode 619 c-bsr 500 cd 1035
cd 1066 cd 1087 cdup 1067 cdup 1088 change self-unit 883 change
unit-id 883 check region-configuration 264 checkzero 327 clock
datetime 837 clock summer-time 837 clock timezone 838 close 1068
cluster 912 cluster enable 912 cluster switch-to 913 cluster-mac
914 cluster-mac syn-interval 914 command-privilege level 55
compare-different-as- med 393 confederation id 393 confederation
nonstandard 394 confederation peer-as 395 Conventions 53 copy 1036
copy configuration 174 copyright-info enable 63 count 1137 c-rp 501
crp-policy 501 cut connection 598
D dampening 396 databits 64 data-flow-format 619 data-flow-format
645 datasize 1137 debugging 847 debugging dhcp xrn xha 113 default
350 default cost 327 default local-preference 397 default med 397
default-cost 351 default-route- advertise 352
default-route imported 398 delete 1036 delete 1068 delete 1088
delete static-routes all 323 delete-member 915 delete-member 931
description 117 description 177 description 774 destination-ip 1138
destination-port 1139 detect-group 255 detect-list 255 dhcp enable
707 dhcp protective-down recover enable
765 dhcp protective-down recover inter-
val 765 dhcp rate-limit 766 dhcp rate-limit enable 767 dhcp relay
information enable 746 dhcp relay information strategy 747 dhcp
select global 707 dhcp select interface 708 dhcp server bims-server
710 dhcp server bootfile-name 711 dhcp server detect 712 dhcp
server dns-list 712 dhcp server domain-name 713 dhcp server expired
714 dhcp server forbidden-ip 715 dhcp server ip-pool 716 dhcp
server nbns-list 717 dhcp server netbios-type 718 dhcp server
option 720 dhcp server ping 721 dhcp server relay information
enable
722 dhcp server static-bind 722 dhcp server tftp-server
domain-name
A B C D E F G H I J K L M N O P Q R S T U V W X
Alphabetical Listing of Commands 39
dhcp-snooping information enable 755
dhcp-snooping information format 756
dhcp-snooping information strategy 758
dhcp-snooping information vlan cir- cuit-id 759
dhcp-snooping information vlan re- mote-id 760
dhcp-snooping trust 761 dir 1038 dir 1069 dir 1088 disconnect 1070
display acl 774 display am 1217 display am user-bind 236 display
arp | 695 display arp 694 display arp count 696 display arp
detection statistics inter-
face 696 display arp proxy 701 display arp timer aging 697 display
bgp group 398 display bgp network 399 display bgp paths 400 display
bgp peer 401 display bgp routing 402 display bgp routing
as-path-acl 404 display bgp routing cidr 404 display bgp routing
community 405 display bgp routing community-list
406 display bgp routing dampened 406 display bgp routing
different-ori-
gin-as 407 display bgp routing flap-info 408 display bgp routing
peer 409 display bgp routing regular-expres-
sion 410 display bgp routing statistic 410 display boot-loader 1051
display boot-loader 856 display bootp client 770 display
bpdu-tunnel 1134
display brief interface 177 display channel 1105 display clock 843
display cluster 916 display cluster base-members 932 display
cluster base-topology 933 display cluster black-list 933 display
cluster candidates 917 display cluster current-topology 934 display
cluster members 918 display connection 599 display cpu 856 display
current-configuration 93 display current-configuration vlan
101 display debugging 843 display detect-group 256 display device
857 display dhcp client 769 display dhcp server conflict 727
display dhcp server expired 727 display dhcp server free-ip 728
display dhcp server ip-in-use 729 display dhcp server statistics
730 display dhcp server tree 731 display dhcp-security 751 display
dhcp-server 751 display dhcp-server interface 753 display
dhcp-snooping 761 display dhcp-snooping trust 762 display
diagnostic-information 847 display dldp 239 display dns domain 1195
display dns dynamic-host 1195 display dns ipv6 dynamic-host 1165
display dns server 1196 display domain 601 display dot1x 555
display drv qacl_resource 775 display drv-module qacl
A B C D E F G H I J K L M N O P Q R S T U V W X
40 ALPHABETICAL LISTING OF COMMANDS
display ftp-server 1059 display ftp-server source-ip 1059 display
ftp-user 1060 display garp statistics 165 display garp timer 166
display gvrp statistics 169 display gvrp status 170 display habp
577 display habp table 577 display habp traffic 578 display
history-command 56 display hwtacacs 645 display icmp statistics 145
display igmp group 485 display igmp interface 485 display
igmp-snooping configuration
535 display igmp-snooping group 535 display igmp-snooping
statistics 537 display info-center 1105 display interface 179
display interface Vlan-interface 117 display ip host 1197 display
ip interface 137 display ip interface brief 138 display ip
ip-prefix 442 display ip ip-prefix 456 display ip routing-table 311
display ip routing-table acl 312 display ip routing-table
ip-address
315 display ip routing-table ip-address1
ip-address2 316 display ip routing-table ip-prefix 317 display ip
routing-table protocol 318 display ip routing-table radix 318
display ip routing-table statistics 319 display ip routing-table
verbose 320 display ip socket 146 display ip source static binding
762 display ip statistics 147 display ipv6 fib 1165 display ipv6
host 1166 display ipv6 interface 1167 display ipv6 neighbors 1168
display ipv6 neighbors count 1170 display ipv6 route-table 1170
display ipv6 socket 1171 display ipv6 statistics 1172 display
irf-fabric 885 display isolate port 221
display lacp system-id 216 display link-aggregation interface
213 display link-aggregation summary
214 display link-aggregation verbose 215 display link-delay 182
display local-server statistics 620 display local-user 602 display
logbuffer 1107 display logbuffer summary 1108 display
loopback-detection 182 display mac-address 247 display mac-address
aging-time 247 display mac-address multicast 471 display
mac-address security 223 display mac-authentication 675 display
memory 467 display memory 859 display memory limit 467 display
mirror 873 display mirroring-group 873 display monitor-link group
1209 display mpm forwarding-table 472 display mpm group 473 display
msdp brief 517 display msdp peer-status 518 display msdp sa-cache
520 display msdp sa-count 521 display multicast
forwarding-table
474 display multicast routing-table 475 display
multicast-source-deny 476 display ndp 893 display ntdp 899 display
ntdp device-list 900 display ntdp single-device mac-ad-
A B C D E F G H I J K L M N O P Q R S T U V W X
Alphabetical Listing of Commands 41
display ospf retrans-queue 366 display ospf routing 367 display
ospf vlink 367 display packet-drop 183 display packet-filter 777
display password-control 1227 display password-control
blacklist
1228 display password-control super 1228 display pim bsr-info 502
display pim interface 503 display pim neighbor 504 display pim
routing-table 504 display pim rp-info 506 display poe disconnect
939 display poe interface 939 display poe interface power 941
display poe powersupply 942 display poe temperature-
protection
943 display poe-profile 952 display port 125 display port combo 184
display port vlan-vpn 1123 display port-mac 250 display
port-security 224 display power 860 display protocol-priority 797
display protocol-vlan interface 131 display protocol-vlan vlan 131
display public-key local 1009 display public-key peer 1010 display
qos cos-local-
precedence-map 798 display qos-interface all 798 display
qos-interface line-rate 800 display qos-interface mirrored-to 801
display qos-interface traffic-limit 802 display qos-interface
traffic-priority
802 display qos-interface traffic-redirect
803 display qos-interface traffic-re-
805 display qos-profile 826 display queue-scheduler 805 display
radius scheme 621 display radius statistics 622 display remote-ping
1139
A B C D E F G H I J K L M N O P Q R S T U V W X
42 ALPHABETICAL LISTING OF COMMANDS
display telnet source-ip 65 display telnet-server source-ip 64
display tftp source-ip 1099 display this 107 display time-range 777
display transceiver alarm interface
860 display transceiver diagnosis interface
863 display transceiver interface 864 display transceiver manuinfo
inter-
face 865 display trapbuffer 1108 display udp ipv6 statistics 1178
display udp statistics 150 display udp-helper server 955 display
unit 187 display user-interface 65 display users 67 display users
844 display version 845 display vlan 118 display vlan 159 display
voice vlan error-info 157 display voice vlan oui 157 display voice
vlan status 158 display vrrp 661 display vrrp interface
vlan-interface
661 display vrrp statistics 662 display vrrp verbose 664 display
web package 1052 display web users 68 display web-authentication
configu-
ration 1225 display web-authentication connec-
tion 1224 display webcache 833 display xrn-fabric 114 dldp 240 dldp
authentication-mode 241 dldp delaydown-timer 244 dldp interval 242
dldp reset 242 dldp unidirectional-shutdown 243 dldp work-mode 244
dns domain 1197 dns resolve 1198 dns resolve-target 1145 dns server
1198 dns server ipv6 1179
dns-list 732 dns-server 1145 domain 603 domain-name 733 dot1x 558
dot1x authentication- method 559 dot1x dhcp-launch 560 dot1x
free-ip 575 dot1x guest-vlan 561 dot1x handshake 562 dot1x max-user
563 dot1x port-control 564 dot1x port-method 565 dot1x quiet-period
566 dot1x re-authenticate 568 dot1x retry 567 dot1x
retry-version-max 567 dot1x supp-proxy-check 569 dot1x timer 571
dot1x timer acl-timeout 575 dot1x timer reauth-period 573 dot1x url
576 dot1x version-check 573 duplex 190
E enable log updown 190 enable snmp trap updown 965 execute 1039
exit 1090 expired 734
F fabric member-auto-update software
A B C D E F G H I J K L M N O P Q R S T U V W X
Alphabetical Listing of Commands 43
free user-interface 68 free web-users 87 frequency 1146 ftm
fabric-vlan 889 ftp { cluster | remote-server }
source-interface 1072 ftp { cluster | remote-server }
source-ip
1072 ftp 1071 ftp cluster 920 ftp disconnect 1060 ftp server enable
1061 ftp source-interface 1073 ftp source-ip 1073 ftp timeout 1062
ftp-operation 1147 ftp-server 920 ftp-server source-interface 1062
ftp-server source-ip 1063
G garp timer 167 garp timer leaveall 168 gateway-list 734 get 1074
get 1090 giant-frame statistics enable 193 gratuitous-arp
period-resending en-
able 697 gratuitous-arp-learning enable 698 group 412 gvrp 171 gvrp
registration 171
H habp enable 578 habp server vlan 579 habp timer 579 header 69
help 1090 history-command max-size 71 history-records 1148 holdtime
921 host-route 333 http-operation 1148 http-string 1149 hwtacacs
nas-ip 647 hwtacacs scheme 647
I icmp redirect send 151 icmp unreach send 152 idle-cut 604
idle-timeout 71 if-match { acl | ip-prefix } 458 if-match 443
if-match as-path 458 if-match community 459 if-match cost 444
if-match cost 460 if-match interface 445 if-match interface 460
if-match ip next-hop 445 if-match ip next-hop 461 if-match tag 446
if-match tag 462 igmp enable 487 igmp group-limit 487 igmp
group-policy 488 igmp group-policy vlan 489 igmp host-join 549 igmp
host-join port 490 igmp host-join port 548 igmp host-join vlan 491
igmp lastmember- queryinterval 492 igmp max-response-time 492 igmp
proxy 493 igmp robust-count 493 igmp timer other-querier-present
494 igmp timer query 495 igmp version 495 igmp-snooping 538
igmp-snooping fast-leave 538 igmp-snooping general-query
source-ip 539 igmp-snooping group-limit 540 igmp-snooping
group-policy 541 igmp-snooping host-aging-time 543 igmp-snooping
max-response-time
543 igmp-snooping nonflooding-enable
546 igmp-snooping version 547 igmp-snooping vlan-mapping 547
import-route 333 import-route 370
A B C D E F G H I J K L M N O P Q R S T U V W X
44 ALPHABETICAL LISTING OF COMMANDS
import-route 413 import-source 522 info-center channel name 1109
info-center console channel 1109 info-center enable 1110
info-center logbuffer 1111 info-center loghost 1112 info-center
loghost source 1113 info-center monitor channel 1113 info-center
snmp channel 1114 info-center source 1114 info-center switch-on
1117 info-center synchronous 1116 info-center timestamp 1118
info-center timestamp loghost 1118 info-center trapbuffer 1119
instance 269 Intended Readership 53 interface 193 interface
Vlan-interface 120 Introduction 113 ip address 139 ip address
bootp-alloc 771 ip address dhcp-alloc 770 ip as-path-acl 462 ip
check source ip-address 763 ip community-list 463 ip
forward-broadcast 152 ip forward-broadcast 153 ip host 1199 ip http
acl 88 ip http shutdown 72 ip ip-prefix 447 ip ip-prefix 464 ip
route-static 323 ip route-static detect-group 257 ip source static
binding 764 ip-pool 922 ipv4-family 414 ipv6 address 1179 ipv6
address auto link-local 1180 ipv6 address eui-64 1181 ipv6 address
link-local 1181 ipv6 host 1182 ipv6 icmp-error 1182 ipv6 nd dad
attempts 1183 ipv6 nd hop-limit 1184 ipv6 nd ns retrans-timer 1184
ipv6 nd nud reachable-time 1185 ipv6 neighbor 1185 ipv6 neighbors
max-learning-num
1186 ipv6 route-static 1186 irf-fabric authentication-mode
890
J jitter-interval 1150 jitter-packetnum 1151
jumboframe enable 194
K key 624 key 648
L lacp enable 217 lacp port-priority 217 lacp system-priority 218
lcd 1075 level 605 line-rate 806 link-aggregation group 1203
link-aggregation group 1209 link-aggregation group
description
218 link-aggregation group mode 219 link-delay 195 local-server 625
local-server nas-ip 626 local-user 606 local-user password-display-
mode
607 lock 73 logging-host 922 log-peer-change 371 log-peer-change
414 loopback 195 loopback-detection control enable
196 loopback-detection enable 197 loopback-detection interval-time
198 loopback-detection per-vlan enable
198 ls 1075 ls 1091
M mac-address 250 mac-address aging destination-hit
A B C D E F G H I J K L M N O P Q R S T U V W X
Alphabetical Listing of Commands 45
enable 252 mac-address max-mac-count 252 mac-address multicast
interface 477 mac-address multicast vlan 478 mac-address security
225 mac-address timer 253 mac-address-mapping 1129
mac-authentication 677 mac-authentication authmode user-
nameasmacaddress 678 mac-authentication authmode user-
namefixed 679 mac-authentication authpassword
683 mac-authentication timer 681 mac-authentication timer
guest-vlan-reauth 684 management-vlan 923 mdi 199 mdi 200 memory
468 memory auto-establish disable 469 memory auto-establish enable
470 messenger 607 mirrored-to 807 mirroring-group 875
mirroring-group mirroring-port 875 mirroring-group monitor-port 876
mirroring-group reflector-port 877 mirroring-group remote-probe
vlan
878 mirroring-port 878 mkdir 1042 mkdir 1076 mkdir 1092
monitor-link group 1210 monitor-port 879 more 1042 move 1043 msdp
522 msdp-tracert 523 mtracert 525 multicast route-limit 478
multicast routing-enable 479
multicast static-group interface 549 multicast static-group vlan
550 multicast static-router-port 551 multicast static-router-port
vlan 551 multicast storing-enable 480 multicast storing-packet 480
multicast-source-deny 481 multicast-suppression 200
multi-path-number 372
N name 120 name 608 nas-ip 627 nas-ip 649 nbns-list 735 ndp enable
896 ndp timer aging 896 ndp timer hello 897 netbios-type 736
network 334 network 372 network 415 network 737 nm-interface
Vlan-interface 924 nslookup type 1200 nssa 373 ntdp enable 901 ntdp
explore 902 ntdp hop 902 ntdp timer 903 ntdp timer hop-delay 904
ntdp timer port-delay 904 ntp-service access 998 ntp-service
authentication enable
999 ntp-service authentication-keyid 999 ntp-service
broadcast-client 1000 ntp-service broadcast-server 1001 ntp-service
in-interface disable 1001 ntp-service max-dynamic-sessions
1002 ntp-service multicast-client 1002 ntp-service multicast-server
1003 ntp-service reliable authentica-
tion-keyid 1004 ntp-service source-interface 1004 ntp-service
unicast-peer 1005 ntp-service unicast-server 1006
A B C D E F G H I J K L M N O P Q R S T U V W X
46 ALPHABETICAL LISTING OF COMMANDS
O open 1077 option 258 option 737 originating-rp 526 ospf 374 ospf
authentication-mode 375 ospf cost 376 ospf dr-priority 376 ospf
mib-binding 377 ospf mtu-enable 377 ospf network-type 378 ospf
timer dead 379 ospf timer hello 380 ospf timer poll 381 ospf timer
retransmit 381 ospf trans-delay 382
P packet-filter 778 packet-filter 826 packet-filter vlan 779 parity
73 passive 1078 password 1152 password 1228 password 609
password-control aging 1229 password-control
alert-before-expire
1232 password-control authentication-tim-
1231 password-control super 1236 password-control super
composition
1237 peer 335 peer 383 peer advertise-community 415 peer
allow-as-loop 416 peer as-number 417 peer as-path-acl export 417
peer as-path-acl import 418 peer connect-interface 419 peer
connect-interface 526
A B C D E F G H I J K L M N O P Q R S T U V W X
Alphabetical Listing of Commands 47
port hybrid protocol-vlan vlan 132 port hybrid pvid vlan 126 port
hybrid vlan 127 port isolate 221 port link-aggregation group 219
port link-type 128 port link-type irf-fabric 890 port monitor-link
group 1212 port smart-link group 1204 port trunk permit vlan 128
port trunk pvid vlan 129 port-mac 254 port-security authorization
ignore
228 port-security enable 226 port-security intrusion-mode 227
port-security max-mac-count 229 port-security ntk-mode 230
port-security oui 230 port-security port-mode 231 port-security
timer disableport 233 port-security trap 233 preference 336
preference 383 preference 433 primary accounting 628 primary
accounting 649 primary authentication 628 primary authentication
650 primary authorization 651 priority 809 priority trust 809
probe-failtimes 1152 protocol inbound 1015 protocol inbound 74
protocol-priority protocol-type 810 protocol-vlan 133 public-key
local create 1016 public-key local destroy 1017 public-key local
export dsa 1018 public-key local export rsa 1017 public-key peer
1019 public-key peer import sshkey 1020 public-key-code begin 1020
public-key-code end 1021 put 1078 put 1092 pwd 1043 pwd 1079 pwd
1092
Q qos cos-local- precedence-map 811 qos-profile 827 qos-profile
port-based 828 queue-scheduler 812 queue-scheduler 814 quit 1079
quit 1093 quit 839
A B C D E F G H I J K L M N O P Q R S T U V W X
48 ALPHABETICAL LISTING OF COMMANDS
reset ftm statistics 891 reset garp statistics 169 reset hwtacacs
statistics 652 reset igmp group 496 reset igmp-snooping statistics
552 reset ip routing-table statistics proto-
col 321 reset ip statistics 153 reset ipv6 neighbors 1187 reset
ipv6 statistics 1188 reset lacp statistics 220 reset logbuffer 1120
reset mac-authentication 682 reset msdp peer 531 reset msdp
sa-cache 532 reset msdp statistics 532 reset multicast
forwarding-table 482 reset multicast routing-table 483 reset ndp
statistics 898 reset ospf 384 reset ospf statistics 384 reset
packet-drop interface 202 reset password-control blacklist 1239
reset password-control history-record
1238 reset password-control history-record
super 1238 reset pim neighbor 511 reset pim routing-table 512 reset
radius statistics 632 reset recycle-bin 1044 reset
saved-configuration 108 reset smart-link packets counter 1205 reset
stop-accounting-buffer 633 reset stop-accounting-buffer 652 reset
stp 270 reset tcp ipv6 statistics 1188 reset tcp statistics 154
reset traffic-statistic 815 reset trapbuffer 1120 reset udp ipv6
statistics 1188 reset udp statistics 154 reset udp-helper packet
955 reset vrrp statistics 665 resilient-arp enable 703
resilient-arp interface vlan-interface
704 restore startup-configuration 1056 retry 259 retry 633 retry
realtime-accounting 634
retry stop-accounting 635 retry stop-accounting 652 return 840
revision-level 271 rip 337 rip authentication-mode 337 rip input
338 rip metricin 339 rip metricout 339 rip output 340 rip
split-horizon 341 rip version 341 rip work 342 rmdir 1045 rmdir
1082 rmdir 1094 rmon alarm 987 rmon event 989 rmon history 990 rmon
prialarm 991 rmon statistics 993 route-policy 448 route-policy 465
router id 385 router id 438 rsa local-key-pair create 1022 rsa
local-key-pair destroy 1023 rsa peer-public-key 1023 rsa
peer-public-key import sshkey
1024 rule (for Advanced ACLs) 782 rule (for Basic ACLs) 780 rule
(for Layer 2 ACLs) 788 rule (for user-defined ACLs) 790 rule
comment 793
A B C D E F G H I J K L M N O P Q R S T U V W X
Alphabetical Listing of Commands 49
send 75 send-trap 1153 server-type 638 service-type 612
service-type 76 service-type multicast 552 set authentication
password 77 set unit name 891 sftp 1094 sftp server enable 1085
sftp source-interface 1096 sftp source-ip 1096 sftp timeout 1085
shell 78 shutdown 121 shutdown 203 shutdown 532 silent-interface
385 smart-link flush enable 1205 smart-link group 1207 smart-link
group 1213 snmp-agent 966 snmp-agent calculate-password 966
snmp-agent community 88 snmp-agent community 967 snmp-agent group
89 snmp-agent group 968 snmp-agent local-engineid 969 snmp-agent
log 970 snmp-agent mib-view 970 snmp-agent packet max-size 972
snmp-agent sys-info 972 snmp-agent target-host 973 snmp-agent trap
enable 974 snmp-agent trap enable ospf 386 snmp-agent trap ifmib
975 snmp-agent trap life 976 snmp-agent trap queue-size 977
snmp-agent trap source 977 snmp-agent usm-user 90 snmp-agent
usm-user 978 snmp-host 925 source-interface 1153 source-ip 1154
source-lifetime 514 source-policy 515 source-port 1155 speed 203
speed 204 speed 79 speed auto 205
spf-schedule-interval 387 spt-switch-threshold 513 ssh
authentication-type default 1024 ssh client assign 1025 ssh client
first-time enable 1026 ssh server authentication-retries 1026 ssh
server timeout 1027 ssh user 1028 ssh user assign 1028 ssh user
authentication-type 1029 ssh user service-type 1030 ssh2 1030 ssh2
source-interface 1032 ssh2 source-ip 1032 ssh-server
source-interface 1033 ssh-server source-ip 1033 standby
detect-group 259 startup bootrom-access enable 1052 startup
saved-configuration 111 state 613 state 638 static-bind
client-identifier 740 static-bind ip-address 741 static-bind
mac-address 741 static-rp 515 static-rpf-peer 533
stop-accounting-buffer enable 639 stopbits 79 storm-constrain 205
storm-constrain control 206 storm-constrain enable 207
storm-constrain interval 208 stp 272 stp bpdu-protection 272 stp
bridge-diameter 273 stp compliance 274 stp config-digest-snooping
275 stp cost 277 stp dot1d-trap 278 stp edged-port 278 stp
interface 279 stp interface config-digest- snooping
280 stp interface cost 281 stp interface edged-port 282 stp
interface loop-protection 284 stp interface mcheck 284 stp
interface no-agreement-check
A B C D E F G H I J K L M N O P Q R S T U V W X
50 ALPHABETICAL LISTING OF COMMANDS
stp interface root-protection 288 stp interface transmit-limit 289
stp loop-protection 289 stp max-hops 290 stp mcheck 291 stp mode
292 stp no-agreement-check 292 stp pathcost-standard 293 stp
point-to-point 295 stp port priority 296 stp portlog 297 stp
portlog all 297 stp priority 298 stp region-configuration 298 stp
root primary 299 stp root secondary 300 stp root-protection 301 stp
tc-protection 302 stp tc-protection threshold 302 stp timer
forward-delay 303 stp timer hello 304 stp timer max-age 305 stp
timer-factor 306 stp transmit-limit 307 stub 387 summary 343
summary 438 super 56 super authentication-mode 57 super password 58
sysname 840 sysname 892 system-guard ip detect-maxnum 583
system-guard ip detect-threshold 584 system-guard ip enable 585
system-guard l3err enable 585 system-guard l3err enable 588
system-guard tcn enable 586 system-guard tcn rate-threshold 587
system-monitor enable 869 system-view 841
T tcp ipv6 timer fin-timeout 1189 tcp ipv6 timer syn-timeout 1189
tcp ipv6 window 1190 tcp timer fin-timeout 154 tcp timer
syn-timeout 155 tcp window 155 telnet 80
A B C D E F G H I J K L M N O P Q R S T U V W X
Alphabetical Listing of Commands 51
traffic-limit 829 traffic-priority 818 traffic-priority 830
traffic-priority vlan 819 traffic-redirect 821
traffic-remark-vlanid 822 traffic-share-across-interface 345
traffic-statistic 823
U udp-helper enable 956 udp-helper port 956 udp-helper server 957
undelete 1045 undo synchronization 439 undo vrrp vrid 665
unicast-suppression 209 unknown-multicast drop enable 484 update
fabric 1046 update fabric 870 update fabric 949 user 1082 user
privilege level 84 user-interface 84 username 1158 user-name-format
643 user-name-format 658
V verbose 1083 virtual-cable-test 210 vlan 121 vlan to 122
vlan-assignment- mode 614 vlan-mapping modulo 308 vlan-vpn enable
1123 vlan-vpn inner-cos-trust 1124 vlan-vpn priority 1125 vlan-vpn
tpid 1126 vlan-vpn tunnel 308 vlan-vpn vid 1131
vlink-peer 388 voice vlan 159 voice vlan aging 160 voice vlan
enable 160 voice vlan legacy 161 voice vlan mac-address 162 voice
vlan mode 163 voice vlan security enable 163 voice-config 743 vrrp
method 666 vrrp ping-enable 666 vrrp vlan-interface vrid track 667
vrrp vrid authentication-mode 668 vrrp vrid preempt-mode 669 vrrp
vrid priority 670 vrrp vrid timer advertise 671 vrrp vrid track 672
vrrp vrid track detect-group 261 vrrp vrid track detect-group 673
vrrp vrid virtual-ip 674
W web-authentication cut connection
1223 web-authentication select method
1220 web-authentication timer idle-cut
X xmodem get 870 xrn-fabric authentication-mode 114
A B C D E F G H I J K L M N O P Q R S T U V W X
52 ALPHABETICAL LISTING OF COMMANDS
ABOUT THIS GUIDE
This guide provides all the information you need to use the
configuration commands supported by the 3Com Switch 5500
Family.
About This Software Version
The features available in the 3Com Switch 5500 Family include a
subset of those available in other 3Com Switch products. Depending
on the capabilities of your hardware platform, some commands
described in this guide may not be available on your switch.
Unavailable commands may display on the command line interface
(CLI), but if you try to use them, an error message displays.
CAUTION: Any command that displays on the CLI, but is not
described in this guide, is not supported in software version
3.2. 3Com only supports the commands described in this guide. Other
commands may result in the loss of data, and are entered at the
user’s risk.
Intended Readership The manual is intended for the following
readers:
Network administrators
Network engineers
Conventions This manual uses the following conventions:
Related Manuals The 3Com 3Com Switch 5500 Family Getting
Started Guide provides information about installation.
The 3Com 3Com Switch 5500 Family Configuration
Guide provides information about configuring your network
using the commands described in this guide.
Table 1 Icons
Information note Information that describes important features or
instructions.
Caution Information that alerts you to potential loss of data or
potential damage to an application, system, or device.
Warning Information that alerts you to potential personal
injury.
undo command-privilege view view command
View System view
Parameters level level : Command level to be set, in the
range of 0 to 3.
view view : CLI view. It can be any CLI view that the
Ethernet switch support.
command : Command for which the level is to be set.
Description Use the command-privilege level command to set the
level of a specified command in a specified view.
Use the undo command-privilege view command to restore the
default level of a specified command in a specified view.
Commands fall into four levels: visit (level 0), monitor (level 1),
system (level 2), and manage (level 3). The administrator can
change the level of a command as required. For example, the
administrator can change a command from a higher level to a lower
level so that the lower level users can use the command.
By default:
The level of the commands used to diagnose network is visit (level
0). Commands such as ping, tracert, and telnet are at this
level.
The level of the commands used to maintain the system and diagnose
service faults is monitor (level 1). Commands such as
debugging and terminal are at this level.
All configuration commands are at the system level (level 2).
56 CHAPTER 1: CLI CONFIGURATION COMMANDS
Example # Set the level of the system-view command in user
view (shell) to 0.
<5500> system-view System View: return to User View with
Ctrl+Z.
[5500] command-privilege level 0 view shell system-view
display history-command
Parameters None
Description Use the display history-command command to display
the history commands of the current user, so that the user can
check the configurations performed formerly.
History commands are those commands that was successfully executed
recently and saved in the history command buffer. You can set the
size of the buffer by the history-command max-size command.
When the history command buffer is full, the earlier commands will
be overwritten by the new ones.
By default, the CLI can save 10 history commands for each
user.
Related command: history-command max-size in login
module.
Example # Display the history commands of the current user.
<5500> display history-command
Syntax super [ level ]
View User view
Parameters level : User level, in the range of 0 to 3.
Description Use the super command to switch from the current
user level to a specified level.
Executing this command without the level argument will
switch the current user level to level 3 by default.
n Users logged into the switch fall into four user levels,
which correspond to the
super authentication-mode 57
You can switch between user levels after logging into a switch
successfully. The high-to-low user level switching is unlimited.
However, the low-to-high user level switching requires the
corresponding authentication.
For security purpose, the password entered is not displayed when
you switch to another user level. You will remain at the original
user level if you have tried three times but failed to enter the
correct authentication information.
Related command: super password.
Example # Switch from current user level (a lower level) to user
level 3.
<5500> super 3
Password:
User privilege level is 3, and only those commands can be
used
whose level is equal or less than this. Privilege note: 0-VISIT,
1-MONITOR, 2-SYSTEM, 3-MANAGE
super authentication-mode
undo super authentication-mode
scheme: Adopts 3Com terminal access controller access control
system (HWTACACS) authentication for low-to-high user level
switching.
Description Use the super authentication-mode command to
specify the authentication mode used for low-to-high user level
switching.
Use the undo super authentication-mode command to restore the
default.
By default, super password authentication is adopted for
low-to-high user level switching.
n The two authentication modes are available at the same time to
provide authentication redundancy. When both the two authentication
modes are
specified, the order to perform the two types of
authentication is determined by the order in which they are
specified, as described below.
If the super authentication-mode super-password
scheme command is executed to specify the authentication mode
for user level switching, the super
password authentication is preferred and the HWTACACS
authentication mode is the backup.
switching, the HWTACACS authentication is preferred and the
super password authentication mode is the backup.
When both the super password authentication and the HWTACACS
authentication are specified, the device adopts the preferred
authentication mode first. If the preferred authentication mode
cannot be implemented (for example, the super password is not
configured or the HWTACACS authentication server is unreachable),
the backup authentication mode is adopted.
Example # Specify HWTACACS authentication as the preferred
authentication mode when a VTY 0 user switches from the current
level to a higher level, with the super password authentication as
the backup authentication mode.
<5500> system-view
System View: return to User View with Ctrl+Z. [5500] user-interface
vty 0
[5500-ui-vty0] super authentication-mode scheme
super-password
super password
undo super password [ level level ]
View System view
Parameters level level : User level, in the range of 1 to
3. It is 3 by default.
cipher: Stores the password in the configuration file in ciphered
text.
simple: Stores the password in the configuration file in plain
text.
password : Password to be set. If the
simple keyword is used, you must provide a plain-text
password, that is, a string of 1 to 16 characters. If the
cipher keyword is used, you can provide a password in either
of the two ways:
Input a plain-text password, that is, a string of 1 to 16
characters, which will be automatically converted into a
24-character cipher-text password.
Directly input a cipher-text password, that is, a string of 1 to 24
characters, which must correspond to a plain-text password. For
example, The cipher-text password
_(TT8F]Y5SQ=^Q‘MAF4<1!! corresponds to the plain-text
password 1234567.
Description Use the super password command to set a switching
password for a specified user level, which will be used when users
switch from a lower user level to the specified user level.
Use the undo super password command to restore the default
configuration.
By default, no such password is set.
super password 59
n No matter whether a plain-text or cipher-text password is set,
users must enter the
plain-text password during authentication.
Example # Set the switching password for level 3 to “0123456789” in
plain text.
<5500> system-view
2 LOGIN COMMANDS
n The commands use to enable/disable copyright information
displaying are newly added. Refer to the section entitled
“copyright-info enable” on page 63 for related
information.
authentication-mode
View User interface view
scheme: Authenticates users locally or remotely using usernames and
passwords.
command-authorization: Performs command authorization on TACACS
authentication server.
none: Does not authenticate users.
Description Use the authentication-mode command to specify the
authentication mode.
If you specify the password keyword to authenticate users
using the local password, remember to set the local password using
the set authentication password { cipher |
simple } password command at the same
time.
If you specify the scheme keyword to authenticate users
locally or remotely using usernames and passwords, the actual
authentication mode, that is, local or remote, depends on other
related AAA scheme configuration of the domain.
If this command is executed with the
command-authorization keyword specified, authorization is
performed on the TACACS server whenever you attempt to execute a
command, and the command can be executed only when you pass the
authorization. Normally, a TACACS server contains a list of the
commands available to different users.
If you specify to perform local authentication when a user logs in
through the console port, a user can log into the switch with the
password not configured. But for a VTY user interface, a password
is needed for a user to log into the switch through it under the
same circumstance.
62 CHAPTER 2: LOGIN COMMANDS
c CAUTION: For a VTY user interface, to specify the
none keyword or password
keyword for login users, make sure that SSH is not enabled in the
user interface. Otherwise, the configuration fails. Refer to the
section entitled “protocol inbound” on page 74 for related
information.
n To improve security and prevent attacks to the unused Sockets,
TCP 23 and TCP 22, ports for Telnet and SSH services respectively,
will be enabled or disabled after corresponding
configurations.
If the authentication mode is none, TCP 23 will be enabled, and TCP
22 will be disabled.
If the authentication mode is password, and the corresponding
password has been set, TCP 23 will be enabled, and TCP 22 will be
disabled.
If the authentication mode is scheme, there are three scenarios:
when the supported protocol is specified as telnet, TCP 23
will be enabled; when the supported protocol is specified as
SSH, TCP 22 will be enabled; when the supported protocol is
specified as all, both the TCP 23 and TCP 22 port will be
enabled.
Example # Configure to authenticate users using the local password
on the console port.
<5500> system-view
[5500] user-interface aux 0
Parameters text : Command to be executed automatically.
Description Use the auto-execute command command to set the
command that is executed automatically after a user logs in.
Use the undo auto-execute command command to disable the
specified command from being automatically executed.
By default, no command is executed automatically after a user logs
in.
Normally, the telnet command is specified to be executed
automatically to enable the user to Telnet to a specific network
device automatically.
c CAUTION:
copyright-info enable 63
Before executing the auto-execute command command and
save your configuration, make sure you can log into the switch in
other modes and cancel the configuration.
Example # Configure the telnet 10.110.100.1 command to be
executed automatically after users log into VTY 0.
<5500> system-view
[5500] user-interface vty 0
[5500-ui-vty0] auto-execute command telnet 10.110.100.1
% This action will lead to configuration failure through ui-vty0.
Are you sure?
[Y/N]y
After the above configuration, when a user logs onto the device
through VTY 0, the device automatically executes the configured
command and logs off the current user.
copyright-info enable
Use the undo copyright-info enable command to disable
copyright information displaying.
By default, copyright information displaying is enabled. That is,
the copyright information is displayed after a user logs into a
switch successfully.
Note that these two commands apply to users logging in through the
console port and by means of Telnet.
Example # Disable copyright information displaying.
*******************************************************************
* Copyright(c) 2004-2007 3Com Corporation All rights reserved * *
Without the owner’s prior written consent, *
* no decompiling or reverse-switch fabricering shall be allowed.
*
*******************************************************************
[5500] undo copyright-info enable
<5500>
databits
Parameters 7: Sets the data bits to 7.
8: Sets the data bits to 8.
Description Use the databits command to set the databits for
the user interface.
Use the undo databits command to revert to the default data
bits.
The default data bits is 8.
Example # Set the data bits to 7.
<5500> system-view
[5500] user-interface aux 0 [5500-ui-aux0] databits 7
display telnet-server source-ip
Description Use the display telnet-server source-ip command to
display the source IP address configured for the switch operating
as the Telnet server.
If the source interface is also configured for the switch, this
command displays the IP address of the source interface.
If no source IP address or source interface is specified for the
Telnet server, 0.0.0.0 is displayed.
Example # Display the source IP address configured for the switch
operating as the Telnet server.
<5500> display telnet-server source-ip
Parameters None
Description Use the display telnet source-ip command to
display the source IP address configured for the switch operating
as the Telnet client.
If the source interface is also configured for the switch, this
command displays the IP address of the source interface.
If no source IP address or source interface is specified for the
Telnet server, 0.0.0.0 is displayed.
Example # Display the source IP address configured for the switch
operating as the Telnet client.
<5500> display telnet source-ip
display user-interface
View Any view
Parameters type: User interface type, which can be AUX (for AUX
user interface) and VTY (for VTY user interface).
number : User interface index. A user interface index can be
relative or absolute.
In relative user interface number scheme, the type argument is
required. In this case, AUX user interfaces are numbered from AUX0
through AUX7; VTY user interfaces are numbered from VTY0 through
VTY4.
In absolute user interface number scheme, the type argument is
not required. In this case, user interfaces are numbered from 0 to
12.
summary: Displays the summary information about a user
interface.
Example # Display the information about user interface 0.
<5500> display user-interface 0 Idx Type Tx/Rx Modem Privi
Auth Int
F 0 AUX 0 9600 - 3 N -
+ : Current user-interface is active.
F : Current user-interface is active and work in async mode.
Idx : Absolute index of user-interface.
Type : Type and relative index of user-interface. Privi: The
privilege of user-interface.
Auth : The authentication mode of user-interface.
Int : The physical location of UIs.
A : Authenticate use AAA.
N : Current UI need not authentication. P : Authenticate use
current UI’s password.
# Display the summary information about the user interface.
<5500> display user-interface summary
User interface type : [AUX]
5 character mode users. (U)
8 UI never used. (X)
5 total UI in use
Table 1 Descriptions on the fields of the display user-interface
command
Filed Description
F The user interface operates in asynchronous mode.
Idx The absolute index of the user interface
Type User interface type and the relative index
Tx/Rx Transmission speed of the user interface
Modem Indicates whether or not a modem is used.
Privi Available command level
A The current user is authenticated by AAA.
N Users are not authenticated.
P Users need to provide passwords to pass the authentication.
Table 2 Description of the display user-interface summary
command fields
Field Description
0:UXXX XXXX/8:UUUU X
0 and 8 represent the least absolute number for AUX user interfaces
and VTY user interfaces. “U” and “X” indicate the usage state of an
interface: U indicates that the corresponding user interface is
used; X indicates that the corresponding user interface is idle.
The total number of Us and Xs is the total number of user
interfaces that are available.
Parameters all: Displays the user information about all user
interfaces.
Description Use the display users command to display the user
information about user interfaces.
If you do not specify the all keyword, only the user
information about the current user interface is displayed.
Example # Display the user information about the current user
interface.
<5500> display users
+ 8 VTY 0 00:00:00 TEL 192.168.0.208 3
F 0 AUX 0 00:00:00 3 1 VTY 0 00:06:08 TEL 192.168.0.3
UI never used. (X) The number of user interfaces not being used
currently, that is, the number of Xs
total UI in use. The total number of user interfaces being used
currently, that is, the total number of users currently logging
into the switch successfully
Table 2 Description of the display user-interface summary
command fields
Field Description
Table 3 Descriptions on the fields of the display users
command
Field Description
UI The numbers in the left sub-column are the absolute user
interface indexes, and those in the right sub-column are the
relative user interface indexes.
Delay The period (in seconds) the user interface idles for.
Type User type
Ipaddress The IP address from which the user logs in.
Username The login name of the user that logs into the user
interface.
Userlevel The level of the commands available to the users logging
into the user interface
F The information is about the current user interface, and the
current user interface operates in asynchronous mode.
+ The user interface is in use.
display web users
Parameters None
Description Use the display web users command to display the
information about the current on-line Web users.
Example # Display the information about the current on-line Web
users.
<5500> display web users ID Name Language Level Login Time
Last Req. Time 00800003 admin English Management 06:16:32
06:18:35
free user-interface
View User view
Parameters type: User interface type, which can be AUX (for AUX
user interface) and VTY (for VTY user interface).
number : User interface index. A user interface index can be
relative or absolute.
In relative user interface index scheme, the type argument is
required. In this case, AUX user interfaces are numbered from AUX0
through AUX7; VTY user interfaces are numbered from VTY0 through
VTY4.
In absolute user interface index scheme, the type argument is
not required. In this case, user interfaces are numbered from 0 to
12.
Description Use the free user-interface command to free a user
interface. That is, this command tears down the connection between
a user and a user interface.
Note that the current user interface cannot be freed.
Table 4 Description of the display web users command
fields
Field Description
Login Time Time when a Web user logs in
<5500> free user-interface vty 1
Are you sure you want to free user-interface vty1 [Y/N]? y
[OK]
After you perform the above operation, the user connection on user
interface VTY1 is torn down. The user in it must log in again to
connect to the switch.
header
undo header { incoming | legal | login |
shell }
View System view
Parameters incoming: Sets the login banner for users that log in
through modems. If you specify to authenticate login users, the
banner appears after a user passes the authentication. (The session
does not appear in this case.)
legal: Sets the authorization banner, which is displayed when a
user enters user view.
login: Sets the login banner. The banner set by this keyword is
valid only when users are authenticated before they log into the
switch and appears while the switch prompts for user name and
password. If a user logs in to the switch through Web, the banner
text configured will be displayed on the banner page.
shell: Sets the session banner, which appears after a session is
established. If you specify to authenticate login users, the banner
appears after a user passes the authentication.
text : Banner to be displayed. If no keyword is specified,
this argument is the login banner. You can provide this argument in
two ways. One is to enter the banner in the same line as the
command (A command line can accept up to 254 characters.) The other
is to enter the banner in multiple lines (you can start a new line
by pressing Enter,) where you can enter a banner that can contain
up to 2000 characters (including the invisible characters such as
carriage return). Note that the first character is the beginning
character and the end character of the banner. After entering the
end character, you can press Enter to exit the interaction.
Description Use the header command to set the banners that are
displayed when a user logs into a switch. The login banner is
displayed on the terminal when the connection is established. And
the session banner is displayed on the terminal if a user
successfully logs in.
Use the undo header command to disable displaying a specific
banner or all banners.
By default, no banner is configured.
Note the following:
If you specify any one of the four keywords without providing the
text argument, the specified keyword will be regarded
as the login information.
The banner configured with the header incoming command is
displayed after a modem user logs in successfully or after a modem
user passes the authentication when authentication is required. In
the latter case, the shell banner is not displayed.
The banner configured with the header legal command is
displayed when you enter the user interface. If password
authentication is enabled or an authentication scheme is specified,
this banner is displayed before login authentication.
With password authentication enabled or an authentication scheme
specified, the banner configured with the header login command
is displayed after the banner configured with the header
legal command and before login authentication.
The banner configured with the header shell command is
displayed after a non-modem user session is established.
Examples # Configure banners.
<5500> system-view System View: return to User View with
Ctrl+Z.
[5500] header login %Welcome to login!%
[5500] header shell % Input banner text, and quit with the
character '%'.
Welcome to shell!%
[5500] header incoming %
Input banner text, and quit with the character '%'. Welcome to
incoming!%
[5500] header legal %
Welcome to legal!%
n The character % is the starting/ending character of text
in this example.
Entering % after the displayed text quits the header command.
As the starting and ending character, % is not a part of a
banner.
********************************************************************
********************************************************************
Welcome to legal!
Press Y or ENTER to continue, N to exit. Welcome to
login!
Login authentication Password:
View User interface view
Parameters value: Size of the history command buffer, ranging from
0 to 256 (in terms of commands).
Description Use the history-command max-size command to set
the size of the history command buffer.
Use the undo history-command max-size command to revert to the
default history command buffer size.
By default, the history command buffer can contain up to ten
commands.
Example # Set the size of the history command buffer of AUX 0 to 20
to enable it to store up to 20 commands.
<5500> system-view
System View: return to User View with Ctrl+Z. [5500] user-interface
aux 0
[5500-ui-aux0] history-command max-size 20
View User interface view
Parameters minutes: Number of minutes. This argument ranges from 0
to 35,791.
seconds: Number of seconds. This argument ranges from 0 to
59.
Description Use the idle-timeout command to set the timeout
time. The connection to a user interface is terminated if no
operation is performed in the user interface within the timeout
time.
72 CHAPTER 2: LOGIN COMMANDS
You can use the idle-timeout 0 command to disable the timeout
function.
The default timeout time is 10 minutes.
Example # Set the timeout time of AUX 0 to 1 minute.
<5500> system-view
[5500] user-interface aux 0 [5500-ui-aux0] idle-timeout 1
ip http shutdown
Parameters None
Description Use the ip http shutdown command to shut down the
WEB Server.
Use the undo ip http shutdown command to launch the WEB
Server.
By default, the WEB Server is launched.
n To improve security and prevent attacks to the unused Sockets,
TCP 80 port for HTTP service will be enabled or disabled after
corresponding configurations.
TCP 80 port is enabled only after you use the undo ip http
shutdown command to enable the Web server.
If you use the ip http shutdown command to disabled the Web
server, TCP 80 port is disabled.
c CAUTION: After the Web file is upgraded, you need to
use the boot
web-package command to specify a new Web file for the Web
server to operate properly. Refer to “File System
Configuration Commands” on page 1035 for information
about the boot web-package command.
Example # Shut down the WEB Server.
<5500> system-view
[5500] ip http shutdown
# Launch the WEB Server.
Parameters None
Description Use the lock command to lock the current user
interface to prevent unauthorized operations in the user
interface.
After you execute this command, the system prompts you for the
password and prompts you to confirm the password. The user
interface is locked only when the password entered is
correct.
To unlock a user interface, press Enter and then enter the password
as prompted.
Note that if you set a password containing more than 16 characters,
the system matches only the first 16 characters of the password
entered for unlocking the user interface. That is, the system
unlocks the user interface as long as the first 16 characters of
the password entered are correct.
By default, the current user interface is not locked.
Example # Lock the current user interface.
<5500> lock
Press Enter, enter a password, and then confirm it as prompted.
(The password entered is not displayed).
Password:
Again:
locked !
In this case, the user interface is locked. To operate the user
interface again, you need to press Enter and provide the password
as prompted.
Password: <5500>
undo parity
none: Does not check.
odd: Performs odd checks.
Description Use the parity command to set the check mode of
the user interface.
Use the undo parity command to revert to the default check
mode.
By default, no check is performed.
Example # Set to perform even checks.
<5500> system-view
[5500] user-interface aux 0 [5500-ui-aux0] parity even
protocol inbound
View VTY user interface view
Parameters all: Supports both Telnet protocol and SSH
protocol.
ssh: Supports SSH protocol.
telnet: Supports Telnet protocol.
Description Use the protocol inbound command to specify the
protocols supported by the user interface.
Both Telnet protocol and SSH protocol are supported by
default.
Related command: user-interface vty.
n To improve security and prevent attacks to the unused Sockets,
TCP 23 and TCP 22 (ports for Telnet and SSH services respectively)
will be enabled or disabled after corresponding
configurations.
If the authentication mode is none, TCP 23 will be enabled, and TCP
22 will be disabled.
If the authentication mode is password, and the corresponding
password has been set, TCP 23 will be enabled, and TCP 22 will be
disabled.
screen-length 75
c CAUTION: To configure a user interface to support
SSH, you need to set the
authentication mode to scheme for users to log in
successfully. If the authentication mode is set
to password or none for login users,
the protocol inbound ssh command will fail. Refer to
“authentication-mode” on page 61 for the related
configuration.
Example # Configure that only SSH protocol is supported in VTY
0.
<5500> system-view
[5500] user-interface vty 0 [5500-ui-vty0] protocol inbound
ssh
screen-length
View User interface view
Parameters screen-length: Number of lines the screen can
contain. This argument ranges from 0 to 512.
Description Use the screen-length command to set the number of
lines the terminal screen can contain.
Use the undo screen-length command to revert to the default
number of lines.
By default, the terminal screen can contain up to 24 lines.
You can use the screen-length 0 command to disable the
function to display information in pages.
Example # Set the number of lines the terminal screen can contain
to 20.
<5500> system-view
[5500] user-interface aux 0
View User view
76 CHAPTER 2: LOGIN COMMANDS
type: User interface type, which can be AUX (for AUX user
interface) and VTY (for VTY user interface).
number : User interface index. A user interface index can be
relative or absolute.
In relative user interface index scheme, the type argument is
required. In this case, AUX user interfaces are numbered from AUX0
through AUX7; VTY user interfaces are numbered from VTY0 through
VTY4.
In absolute user interface index scheme, the type argument is
not required. In this case, user interfaces are numbered from 0 to
12.
Description Use the send command to send messages to a user
interface or all the user interfaces.
Example # Send “hello” to all user interfaces.
<5500> send all
Enter message, end with CTRL+Z or Enter; abort with CTRL+C:
hello^Z
undo service-type { ftp | lan-access | { ssh |
telnet | terminal }* }
View Local user view
Parameters ftp: Specifies the users to be of FTP type.
lan-access: Specifies the users to be of LAN-access type, which
normally means Ethernet users, such as 802.1x users.
ssh: Specifies the users to be of SSH type.
telnet: Specifies the users to be of Telnet type.
terminal: Makes terminal services available to users logging in
through the console port.
level level : Specifies the user level for Telnet users,
Terminal users, or SSH users. The level argument ranges
from 0 to 3 and defaults to 0.
Description Use the service-type command to specify the login
type and the corresponding available command level.
Use the undo service-type command to cancel login type
configuration.
set authentication password 77
Visit level: Commands at this level are used to diagnose network
and change the language mode of user interface, such as the ping,
tracert, and language-mode command. The telnet command is
also at this level. Commands at this level cannot be saved in
configuration files.
Monitor level: Commands at this level are used to maintain the
system, to debug service problems, and so on. The display and
debugging commands are at monitor level. Commands at this
level cannot be saved in configuration files.
System level: Commands at this level are used to configure
services. Commands concerning routing and network layers are at
system level. You can utilize network services by using these
commands.
Manage level: Commands at this level are for the operation of the
entire system and the system supporting modules. Services are
supported by these commands. Commands concerning file system, file
transfer protocol (FTP), trivial file transfer protocol (TFTP),
downloading using XModem, user management, and level setting are at
administration level.
Refer to “CLI Configuration Commands” on page 55 command
level details.
Example # Configure commands at level 0 are available to the users
logging in using the user name of “zbr”.
<5500> system-view
[5500] local-user zbr [5500-luser-zbr] service-type telnet level
0
# To verify the above configuration, you can quit the system, log
in again using the user name of “zbr”, and then list the available
commands, as listed in the following.
[5500] quit
nslookup Query Internet name servers ping Ping function
quit Exit from current command view
super Set the current user priority level telnet Establish one
TELNET connection
tracert Trace route function
undo Cancel current setting
undo set authentication password
View User interface view
78 CHAPTER 2: LOGIN COMMANDS
Parameters cipher: Specifies to save the local password in cipher
text.
simple: Specifies to save the local password in plain text.
password : Password to be set. The password must be in
plain text if you specify the simple keyword in the set
authentication password command. If you specify the
cipher keyword, the password can be in either cipher text or
plain text, as described in the following.
When you enter the password in plain text containing no more than
16 characters (such as 123), the system converts the password to
the corresponding 24-character encrypted password.
When you enter the password in cipher text containing 24
characters, make sure you are aware of the corresponding password
in plaintext. For example, the plain text “123456” corresponds to
the cipher text “OUM!K%F<+$[Q=^Q‘MAF4<1!!”.
Description Use the set authentication password command to set
the local password.
Use the undo set authentication password command to remove the
local password.
Note that only plain text passwords are expected when users are
authenticated.
n By default, authentication is performed when a user logs in
through a modem or Telnet. If no password is set, the "Login
password has not been set!” message appears on the terminal when a
user logs in through a modem or Telnet and the connection is then
torn down.
Example # Set the local password of VTY 0 to “123”.
<5500> system-view
System View: return to User View with Ctrl+Z. [5500] user-interface
vty 0
[5500-ui-vty0] set authentication password simple 123
shell
The execution of this command requires user confirmation.
Example # Disable terminal services in VTY 0 through VTY 4
(assuming that you log in through an AUX user interface).
<5500> system-view
System View: return to User View with Ctrl+Z. [5500] user-interface
vty 0 4
[5500-ui-vty0-4] undo shell
speed
View AUX user interface view
Parameters speed-value: Transmission speed (in bps). This
argument can be 300, 600, 1200, 2400, 4800, 9600, 19,200, 38,400,
57,600, and 115,200.
Description Use the speed command to set the transmission
speed of the user interface.
Use the undo speed command to revert to the default
transmission speed.
By default, the transmission speed is 9,600 bps.
Example # Set the transmission speed of the user interface AUX 0 to
115,200 bps.
<5500> system-view System View: return to User View with
Ctrl+Z.
[5500] user-interface aux 0
undo stopbits
Parameters 1: Sets the stop bits to 1.
1.5: Sets the stop bits to 1.5.
2: Sets the stop bits to 2.
Description Use the stopbits command to set the stop bits of
the user interface.
Use the undo stopbits command to revert to the default stop
bits.
Execute these two commands in AUX user interface view only.
By default, the stop bits is 1.
n The stop bits cannot be 1.5 on a Switch 5500.
Changing the stop bits value of the switch to a value different
from that of the terminal emulation utility does not affect the
communication between them.
Example # Set the stop bits to 2.
<5500> system-view
[5500] user-interface aux 0 [5500-ui-aux0] stopbits 2
telnet
View User view
Parameters hostname: Host name of the remote device, a string of 1
to 20 characters.
ip-address: IP address of the remote device.
service-port : Number of the TCP port through which the
remote device provides Telnet service. This argument ranges from 0
to 65535.
source-interface interface-type interface-number :
Specifies the type and number of the source interface.
source-ip ip-address: Specifies the source IP address.
Description Use the telnet command to establish a Telnet
connection from one switch to another to manage it remotely. You
can terminate a Telnet connection by pressing Ctrl+K or typing
the quit command.
The default Telnet port number is 23.
Example # Telnet to the switch with the host name of 3Com2 and IP
address of 129.102.0.1 from the current switch (with the host name
of 3Com1).
<55001> telnet 129.102.0.1
Connected to 129.102.0.1 ...
* no decompiling or reverse-switch fabricering shall be allowed.
*
**************************************************************************
View User view
Parameters remote-system: IPv6 address or host name of the remote
system. An IPv6 address can be up to 46 characters; a host name is
a string of 1 to 20 characters.
-i interface-type interface-number : Specifies the
outbound interface by interface type and interface number. The
outbound interface is required when the destination address is a
local link address.
port-number : TCP port number assigned to Telnet service
on the remote system, in the range 0 to 65535 and defaults to
23.
Description Use the telnet ipv6 command to establish a Telnet
connection from one device to another to perform remote management
operations. You can terminate a Telnet session by pressing
Ctrl+K.
Example # Telnet to the device with IPv6 address 3001::1.
<5500> telnet ipv6 3001::1 Trying 3001::1 ... Press CTRL+K to
abort Connected to 3001::1 ...
**********************************************************************
* Copyright (c) 2004-2007 3Com Corporation. All rights reserved.* *
Without the owner's prior written consent, * * no decompiling or
reverse-engineering shall be allowed. *
***********************************************************************
<5500>
undo telnet source-interface
View System view
82 CHAPTER 2: LOGIN COMMANDS
Parameters interface-type interface-number : Interface type
and interface number. The interface can be a loopback interface or
a VLAN interface. If a VLAN interface is specified, make sure it is
in up state.
Description Use the telnet source-interface command to specify
the source interface for a Telnet client.
Use the undo telnet source-interface command to clear the
specified source interface configuration.
With this command configured, when a device logs in to the Telnet
server as a Telnet client, the source IP address is the IP address
of the specified interface
When the telnet source-interface command is executed, if the
interface specified does not exist, the device prompts that this
configuration fails.
Example # Specify VLAN-interface2 as the source interface for the
Telnet client.
<5500> system-view
[5500] telnet source-interface Vlan-interface 2
telnet source-ip
Parameters ip-address: IP address to be set.
Description Use the telnet source-ip command to specify the
source IP address for a Telnet client.
Use the undo telnet source-ip command to cancel the source IP
address configuration.
With the telnet source-ip command configured, the specified IP
address functions as the source IP address when a device logs into
a Telnet server as a Telnet client.
When the telnet source-ip command is executed, if the IP
address specified is not an IP address of the local device, your
configuration fails.
Example # Set the source IP address to 192.168.1.1 for the Telnet
client.
<5500> system-view
[5500] telnet source-ip 192.168.1.1
undo telnet-server source-interface
View System view
Parameters interface-type interface-number : Interface type
and interface number. The interface can be a loopback interface or
a VLAN interface. If a VLAN interface is specified, it must be in
up state.
Description Use the telnet-server source-interface command to
specify the source interface for a Telnet server.
Use the undo telnet-server source-interface command to remove
the source interface configuration.
The source interface can be a loopback interface or a VLAN
interface. If the specified interface does not exist, the system
prompts that this configuration fails, and the login succeeds only
when there is a route between the Telnet client and the specified
source interface.
With the telnet-server source-interface command configured,
the client can log in to the local device using the IP address of
the specified interface.
Example # Specify VLAN-interface 2 as the source interface for the
Telnet server.
<5500> system-view
[5500] telnet source-interface Vlan-interface 2
telnet-server source-ip
84 CHAPTER 2: LOGIN COMMANDS
The source Telnet server IP address configured for a switch is
valid when the switch operates as a Telnet server.
Note that the source Telnet server IP address must be previously
assigned to the local device.
Example # Specify the source Telnet server IP address as
192.168.1.1.
<5500> system-view
[5500] telnet-server source-ip 192.168.1.1
View System view
Parameters type: User interface type, which can be AUX (for AUX
user interface) and VTY (for VTY user interface).
first-number : User interface index identifying the first user
interface to be configured. A user interface index can be relative
or absolute.
In relative user interface index scheme, the type argument is
required. In this case, AUX user interfaces are numbered from AUX0
through AUX7; VTY user interfaces are numbered from VTY0 through
VTY4.
In absolute user interface index scheme, the type argument is
not required. In this case, user interfaces are numbered from 0 to
12.
last-number : User interface number identifying the last user
interface to be configured. The value of this argument must be
larger than that of the first-number argument.
Description Use the user-interface command to enter one or
more user interface views to perform configuration.
Example # Enter VTY0 user interface.
<5500> system-view
[5500] user-interface vty 0
undo user privilege level
Parameters level : Command level ranging from 0 to 3.
Description Use the user privilege level command to configure
the command level available to the users logging into the user
interface.
Use the undo user privilege level command to revert to the
default command level.
By default, the commands at level 3 are available to the users
logging into the AUX user interface. The commands at level 0 are
available to the users logging into VTY user interfaces.
Commands fall into four command levels: visit, monitor, system, and
manage, which are described as follows:
Visit level: Commands at this level, such as the ping, tracert, and
telnet commands are used to diagnose the network. Commands at this
level cannot be saved in configuration files.
Monitor level: Commands at this level are used to maintain the
system, to debug service problems, and so on. The display and
debugging commands are at monitor level. Commands at this
level cannot be saved in configuration files.
System level: Commands at this level are used to configure
services. Commands concerning routing and network layers are at
system level. You can utilize network services by using these
commands.
Manage level: Commands at this level are for the operation of the
entire system and the system supporting modules. Services are
supported by these commands. Commands concerning file system, file
transfer protocol (FTP), trivial file transfer protocol (TFTP),
downloading using XModem, user management, and level setting are at
administration level.
Refer to “CLI Configuration Commands” on page 55 for command
level details.
Example # Configure that commands at level 1 are available to the
users logging into VTY 0.
<5500> system-view
System View: return to User View with Ctrl+Z.
[5500] user-interface vty 0 [5500-ui-vty0] user privilege level
1
# You can verify the above configuration by Telnetting to VTY 0 and
displaying the available commands, as listed in the
following.
86 CHAPTER 2: LOGIN COMMANDS
View User interface view
Parameters acl-number : ACL number. This argument can identify
different types of ACLs, as listed below.
2000 to 2999, for basic ACLs
3000 to 3999, for advanced ACLs
4000 to 4999, for Layer 2 ACLs
inbound: Applies the ACL for the users Telnetting to the current
switch.
outbound: Applies the ACL for the users Telnetting to other
switches from the current switch. This keyword is unavailable to
Layer 2 ACLs.
Description Use the acl command to apply an ACL for Telnet
users.
Use the undo acl command to cancel the configuration.
By default, no ACL is applied.
Example # Apply ACL 2000 (a basic ACL) for the users Telnetting to
the current switch (assuming that ACL 2000 already exists.)
<5500> system-view
System View: return t