05-System Maintenance Command Reference-Book

H3C SecBlade LB Module
System Maintenance Command Reference
Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Document version: 6PW102-20120217
Copyright 2009-2012, Hangzhou H3C Technologies Co., Ltd. and its licensors
All rights reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd. Trademarks , TOP G, , IRF, NetPilot, Neocean, NeoVTL, H3C, , Aolynk, , H3Care, SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V2G, VnG, PSPT, XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd. All other trademarks that may be mentioned in this manual are the property of their respective owners Notice The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute the warranty of any kind, express or implied.
Preface
The H3C SecBlade LB module command references describe the commands and command syntax options available for the H3C SecBlade LB module. System Maintenance Command Reference describes the system maintenance, information center, log management, SNMP, file management, FTP, TFTP and IP performance optimization commands, This preface includes: Audience Conventions About the H3C SecBlade LB module documentation set Obtaining documentation Technical support Documentation feedback
Audience
This documentation is intended for: Network planners Field technical support and servicing engineers Network administrators working with the H3C SecBlade LB module
Conventions
This section describes the conventions used in this documentation set.
Command conventions
Convention
Boldface Italic [] { x | y | ... } [ x | y | ... ] { x | y | ... } * [ x | y | ... ] * &<1-n>
Description
Bold text represents commands and keywords that you enter literally as shown. Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which you select one. Square brackets enclose a set of optional syntax choices separated by vertical bars, from which you select one or none. Asterisk marked braces enclose a set of required syntax choices separated by vertical bars, from which you select at least one. Asterisk marked square brackets enclose optional syntax choices separated by vertical bars, from which you select one choice, multiple choices, or none. The argument or keyword and argument combination before the ampersand (&) sign can be entered 1 to n times.
Convention
#
Description
A line that starts with a pound (#) sign is comments.
GUI conventions
Convention
Boldface >
Description
Window names, button names, field names, and menu items are in Boldface. For example, the New User window appears; click OK. Multi-level menus are separated by angle brackets. For example, File > Create > Folder.
Convention
<> [] /
Description
Button names are inside angle brackets. For example, click <OK>. Window names, menu items, data table and field names are inside square brackets. For example, pop up the [New User] window. Multi-level menus are separated by forward slashes. For example, [File/Create/Folder].
Symbols
Convention
WARNING CAUTION IMPORTANT NOTE TIP
Description
An alert that calls attention to important information that if not understood or followed can result in personal injury. An alert that calls attention to important information that if not understood or followed can result in data loss, data corruption, or damage to hardware or software. An alert that calls attention to essential information. An alert that contains additional or supplementary information. An alert that provides helpful information.
Port numbering in examples

The port numbers in this document are for illustration only and might be unavailable on your device.
About the H3C SecBlade LB module documentation set

The H3C SecBlade LB module documentation set includes: Category Documents
Marketing brochures Product description and specifications Technology white papers Card datasheets FAQ
Purposes
Describe product specifications and benefits. Provide an in-depth description of software features and technologies. Describe card specifications, features, and standards. Provides a quick reference to the software and hardware specifications, and features.
Category
Hardware specifications and installation
Documents
Card manuals Configuration guides
Purposes
Provide the hardware specifications of cards. Describe software features and configuration procedures, and all available commands. Provide a quick reference to all available commands. Describe typical network scenarios and provide configuration examples and instructions. Describes the software upgrade procedures. Provide information about the product release, including the version history, hardware and software compatibility matrix, version upgrade information, technical support information, and software upgrading.
Software configuration
Command references Configuration examples Software upgrade guide
Operations and maintenance
Release notes
Obtaining documentation
You can access the most up-to-date H3C product documentation on the World Wide Web at http://www.h3c.com. Click the links on the top navigation bar to obtain different categories of product documentation: [Technical Support & Documents > Technical Documents] Provides hardware installation, software upgrading, and software feature configuration and maintenance documentation. [Products & Solutions] Provides information about products and technologies, as well as solutions. [Technical Support & Documents > Software Download] Provides the documentation released with the software version.
Technical support
service@h3c.com http://www.h3c.com
Documentation feedback
You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.
Contents
System maintenance and debugging commands 1 System maintenance commands 1 ping 1 tracert 5 System debugging commands 6 debugging 6 display debugging 7 Information center configuration commands 8 display channel 8 display info-center 9 display logbuffer 11 display logbuffer summary 13 display logfile buffer 13 display logfile summary 14 display trapbuffer 15 enable log updown 16 info-center channel name 17 info-center console channel 17 info-center enable 18 info-center format unicom 19 info-center logbuffer 19 info-center logfile enable 20 info-center logfile frequency 20 info-center logfile size-quota 21 info-center logfile switch-directory 22 info-center loghost 22 info-center loghost source 23 info-center monitor channel 24 info-center snmp channel 25 info-center source 26 info-center synchronous 28 info-center syslog channel 29 info-center timestamp 30 info-center timestamp loghost 31 info-center trapbuffer 32 logfile save 32 reset logbuffer 33 reset trapbuffer 33 terminal debugging 34 terminal logging 34 terminal monitor 35 terminal trapping 36 Log management commands 37 display userlog export 37 reset userlog flow export 38 reset userlog flow logbuffer 38 userlog flow export host 39 userlog flow export source-ip 40
i
userlog flow export version 40 userlog flow syslog 41
SNMP configuration commands 42 display snmp-agent community 42 display snmp-agent group 43 display snmp-agent local-engineid 44 display snmp-agent mib-view 44 display snmp-agent statistics 46 display snmp-agent sys-info 48 display snmp-agent trap queue 48 display snmp-agent trap-list 49 display snmp-agent usm-user 50 enable snmp trap updown 51 snmp-agent 52 snmp-agent calculate-password 52 snmp-agent community 53 snmp-agent group 55 snmp-agent local-engineid 56 snmp-agent log 57 snmp-agent mib-view 58 snmp-agent packet max-size 59 snmp-agent sys-info 59 snmp-agent target-host 60 snmp-agent trap enable 62 snmp-agent trap if-mib link extended 63 snmp-agent trap life 64 snmp-agent trap queue-size 65 snmp-agent trap source 66 snmp-agent usm-user { v1 | v2c } 66 snmp-agent usm-user v3 68 MIB configuration commands 71 display mib-style 71 mib-style 71 File management commands 73 cd 73 copy 74 delete 74 dir 75 execute 76 file prompt 77 fixdisk 78 format 78 mkdir 79 more 79 mount 80 move 81 pwd 82 rename 82 reset recycle-bin 83 rmdir 84 umount 85 undelete 86
ii
FTP configuration commands 87 FTP server configuration commands 87 display ftp-server 87 display ftp-user 88 free ftp user 88 ftp server acl 89 ftp server enable 90 ftp timeout 90 ftp update 91 FTP client configuration commands 91 ascii 91 binary 92 bye 93 cd 93 cdup 94 close 94 debugging 95 delete 96 dir 97 disconnect 98 display ftp client configuration 98 ftp 99 ftp client source 100 get 101 lcd 101 ls 102 mkdir 103 open 103 passive 104 put 105 pwd 105 quit 106 remotehelp 106 rmdir 108 user 109 verbose 110 TFTP configuration commands 111 TFTP client configuration commands 111 display tftp client configuration 111 tftp-server acl 111 tftp 112 tftp client source 113 IP performance optimization configuration commands 115 display fib 115 display fib ip-address 117 display icmp statistics 118 display ip socket 119 display ip statistics 122 display tcp statistics 123 display udp statistics 125 ip redirects enable 126 ip ttl-expires enable 127 ip unreachables enable 127
iii
reset ip statistics 128 reset tcp statistics 128 reset udp statistics 129 tcp mss 129 tcp timer fin-timeout 130 tcp timer syn-timeout 130 tcp window 131
Index 132
iv
System maintenance and debugging commands

System maintenance commands
ping
Syntax
ping [ ip ] [ -a source-ip | -c count | -f | -h ttl | -i interface-type interface-number | -m interval | -n | -p pad | -q | -r | -s packet-size | -t timeout | -tos tos | -v ] * host
View
Any view
Default level
0: Visit level
Parameters
ip: Supports IPv4 protocol. If this keyword is not provided, IPv4 is also supported. -a source-ip: Specifies the source IP address of an ICMP echo request (ECHO-REQUEST). It must be an IP address configured on the device. If this parameter is not provided, the source IP address of an ICMP echo request is the primary IP address of the outbound interface of the request. -c count: Specifies the number of times that an ICMP echo request is sent, which ranges from 1 to 4294967295 and defaults to 5. -f: Discards packets larger than the MTU of a given interface, which means the ICMP echo request is not allowed to be fragmented. -h ttl: Specifies the TTL value for an ICMP echo request, which ranges from 1 to 255 and defaults to 255. -i interface-type interface-number: Specifies the ICMP echo request sending interface by its type and number. If this parameter is not provided, the ICMP echo request sending interface is determined by searching the routing table or forwarding table according to the destination IP address. -m interval: Specifies the interval (in milliseconds) to send an ICMP echo request, which ranges from 1 to 65535 and defaults to 200. If a response from the destination is received within the timeout time, the interval to send the next echo request equals the actual response period plus the value of interval. If no response from the destination is received within the timeout time, the interval to send the next echo request equals the timeout value plus the value of interval.
-n: Disables domain name resolution for the host argument. When this keyword is not provided, if the host argument represents the host name of the destination, the device translates host into an address. -p pad: Specifies the value of the pad field in an ICMP echo request, in hexadecimal format, 1 to 8 bits, in the range 0 to ffffffff. If the specified value is less than 8 bits, 0s are added in front of the value to extend it to 8 bits. For example, if pad is configured as 0x2f, then the packets are padded with
1
0x0000002f repeatedly to make the total length of the packet meet the requirements of the device. By default, the padded value starts from 0x01 up to 0xff, where another round starts again if necessary, like 0x010203feff01. -q: Presence of this keyword indicates that only statistics are displayed. Absence of this keyword indicates that all information is displayed. -r: Records routing information. If this keyword is not provided, routes are not recorded. -s packet-size: Specifies length (in bytes) of an ICMP echo request, which ranges from 20 to 8100 and defaults to 56. -t timeout: Specifies the timeout value (in milliseconds) of an ICMP echo reply (ECHO-REPLY). If the source does not receive an ICMP echo reply within the timeout, it considers the ICMP echo reply timed out. The value ranges from 0 to 65535 and defaults to 2000. -tos tos: Specifies type of service (ToS) of an echo request, which ranges from 0 to 255 and defaults to 0. -v: Displays non ICMP echo reply received. If this keyword is not provided, the system does not display non ICMP echo reply. host: IP address or host name (a string of 1 to 255 characters) of the destination.
Description
Use the ping command to verify whether the destination in an IP network is reachable, and to display the related statistics. With the ping command executed, the source sends an ICMP echo request to the destination: If the destination name is unrecognizable, the system outputs Error: host-name. Ping: Unknown host
If the source receives an ICMP echo reply from the destination within the timeout, the system outputs the related information of the reply. If the source does not receive an ICMP echo reply from the destination within the timeout, the system outputs Request time out.
To use the name of the destination host to perform the ping operation, you must configure the Domain Name System (DNS) on the device first; otherwise, the ping operation fails. For more information about DNS, see the Network Management Configuration Guide. In addition, you must use the command in the form of ping ip ip instead of ping ip if the destination name is a key word, such as ip. Only the directly connected segment address can be pinged if the outbound interface is specified with the -i argument. To abort the ping operation during the execution of the command, press Ctrl+C.
Examples
# Check whether the device with an IP address of 1.1.2.2 is reachable.
<Sysname> ping 1.1.2.2 PING 1.1.2.2: 56 data bytes, press CTRL_C to break
Reply from 1.1.2.2: bytes=56 Sequence=1 ttl=254 time=205 ms Reply from 1.1.2.2: bytes=56 Sequence=2 ttl=254 time=1 ms Reply from 1.1.2.2: bytes=56 Sequence=3 ttl=254 time=1 ms Reply from 1.1.2.2: bytes=56 Sequence=4 ttl=254 time=1 ms Reply from 1.1.2.2: bytes=56 Sequence=5 ttl=254 time=1 ms
--- 1.1.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/41/205 ms
The output shows the following: The destination was reachable. All ICMP echo requests sent by the source got responses. The minimum time, average time, and maximum time for the packets roundtrip time are 1 ms, 41 ms, and 205 ms respectively.
# Check whether the device with an IP address of 1.1.2.2 is reachable. Only the check results are displayed.
<Sysname> ping -q 1.1.2.2 PING 1.1.2.2: 56 data bytes, press CTRL_C to break
# Check whether the device with an IP address of 1.1.2.2 is reachable. The route information is required to be displayed.
<Sysname> ping -r 1.1.2.2 PING 1.1.2.2: 56 data bytes, press CTRL_C to break
Reply from 1.1.2.2: bytes=56 Sequence=1 ttl=254 time=53 ms Record Route: 1.1.2.1 1.1.2.2 1.1.1.2 1.1.1.1 Reply from 1.1.2.2: bytes=56 Sequence=2 ttl=254 time=1 ms Record Route: 1.1.2.1 1.1.2.2 1.1.1.2 1.1.1.1 Reply from 1.1.2.2: bytes=56 Sequence=3 ttl=254 time=1 ms Record Route: 1.1.2.1 1.1.2.2 1.1.1.2 1.1.1.1 Reply from 1.1.2.2: bytes=56 Sequence=4 ttl=254 time=1 ms Record Route: 1.1.2.1 1.1.2.2 1.1.1.2
1.1.1.1 Reply from 1.1.2.2: bytes=56 Sequence=5 ttl=254 time=1 ms Record Route: 1.1.2.1 1.1.2.2 1.1.1.2 1.1.1.1
The output shows the following information: The destination was reachable. The route is 1.1.1.1 <-> {1.1.1.2; 1.1.2.1} <-> 1.1.2.2.
Table 1 Output description Field

PING 1.1.2.2 56 data bytes press CTRL_C to break
Description
Check whether the device with IP address 1.1.2.2 is reachable Number of data bytes in each ICMP echo request During the execution of the command, you can press Ctrl+C to abort the ping operation. Received the ICMP reply from the device whose IP address is 1.1.2.2. If no reply is received during the timeout period, Request time out will be displayed.
Reply from 1.1.2.2 : bytes=56 Sequence=1 ttl=255 time=1 ms
bytes= indicates the number of data bytes in the ICMP reply. Sequence= indicates the packet sequence, used to determine
whether a segment is lost, disordered or repeated.
ttl= indicates the TTL value in the ICMP reply. time= indicates the response time.
Record Route: --- 1.1.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 0/4/20 ms The routers through which the ICMP echo request passed. They are displayed in inversed order, that is, the router with a smaller distance to the destination is displayed first. Statistics on data received and sent in the ping operation Number of ICMP echo requests sent Number of ICMP echo requests received Percentage of packets not responded to the total packets sent Minimum/average/maximum response time, in ms. The field is not available for failed ping attempts in an IPv4 network.
tracert
Syntax
tracert [ -a source-ip | -f first-ttl | -m max-ttl | -p port | -q packet-number | vpn-instance-name | -w timeout ] * host -vpn-instance
View
Any view
Default level
0: Visit level
Parameters
-a source-ip: Specifies the source IP address of a tracert packet. It must be a legal IP address configured on the device. If this parameter is not provided, the source IP address of an ICMP echo request is the primary IP address of the outbound interface of the tracert packet. -f first-ttl: Specifies the first TTL, or, the allowed number of hops for the first packet. It ranges from 1 to 255 and defaults to 1, and must be less than the maximum TTL. -m max-ttl: Specifies the maximum TTL, or, the maximum allowed number of hops for a packet. It ranges from 1 to 255 and defaults to 30, and must be greater than the first TTL. -p port: Specifies the UDP port number of the destination, which ranges from 1 to 65535 and defaults to 33434. You do not need to modify this parameter. -q packet-number: Specifies the number of probe packets sent each time, which ranges from 1 to 65535 and defaults to 3. -w timeout: Specifies the timeout time of the reply packet of a probe packet, which ranges from 1 to 65535 milliseconds and defaults to 5000 milliseconds. host: IP address or host name (a string of 1 to 255 characters) of the destination.
Description
Use the tracert command to trace the path the packets traverse from source to destination. After having identified network failure with the ping command, use the tracert command to determine the failed node(s). Output information of the tracert command includes IP addresses of all the Layer 3 devices the packets traverse from source to destination. If a device times out, "* * *" will be displayed. To abort the tracert operation during the execution of the command, press Ctrl+C.
Examples
# Display the path the packets traverse from source to destination with an IP address of 1.1.2.2.
<Sysname> system-view [Sysname] ip ttl-expires enable [Sysname] ip unreachables enable [Sysname] tracert 1.1.2.2 traceroute to 1.1.2.2(1.1.2.2) 30 hops max,40 bytes packet, press CTRL_C to break 1 2 1.1.1.2 673 ms 425 ms 30 ms 1.1.2.2 580 ms 470 ms 80 ms

traceroute to 1.1.2.2(1.1.2.2) hops max bytes packet press CTRL_C to break
Description
Display the route the IP packets traverse from the current device to the device whose IP address is 1.1.2.2. Maximum number of hops of the probe packets, which can be set through the -m keyword Number of bytes of a probe packet During the execution of the command, you can press Ctrl+C to abort the tracert operation. The probe result of the probe packets whose TTL is 1, including the IP address of the first hop and the roundtrip time of three probe packets. Number of packets that can be sent in each probe can be set through the -q keyword.
1 1.1.1.2 673 ms 425 ms 30 ms
System debugging commands

debugging
Syntax
debugging { all [ timeout time ] | module-name [ option ] } undo debugging { all | module-name [ option ] }
View
User view
Default level
1: Monitor level
Parameters
all: All debugging functions. timeout time: Specifies the timeout time for the debugging all command. When all debugging is enabled, the system automatically executes the undo debugging all command after the time. The value ranges from 1 to 1440, in minutes. module-name: Module name, such as arp or device. To display the current module name, use the debugging ? command. option: The debugging option for a specific module. Different modules have different debugging options in terms of their number and content. To display the currently supported options, use the debugging module-name ? command.
Description
Use the debugging command to enable the debugging of a specific module. Use the undo debugging command to disable the debugging of a specific module. By default, debugging functions of all modules are disabled.
Output of the debugging information may degrade system efficiency, so you should enable the debugging of the corresponding module for diagnosing network failure, and not to enable debugging of multiple modules at the same time. Default level describes the default level of the debugging all command. You must configure the debugging, terminal debugging and terminal monitor commands first to display detailed debugging information on the terminal. Related commands: display debugging.
Examples
# Enable IP packet debugging.
<Sysname> debugging ip packet
display debugging
Syntax
display debugging [ interface interface-type interface-number ] [ module-name ]
View
Any view
Default level
1: Monitor level
Parameters
interface interface-type interface-number: Displays the debugging settings of the specified interface, where interface-type interface-number represents the interface type and number. module-name: Module name.
Description
Use the display debugging command to display enabled debugging functions. Related commands: debugging.
Examples
# Display all enabled debugging functions.
<Sysname> display debugging IP packet debugging is on
Information center configuration commands

display channel
Syntax
display channel [ channel-number | channel-name ]
View
Any view
Default level
1: Monitor level
Parameters
channel-number: Displays information of the channel with a specified number, where channel-number represents the channel number, which ranges from 0 to 9. channel-name: Displays information of the channel with a specified name, where channel-name represents the channel name, which could be a default name or a self-defined name. The user needs to specify a channel name first before using it as a self-defined channel name. For more information, see the info-center channel name command. Table 3 Information channels for different output destinations Output destination
Console Monitor terminal Log host Trap buffer Log buffer SNMP module Web interface Log file
Information channel number

0 1 2 3 4 5 6 9
Default channel name

console monitor loghost trapbuffer logbuffer snmpagent channel6 channel9
Description
Use the display channel command to display channel information. If no channel is specified, information for all channels is displayed.
Examples
# Display information for channel 0.
<Sysname> display channel 0 channel number:0, channel name:console MODU_ID NAME ENABLE LOG_LEVEL Y informational ENABLE TRAP_LEVEL Y debugging ENABLE DEBUG_LEVEL Y debugging ffff0000 default
The above information indicates to output log information with the severity from 0 to 4, trap information with the severity from 0 to 7 and debugging information with the severity from 0 to 7 to the console. The information source modules are all modules (default). Table 4 Output description Field
channel number channel name MODU_ID
Description
A specified channel number, in the range 0 to 9. A specified channel name, which varies with users configuration. For more information, see the info-center channel name command. The ID of the module to which the information permitted to pass through the current channel belongs The name of the module to which the information permitted to pass through the current channel belongs Default means all modules are allowed to output system information. Indicates whether to enable or disable the output of log information, which could be Y or N. The severity of log information, see Table 6 for details. Indicates whether to enable or disable the output of trap information, which could be Y or N. The severity of trap information, see Table 6 for details. Indicates whether to enable or disable the output of debugging information, which could be Y or N. The severity of debugging information, see Table 6 for details.
NAME
ENABLE LOG_LEVEL ENABLE TRAP_LEVEL ENABLE DEBUG_LEVEL
display info-center
Syntax
display info-center
View
Any view
Default level
1: Monitor level
Parameters
None
Description
Use the display info-center command to display the information of each output destination.
Examples
# Display configurations on each output destination.
<Sysname> display info-center Information Center:enabled Log host: 1.1.1.1,
port number : 514, host facility : local7, channel number : 2, channel name : loghost Console: channel number : 0, channel name : console Monitor: channel number : 1, channel name : monitor SNMP Agent: channel number : 5, channel name : snmpagent Log buffer: enabled,max buffer size 1024, current buffer size 512, current messages 512, dropped messages 0, overwritten messages 740 channel number : 4, channel name : logbuffer Trap buffer: enabled,max buffer size 1024, current buffer size 256, current messages 216, dropped messages 0, overwritten messages 0 channel number : 3, channel name : trapbuffer logfile: channel number:9, channel name:channel9 syslog: channel number:6, channel name:channel6 Information timestamp setting: log - date, trap - date, debug - date, loghost - date

Information Center Log host: 1.1.1.1, port number : 514, host facility : local2, channel number : 8, channel name : channel8 Console: channel number : 0, channel name : console Monitor: channel number : 1, channel name : monitor SNMP Agent: channel number : 5, channel name : snmpagent Log buffer: enabled,max buffer size 1024, current buffer size 512, current messages 512, dropped messages 0, overwritten messages 740 channel number : 4, channel name : logbuffer
Description
The current state of the information center, which could be enabled or disabled. Configurations on the log host destination (It can be displayed only when the info-center loghost command is configured), including IP address of the log host, number of the port that receives the system information on the log host, logging facility used, and the channel number and channel name used.) Configurations on the console destination, including the channel number and channel name used Configurations on the monitor terminal destination, including the channel number and channel name used Configurations on the SNMP module destination, including the channel number and channel name used Configurations on the log buffer destination, including whether information output to this destination is enabled or disabled, the maximum capacity, the current capacity, the current number of messages, the number of dropped messages, the number of messages that have been overwritten, and the channel number and channel name used.
10
Field
Trap buffer: enabled,max buffer size 1024, current buffer size 256, current messages 216, dropped messages 0, overwritten messages 0 channel number : 3, channel name : trapbuffer logfile: channel number:9, channel name:channel9 syslog: channel number:6, channel name:channel6 Information timestamp setting
Description
Configurations on the trap buffer destination, including whether information output to this destination is enabled or disabled, the maximum capacity, the current capacity, the current number of messages, the number of dropped messages, the number of messages that have been overwritten, and the channel number and channel name used. Configurations on the log file destination, including the channel number, and channel name used. Configurations on the Web interface destination, including the channel number, and channel name used. The time stamp configurations, specifying the time stamp format for log, trap, debug, and log host information.
display logbuffer
Syntax
display logbuffer [ reverse ] [ level severity | size buffersize ] * [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
reverse: Displays log entries chronologically, with the most recent entry at the top. If this keyword is not specified, the log entries will be displayed chronologically, with the oldest entry at the top. level severity: Displays information of the log with specified level, where severity represents information level, which ranges from 0 to 7. Table 6 Severity description Severity
Emergency Alert Critical Error Warning Notice Informational
Value
0 1 2 3 4 5 6
Description
The system is unusable. Action must be taken immediately Critical conditions Error conditions Warning conditions Normal but significant condition Informational messages
Corresponding keyword in commands

emergencies alerts critical errors warnings notifications informational
11
Severity
Debug
Value
7
Description
Debug-level messages
Corresponding keyword in commands

debugging
size buffersize: Displays specified number of the latest log messages in the log buffer, where buffersize represents the number of the latest log messages to be displayed in the log buffer. The value is in the range 1 to 1024. |: Filters command output by specifying a regular expression. For more information about regular expressions, see the System Management Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, which is a case sensitive string of 1 to 256 characters.
Description
Use the display logbuffer command to display the state of the log buffer and the log information recorded. Absence of the size buffersize argument indicates that all log information recorded in the log buffer is displayed.
Examples
# Display the state and log information of the log buffer.
<Sysname> display logbuffer Logging buffer configuration and contents:enabled Allowed max buffer size : 1024 Actual buffer size : 512 Channel number : 4 , Channel name : logbuffer Dropped messages : 0 Overwritten messages : 718 Current messages : 512
%Jun 17 15:57:09:578 2006 Sysname IC/7/SYS_RESTART: System restarted --
The rest is omitted here. Table 7 Output description Field

Logging buffer configuration and contents Allowed max buffer size Actual buffer size Channel number Channel name Dropped messages
Description
Indicates the current state of the log buffer and its contents, which could be enabled or disabled. The maximum buffer size allowed The actual buffer size The channel number of the log buffer, defaults to 4. The channel name of the log buffer, defaults to logbuffer. The number of dropped messages
12
Field
Overwritten messages Current messages
Description
The number of overwritten messages (when the buffer size is not big enough to hold all messages, the latest messages overwrite the old ones). The number of the current messages
display logbuffer summary

Syntax
display logbuffer summary [ level severity ]
View
Any view
Default level
1: Monitor level
Parameters
level severity: Displays the summary of the log buffer, where severity represents information level, which ranges from 0 to 7.
Description
Use the display logbuffer summary command to display the summary of the log buffer.
Examples
# Display the summary of the log buffer.
<Sysname> display logbuffer summary EMERG ALERT 0 0 CRIT ERROR 0 0 WARN NOTIF 22 0 INFO DEBUG 1 0

EMERG ALERT CRIT ERROR WARN NOTIF INFO DEBUG
Description
Represents emergency, see Table 6 for details Represents alert, see Table 6 for details Represents critical, see Table 6 for details Represents error, see Table 6 for details Represents warning, see Table 6 for details Represents notice, see Table 6 for details Represents informational, see Table 6 for details Represents debug, see Table 6 for details
display logfile buffer

Syntax
display logfile buffer
13
View
Any view
Default level
1: Monitor level
Parameters
None
Description
Use the display logfile buffer command to display contents of the log file buffer. Note that all contents in the log file buffer will be cleared after they are successfully saved into the log file automatically or manually.
Examples
# Display the contents of the log file buffer.
<Sysname> display logfile buffer %@27091414#Aug 7 08:04:02:470 2009 Sysname IFNET/4/INTERFACE UPDOWN: Interface 983040 is Up, ifAdminStatus is 1,
Trap 1.3.6.1.6.3.1.1.5.4<linkUp>: ifOperStatus is 1
The rest is omitted here.
display logfile summary

Syntax
display logfile summary
View
Any view
Default level
1: Monitor level
Parameters
None
Description
Use the display logfile summary command to display the configuration of the log file.
Examples
# Display the configuration of the log file.
<Sysname> display logfile summary Log file is enabled. Channel number : 9 Log file size quota : 10 MB Log file directory : cf:/logfile Writing frequency : 24 hour 0 min 10 sec
14

Log file is Channel number Log file size quota Log file directory Writing frequency
Description
The current state of a log file, which could be enabled or disabled. The channel number of a log file, defaults to 9. The maximum storage space reserved for a log file Log file directory Log file writing frequency
display trapbuffer
Syntax
display trapbuffer [ reverse ] [ size buffersize ]
View
Any view
Default level
1: Monitor level
Parameters
reverse: Displays trap entries chronologically, with the most recent entry at the top. If this keyword is not specified, trap entries will be displayed chronologically, with the oldest entry at the top. size buffersize: Displays specified number of the latest trap messages in a trap buffer, where buffersize represents the number of the latest trap messages in a trap buffer, which ranges from 1 to 1,024.
Description
Use the display trapbuffer command to display the state and the trap information recorded. Absence of the size buffersize argument indicates that all trap information is displayed.
Examples
# Display the state of the trap buffer and the trap information recorded.
<Sysname> display trapbuffer Trapping buffer configuration and contents:enabled Allowed max buffer size : 1024 Actual buffer size : 256 Channel number : 3 , channel name : trapbuffer Dropped messages : 0 Overwritten messages : 0 Current messages : 9 #Aug 7 08:03:27:421 2009 Sysname IFNET/4/INTERFACE UPDOWN: Interface 983041 is Up, ifAdminStatus is 1,
Trap 1.3.6.1.6.3.1.1.5.4<linkUp>: ifOperStatus is 1 #Aug Trap 1.3.6.1.6.3.1.1.5.4<linkUp>: ifOperStatus is 1 #Aug
7 08:03:27:439 2009 Sysname IFNET/4/INTERFACE UPDOWN: Interface 983048 is Up, ifAdminStatus is 1,
7 08:03:27:439 2009 Sysname IFNET/4/INTERFACE UPDOWN:
15
Trap 1.3.6.1.6.3.1.1.5.4<linkUp>: ifOperStatus is 1 #Aug
Interface
983056
is
Up,
ifAdminStatus
is
1,
7 08:03:27:465 2009 Sysname IFNET/4/INTERFACE UPDOWN: Interface 3277798 is Up, ifAdminStatus is 1,
Trap 1.3.6.1.6.3.1.1.5.4<linkUp>: ifOperStatus is 1 #Aug
7 08:05:32:425 2009 Sysname IFNET/4/INTERFACE UPDOWN:
Trap 1.3.6.1.6.3.1.1.5.3<linkDown>: Interface 983048 is Down, ifAdminStatus is 1, ifOperStatus is 2 #Aug 7 08:39:53:302 2009 Sysname SHELL/4/LOGIN: Trap 1.3.6.1.4.1.2011.10.2.2.1.1.3.0.1<h3cLogIn>: login from VTY #Aug 7 08:43:25:583 2009 Sysname CFGMAN/4/TRAP: 1.3.6.1.4.1.2011.10.2.4.2.1<h3cCfgManEventlog> configure changed: EventIndex=1,CommandSource=2,ConfigSource=4,ConfigDestination=2

Trapping buffer configuration and contents Allowed max buffer size Actual buffer size Channel number channel name Dropped messages Overwritten messages Current messages
Description
Indicates the current state of the trap buffer and its contents, which could be enabled or disabled. The maximum buffer size allowed The actual buffer size The channel number of the trap buffer, defaults to 3. The channel name of the trap buffer, defaults to trapbuffer. The number of dropped messages The number of overwritten messages (when the buffer size is not big enough to hold all messages, the latest messages overwrite the old ones). The number of the current messages
enable log updown

Syntax
enable log updown undo enable log updown
View
Interface view
Default level
2: System level
Parameters
None
Description
Use the enable log updown command to allow a port to generate link up/down logging information when the port state changes.
16
Use the undo enable log updown command to disable a port from generating link up/down logging information when the port state changes. By default, all the ports are allowed to generate port link up/down logging information when the port state changes.
Examples
# Disable port Ten-GigabitEthernet 0/0.1 from generating link up/down logging information.
<Sysname> system-view [Sysname] interface ten-gigabitethernet0/0.1 [Sysname-Ten-GigabitEthernet0/0.1] undo enable log updown
info-center channel name

Syntax
info-center channel channel-number name channel-name undo info-center channel channel-number
View
System view
Default level
2: System level
Parameters
channel-number: Specifies a channel number, which ranges from 0 to 9. channel-name: Specifies a channel name, which is a string of 1 to 30 characters. It must be a combination of letters and numbers, and start with a letter and is case insensitive.
Description
Use the info-center channel name command to name a channel with a specified channel number. Use the undo info-center channel command to restore the default name for a channel with a specified channel number. See Table 3 for details of default channel names and channel numbers.
Examples
# Name channel 0 as abc.
<Sysname> system-view [Sysname] info-center channel 0 name abc
info-center console channel

Syntax
info-center console channel { channel-number | channel-name } undo info-center console channel
View
System view
17
Default level
2: System level
Parameters
channel-number: Specifies a channel number, which ranges from 0 to 9. channel-name: Specifies a channel name, which could be a default name or a self-defined name. The user needs to specify a channel name first before using it as a self-defined channel name. For more information, see the info-center channel name command.
Description
Use the info-center console channel command to specify the channel to output system information to the console. Use the undo info-center console channel command to restore the default output channel to the console. By default, output of information to the console is enabled with channel 0 as the default channel (known as console). Note that the info-center console channel command takes effect only after the information center is enabled first with the info-center enable command.
Examples
# Set channel 0 to output system information to the console.
<Sysname> system-view [Sysname] info-center console channel 0
info-center enable
Syntax
info-center enable undo info-center enable
View
System view
Default level
2: System level
Parameters
None
Description
Use the info-center enable command to enable information center. Use the undo info-center enable command to disable the information center. The system outputs information to the log host or the console only after the information center is enabled first. By default, the information center is enabled.
Examples
# Enable the information center.
<Sysname> system-view
18
[Sysname] info-center enable Info: Information center is enabled.
info-center format unicom

Syntax
info-center format unicom undo info-center format
View
System view
Default level
2: System level
Parameters
None
Description
Use the info-center format unicom command to set the format of the system information sent to a log host to UNICOM. Use the undo info-center format command to restore the default. By default, the format of the system information sent to a log host is H3C. The system information sent to a log host is in two formats: H3C and UNICOM. For more information, see the System Maintenance Configuration Guide.
Examples
# Set the format of the system information sent to a log host to UNICOM.
<Sysname> system-view [Sysname] info-center format unicom
info-center logbuffer
Syntax
info-center logbuffer [ channel { channel-number | channel-name } | size buffersize ] * undo info-center logbuffer [ channel | size ]
View
System view
Default level
2: System level
Parameters
channel-number: A specified channel number, which ranges from 0 to 9. channel-name: Specifies a channel name, which could be a default name or a self-defined name. The user needs to specify a channel name first before using it as a self-defined channel name. For more information, see the info-center channel name command.
19
buffersize: Specifies the maximum number of log messages that can be stored in a log buffer. The value ranges from 0 to 1024 and defaults to 512.
Description
Use the info-center logbuffer command to enable information output to a log buffer and set the corresponding parameters. Use the undo info-center logbuffer command to disable information output to a log buffer. By default, information is output to the log buffer with the default channel of channel 4 (logbuffer) and the default buffer size of 512. Note that the info-center logbuffer command takes effect only after the information center is enabled with the info-center enable command.
Examples
# Configure the system to output information to the log buffer through channel 4, and set the log buffer size to 50.
<Sysname> system-view [Sysname] info-center logbuffer size 50
info-center logfile enable

Syntax
info-center logfile enable undo info-center logfile enable
View
System view
Default level
2: System level
Parameters
None
Description
Use the info-center logfile enable command to enable the output of system information to the log file. Use the undo info-center logfile enable command to disable the output of system information to the log file. By default, the output of system information to the log file is enabled.
Examples
# Enable the log file feature.
<Sysname> system-view [Sysname] info-center logfile enable
info-center logfile frequency

Syntax
info-center logfile frequency freq-sec
20
undo info-center logfile frequency
View
System view
Default level
2: System level
Parameters
freq-sec: Frequency with which the system saves the log file, which ranges from 1 to 86,400 seconds.
Description
Use the info-center logfile frequency command to configure the frequency with which the system saves the log file. Use the undo info-center logfile frequency command to restore the default frequency. By default, the frequency with which the system saves the log file varies with devices.
Examples
# Configure the frequency with which the system saves the log file as 60,000 seconds.
<Sysname> system-view [Sysname] info-center logfile frequency 60000
info-center logfile size-quota

Syntax
info-center logfile size-quota size undo info-center logfile size-quota
View
System view
Default level
2: System level
Parameters
size: The maximum storage space reserved for a log file, in MB. The value ranges from 1 to 10 MB.
Description
Use the info-center logfile size-quota command to set the maximum storage space reserved for a log file. Use the undo info-center logfile size-quota command to restore the default maximum storage space reserved for a log file. By default, the storage space reserved for a log file is 10 MB.
Examples
# Set the maximum storage space reserved for a log file to 6 MB.
<Sysname> system-view [Sysname] info-center logfile size-quota 6
21
info-center logfile switch-directory

Syntax
info-center logfile switch-directory dir-name
View
System view
Default level
2: System level
Parameters
dir-name: The name of the directory where a log file is saved, which is a string of 1 to 64 characters.
Description
Use the info-center logfile switch-directory command to configure the directory where a log file is saved. Ensure that the directory is created first before saving a log file into it. By default, the directory to save a log file is the log file directory under the root directory of the storage device.
Examples
# Create a directory with the name test under cfa0: root directory.
<Sysname> mkdir test %Created dir cfa0:/test.
# Set the directory to save the log file to flash:/test.

<Sysname> system-view [Sysname] info-center logfile switch-directory cfa0:/test
info-center loghost
Syntax
info-center loghost { ipv6 host-ipv6-address | [ port port-number ] [ channel { channel-number | channel-name } | facility local-number ] * undo info-center loghost { host-ipv4-address }
View
System view
Default level
2: System level
Parameters
host-ipv4-address: The IPv4 address of the log host. port port-number: Specifies the number of the port that receives the system information on the log host. The value ranges from 1 to 65535 and defaults to 514. In addition, the value of the port-number argument should be the same as the value configured on the log host, otherwise, the log host cannot receive system information. channel: Specifies the channel through which system information can be output to the log host. channel-number: Specifies a channel number, which ranges from 0 to 9.
22
channel-name: Specifies a channel name, which could be a default name or a self-defined name. The user needs to specify a channel name first before using it as a self-defined channel name. For more information, see the info-center channel name command. facility local-number: The logging facility of the log host. The value can be local0 to local7 and defaults to local7. Logging facility is mainly used to mark different logging sources, query and filer the logs of the corresponding log source.
Description
Use the info-center loghost command to specify a log host and to configure the related parameters. Use the undo info-center loghost command to restore the default configurations on a log host. By default, output of system information to the log host is disabled. When it is enabled, the default channel name will be loghost and the default channel number will be 2. Note that: The info-center loghost command takes effect only after the information center is enabled with the info-center enable command. Ensure to input a correct IP address while using the info-center loghost command to configure the IP address for a log host. System will prompt an invalid address if the loopback address (127.0.0.1) is input. A maximum number of 4 hosts (different) can be designated as the log host.
Examples
# Output log information to a log host with the IP address being 1.1.1.1.
<Sysname> system-view [Sysname] info-center loghost 1.1.1.1
info-center loghost source

Syntax
info-center loghost source interface-type interface-number undo info-center loghost source
View
System view
Default level
2: System level
Parameters
interface-type interface-number: Specifies the egress interface for log information by the interface type and interface number.
Description
Use the info-center loghost source command to specify the source IP address for log information. Use the undo info-center loghost source command to restore the default. By default, the interface for sending log information is determined by the matched route, and the primary IP address of this interface is the source IP address of the log information.
23
After the source IP address of log information is specified, no matter which physical interface is used to output the log information, the source IP address of the log information is the primary IP address of the specified interface. If you want to display the source IP address in the log information, you can configure it by using this command. Note that: The info-center loghost source command takes effect only after the information center is enabled with the info-center enable command. The IP address of the specified source interface must be configured; otherwise, although the info-center loghost source command can be configured successfully, the log host will not receive any log information.
Examples
By default, the log information in the following format is displayed on the log host:
<188>Jul 22 05:58:06 2008 Sysname %%10IFNET/4/LINK UPDOWN(l): link status is UP ten-gigabitethernet0/0.2:
# Specify the primary IP address of interface Ten-GigabitEthernet 0/0.1 as the source IP address of log information.
<Sysname> system-view [Sysname] interface Ten-Gigabitethernet0/0.1 [Sysname-Ten-Gigabitethernet0/0.1] ip address 2.2.2.2 24 [Sysname-Ten-Gigabitethernet0/0.1] quit [Sysname] info-center loghost source ten-gigabitethernet0/0.1
After the above configuration, the log information in the following format is displayed on the log host (compared with the default format, the following format has the -DevIP=2.2.2.2 field):
<188>Jul 22 06:11:31 2008 Sysname %%10IFNET/4/LINK ten-gigabitethernet0/0.1: link status is UP UPDOWN(l):-DevIP=2.2.2.2;
info-center monitor channel

Syntax
info-center monitor channel { channel-number | channel-name } undo info-center monitor channel
View
System view
Default level
2: System level
Parameters
channel-number: Specifies a channel number, which ranges from 0 to 9. channel-name: Specifies a channel name, which could be a default name or a self-defined name. The user needs to specify a channel name first before using it as a self-defined channel name. For more information, see the info-center channel name command.
Description
Use the info-center monitor channel command to configure the channel to output system information to the monitor.
24
Use the undo info-center monitor channel command to restore the default channel to output system information to the monitor. By default, output of system information to the monitor is enabled with a default channel name of monitor and a default channel number of 1. NOTE: The info-center monitor channel command takes effect only after the information center is enabled with the info-center enable command.
Examples
# Output system information to the monitor through channel 0.
<Sysname> system-view [Sysname] info-center monitor channel 0
info-center snmp channel

Syntax
info-center snmp channel { channel-number | channel-name } undo info-center snmp channel
View
System view
Default level
2: System level
Parameters
channel-number: Specifies a channel number, which ranges from 0 to 9. channel-name: Specifies a channel name, which could be a default name or a self-defined name. The user needs to specify a channel name first before using it as a self-defined channel name.
Description
Use the info-center snmp channel command to configure the channel to output system information to the SNMP module. Use the undo info-center snmp channel command to restore the default channel to output system information to the SNMP module. By default, output of system information to the SNMP module is enabled with a default channel name of snmpagent and a default channel number of 5.
Examples
# Output system information to the SNMP module through channel 6.
<Sysname> system-view [Sysname] info-center snmp channel 6
25
info-center source
Syntax
info-center source { module-name | default } channel { channel-number | channel-name } [ debug { level severity | state state } * | log { level severity | state state } * | trap { level severity | state state } * ] * undo info-center source { module-name | default } channel { channel-number | channel-name }
View
System view
Default level
2: System level
Parameters
module-name: Specifies the output rules of the system information of the specified modules. For instance, if information on ARP module is to be output, you can configure this argument as ARP. You can use the info-center source ? command to view the modules supported by the device. default: Specifies the output rules of the system information of all the modules allowed to output the system information, including all the modules displayed by using the info-center source ? command. debug: Debugging information. log: Log information. trap: Trap information. level severity: Specifies the severity of system information. For more information, see Table 6. With this keyword, you can specify the severity level of the information allowed/denied to output. state state: Configures whether to output the system information, which could be on (enabled) or off (disabled). With this keyword, you can specify whether to output the specified system information. channel-number: Specifies a channel number, which ranges from 0 to 9. channel-name: Specifies a channel name, which could be a default name or a self-defined name. The user needs to specify a channel name first before using it as a self-defined channel name. For more information, see the info-center channel name command.
Description
Use the info-center source command to specify the output rules of the system information. Use the undo info-center source command to remove the specified output rules. By default, the output rules for the system information are listed in Table 1 1. This command can be used to set the filter and redirection rules of log, trap and debugging information. For example, the user can set to output log information with severity higher than warning to the log host, and information with severity higher than informational to the log buffer. The user can also set to output trap information of the IP module to a specified output destination. Note that: If you do not use the module-name argument to set output rules for a module, the module uses the default output rules or the output rules set by the default keyword; otherwise the module uses the output rules separately set for it.
26
If you use the default keyword to set the output rules for all the modules without specifying the debug, log, and trap keywords, the default output rules for the modules are used. See Table 1 for more 1 information. If you use the module-name argument to set the output rules for a module without specifying the debug, log, and trap keywords, the default output rules for the module are as follows: the output of log and trap information is enabled, with severity being informational; the output of debugging information is disabled, with severity being debug. For example, if you execute the command info-center source snmp channel 5, the command is actually equal to the command info-center source snmp channel 5 debug level debugging state off log level informational state on trap level informational state on. If you repeatedly use the command to set the output rules for a module or for all the modules with the default keyword, the last configured output rules take effect After you separately set the output rules for a module, you must use the module-name argument to modify or remove the rules. The new configuration by using the default keyword is invalid on the module. You can configure to output the log, trap and debugging information to the trap buffer, but the trap buffer only receives the trap information and discards the log and debugging information. You can configure to output the log, trap and debugging information to the log buffer, but the log buffer only receives the log and debugging information and discards the trap information. You can configure to output the log, trap and debugging information to the SNMP module, but the SNMP module only receives the trap information and discards the log and debugging information.
Table 11 Default output rules for different output destinations Output destinatio n
Console Monitor terminal Log host Trap buffer Log buffer SNMP module Log file
Modules allowed
default (all modules) default (all modules) default (all modules) default (all modules) default (all modules) default (all modules) default (all modules)
LOG Enabled/ disabled

Enabled Enabled Enabled Disabled Enabled Disabled Enabled
TRAP Severity
Informatio nal Informatio nal Informatio nal Informatio nal Informatio nal Debug Debug
DEBUG Severity
Debug Debug Debug Informatio nal Debug Informatio nal Debug
Enabled/ disabled
Enabled Enabled Enabled Enabled Disabled Enabled Enabled
Enabled/ disabled
Enabled Enabled Disabled Disabled Disabled Disabled Disabled
Severity
Debug Debug Debug Debug Debug Debug Debug
Examples
# Set the output channel for the log information of VLAN module to snmpagent and to output information with severity being emergency. Log information of other modules cannot be output to this channel.
<Sysname> system-view [Sysname] info-center source default channel snmpagent log state off
27
[Sysname] info-center source vlan channel snmpagent log level emergencies state on
# Set the output channel for the log information of VLAN module to snmpagent and to output information with severity being emergency. Log information of other modules and all the other system information cannot be output to this channel.
<Sysname> system-view [Sysname] info-center source default channel snmpagent debug state off log state off trap state off [Sysname] info-center source vlan channel snmpagent log level emergencies state on
info-center synchronous
Syntax
info-center synchronous undo info-center synchronous
View
System view
Default level
2: System level
Parameters
None
Description
Use the info-center synchronous command to enable synchronous information output. Use the undo info-center synchronous command to disable the synchronous information output. By default, the synchronous information output is disabled. NOTE: If system information, such as log information, is output before you input any information under a current command line prompt, the system will not display the command line prompt after the system information output. If system information is output when you are inputting some interactive information (non Y/N confirmation information), then after the system information output, the system will not display the command line prompt but your previous input in a new line.
Examples
# Enable the synchronous information output function, and then input the display interface ethe command to view Ethernet interface information.
<Sysname> system-view [Sysname] info-center synchronous % Info-center synchronous output is on [Sysname] display interface ten-gigabitethernet
At this time, the system receives log messages, and it then displays the log messages first. After the system displays all the log messages, it displays the users previous input, which is display interface ten-gigabitethernet in this example.
%Apr 29 08:12:44:71 2007 Sysname IFNET/4/LINK UPDOWN:
28
ten-gigabitethernet 0/0.1: link status is UP [Sysname] display interface ten-gigabitethernet
# Enable the synchronous information output function, and then save the current configuration (input interactive information).
<Sysname> system-view [Sysname] info-center synchronous % Info-center synchronous output is on [Sysname] save The current configuration will be written to the device. Are you sure? [Y/N]:
At this time, the system receives the log information, and it then displays the log information first. After the system displays all the log information, it displays the users previous input, which is [Y/N] in this example.
%May 21 14:33:19:425 2007 Sysname SHELL/4/LOGIN: VTY login from 192.168.1.44 [Y/N]:
After the above information is displayed, you can input Y or N to complete your input before the output of the log information.
info-center syslog channel

Syntax
info-center syslog channel { channel-number | channel-name } undo info-center syslog channel
View
System view
Default level
2: System level
Parameters
channel-number: Specifies a channel number, which ranges from 0 to 9. channel-name: Specifies a channel name, which could be a default name or a self-defined name. You need to specify a channel name first before using it as a self-defined channel name. For more information, see the info-center channel name command.
Description
Use the info-center syslog channel command to enable the output of system information to the Web interface. Use the undo info-center syslog channel command to restore the default. By default, system information is output to the Web interface with the default channel of channel 6.
Examples
# Configure the system to output information to the Web interface through channel 7.
<Sysname> system-view [Sysname] info-center syslog channel 7
29
info-center timestamp
Syntax
info-center timestamp { debugging | log | trap } { boot | date | none } undo info-center timestamp { debugging | log | trap }
View
System view
Default level
2: System level
Parameters
debugging: Sets the time stamp format of the debugging information. log: Sets the time stamp output format of the log information. trap: Sets the time stamp output format of the trap information. boot: The time taken to boot up the system, in the format of xxxxxx.yyyyyy, in which xxxxxx represents the most significant 32 bits of the time taken to boot up the system (in milliseconds) whereas yyyyyy is the least significant 32 bits. For example, 0.21990989 equals Jun 25 14:09:26:881 2007. date: The current system date and time, in the format of Mmm dd hh:mm:ss:sss yyyy. Mmm: The abbreviations of the months in English, which could be Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, or Dec. dd: The date, starting with a space if less than 10, for example 7. hh:mm:ss:sss: The local time, with hh ranging from 00 to 23, mm and ss ranging from 00 to 59, and sss ranging from 0 to 999. yyyy: Represents the year.
none: Indicates no time information is provided.
Description
Use the info-center timestamp command to configure the time stamp format of the system information sent to all destinations except log host. Use the undo info-center timestamp command to restore the default. By default, the time stamp format of the system information sent to a log host is set by the info-center timestamp loghost command, and the format of log, trap and debugging information sent to other destinations is date. Related commands: info-center timestamp loghost.
Examples
# Configure the timestamp format for log information as boot.
<Sysname> system-view [Sysname] info-center timestamp log boot
At this time, if you execute the shutdown command on Ten-GigabitEthernet 0/0.1 that is in the UP state, the log information generated is as follows:
%0.1382605158 Sysname IFNET/4/LINK UPDOWN: Ten-GigabitEthernet 0/0.1: link status is DOWN
30
# Configure the timestamp format for log information as date.

<Sysname> system-view [Sysname] info-center timestamp log date
%Sep 29 17:19:11:188 2007 Sysname IFNET/4/LINK UPDOWN: Ten-GigabitEthernet 0/0.1: link status is DOWN
# Configure the timestamp format for log information as none.

<Sysname> system-view [Sysname] info-center timestamp log none
% Sysname IFNET/4/LINK UPDOWN: Ten-GigabitEthernet 0/0.1: link status is DOWN
info-center timestamp loghost

Syntax
info-center timestamp loghost { date | iso | no-year-date | none } undo info-center timestamp loghost
View
System view
Default level
2: System level
Parameters
date: Indicates the current system date and time, in the format of "Mmm dd hh:mm:ss:ms yyyy". However, the display format depends on the log host. iso: Sets the time stamp to ISO 8601 format, for example, 2009-09-21T15:32:55. no-year-date: Indicates the current system date and time (year exclusive). none: Indicates that no time stamp information is provided.
Description
Use the info-center timestamp loghost command to configure the time stamp format of the system information sent to the log host. Use the undo info-center timestamp loghost command to restore the default. By default, the time stamp format for system information sent to the log host is date. Related commands: info-center timestamp.
Examples
# Configure that the system information output to the log host does not include the year information.
<Sysname> system-view [Sysname] info-center timestamp loghost no-year-date
31
info-center trapbuffer
Syntax
info-center trapbuffer [ channel { channel-number | channel-name } | size buffersize ] * undo info-center trapbuffer [ channel | size ]
View
System view
Default level
2: System level
Parameters
size buffersize: Specifies the maximum number of trap messages in a trap buffer, which ranges from 0 to 1,024, and defaults to 256. channel-number: Specifies a channel number, which ranges from 0 to 9. channel-name: Specifies a channel name, which could be a default name or a self-defined name. The user needs to specify a channel name first before using it as a self-defined channel name. For more information, see the info-center channel name command.
Description
Use the info-center trapbuffer command to enable information output to the trap buffer and set the corresponding parameters. Use the undo info-center trapbuffer command to disable information output to the trap buffer. By default, information output to the trap buffer is enabled with channel 3 (trapbuffer) as the default channel and a maximum buffer size of 256. Note that the info-center trapbuffer command takes effect only after the information center is enabled with the info-center enable command.
Examples
# Configure the system to output information to the trap buffer through the default channel, and set the trap buffer size to 30.
<Sysname> system-view [Sysname] info-center trapbuffer size 30
logfile save
Syntax
logfile save
View
Any view
Default level
2: System level
Parameters
None
32
Description
Use the logfile save command to save all the contents in the log file buffer into the log file. By default, the system automatically saves the log file based on a frequency configured by the info-center logfile frequency command into a directory configured by the info-center logfile switch-directory command. Note that all contents in the log file buffer will be cleared after they are successfully saved into the log file automatically or manually.
Examples
# Save the contents in the log file buffer into the log file.
<Sysname> logfile save
reset logbuffer
Syntax
reset logbuffer
View
User view
Default level
3: Manage level
Parameters
None
Description
Use the reset logbuffer command to reset the log buffer contents.
Examples
# Reset the log buffer contents.
<Sysname> reset logbuffer
reset trapbuffer
Syntax
reset trapbuffer
View
User view
Default level
3: Manage level
Parameters
None
Description
Use the reset trapbuffer command to reset the trap buffer contents.
33
Examples
# Reset the trap buffer contents.
<Sysname> reset trapbuffer
terminal debugging
Syntax
terminal debugging undo terminal debugging
View
User view
Default level
1: Monitor level
Parameters
None
Description
Use the terminal debugging command to enable the display of debugging information on the current terminal. Use the undo terminal debugging command to disable the display of debugging information on the current terminal. By default, the display of debugging information on the current terminal is disabled. Note that: To display the debugging information, you need to execute the terminal monitor and terminal debugging commands, then enable information center (enabled by default), and finally use a debugging command to enable the related debugging. The configuration of this command is valid for only the current connection between the terminal and the device. If a new connection is established, the display of debugging information on the terminal restores the default.
Examples
# Enable the display of debugging information on the current terminal.
<Sysname> terminal debugging Info: Current terminal debugging is on.
terminal logging
Syntax
terminal logging undo terminal logging
View
User view
34
Default level
1: Monitor level
Parameters
None
Description
Use the terminal logging command to enable the display of log information on the current terminal. Use the undo terminal logging command to disable the display of log information on the current terminal. By default, the display of log information on the current terminal is disabled. Note that: To display the log information, you need to execute the terminal monitor and terminal logging commands, and then enable information center (enabled by default). The configuration of this command is valid for only the current connection between the terminal and the device. If a new connection is established, the display of log information on the terminal restores the default.
Examples
# Disable the display of log information on the current terminal.
<Sysname> undo terminal logging Info: Current terminal logging is off.
terminal monitor
Syntax
terminal monitor undo terminal monitor
View
User view
Default level
1: Monitor level
Parameters
None
Description
Use the terminal monitor command to enable the monitoring of system information on the current terminal. Use the undo terminal monitor command to disable the monitoring of system information on the current terminal. By default, monitoring of the system information on the console is enabled and that on the monitor terminal is disabled. Note that: You need to configure the terminal monitor command before you can display the log, trap, and debugging information.
35
Configuration of the undo terminal monitor command automatically disables the monitoring of log, trap, and debugging information. The configuration of this command is valid for only the current connection between the terminal and the device. If a new connection is established, the monitoring of system information on the terminal restores the default.
Examples
# Enable the monitoring of system information on the current terminal.
<Sysname> terminal monitor Info: Current terminal monitor is on.
terminal trapping
Syntax
terminal trapping undo terminal trapping
View
User view
Default level
1: Monitor level
Parameters
None
Description
Use the terminal trapping command to enable the display of trap information on the current terminal. Use the undo terminal trapping command to disable the display of trap information on the current terminal. By default, the display of trap information on the current terminal is enabled. Note that: To display the trap information, you need to execute the terminal monitor and terminal trapping commands, and then enable information center (enabled by default). The configuration of this command is valid for only the current connection between the terminal and the device. If a new connection is established, the display of trap information on the terminal restores the default.
Examples
# Enable the display of trap information on the current terminal.
<Sysname> terminal trapping Info: Current terminal trapping is on.
36
Log management commands

display userlog export
Syntax
display userlog export
View
Any view
Default level
1: Monitor level
Parameters
None
Description
Use the display userlog export command to view the configuration and statistics about flow logs exported to the log server. Before using this command, configure the IP address and UDP port number of the log server with the userlog flow export host command. Otherwise, the system may prompt you "No userlog export is enabled". Related commands: reset userlog flow export.
Examples
# View the configuration and statistics about flow logs.
<Sysname> display userlog export nat: No userlog export is enabled
flow: Export Version 1 logs to log server : enabled Source address of exported logs Address of log server VPN-instance Address of log server Total logs/UDP packets exported Logs in buffer : 1.1.1.1 : 2.2.3.3 (port: 2000) : abc : 2.2.4.3 (port: 2000) : 0/0 : 0

nat No userlog export is enabled flow 37
Description
Configuration and statistics about NAT logs (support for this field depends on the device model) Exporting flow logs to the log server is not configured Configuration and statistics about flow logs
Field
Export Version 1 logs to log server
Description
Export flow log packets of version 1.0 to the log server. Source IP address of the flow logging packets (this field will not be displayed if the source IP address is not configured) Address of the log server, including IP address and port number Total number of flow logs exported and total number of the UDP packets carrying these flow logs (a UDP packet may carry multiple flow logs) Total number of flow logs in the cache
Source address of exported logs
Address of log server
Total logs/UDP packets exported Logs in buffer
reset userlog flow export

Syntax
reset userlog flow export
View
User view
Default level
2: System level
Parameters
None
Description
Use the reset userlog flow export command to clear statistics about flow logs. Related commands: display userlog export.
Examples
# Clear statistics about flow logs.
<Sysname> reset userlog flow export
reset userlog flow logbuffer

Syntax
reset userlog flow logbuffer
View
User view
Default level
2: System level
Parameters
None
38
Description
Use the reset userlog flow logbuffer command to clear flow logs in the cache. Flow logs are saved in the cache before being exported to the information center or log server. CAUTION: Clearing flow logs in the cache causes the loss of log information, so you are recommended not to clear the cache unless you are sure you want to clear it.
Examples
# Clear flow logs in the cache.
<Sysname> reset userlog flow logbuffer
userlog flow export host

Syntax
userlog flow export host ipv4-address udp-port undo userlog flow export host ipv4-address
View
System view
Default level
2: System level
Parameters
ipv4-address: IPv4 address of flow logging server, a valid unicast IPv4 address but not a loopback address. udp-port: UDP port number of flow logging server, which ranges from 0 to 65535.
Description
Use the userlog flow export host command to configure the IPv4 address and UDP port number of the log server. Use the undo userlog flow export host command to remove the configuration. By default, the IPv4 address and UDP port number of the log server are not configured. If you configure to output the flow logs through UDP packets, the flow logging server must be configured, otherwise flow logs cannot be exported. To avoid collision with general UDP port numbers, UDP port numbers in the range 1025 to 65535 are recommended. You can select at most two log servers from three types of log servers to receive flow logs for each device. If you specify two log servers for a device, the servers can be of the same type or of different types. If you have already specified two servers, you need to delete an existing one to specify a new one. If in a new configuration, the IP address is the same with that of the currently effective configuration, but other information of the two configurations is different, then the new configuration will overwrite the previous one.
Examples
# Export flow logs to the log server with IP address 1.2.3.6, and port number 2000. (On a centralized device)
39
<Sysname> system-view [Sysname] userlog flow export host 1.2.3.6 2000
# Export flow logs of the card in slot 2 to the log server, and the VPN instance name is vpn3. The IP address of flow logging server 1 is 1.2.3.6, and the port number is 2000; the IP address of flow logging server 2 is 1.2.3.7, and the port number is 2001. (On a distributed device)
<Sysname> system-view [Sysname] userlog flow export slot 2 vpn-instance vpn3 host 1.2.3.6 2000 [Sysname] userlog flow export slot 2 vpn-instance vpn3 host 1.2.3.7 2001
userlog flow export source-ip

Syntax
userlog flow export source-ip ip-address undo userlog flow export source-ip
View
System view
Default level
2: System level
Parameters
ip-address: Source IP address of a flow logging packet.
Description
Use the userlog flow export source-ip command to configure the source IP address of flow logging packets. Use the undo userlog flow export source-ip command to restore the default. By default, the source IP address of flow logging packets is the IP address of the egress interface of the packets. Related commands: userlog flow export host.
Examples
# Configure the source IP address of flow logging packets as 1.2.1.2.
<Sysname> system-view [Sysname] userlog flow export source-ip 1.2.1.2
userlog flow export version

Syntax
userlog flow export version version-number undo userlog flow export version
View
System view
Default level
2: System level
40
Parameters
version-number: Flow logging version number. The value is either 1 or 3.
Description
Use the userlog flow export version command to configure the flow logging version. Use the undo userlog flow export version command to restore the default. By default, flow logging version is 1.0. If you configure the flow logging version multiple times, the latest configuration will take effect. Although a device supports both of the two versions, only one can be active at one time.
Examples
# Set the flow logging version to 3.0.
<Sysname> system-view [Sysname] userlog flow export version 3
userlog flow syslog

Syntax
userlog flow syslog undo userlog flow syslog
View
System view
Default level
2: System level
Parameters
None
Description
Use the userlog flow syslog command to export flow logs to the information center. Use the undo userlog flow syslog command to restore the default. By default, flow logs are exported to the log server. The two export approaches of flow logs are mutually exclusive, and you can choose only one of them at one time. If you configure two approaches simultaneously, the system automatically exports the flow logs to the information center. Exporting flow logs to the information center takes up storage space of the device, so adopt this export approach when there are a small amount of logs.
Examples
# Export flow logs to the information center.
<Sysname> system-view [Sysname] userlog flow syslog
41
SNMP configuration commands

display snmp-agent community
Syntax
display snmp-agent community [ read | write ]
View
Any view
Default level
1: Monitor level
Parameters
read: Displays information about SNMP read-only communities. write: Displays information about SNMP read and write communities.
Description
Use the display snmp-agent community command to display community information for SNMPv1 or SNMPv2c.
Examples
# Display the information of all the communities that have been configured.
<Sysname> display snmp-agent community Community name: aa Group name: aa Acl:2001 Storage-type: nonVolatile
Community name: bb Group name: bb Storage-type: nonVolatile
Community name: userv1 Group name: testv1 Storage-type: nonVolatile
Table 13 Output description Field Description

Community name. Community name
If a community name is created by using the snmp-agent community command, the

community name is displayed.
If a community name is created by using the snmp-agent usm-user { v1 | v2c } command,

the user name is displayed.
42
Field
Description
SNMP group name.
If a community name is created by using the snmp-agent community command, the group
Group name name and the community name are the same, which means the community name is displayed. the name of the group to which the user belongs is displayed.
If a community name is created by using the snmp-agent usm-user { v1 | v2c } command,

The number of the ACL in use. Acl After an ACL is configured, only the Network Management Station (NMS) with the IP address that matches the ACL rule can access the device. Storage type, which could be:
Storage-type
volatile: Information is lost when the system is rebooted nonVolatile: Information is not lost when the system is rebooted permanent: Information is not lost when the system is rebooted. Modification is permitted,
but deletion is forbidden
readOnly: Information is not lost when the system is rebooted. Read only, that is, no
modification, no deletion
other: Other storage types
display snmp-agent group

Syntax
display snmp-agent group [ group-name ]
View
Any view
Default level
1: Monitor level
Parameters
group-name: Specifies the SNMP group name, which is a case sensitive string of 1 to 32 characters.
Description
Use the display snmp-agent group command to display information for the SNMPv3 group, including group name, security model, MIB view, storage type, and so on. Absence of the group-name parameter indicates that information for all groups is displayed.
Examples
# Display the information of all SNMP groups.
<Sysname> display snmp-agent group Group name: groupv3 Security model: v3 noAuthnoPriv Readview: ViewDefault Writeview: <no specified> Notifyview: <no specified> Storage-type: nonVolatile
43

Group name Security model Readview Writeview Notifyview Storage-type
Description
SNMP group name Security model of the SNMP group, which can be: authPriv (authentication with privacy), authNoPriv (authentication without privacy), or noAuthNoPriv (no authentication no privacy). The read only MIB view associated with the SNMP group The writable MIB view associated with the SNMP group The notify MIB view associated with the SNMP group, the view with entries that can generate traps Storage type, which includes: volatile, nonVolatile, permanent, readOnly, and other. For more information, see Table 13.
display snmp-agent local-engineid

Syntax
display snmp-agent local-engineid
View
Any view
Default level
1: Monitor level
Parameters
None
Description
Use the display snmp-agent local-engineid command to display the local SNMP agent engine ID. SNMP engine ID identifies an SNMP entity uniquely within an SNMP domain. SNMP engine is an indispensable part of an SNMP entity. It provides the SNMP message allocation, message handling, authentication, and access control.
Examples
# Display the local SNMP agent engine ID.
<Sysname> display snmp-agent local-engineid SNMP local EngineID: 800007DB7F0000013859
display snmp-agent mib-view

Syntax
display snmp-agent mib-view [ exclude | include | viewname view-name ]
View
Any view
Default level
1: Monitor level
44
Parameters
exclude: Displays the subtrees excluded from any MIB view. include: Displays the subtrees included in any MIB view. viewname view-name: Displays information about the specified MIB view.
Description
Use the display snmp-agent mib-view command to display MIB view information. If you do not specify any keyword or keyword and argument combination, the command displays all MIB views.
Examples
# Display all SNMP MIB views of the device.
<Sysname> display snmp-agent mib-view View name:ViewDefault MIB Subtree:iso Subtree mask: Storage-type: nonVolatile View Type:included View status:active
View name:ViewDefault MIB Subtree:snmpUsmMIB Subtree mask: Storage-type: nonVolatile View Type:excluded View status:active View name:ViewDefault MIB Subtree:snmpVacmMIB Subtree mask: Storage-type: nonVolatile View Type:excluded View status:active
View name:ViewDefault MIB Subtree:snmpModules.18 Subtree mask: Storage-type: nonVolatile View Type:excluded View status:active
The ViewDefault is the default MIB view. The output shows that all MIB objects in the iso subtree are accessible except for the MIB objects in the snmpUsmMIB, snmpVacmMIB, and snmpModules.18 subtrees. Table 15 Output description Field
View name
Description
MIB view name 45
Field
MIB Subtree Subtree mask Storage-type View Type View status
Description
A MIB subtree covered by the MIB view MIB subtree mask Type of the medium where the subtree view is stored Access privilege for the MIB subtree in the MIB view:
IncludedAll objects in the MIB subtree are accessible in the MIB view ExcludedNone of the objects in the MIB subtree is accessible in the MIB view
The status of the MIB view
display snmp-agent statistics

Syntax
display snmp-agent statistics
View
Any view
Default level
1: Monitor level
Parameters
None
Description
Use the display snmp-agent statistics command to display SNMP statistics.
Examples
# Display the statistics on the current SNMP.
<Sysname> display snmp-agent statistics 1684 Messages delivered to the SNMP entity 5 Messages which were for an unsupported version 0 Messages which used a SNMP community name not known 0 Messages which represented an illegal operation for the community supplied 0 ASN.1 or BER errors in the process of decoding 1679 Messages passed from the SNMP entity 0 SNMP PDUs which had badValue error-status 0 SNMP PDUs which had genErr error-status 0 SNMP PDUs which had noSuchName error-status 0 SNMP PDUs which had tooBig error-status (Maximum packet size 1500) 16544 MIB objects retrieved successfully 2 MIB objects altered successfully 7 GetRequest-PDU accepted and processed 7 GetNextRequest-PDU accepted and processed 1653 GetBulkRequest-PDU accepted and processed 1669 GetResponse-PDU accepted and processed 2 SetRequest-PDU accepted and processed 0 Trap PDUs accepted and processed
46
0 Alternate Response Class PDUs dropped silently 0 Forwarded Confirmed Class PDUs dropped silently

Messages delivered to the SNMP entity Messages which were for an unsupported version Messages which used a SNMP community name not known Messages which represented an illegal operation for the community supplied ASN.1 or BER errors in the process of decoding Messages passed from the SNMP entity SNMP PDUs which had badValue error-status SNMP PDUs which had genErr error-status SNMP PDUs which had noSuchName error-status SNMP PDUs which had tooBig error-status (Maximum packet size 1500) MIB objects retrieved successfully MIB objects altered successfully GetRequest-PDU accepted and processed GetNextRequest-PDU accepted and processed GetBulkRequest-PDU accepted and processed GetResponse-PDU accepted and processed SetRequest-PDU accepted and processed Trap PDUs accepted and processed Alternate Response Class PDUs dropped silently Forwarded Confirmed Class PDUs dropped silently
Description
Number of packets delivered to the SNMP agent Number of packets from a device with an SNMP version that is not supported by the current SNMP agent Number of packets that use an unknown community name Number of packets carrying an operation that the community has no right to perform Number of packets with ASN.1 or BER errors in the process of decoding Number of packets sent by the SNMP agent Number of SNMP PDUs with a badValue error Number of SNMP PDUs with a genErr error Number of PDUs with a noSuchName error Number of PDUs with a tooBig error (the maximum packet size is 1,500 bytes) Number of MIB objects that have been successfully retrieved Number of MIB objects that have been successfully modified Number of get requests that have been received and processed Number of getNext requests that have been received and processed Number of getBulk requests that have been received and processed Number of get responses that have been received and processed Number of set requests that have been received and processed Number of traps that have been received and processed Number of dropped response packets Number of forwarded packets that have been dropped
47
display snmp-agent sys-info

Syntax
display snmp-agent sys-info [ contact | location | version ] *
View
Any view
Default level
1: Monitor level
Parameters
contact: Displays the contact information of the current network administrator. location: Displays the location information of the current device. version: Displays the version of the current SNMP agent.
Description
Use the display snmp-agent sys-info command to display the current SNMP system information. If no keyword is specified, all SNMP agent system information is displayed.
Examples
# Display the current SNMP agent system information.
<Sysname> display snmp-agent sys-info The contact person for this managed node: Hangzhou H3C Technologies Co., Ltd. The physical location of this node: Hangzhou, China SNMP version running in the system: SNMPv3
display snmp-agent trap queue

Syntax
display snmp-agent trap queue
View
Any view
Default level
1: Monitor level
Parameters
None
Description
Use the display snmp-agent trap queue command to display basic information of the trap queue, including trap queue name, queue length and the number of traps in the queue currently. Related commands: snmp-agent trap life and snmp-agent trap queue-size.
48
Examples
# Display the current configuration and usage of the trap queue.
<Sysname> display snmp-agent trap queue Queue name: SNTP Queue size: 100 Message number: 6

Queue name Queue size Message number
Description
Trap queue name Trap queue size Number of traps in the current trap queue
display snmp-agent trap-list

Syntax
display snmp-agent trap-list
View
Any view
Default level
1: Monitor level
Parameters
None
Description
Use the display snmp-agent trap-list command to display the modules that can generate traps and whether their trap function is enabled or not. If a module comprises multiple sub-modules, then as long as one sub-module has the trap function enabled, the whole module is displayed as being enabled with the trap function. Related commands: snmp-agent trap enable.
Examples
# Display the modules that can generate traps and whether their trap function is enabled or not.
<Sysname> display snmp-agent trap-list bgp trap enable configuration trap enable flash trap enable ospf trap enable standard trap enable system trap enable vrrp trap enable Enable traps: 7; Disable traps: 0
If a module can generate traps, its trap function status is enable; if not, disable. You can enable or disable the trap function for a module at the command line interface (CLI).
49
display snmp-agent usm-user

Syntax
display snmp-agent usm-user [ engineid engineid | username user-name | group group-name ] *
View
Any view
Default level
1: Monitor level
Parameters
engineid engineid: Displays SNMPv3 user information for the SNMP engine ID identified by engineid. When an SNMPv3 user is created, the system records the current local SNMP entity engine ID of the device. If the engine ID is modified, the user becomes invalid and will become valid again if the engine ID is restored. username user-name: Displays SNMPv3 user information for a specified user name. It is case sensitive. group group-name: Displays SNMPv3 user information for a specified SNMP group name. It is case sensitive.
Description
Use the display snmp-agent usm-user command to display SNMPv3 user information.
Examples
# Display SNMPv3 information for all created users.
<Sysname> display snmp-agent usm-user User name: userv3 Group name: mygroupv3 Engine ID: 800063A203000FE240A1A6 Storage-type: nonVolatile UserStatus: active User name: userv3code Group name: groupv3code Engine ID: 800063A203000FE240A1A6 Storage-type: nonVolatile UserStatus: active

User name Group name Engine ID
Description
SNMP user name SNMP group name Engine ID for an SNMP entity
50
Field
Description
Storage type, which can be:
Storage-type
volatile nonvolatile permanent readOnly other
See Table 13 for details. UserStatus SNMP user status
enable snmp trap updown

Syntax
enable snmp trap updown undo enable snmp trap updown
View
Interface view
Default level
2: System level
Parameters
None
Description
Use the enable snmp trap updown command to enable the trap function for interface state changes on an interface. Use the undo enable snmp trap updown command to disable the trap function for interface state changes on an interface. By default, the trap function for interface state changes is enabled. NOTE: For an interface to generate linkUp/linkDown traps when its state changes, you must also enable the linkUp/linkDown trap function globally by using the enable snmp trap updown command. Related commands: snmp-agent target-host and snmp-agent trap enable.
Examples
# Enable port Ten-GigabitEthernet 0/0.1 to send linkUp/linkDown SNMP traps in the community public.
<Sysname> system-view [Sysname] snmp-agent trap enable [Sysname] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public [Sysname] interface Ten-GigabitEthernet 0/0.1 [Sysname-Ten-GigabitEthernet 0/0.1] enable snmp trap updown
51
snmp-agent
Syntax
snmp-agent undo snmp-agent
View
System view
Default level
3: Manage level
Parameters
None
Description
Use the snmp-agent command to enable the SNMP agent service. Use the undo snmp-agent command to disable the SNMP agent service. By default, the SNMP agent service is disabled. You can enable the SNMP agent service through any commands that begin with snmp-agent.
Examples
# Enable the SNMP agent service on the device.
<Sysname> system-view [Sysname] snmp-agent
snmp-agent calculate-password
Syntax
snmp-agent calculate-password plain-password mode { 3desmd5 | 3dessha | md5 | sha } { local-engineid | specified-engineid engineid }
View
System view
Default level
3: Manage level
Parameters
plain-password: Specifies a plain text authentication or privacy key. mode: Specifies authentication and privacy algorithms. Select a mode option, depending on the authentication and privacy algorithm you are configuring with the snmp-agent usm-user v3 command. The three privacy algorithms Advanced Encryption Standard (AES), Triple Data Encryption Standard (3DES), and Data Encryption Standard (DES) are in descending order of security strength. Higher security means more complex implementation mechanism and lower speed. DES is enough to meet general requirements. The Message-Digest Algorithm 5 (MD5) and Secure Hash Algorithm (SHA-1) are the two authentication algorithms. MD5 is faster than SHA-1, while SHA-1 provides higher security than MD5.
52
3desmd5: Converts the plain text privacy key to an encrypted key for 3DES encryption used together with MD5 authentication. 3dessha: Converts the plain text privacy key to an encrypted key for 3DES encryption used together with SHA-1 authentication. md5: Converts the plain text authentication key to an encrypted key for MD5 authentication, or converts the plain text privacy key to an encrypted key for AES or DES encryption used in conjunction with MD5. sha: Converts the plain text authentication key to an encrypted key for SHA-1 authentication, or converts the plain text privacy key to an encrypted key for AES or DES encryption used in conjunction with SHA-1 authentication.
local-engineid: Uses the local engine ID to calculate the encrypted key. For engine ID-related configuration, see the snmp-agent local-engineid command. specified-engineid: Uses a user-defined engine ID to calculate the encrypted key. engineid: Specifies an SNMP engine ID as a hexadecimal string. It must comprise an even number of hexadecimal characters, which ranges from 10 to 64. All-zero and all-F strings are invalid.
Description
Use the snmp-agent calculate-password command to convert a plain text key to an encrypted key for authentication or encryption. This command helps you calculate encrypted authentication and privacy keys for SNMPv3 users that use encrypted authentication and privacy keys. To create an SNMPv3 user, see the snmp-agent usm-user v3 command. Enable SNMP before you execute the snmp-agent calculate-password command. The encrypted key converted for SHA authentication is a string of 40 hexadecimal characters. For an authentication key, all of the 40 hexadecimal characters are valid. For a privacy key, only the first 32 hexadecimal characters are valid. The converted key is valid only under the specified engine ID. Related commands: snmp-agent usm-user v3.
Examples
# Use local engine ID to convert the plain text key authkey to an encrypted key for MD5 authentication.
<Sysname> system-view [Sysname] snmp-agent calculate-password authkey mode md5 local-engineid The secret key is: 09659EC5A9AE91BA189E5845E1DDE0CC
snmp-agent community
Syntax
snmp-agent community { read | write } community-name [ acl acl-number | mib-view view-name ] * undo snmp-agent community { read | write } community-name
View
System view
Default level
3: Manage level
53
Parameters
read: Assigns the specified community the read only access to MIB objects. A read-only community can only inquire MIB information. write: Assigns the specified community the read and write access to MIB objects. A read and write community can configure MIB information. community-name: Sets a community name, which is a string of 1 to 32 characters. acl acl-number: Applies a basic ACL to filter NMSs by source IP address. The acl-number argument represents a basic ACL number in the range of 2,000 to 2,999. mib-view view-name: Specifies the MIB view available for the community. The view-name argument represents a MIB view name, which is a string of 1 to 32 characters. A MIB view represents a set of accessible MIB objects. If no MIB view is specified, the specified community can access the MIB objects in the default MIB view ViewDefault. To create a MIB view, use the snmp-agent mib-view command.
Description
Use the snmp-agent community command to configure an SNMP community. Use the undo snmp-agent community command to delete a specified community. This command is for SNMPv1 and SNMPv2c. A community comprises NMSs and SNMP agents, and is identified by a community name. When devices in a community communicate with each other, they use the community name for authentication. An NMS and an SNMP agent can access each other only when they are configured with the same community name. Typically, public is used as the read-only community name, and private is used as the read and write community name. To improve security, assign your SNMP communities a name other than public and private. To ensure that the MIB objects are accessible only to a specific NMS, use a basic ACL to identify the source IP address of the NMS. To set the range of the MIB objects available for the community, use a MIB view. Related commands: snmp-agent mib-view.
Examples
# Create a read-only community and name it readaccess.
<Sysname> system-view [Sysname] snmp-agent sys-info version v1 v2c [Sysname] snmp-agent community read readaccess
Set the SNMP version on the NMS to SNMPv1 or SNMPv2c Fill in the read-only community name readaccess Establish a connection, and the NMS can perform read-only operations to the MIB objects in the default MIB view (ViewDefault) on the device
# Create a read and write community and name it writeaccess. Enable only the NMS with the IP address of 1.1.1.1 in this community to update the values of the agent MIB objects.
<Sysname> system-view [Sysname] acl number 2001 [Sysname-acl-basic-2001] rule permit source 1.1.1.1 0.0.0.0 [Sysname-acl-basic-2001] rule deny source any [Sysname-acl-basic-2001] quit [Sysname] snmp-agent sys-info version v2c
54
[Sysname] snmp-agent community write writeaccess acl 2001
Set the IP address of the NMS to 1.1.1.1 Set the SNMP version on the NMS to SNMPv2c Fill in the write community name writeaccess; namely, the NMS can perform read-only operations to the MIB objects in the default MIB view (ViewDefault) on the device
# Create a read and write community and name it wr-sys-acc. The NMS can perform the read and write operations to the MIB objects of the system subtree (with the OID of 1.3.6.1.2.1.1).
<Sysname> system-view [Sysname] snmp-agent sys-info version v1 v2c [Sysname] undo snmp-agent mib-view ViewDefault [Sysname] snmp-agent mib-view included test system [Sysname] snmp-agent community write wr-sys-acc mib-view test
Set the SNMP version on the NMS to SNMPv1 or SNMPv2c Fill in the write community name wr-sys-acc Establish a connection, and the NMS can perform read and write operations to the MIB objects in system view on the device
snmp-agent group
Syntax
SNMPv1 and SNMP v2c: snmp-agent group { v1 | v2c } group-name [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ] undo snmp-agent group { v1 | v2c } group-name SNMPv3: snmp-agent group v3 group-name [ authentication | privacy ] [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ] undo snmp-agent group v3 group-name [ authentication | privacy ]
View
System view
Default level
3: Manage level
Parameters
v1: SNMPv1. v2c: SNMPv2c. v3: SNMPv3. group-name: Group name, which is a string of 1 to 32 characters. authentication: Specifies the security model of the SNMPv3 group to be authentication only (without privacy). privacy: Specifies the security model of the SNMPv3 group to be authentication and privacy.
55
read-view read-view: Specifies a read-only MIB view. The read-view represents a MIB view, which is a string of 1 to 32 characters. The users in the specified group have read only access to the objects included in the MIB view. The default read view is ViewDefault. write-view write-view: Specifies a read and write MIB view. The write-view argument represents a MIB view, which is a string of 1 to 32 characters. The users in the specified group have read and write access to the objects included in the MIB view. By default, no write view is configured, which means the NMS cannot perform the write operations to all MIB objects on the device. notify-view notify-view: Specifies a trap MIB view. The notify-view argument represents a MIB view, which is a string of 1 to 32 characters. The system sends traps to the users in the specified group for the objects included in the MIB view. By default, no notify view is configured, which means the agent does not send traps to the NMS. acl acl-number: Specifies a basic ACL by its number, which ranges from 2000 to 2999. This ACL filters NMSs by source IP address. In other words, you can configure to allow or prohibit SNMP packets with a specific source IP address to restrict the intercommunication between the NMS and the agent.
Description
Use the snmp-agent group command to create an SNMP group and specify its access right. Use the undo snmp-agent group command to delete an SNMP group. By default, new SNMP groups configured by the snmp-agent group v3 command use a no-authentication-no-privacy security model. An SNMP group defines security model, access right, and so on. A user in this SNMP group has all these public properties. Related commands: snmp-agent mib-view and snmp-agent usm-user.
Examples
# Create an SNMP group group1 on an SNMPv3 enabled device, no authentication, no privacy.
<Sysname> system-view [Sysname] snmp-agent group v3 group1
snmp-agent local-engineid
Syntax
snmp-agent local-engineid engineid undo snmp-agent local-engineid
View
System view
Default level
3: Manage level
Parameters
engineid: Specifies an SNMP engine ID as a hexadecimal string. It must comprise an even number of hexadecimal characters, which ranges from 10 to 64. All-zero and all-F strings are invalid.
Description
Use the snmp-agent local-engineid command to configure a local engine ID for an SNMP entity. Use the undo snmp-agent local-engineid command to restore the default local engine ID.
56
By default, the engine ID of a device is the combination of company ID and device ID. Device ID varies by product; it could be an IP address, a MAC address, or a self-defined string of hexadecimal numbers. An engine ID has two functions: For all devices managed by one NMS, each device needs a unique engine ID to identify the SNMP agent. By default, each device has an engine ID. The network administrator has to ensure that there is no repeated engine ID within an SNMP domain. In SNMPv3, the user name and cipher text password are associated with the engine ID. Therefore, if the engine ID changes, the user name and cipher text password configured under the engine ID become invalid.
Typically, the device uses its default engine ID. For ease of remembrance, you can set engine IDs for the devices according to the network planning. For example, if both device 1 and device 2 are on the first floor of building A, you can set the engine ID of device 1 to 000Af0010001, and that of device 2 to 000Af0010002. Related commands: snmp-agent usm-user.
Examples
# Configure the local engine ID as 123456789A.
<Sysname> system-view [Sysname] snmp-agent local-engineid 123456789A
snmp-agent log
Syntax
snmp-agent log { all | get-operation | set-operation } undo snmp-agent log { all | get-operation | set-operation }
View
System view
Default level
3: Manage level
Parameters
all: Enables logging of SNMP GET and SET operations. get-operation: Enables logging of SNMP GET operation. set-operation: Enables logging of SNMP SET operation.
Description
Use the snmp-agent log command to enable SNMP logging. Use the undo snmp-agent log command to restore the default. By default, SNMP logging is disabled. If specified SNMP logging is enabled, when the NMS performs a specified operation to the SNMP agent, the latter records the operation-related information and saves it to the information center. With parameters for the information center set, output rules of the SNMP logs are decided (that is, whether logs are permitted to output and the output destinations).
57
Examples
# Enable logging of SNMP GET operation.
<Sysname> system-view [Sysname] snmp-agent log get-operation
# Enable logging of SNMP SET operation.

<Sysname> system-view [Sysname] snmp-agent log set-operation
snmp-agent mib-view
Syntax
snmp-agent mib-view { excluded | included } view-name oid-tree [ mask mask-value ] undo snmp-agent mib-view view-name
View
System view
Default level
3: Manage level
Parameters
excluded: Denies access to any nodes in the specified MIB subtree. included: Permits access to the nodes in the specified MIB subtree. view-name: Specify a view name, which is a string of 1 to 32 characters. oid-tree: Specifies a MIB subtree by its root nodes OID, such as 1.4.5.3.1, or object name, such as system. An OID is made up of a series of integers. It marks the position of a node in the MIB tree and uniquely identifies a MIB object. mask mask-value: Sets a MIB subtree mask, which is a hexadecimal string. Its length must be an even number in the range of 2 to 32. For example, you can specify 0a, aa, but not 0aa. If no subtree mask is specified, the MIB subtree mask is an all-F hexadecimal string. The MIB subtree and the subtree mask together identify a set of objects to be included or excluded from the view.
Description
Use the snmp-agent mib-view command to create or update a MIB view. Use the undo snmp-agent mib-view command to delete a MIB view. By default, the system creates the ViewDefault view when the SNMP agent is enabled. In the default MIB view, all MIB objects in the iso subtree but the snmpUsmMIB, snmpVacmMIB, and snmpModules.18 subtrees are accessible. A MIB view represents a set of MIB objects (or MIB object hierarchies) with certain access privilege. The MIB objects included in the MIB view are accessible while those excluded from the MIB view are inaccessible. Each view-name oid-tree pair represents a view record. If you specify the same record with different MIB subtree masks multiple times, the last configuration takes effect. The system can store entries for up to 20 unique MIB view records. Except the four subtrees in the default MIB view, you can create up to 16 unique MIB view records. After you delete the default view with the undo snmp-agent mib-view command, you can create up to 20 unique MIB view records.
58
Be cautious with deleting the default MIB view. The operation blocks access to any MIB object on the device from NMSs that use the default view. Related commands: snmp-agent group.
Examples
# Include the mib-2 (OID 1.3.6.1) subtree in the mibtest view, exclude the ip subtree from the mibtest view.
<Sysname> system-view [Sysname] snmp-agent mib-view included mibtest 1.3.6.1 [Sysname] snmp-agent mib-view excluded mibtest ip [Sysname] snmp-agent community read public mib-view mibtest
An SNMPv1 NMS in the public community can query the objects in the mib-2 subtree, but not any objects (for example, the ipForwarding or ipDefaultTTL node) in the ip subtree.
snmp-agent packet max-size

Syntax
snmp-agent packet max-size byte-count undo snmp-agent packet max-size
View
System view
Default level
3: Manage level
Parameters
byte-count: Maximum number of bytes of an SNMP packet that can be received or sent by an agent, which ranges from 484 to 17,940 and defaults to 1,500 bytes.
Description
Use the snmp-agent packet max-size command to set the maximum size (in bytes) of SNMP packets that the SNMP agent can receive or send. Use the undo snmp-agent packet max-size command to restore the default packet size. By default, the maximum size of SNMP packets that the SNMP agent can receive or send is 1500 bytes. If any device on the path to the NMS does not support packet fragmentation, limit the SNMP packet size to prevent large-sized packets from being discarded. In any other cases, the default value is sufficient.
Examples
# Set the maximum size of SNMP packets that the SNMP agent can receive or send to 1,042 bytes.
<Sysname> system-view [Sysname] snmp-agent packet max-size 1042
snmp-agent sys-info
Syntax
snmp-agent sys-info { contact sys-contact | location sys-location | version { all | { v1 | v2c | v3 }* } } undo snmp-agent sys-info { contact | location | version { all | { v1 | v2c | v3 }* } }
59
View
System view
Default level
3: Manage level
Parameters
contact sys-contact: A string of 1 to 200 characters that describes the contact information for system maintenance. location sys-location: A string of 1 to 200 characters that describes the location of the device. version: The SNMP version in use. all: Specifies SNMPv1, SNMPv2c, and SNMPv3. v1: SNMPv1. v2c: SNMPv2c. v3: SNMPv3.
Description
Use the snmp-agent sys-info command to configure system information, including the contact information, the location, and the SNMP version in use. Use the undo snmp-agent sys-info contact and undo snmp-agent sys-info location command to restore the default. Use the undo snmp-agent sys-info version command to disable use of the SNMP function of the specified version. By default, the location information is Hangzhou China, version is SNMPv3, and the contact is Hangzhou H3C Technologies Co., Ltd. Successful interaction between an NMS and the agents requires consistency of SNMP versions configured on them. Related commands: display snmp-agent sys-info. NOTE: Network maintenance engineers can use the system contact information to get in touch with the manufacturer in case of network failures. The system location information is a management variable under the system branch as defined in RFC 1213-MIB, identifying the location of the managed object.
Examples
# Configure the contact information as Dial System Operator at beeper # 27345.
<Sysname> system-view [Sysname] snmp-agent sys-info contact Dial System Operator at beeper # 27345
snmp-agent target-host
Syntax
snmp-agent target-host trap address udp-domain ip-address [ udp-port port-number ] params securityname security-string [ v1 | v2c | v3 [ authentication | privacy ] ] undo snmp-agent target-host trap address udp-domain ip-address params securityname security-string
60
View
System view
Default level
3: Manage level
Parameters
trap: Specifies the host to be the target host which receives traps and notifications from the device. address: Specifies the destination IP address in the SNMP messages sent from the device. udp-domain: Indicates that the trap is transmitted using UDP. ip-address: The IPv4 address of the trap target host. udp-port port-number: Specifies the number of the port on the target host to receive traps. The value defaults to 162. params securityname security-string: Specifies the authentication related parameter, which is an SNMPv1 or SNMPv2c community name or an SNMPv3 user name, a string of 1 to 32 characters. v1: SNMPv1. This keyword must be the same as the SNMP version on the NMS; otherwise, the NMS cannot receive any trap. v2c: SNMPv2c. This keyword must be the same as the SNMP version on the NMS; otherwise, the NMS cannot receive any trap. v3: SNMPv3. This keyword must be the same as the SNMP version on the NMS; otherwise, the NMS cannot receive any trap. authentication: Specifies the security model to be authentication without privacy. Authentication is a process to check whether the packet is integral and whether it has been tampered. When creating an SNMPv3 user, configure the authentication password. privacy: Specifies the security model to be authentication with privacy. Privacy is to encrypt the data part of a packet to prevent it from being intercepted. When creating an SNMPv3 user, configure the authentication password and privacy password.
Description
Use the snmp-agent target-host command to configure the related settings for a trap target host. Use the undo snmp-agent target-host command to remove the current settings. According to the networking requirements, you can use this command for multiple times to configure different settings for a target host, enabling the device to send trap messages to different NMSs. If udp-port port-number is not specified, port number 162 is used. If the key words v1, v2 and v3 are not specified, v1 is used. If the key words authentication and privacy are not specified, the authentication mode is no authentication, no privacy.
Related commands: enable snmp trap updown, snmp-agent trap enable, snmp-agent trap life, and snmp-agent trap source.
Examples
# Enable the device to send SNMPv1 traps to 10.1.1.1, using the community name of public.
<Sysname> system-view [Sysname] snmp-agent trap enable standard [Sysname] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public
61
snmp-agent trap enable

Syntax
snmp-agent trap enable [bgp | configuration | flash | ospf [ process-id ] [ ifauthfail | ifcfgerror | ifrxbadpkt | ifstatechange | iftxretransmit | lsdbapproachoverflow | lsdboverflow | maxagelsa | nbrstatechange | originatelsa | vifcfgerror | virifauthfail | virifrxbadpkt | virifstatechange | viriftxretransmit | virnbrstatechange ] * | standard [ authentication | coldstart | linkdown | linkup | warmstart ]* | system | vrrp [ authfailure | newmaster ] undo snmp-agent trap enable [ bgp | configuration | flash | ospf [ process-id ] [ ifauthfail | ifcfgerror | ifrxbadpkt | ifstatechange | iftxretransmit | lsdbapproachoverflow | lsdboverflow | maxagelsa | nbrstatechange | originatelsa | vifcfgerror | virifauthfail | virifrxbadpkt | virifstatechange | viriftxretransmit | virnbrstatechange ] * | standard [ authentication | coldstart | linkdown | linkup | warmstart ]* | system | vrrp [ authfailure | newmaster ]
View
System view
Default level
3: Manage level
Parameters
bgp: Enables SNMP traps for the BGP module. configuration: Enables configuration traps. flash: Enables Flash-related SNMP traps. mpls: Enables SNMP traps for the MPLS module. ospf: Enables SNMP traps for the OSPF module. process-id: OSPF process ID, in the range 1 to 65535. ifauthfail: Interface authentication failure traps. ifcfgerror: Interface configuration error traps. ifrxbadpkt: Traps for receiving incorrect packets. ifstatechange: Interface state change traps. iftxretransmit: Traps for the interface to receive and forward packets. lsdbapproachoverflow: Traps for LSDB to be overflowed. lsdboverflow: Traps for LSDB overflow. maxagelsa: Traps for LSA max age. nbrstatechange: Traps for neighbor state change. originatelsa: Traps for local LSA generation. vifcfgerror: Traps for virtual interface configuration error. virifauthfail: Traps for virtual interface authentication failure. virifrxbadpkt: Traps for virtual interface receiving error packets. virifstatechange: Traps for virtual interface state changes. viriftxretransmit: Traps for virtual interface receiving and forwarding packets. virnbrstatechange: Traps for neighbor state change of the virtual interface.
62
standard: Standard traps. authentication: Enables the sending of authentication failure traps in the event of authentication failure. coldstart: Sends coldstart traps when the device restarts. linkdown: Sends linkdown traps when the port is in a linkdown status. It should be configured globally. linkup: Sends linkup traps when the port is in a linkup status. It should be configured globally. warmstart: Sends warmstart traps when the SNMP restarts.
system: Sends H3C-SYS-MAN-MIB (a private MIB) traps. vrrp: Enables traps for the VRRP module. authfailure: VRRP authentication failure traps. newmaster: VRRP newmaster traps, which are sent when the device becomes the master.
Description
Use the snmp-agent trap enable command to enable the trap function globally. Use the undo snmp-agent trap enable command to disable the trap function globally. By default, the trap function is enabled. Only after the trap function is enabled can each module generate corresponding traps. To make each module generate corresponding traps, enable the trap function with the snmp-agent trap enable command. The generation of traps by a module may also depend on the configuration of the module. For more information, see related descriptions of the modules. To enable an interface to generate Linkup/Linkdown traps when its state changes, enable the linkUp/linkDown trap function on the interface and globally. To enable this function on an interface, use the enable snmp trap updown command. To enable this function globally, use the snmp-agent trap enable [ standard [ linkdown | linkup ] * ] command. Related commands: snmp-agent target-host and enable snmp trap updown.
Examples
# Enable the device to send SNMP authentication failure packets to 10.1.1.1, using the community name public.
<Sysname> system-view [Sysname] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public [Sysname] snmp-agent trap enable standard authentication
snmp-agent trap if-mib link extended

Syntax
snmp-agent trap if-mib link extended undo snmp-agent trap if-mib link extended
View
System view
63
Default level
3: Manage level
Parameters
None
Description
Use the snmp-agent trap if-mib link extended command to extend the standard linkUp/linkDown traps defined in RFC. An extended linkUp/linkDown trap is the standard linkUp/linkDown trap defined in RFC appended with the interface description and interface type information. Use the undo snmp-agent trap if-mib link extended command to restore the default. By default, standard linkUp/linkDown traps defined in RFC are used. A standard linkUp trap is in the following format:
Interface 983555 is Up, ifAdminStatus is 1, #Apr 24 11:48:04:896 2008 Sysname IFNET/4/INTERFACE UPDOWN: Trap 1.3.6.1.6.3.1.1.5.4<linkUp>: ifOperStatus is 1
An extended linkUp trap is in the following format:

is 1,
#Apr 24 11:43:09:896 2008 Sysname IFNET/4/INTERFACE UPDOWN: Trap 1.3.6.1.6.3.1.1.5.4<linkUp>: Interface 983555 is Up, ifAdminStatus ifOperStatus is 1, ifDescr is Ten-GigabitEthernet 0/0.1, ifType is 6
A standard linkDown trap is in the following format:
#Apr 24 11:47:35:224 2008 Sysname IFNET/4/INTERFACE UPDOWN: Trap 1.3.6.1.6.3.1.1.5.3<linkDown>: Interface 983555 is Down, ifAdminStatus is 2, ifOperStatus is 2
An extended linkDown trap is in the following format:
#Apr 24 11:42:54:314 2008 AR29.46 IFNET/4/INTERFACE UPDOWN: Trap 1.3.6.1.6.3.1.1.5.3<linkDown>: Interface 983555 is Down, ifAdminStatus is 2, ifOperStatus is 2, ifDescr is Ten-GigabitEthernet 0/0.1, ifType is 6
The format of an extended linkup/ linkDown trap is the standard format followed with the ifDescr and ifType information, facilitating problem location. When this command is configured, the device sends extended linkUp/linkDown traps. If the extended messages are not supported on NMS, the device may not be able to resolve the messages.
Examples
# Extend standard linkUp/linkDown traps defined in RFC.
<Sysname> system-view [Sysname] snmp-agent trap if-mib link extended
snmp-agent trap life

Syntax
snmp-agent trap life seconds undo snmp-agent trap life
View
System view
64
Default level
3: Manage level
Parameters
seconds: Timeout time, which ranges from 1 to 2,592,000 seconds.
Description
Use the snmp-agent trap life command to configure the holding time of the traps in the queue. Traps are discarded when the holding time expires. Use the undo snmp-agent trap life command to restore the default holding time of traps in the queue. By default, the holding time of SNMP traps in the queue is 120 seconds. The SNMP module sends traps in queues. As soon as the traps are saved in the trap queue, a timer is started. If traps are not sent out until the timer times out (in other words, the holding time configured by using this command expires), the system removes the traps from the trap sending queue. Related commands: snmp-agent trap enable and snmp-agent target-host.
Examples
# Configure the holding time of traps in the queue as 60 seconds.
<Sysname> system-view [Sysname] snmp-agent trap life 60
snmp-agent trap queue-size

Syntax
snmp-agent trap queue-size size undo snmp-agent trap queue-size
View
System view
Default level
3: Manage level
Parameters
size: Number of traps that can be stored in the trap sending queue, which ranges from 1 to 1,000.
Description
Use the snmp-agent trap queue-size command to set the size of the trap sending queue. Use the undo snmp-agent trap queue-size command to restore the default queue size. By default, up to 100 traps can be stored in the trap sending queue. Traps are saved into the trap sending queue when generated. The size of the queue determines the maximum number of the traps that can be stored in the queue. When the size of the trap sending queue reaches the configured value, the newly generated traps are saved into the queue, and the earliest ones are discarded. Related commands: snmp-agent target-host, snmp-agent trap enable, and snmp-agent trap life.
Examples
# Set the maximum number of traps that can be stored in the trap sending queue to 200.
65
<Sysname> system-view [Sysname] snmp-agent trap queue-size 200
snmp-agent trap source

Syntax
snmp-agent trap source interface-type { interface-number | interface-number.subnumber } undo snmp-agent trap source
View
System view
Default level
3: Manage level
Parameters
interface-type { interface-number | interface-number.subnumber }: Specifies the interface type and interface number. The parameter interface-number represents the main interface number. The parameter subnumber represents the subinterface number and ranges from 1 to 4,094.
Description
Use the snmp-agent trap source command to specify the source IP address contained in the trap. Use the undo snmp-agent trap source command to restore the default. By default, SNMP chooses the IP address of an interface to be the source IP address of the trap. Upon the execution of this command, the system uses the primary IP address of the specified interface as the source IP address of the traps, and the NMS uses this IP address to uniquely identify the agent. Even if the agent sends out traps through different interfaces, the NMS uses this IP address to filter all traps sent from the agent. Use this command to trace a specific event by the source IP address of a trap. Before you can configure the IP address of a particular interface as the source IP address of the trap, ensure that the interface already exists and that it has a legal IP address. Otherwise, if the configured interface does not exist, the configurations fails. If the specified IP address is illegal, the configuration becomes invalid. When a legal IP address is configured for the interface, the configuration automatically becomes valid. Related commands: snmp-agent target-host and snmp-agent trap enable.
Examples
# Configure the IP address for the port Ten-GigabitEthernet 0/0.1 as the source address for traps.
<Sysname> system-view [Sysname] snmp-agent trap source Ten-GigabitEthernet 0/0.1
snmp-agent usm-user { v1 | v2c }

Syntax
snmp-agent usm-user { v1 | v2c } user-name group-name [ acl acl-number ] undo snmp-agent usm-user { v1 | v2c } user-name group-name
66
View
System view
Default level
3: Manage level
Parameters
v1: The configured user name should be applied in the SNMPv1 networking environment. If the agent and the NMS use SNMPv1 packets to communicate with each other, this keyword is required. v2c: The configured user name should be applied in the SNMPv2c networking environment. If the agent and the NMS use SNMPv2c packets to communicate with each other, this keyword is required. user-name: User name, which is a case sensitive string of 1 to 32 characters. group-name: Group name, which is a case sensitive string of 1 to 32 characters. acl acl-number: Associates a basic ACL with the user. acl-number ranges from 2000 to 2999. By using a basic ACL, you can restrict the source IP address of SNMP packets, which means you can configure to allow or prohibit SNMP packets with a specific source IP address to allow or prohibit the specified NMS to access the agent by using this user name.
Description
Use the snmp-agent usm-user { v1 | v2c } command to add a user to an SNMP group. Use the undo snmp-agent usm-user { v1 | v2c } command to delete a user from an SNMP group. As defined in the SNMP protocol, in SNMPv1 and SNMPv2c networking applications, the NMS and the agent use community name to authenticate each other; in SNMPv3 networking applications, they use user name to authenticate each other. If you prefer using the user name in the authentication, the device supports configuration of SNMPv1 and SNMPv2c users. Creating an SNMPv1 or SNMPv2c user equals adding of a new read-only community name. When you add the user name into the read-only community name field of the NMS, the NMS can establish SNMP connection with the device. To make the configured user take effect, create an SNMP group first. Related commands: snmp-agent community, snmp-agent group, and snmp-agent usm-user v3.
Examples
# Create a v2c user userv2c in group readCom.
<Sysname> system-view [Sysname] snmp-agent sys-info version v2c [Sysname] snmp-agent group v2c readCom [Sysname] snmp-agent usm-user v2c userv2c readCom
Set the SNMP version on the NMS to SNMPv2c Fill in the read community name userv2c, and then the NMS can access the agent
# Create a v2c user userv2c in group readCom, allowing only the NMS with the IP address of 1.1.1.1 to access the agent by using this user name; other NMSs are not allowed to access the agent by using this user name.
<Sysname> system-view [Sysname] acl number 2001 [Sysname-acl-basic-2001] rule permit source 1.1.1.1 0.0.0.0 [Sysname-acl-basic-2001] rule deny source any [Sysname-acl-basic-2001] quit
67
[Sysname] snmp-agent sys-info version v2c [Sysname] snmp-agent group v2c readCom [Sysname] snmp-agent usm-user v2c userv2c readCom acl 2001
Set the IP address of the NMS to 1.1.1.1 Set the SNMP version on the NMS to SNMPv2c Fill in both the read community and write community options with userv2c, and then the NMS can access the agent.
snmp-agent usm-user v3
Syntax
snmp-agent usm-user v3 user-name group-name [ cipher ] [ authentication-mode { md5 | sha } auth-password [ privacy-mode { 3des | aes128 | des56 } priv-password ] ] [ acl acl-number ] undo snmp-agent usm-user v3 user-name group-name { local | engineid engineid-string }
View
System view
Default level
3: Manage level
Parameters
user-name: User name, which is a case sensitive string of 1 to 32 characters. group-name: Group name, which is a case sensitive string of 1 to 32 characters. cipher: Specifies that auth-password is an encrypted key, which can be calculated by using the snmp-agent calculate-password command. authentication-mode: Specifies an authentication algorithm. MD5 is faster than SHA, while SHA provides a higher security than MD5. md5: Specifies the MD5 authentication algorithm. sha: Specifies the SHA-1 authentication protocol algorithm.
auth-password: Authentication key. If the cipher keyword is not specified, auth-password represents a plain text key, which is a string of 1 to 64 visible characters. If the cipher keyword is specified, auth-password represents an encrypted key. If the md5 keyword is specified, auth-password is a string of 32 hexadecimal characters. If the sha keyword is specified, auth-password is a string of 40 hexadecimal characters. privacy-mode: Specifies an encryption algorithm for privacy. The three encryption algorithms AES, 3DES, and DES are in descending order in terms of security. Higher security means more complex implementation mechanism and lower speed. DES is enough to meet general requirements. 3des: Specifies the 3DES algorithm. des56: Specifies the DES algorithm. aes128: Specifies the AES algorithm.
priv-password: The privacy key. If the cipher keyword is not specified, priv-password represents a plain text key, which is a string of 1 to 64 characters. If the cipher keyword is specified, priv-password represents an encrypted key. If the md5 keyword is specified, priv-password is a string of 32 hexadecimal characters. If the sha keyword is specified, priv-password is a string of 40 hexadecimal characters.
68
acl acl-number: Specifies a basic ACL. The acl-number argument takes an ACL number in the range of 2,000 to 2,999. By using a basic ACL, you can restrict the source IP address of SNMP packets, which means you can configure to allow or prohibit SNMP packets with a specific source IP address to allow or prohibit the specified NMS to access the agent by using this user name. local: Represents a local SNMP entity user. engineid engineid-string: Specifies an SNMP engine ID as a hexadecimal string. The engineid-string argument must comprise an even number of hexadecimal characters, which ranges from 10 to 64. All-zero and all-F strings are invalid.
Description
Use the snmp-agent usm-user v3 command to add an SNMPv3 user to an SNMP group. Use the undo snmp-agent usm-user v3 command to delete an SNMPv3 user from an SNMP group. This command is for SNMPv3. Create SNMPv3 users, if the agent and the NMS use SNMPv3 packets to communicate with each other. Each SNMP user belongs to an SNMP group. Before creating a user, create an SNMP group first. Otherwise, the user can be created successfully but does not take effect. An SNMP group may contain multiple users. It defines SNMP objects accessible to the group of users in the MIB view and specifies whether to enable authentication and privacy functions. The authentication and encryption algorithms are defined when a user is created. If you specify the cipher keyword, the system considers the arguments auth-password and priv-password as encrypted keys, and does not encrypt them when executing this command. If you do not specify the cipher keyword, the system considers the arguments auth-password and priv-password as plain text keys, and encrypts them when executing this command.
Specify the cipher keyword when you roll back, copy or paste the running configuration. For example, assume that you have created SNMPv3 user A and configured both authentication and privacy keys of this user as xyz. To make the configuration of user A still effective after the configuration is copied, pasted, and re-executed, specify the cipher keyword when you create user A with this command. Otherwise, after you copy, paste, or re-execute the configuration, the device creates user A, but the corresponding keys are not xyz. When you use the snmp-agent usm-user v3 cipher command, the pri-password argument in this command can be obtained by the snmp-agent calculate-password command. To make the calculated encrypted key applicable to the snmp-agent usm-user v3 cipher command and have the same effect as that in the snmp-agent usm-user v3 cipher command, ensure that the same encryption algorithm is specified for the two commands and the local engine ID specified in the snmp-agent usm-user v3 cipher command is consistent with the SNMP entity engine ID specified in the snmp-agent calculate-password command. When you execute this command repeatedly to configure the same user (namely, the user names are the same, no limitation to other keywords and arguments), the last configuration takes effect. A plain text password is required when the NMS accesses the device; therefore, please remember the user name and the plain text password when you create a user. Related commands: snmp-agent calculate-password, snmp-agent group, and snmp-agent usm-user { v1 | v2c }.
Examples
# Add a user testUser to the SNMPv3 group testGroup. Configure the security model as authentication without privacy, the authentication algorithm as MD5, the plain-text key as authkey.
<Sysname> system-view
69
[Sysname] snmp-agent group v3 testGroup authentication [Sysname] snmp-agent usm-user v3 testUser testGroup authentication-mode md5 authkey
Set the SNMP version on the NMS to SNMPv3 Fill in the user name testUser Set the authentication algorithm to MD5 Set the authentication encrypted key to authkey Establish a connection, and the NMS can access the MIB objects in the default view (ViewDefault) on the device
# Add a user testUser to the SNMPv3 group testGroup. Configure the security model as authentication and privacy, the authentication algorithm as MD5, the privacy algorithm as DES56, the plain-text authentication key as authkey, and the plain-text privacy key as prikey.
<Sysname> system-view [Sysname] snmp-agent group v3 testGroup privacy [Sysname] snmp-agent usm-user v3 testUser testGroup authentication-mode md5 authkey privacy-mode des56 prikey
Set the SNMP version on the NMS to SNMPv3 Fill in the user name testUser Set the authentication algorithm to MD5 Set the authentication key to authkey Set the privacy algorithm to DES Set the privacy key to prikey Establish a connection, and the NMS can access the MIB objects in the default view (ViewDefault) on the device
# Add a user testUser to the SNMPv3 group testGroup with the cipher keyword specified. Configure the security model as authentication and privacy, the authentication algorithm as MD5, the privacy algorithm as DES56, the plain-text authentication key as authkey, and the plain-text privacy key as prikey.
<Sysname> system-view [Sysname] snmp-agent group v3 testGroup privacy [Sysname] snmp-agent calculate-password authkey mode md5 local-engineid The secret key is: 09659EC5A9AE91BA189E5845E1DDE0CC [Sysname] snmp-agent calculate-password prikey mode md5 local-engineid The secret key is: 800D7F26E786C4BECE61BF01E0A22705 [Sysname] snmp-agent usm-user v3 testUser testGroup cipher authentication-mode md5 09659EC5A9AE91BA189E5845E1DDE0CC privacy-mode des56 800D7F26E786C4BECE61BF01E0A22705
Set the SNMP version on the NMS to SNMPv3 Fill in the user name testUser, Set the authentication algorithm to MD5 Set the authentication key to authkey Set the privacy algorithm to DES Set the privacy key to prikey Establish a connection, and the NMS can access the MIB objects in the default view(ViewDefault) on the device
70
MIB configuration commands

display mib-style
Syntax
display mib-style
View
Any view
Default level
3: Manage level
Parameters
None
Description
Use the display mib-style command to display the MIB style of the device. Two MIB styles are available on the device: new and compatible. After obtaining the MIB style, you can select matched H3C network management software based on the MIB style. Related commands: mib-style.
Examples
# After getting the device ID from node sysObjectID, you find that it is an H3C device, and hope to know the current MIB style or the MIB style after next boot of the device.
<Sysname> display mib-style Current MIB style: new Next reboot MIB style: new
The above output information shows that the current MIB style of the device is new, and the MIB style after next boot is still new.
mib-style
Syntax
mib-style [ new | compatible ]
View
System view
Default level
3: Manage level
Parameters
new: Specifies the MIB style of the device as H3C new, which means both sysOID and private MIB of the device are located under the H3C enterprise ID 25506.
71
compatible: Specifies the MIB style of the device as H3C compatible, which means sysOID of the device is located under the H3C enterprise ID 25506, and private MIB is located under the enterprise ID 201 1.
Description
Use the mib-style command to set the MIB style of the device. By default, the MIB style of the device is new. The configuration takes effect only when the device reboots.
Examples
# Change the MIB style of the device to compatible.
<Sysname> system-view [Sysname] mib-style compatible [Sysname] quit <Sysname> display mib-style Current MIB style: new Next reboot MIB style: compatible <Sysname> reboot
72
File management commands

NOTE: The current directory is the root directory of the storage media in this document. For the qualified filename formats, see the chapter File management configuration.
cd
Syntax
cd { directory | .. | / }
View
User view
Default level
3: Manage level
Parameters
directory: Name of the target directory, in the format of [drive:/]path. For the detailed introduction to the drive and path arguments, see the chapter File management configuration. If no drive information is provided, the argument represents a folder or subfolder in the current directory. ..: Returns to an upper directory. If the current working directory is the root directory, or if no upper directory exists, the current working directory does not change when the cd .. command is executed. This argument does not support command online help. /: Returns to the root directory of the storage medium. This keyword does not support command line online help.
Description
Use the cd command to change the current working directory.
Examples
# Enter the test folder after logging in to the device.
<Sysname> cd test
# Return to the upper directory (Remember to enter a space after the keyword cd).
<Sysname> cd ..
# Return to the root directory.

<Sysname> cd /
After you change the current directory using the cd command, you can use the pwd command to view the path of the current working directory.
73
copy
Syntax
copy fileurl-source fileurl-dest
View
User view
Default level
3: Manage level
Parameters
fileurl-source: Name of the source file. fileurl-dest: Name of the target file or folder.
Description
Use the copy command to copy a file. If you specify a target folder, the system will copy the file to the specified folder and use the name of the source file as the file name.
Examples
# Copy file testcfg.cfg in the current folder and save it as testbackup.cfg.
<Sysname> copy testcfg.cfg testbackup.cfg Copy cfa0:/test.cfg to cfa0:/testbackup.cfg?[Y/N]:y .... %Copy file cfa0:/test.cfg to cfa0:/testbackup.cfg...Done.
# Copy file 1.cfg in the test folder on cfa0 to the testbackup folder in the first partition of the CF card, and save it as 1backup.cfg.
<Sysname> copy cfa0:/test/1.cfg cfa0:/testbackup/1backup.cfg Copy cfa0:/test/1.cfg to cfa0:/testbackup/1backup.cfg?[Y/N]:y
%Copy file cfa0:/test/1.cfg to cfa0:/testbackup/1backup.cfg...Done.
delete
Syntax
delete [ /unreserved ] file-url
View
User view
Default level
3: Manage level
Parameters
/unreserved: Permanently deletes the specified file, and the deleted file can never be restored. file-url: Name of the file to be deleted. Asterisks (*) are acceptable as wildcards. For example, to remove files with the extension of .txt in the current directory, you may use the delete *.txt command.
74
Description
Use the delete file-url command to temporarily delete a file. The deleted file is saved in the recycle bin. To restore it, use the undelete command. The dir /all command displays the files deleted from the current directory and moved to the recycle bin. These files are enclosed in pairs of square brackets [ ]. To remove the files from the recycle bin, use the reset recycle-bin command. The delete /unreserved file-url command permanently deletes a file, and the deleted file cannot be restored. Use it with caution. CAUTION: If you delete two files with the same filename in different directories, only the last one is retained in the recycle bin.
Examples
# Remove file tt.cfg from the current directory.
<Sysname> delete tt.cfg Delete cfa0:/tt.cfg? [Y/N]:y %Delete file cfa0:/tt.cfg...Done.
dir
Syntax
dir [ /all ] [ file-url ]
View
User view
Default level
3: Manage level
Parameters
/all: Displays all files. file-url: Displays the specified file. Asterisks (*) are acceptable as wildcards. For example, to display files with the .txt extension in the current directory, you may use the dir *.txt command.
Description
Use the dir command to display information about all visible files and folders in the current directory. Use the dir /all command to display information about all files and folders in the current directory, including hidden files, hidden sub-folders and the files in the recycle bin that originally belong to the current directory. The names of these deleted files are enclosed in pairs of brackets [ ]. The dir file-url command displays information about a file or folder.
Examples
# Display information about all files and folders.
<Sysname> dir /all Directory of cfa0:/ 0 -rw13605736 Aug 08 2007 20:00:00 temp_lb.bin
75
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
-rwdrw-rwh -rw-rw-rw-rw-rw-rw-rwdrw-rwh drwdrwdrw-rwh -rwh -rw-rw-rw-rw-rw-rw-
10252 584 2160 43688 13605224 13713928 13685000 11357840 17133 4 716 572 524288 524288 11401272 11401272 11461584 33525
Apr 26 2000 23:41:36 Apr 26 2000 12:00:02 Apr 26 2000 23:41:36 Apr 26 2000 23:41:38 Apr 26 2000 15:59:50 May 04 2000 10:30:42 Apr 26 2000 14:57:14 May 01 2000 08:05:34 Apr 26 2000 12:21:26 May 03 2000 10:38:52 Apr 26 2000 12:41:56 Apr 26 2000 12:39:30 Apr 26 2000 13:14:24 Apr 26 2000 13:14:28 Apr 26 2000 13:14:54 Apr 26 2000 12:11:06 Apr 26 2000 12:11:08 Apr 26 2000 21:13:50 Apr 26 2000 21:13:50 Apr 26 2000 12:17:38 Jul 19 2010 09:04:22 Apr 26 2000 12:12:14 Apr 26 2000 22:43:46
system.xml seclog private-data.txt startup.cfg lbispinfo.tp lb_0513.bin lb_0521.bin b87-lb.bin b504-lb.bin 1000.txt mytest snmpboots tt tt.test tt.txt hostkey serverkey basbtm.bin extbtm.bin secblade-lb.bin secblade-lb20100719.bin secblade-lb20101125.bin default.diag
252904 KB total (153828 KB free) File system type of cfa0: FAT16
[ ] indicates this file is in the recycle bin. Table 19 Output description Field
Directory of d r w h []
Description
The current working directory Indicates a directory. If this field does not exist, it indicates a file. Indicates that the file or directory is readable. Indicates that the file or directory is writable. Indicates that the file or directory is hidden. Indicates that the file is in the recycle bin.
execute
Syntax
execute filename
View
System view
Default level
2: System level
76
Parameters
filename: Name of a batch file with a .bat extension. You can use the rename command to change the suffix of the configuration file to .bat to use it as a batch file.
Description
Use the execute command to execute the specified batch file. Batch files are command line files. Executing a batch file is to execute a set of command lines in the file. Do not include invisible characters in a batch file. If an invisible character is found during the execution, the batch process will abort and the commands that have been executed cannot be cancelled. Not every command in a batch file is sure to be executed. For example, if a certain command is not correctly configured, the command will fail to be executed, and the system omits this command and goes to the next one. The configuration generated after a batch file is executed will not be backed up to the standby main board automatically. Each configuration command in a batch file must be a standard configuration command, meaning that the valid configuration information can be displayed with the display current-configuration command.
Examples
# Execute the batch file test.bat in the root directory.
<Sysname> system-view [Sysname] execute test.bat
file prompt
Syntax
file prompt { alert | quiet }
View
System view
Default level
3: Manage level
Parameters
alert: Enables the system to warn you about operations that may bring undesirable results such as file corruption or data loss. quiet: Disables the system from warning you about any operation.
Description
Use the file prompt command to set a prompt mode for file operations. By default, the prompt mode is alert, which is recommended to avoid mis-operations. When the prompt mode is set to quiet, the system does not warn for any file operation.
Examples
# Set the file operation prompt mode to alert.
<Sysname> system-view [Sysname] file prompt alert
77
fixdisk
Syntax
fixdisk device
View
User view
Default level
3: Manage level
Parameters
device: Storage medium name.
Description
Use the fixdisk command to restore the space of a storage medium when it becomes unavailable because of some abnormal operation.
Examples
# Restore the space of the CF card cfa0.
<Sysname> fixdisk cfa0: Fixdisk cfa0: may take some time to complete... %Fixdisk cfa0: completed.
format
Syntax
format device [ FAT16 | FAT32 ]
View
User view
Default level
3: Manage level
Parameters
device: Name of a partition. FAT16: Formats a storage medium using the FAT16 format. FAT16 does not support Tab matching but needs to be input completely if used. FAT32: Formats a storage medium using the FAT32 format. FAT32 does not support Tab matching but needs to be input completely if used.
Description
Use the format command to format a storage medium. CAUTION: Formatting a storage medium results in loss of all the files on the storage medium and these files cannot be restored. In particular, if a startup configuration file exists on a storage medium, formatting the storage medium results in loss of the startup configuration file. You can format a partition rather than a storage medium.
78
Examples
# Format the CF card cfa0.
<Sysname> format cfa0: All data on cfa0: will be lost, proceed with format? [Y/N]:y ./ %Format cfa0: completed.
# Format the CF card cfa0 using the FAT16 format.

<Sysname> format cfa0: FAT16
mkdir
Syntax
mkdir directory
View
User view
Default level
3: Manage level
Parameters
directory: Name of a folder.
Description
Use the mkdir command to create a folder under a specified directory on the storage medium. The name of the folder to be created must be unique in the specified directory. Otherwise, you will fail to create the folder in the directory. To use this command to create a folder, the specified directory must exist. For example, to create folder cfa0:/test/mytest, the test folder must exist. Otherwise, you will fail to create the mytest folder.
Examples
# Create a folder named test in the current directory.
<Sysname> mkdir test .... %Created dir cfa0:/test
# Create folder test/subtest in the current directory.

<Sysname> mkdir test/subtest .... %Created dir cfa0:/test/subtest
more
Syntax
more file-url
View
User view
79
Default level
3: Manage level
Parameters
file-url: File name.
Description
Use the more command to display the contents of the specified file. It indicates that there are more lines that the screen can display. This command is valid only for text files.
Examples
# Display the contents of file test.txt.
<Sysname> more test.txt Welcome to H3C.
# Display the contents of file testcfg.cfg.

<Sysname> more testcfg.cfg
# version 5.20, Beta 1201, Standard # sysname Sysname # vlan 2 # return <Sysname>
mount
Syntax
mount device
View
User view
Default level
3: Manage level
Parameters
device: Name of a partition.
Description
Use the mount command to mount a hot swappable storage medium. This command is effective only when the device is in unmounted state. By default, a storage medium is automatically mounted and in the mounted state after connected to the device, which means you can use it without mounting it. Do not remove the storage medium or swap a card when mounting or unmounting the device, or when you are processing files on the storage medium. Otherwise, the file system could be damaged.
80
When a storage medium is connected to a lower version system, the system may not be able to recognize the device automatically, and you need to use the mount command for the storage medium to function normally. Before removing a mounted storage medium from the system, you should first unmount it to avoid damaging the device. Related commands: umount. NOTE: You can mount a partition rather than a storage medium.
Examples
# Mount a CF card.
<Sysname> mount cfa0: % Mount cfa0: successfully.
move
Syntax
move fileurl-source fileurl-dest
View
User view
Default level
3: Manage level
Parameters
fileurl-source: Name of the source file. fileurl-dest: Name of the target file or folder.
Description
Use the move command to move a file. If you specify a target folder, the system will move the source file to the specified folder, with the file name unchanged. You cannot move files between storage media of different types or between different partitions of a CF card.
Examples
# Move file cfa0:/test/sample.txt to cfa0:/, and save it as 1.txt.
<Sysname> move test/sample.txt 1.txt Move cfa0:/test/sample.txt to cfa0:/1.txt?[Y/N]:y ... % Moved file cfa0:/test/sample.txt to cfa0:/1.txt
# Move file b.cfg to the subfolder test2.

<Sysname> move b.cfg test2 Move cfa0:/b.cfg to cfa0:/test2/b.cfg?[Y/N]:y . %Moved file cfa0:/b.cfg to cfa0:/test2/b.cfg.
81
pwd
Syntax
pwd
View
User view
Default level
3: Manage level
Parameters
None
Description
Use the pwd command to display the current path.
Examples
# Display the current path.
<Sysname> pwd Cfa0:
rename
Syntax
rename fileurl-source fileurl-dest
View
User view
Default level
3: Manage level
Parameters
fileurl-source: Name of the source file or folder. fileurl-dest: Name of the target file or folder.
Description
Use the rename command to rename a file or folder. The target file name must be unique in the current path.
Examples
# Rename file sample.txt as sample.bat.
<Sysname> rename sample.txt sample.bat Rename cfa0:/sample.txt to cfa0:/sample.bat? [Y/N]:y
% Renamed file cfa0:/sample.txt to cfa0:/sample.bat
82
reset recycle-bin
Syntax
reset recycle-bin [ /force ]
View
User view
Default level
3: Manage level
Parameters
/force: Deletes all files in the recycle bin, including files that cannot be deleted by the command without the /force keyword.
Description
Use the reset recycle-bin command to permanently delete the files in the recycle bin in the current directory. If a file is corrupted, you may not be able to delete the file using the reset recycle-bin command. Use the reset recycle-bin /force command to delete the corrupted file in the recycle bin forcibly. The delete file-url command only moves a file to the recycle bin. To permanently delete the file in the recycle bin, use the reset recycle-bin command in the original directory of the file. The reset recycle-bin command deletes files in the current directory and in the recycle bin. If the original path of the file to be deleted is not the current directory, use the cd command to enter the original directory of the file, and then execute the reset recycle-bin command.
Examples
# Delete file b.cfg in the current directory and in the recycle bin. Display all the files in the recycle bin and in the current directory.
<Sysname> dir /all Directory of cfa0:/
0 1 2 3 4 5 6 7 8 9 10 11
-rw-rwdrw-rwh -rw-rw-rw-rw-rw-rw-rw-rwh
13605736 10431 1000 3183 43688 13605224 13713928 13685000 11357840 17133 4
Aug 08 2007 20:00:00 Apr 26 2000 13:38:22 Apr 26 2000 12:00:02 Apr 26 2000 13:38:22 Apr 26 2000 13:59:08 Apr 26 2000 15:59:50 May 04 2000 10:30:42 Apr 26 2000 14:57:14 May 01 2000 08:05:34 Apr 26 2000 12:21:26 May 03 2000 10:38:52 Apr 26 2000 12:25:00
temp_lb.bin system.xml seclog private-data.txt startup.cfg lbispinfo.tp lb_0513.bin lb_0521.bin b87-lb.bin b504-lb.bin 1000.txt snmpboots
252904 KB total (188368 KB free)
//The output shows that the current directory is cfa0:, and there are two files a.cfg and b.cfg in the recycle bin. Delete file b.cfg in the current directory and in the recycle bin.
83
<Sysname> reset recycle-bin Clear cfa0:/~/a.cfg ?[Y/N]:n Clear cfa0:/~/b.cfg ?[Y/N]:y
%Cleared file cfa0:/~/b.cfg...
In directory cfa0:, check whether the file b.cfg in the recycle bin is deleted.
<Sysname> dir /all Directory of cfa0:/
0 1 2 3 4 5 6 7 8 9 10 11
-rw-rwdrw-rwh -rw-rw-rw-rw-rw-rw-rw-rwh
13605736 10431 1000 3183 43688 13605224 13713928 13685000 11357840 17133 4
Aug 08 2007 20:00:00 Apr 26 2000 13:38:22 Apr 26 2000 12:00:02 Apr 26 2000 13:38:22 Apr 26 2000 13:59:08 Apr 26 2000 15:59:50 May 04 2000 10:30:42 Apr 26 2000 14:57:14 May 01 2000 08:05:34 Apr 26 2000 12:21:26 May 03 2000 10:38:52 Apr 26 2000 12:25:00
temp_lb.bin system.xml seclog private-data.txt startup.cfg lbispinfo.tp lb_0513.bin lb_0521.bin b87-lb.bin b504-lb.bin 1000.txt snmpboots
// The output shows that file cfa0:/b.cfg is deleted permanently. # Delete file aa.cfg in the subdirectory test and in the recycle bin. Enter the subdirectory Check all the files in the subfolder test.
<Sysname> cd test/
<Sysname> dir /all Directory of cfa0:/test
-rw-
2161
Apr 26 2000 21:22:35
[aa.cfg]
// The output shows that only one file exists in the folder, and the file has been moved to the recycle bin. Permanently delete file test/aa.cfg.
<Sysname> reset recycle-bin Clear cfa0:/test/~/aa.cfg ?[Y/N]:y Clearing files from cfa0 may take a long time. Please wait... .. %Cleared file cfa0:/test/~/aa.cfg...
rmdir
Syntax
rmdir directory
84
View
User view
Default level
3: Manage level
Parameters
directory: Name of the folder.
Description
Use the rmdir command to remove a folder. The folder must be an empty one. If not, you need to delete all files and subfolders under it with the delete command. After you execute the rmdir command successfully, the files in the recycle bin in the folder will be automatically deleted.
Examples
# Remove folder mydir.
<Sysname> rmdir mydir Rmdir cfa0:/mydir? [Y/N]:y
%Removed directory cfa0:/mydir.
umount
Syntax
umount device
View
User view
Default level
3: Manage level
Parameters
device: Name of a partition.
Description
Use the umount command to unmount a hot swappable storage medium, such as a CF card or a USB device. This command is effective only when the storage medium is in mounted state. By default, a storage medium is automatically mounted and in the mounted state. You need to unmount it before removing it from the device. When mounting or unmounting a storage medium, or performing file operations on it, do not unplug or switchover the storage medium or the card where the storage medium resides. Otherwise, the file system could be damaged. When a storage medium is connected to a lower version system, the system may not be able to recognize the device automatically, and you need to use the mount command for the storage medium to function normally.
85
Before removing a mounted storage medium from the system, first unmount it to avoid damaging the device. Related commands: mount. NOTE: You can unmount a partition rather than a storage medium.
Examples
# Unmount a CF card.
<Sysname> umount cfa0: % Umount cfa0: successfully.
undelete
Syntax
undelete file-url
View
User view
Default level
3: Manage level
Parameters
file-url: Name of the file to be restored.
Description
Use the undelete command to restore a file from the recycle bin. If another file with the same name exists in the same path, the system prompts you whether to overwrite the original file.
Examples
# Restore file a.cfg in directory cfa0: from the recycle bin.
<Sysname> undelete a.cfg Undelete cfa0:/a.cfg?[Y/N]:y ..... %Undeleted file cfa0:/a.cfg.
# Restore file b.cfg in directory cfa0:/test from the recycle bin.

<Sysname> undelete cfa0:/test/b.cfg Undelete cfa0:/test/b.cfg?[Y/N]:y ....... %Undeleted file cfa0:/test/b.cfg.
Or, you can use the following steps to restore file cfa0:/test/b.cfg.
<Sysname> cd test <Sysname> undelete b.cfg Undelete cfa0:/test/b.cfg?[Y/N]:y ..... %Undeleted file cfa0:/test/b.cfg.
86
FTP configuration commands

FTP server configuration commands
display ftp-server
Syntax
display ftp-server
View
Any view
Default level
3: Manage level
Parameters
None
Description
Use the display ftp-server command to display the FTP server configuration. After configuring FTP server parameters, you may verify them with this command. Related commands: ftp server enable, ftp timeout, and ftp update.
Examples
# Display the FTP server configuration.
<Sysname> display ftp-server FTP server is running Max user number: User count: Timeout value(in minute): Put Method: 1 1 30 fast

Max user number User count Timeout value (in minute)
Description
Maximum number of concurrent login users Number of the current login users Allowed idle time of an FTP connection. If there is no packet exchange between the FTP server and client during this period, the FTP connection will be disconnected. File update method of the FTP server, including:
Put Method
fast normal
87
display ftp-user
Syntax
display ftp-user
View
Any view
Default level
3: Manage level
Parameters
None
Description
Use the display ftp-user command to display the detailed information of current FTP users.
Examples
# Display the detailed information of FTP users.
<Sysname> display ftp-user UserName ftp HostIP 192.168.1.54 Port 1190 Idle 0 HomeDir cfa0:
# If the name of the logged-in user exceeds 10 characters, the exceeded characters will be displayed in the next line and right justified, for example, if the logged-in user name is administrator, the information is displayed as follows:
<Sysname> display ftp-user UserName administra tor 192.168.0.152 1031 0 cfa0: HostIP Port Idle HomeDir

UserName HostIP Port Idle HomeDir
Description
Name of the currently logged-in user IP address of the currently logged-in user Port which the currently logged-in user is using Duration time of the current FTP connection, in minutes Authorized path of the present logged-in user
free ftp user

Syntax
free ftp user username
View
User view
Default level
3: Manage level
88
Parameters
username: Username. You can use the display ftp-user command to view FTP login user information.
Description
Use the free ftp user command to manually release the FTP connection established by the specified user. This command releases the FTP connection established by the specified user no matter whether the user is transmitting a file.
Examples
# Manually release the FTP connection established with username ftpuser.
<Sysname> free ftp user ftpuser Are you sure to free FTP user ftpuser? [Y/N]:y <Sysname>
ftp server acl

Syntax
ftp server acl acl-number undo ftp server acl
View
System view
Default level
3: Manage level
Parameters
acl-number: Basic access control list (ACL) number, in the range 2000 to 2999.
Description
Use the ftp server acl command to use an ACL to control FTP clients access to the FTP server. Use the undo ftp server acl command to restore the default. By default, no ACL is used to control FTP clients access to the FTP server. An ACL enables the FTP server to permit the FTP requests from specific FTP clients. This configuration only filters the FTP connections to be established, and has no effect on the established FTP connections and operations. If you execute the command multiple times, the last specified ACL takes effect.
Examples
# Associate the FTP service with ACL 2001 to allow only the client 1.1.1.1 to access the FTP server through FTP.
<Sysname> system-view [Sysname] acl number 2001 [Sysname-acl-basic-2001] rule 0 permit source 1.1.1.1 0 [Sysname-acl-basic-2001] rule 1 deny source any [Sysname-acl-basic-2001] quit [Sysname] ftp server acl 2001
89
ftp server enable

Syntax
ftp server enable undo ftp server
View
System view
Default level
3: Manage level
Parameters
None
Description
Use the ftp server enable command to enable the FTP server and allow the login of FTP users. Use the undo ftp server command to disable the FTP server. By default, the FTP server is disabled.
Examples
# Enable the FTP server.
<Sysname> system-view [Sysname] ftp server enable
ftp timeout
Syntax
ftp timeout minute undo ftp timeout
View
System view
Default level
3: Manage level
Parameters
minute: Idle-timeout timer in minutes, in the range 1 to 35791.
Description
Use the ftp timeout command to set the idle-timeout timer. Use the undo ftp timeout command to restore the default. By default, the FTP idle time is 30 minutes. If an FTP connection is disrupted, the FTP server that is not notified will maintain the connection. With the idle-timeout timer, the FTP server disconnects an FTP connection if no information is exchanged over the connection before the timer expires.
90
Examples
# Set the idle-timeout timer to 36 minutes.
<Sysname> system-view [Sysname] ftp timeout 36
ftp update
Syntax
ftp update { fast | normal } undo ftp update
View
System view
Default level
3: Manage level
Parameters
fast: Fast update. normal: Normal update.
Description
Use the ftp update command to set the file update mode that the FTP server uses while receiving data. Use the undo ftp update command to restore the default, which is the normal mode.
Examples
# Set the FTP update mode to normal.
<Sysname> system-view [Sysname] ftp update normal
FTP client configuration commands

NOTE: You must use the ftp command to enter FTP client view before making client configurations. For more information, see ftp. Before executing FTP client configuration commands, make sure you have made proper authority configurations for users on the FTP server. Authorized operations include view the files under the current directory, read/download the specified files, create directory/upload files, and rename/remove files).
ascii
Syntax
ascii
View
FTP client view
91
Default level
3: Manage level
Parameters
None
Description
Use the ascii command to set the file transfer mode to ASCII. By default, the file transfer mode is ASCII. The carriage return characters vary with operating systems. For example, to indicate the end of a line and transfer to the next line, H3C and Windows use characters /r/n, and Linux uses characters /n. The rules of the specified file transfer mode must be followed by the two communicating systems that use different carriage return characters so that they can correctly resolve received files. FTP transfers files in two modes: Binary mode: for program file or picture transmission. ASCII mode: for text file transmission.
Related commands: binary.
Examples
# Set the file transfer mode to ASCII.
[ftp] ascii 200 Type set to A.
binary
Syntax
binary
View
FTP client view
Default level
3: Manage level
Parameters
None
Description
Use the binary command to set the file transfer mode to binary (flow) mode. By default, the transfer mode is ASCII mode. Related commands: ascii.
Examples
# Set the file transfer mode to binary.
[ftp] binary 200 Type set to I.
92
bye
Syntax
bye
View
FTP client view
Default level
3: Manage level
Parameters
None
Description
Use the bye command to disconnect from the remote FTP server and return to user view. If no connection is established between the SecBlade LB module and the remote FTP server, use this command to return to user view directly. Related commands: close, disconnect, and quit.
Examples
# Terminate the connection with the remote FTP server and return to user view.
[ftp] bye 221 Server closing.
cd
Syntax
cd { directory | .. | / }
View
FTP client view
Default level
3: Manage level
Parameters
directory: Name of the target directory, in the format of [drive:][/]path, where drive represents the storage medium name, typically flash or cf. If no drive information is provided, the argument represents a folder or subfolder in the current directory. For more information about the drive and path arguments, see the System Management Configuration Guide. ..: Returns to an upper directory. The execution of the cd .. command equals the execution of the cdup command. If the current working directory is the root directory, or no upper directory exists, the current working directory does not change when the cd .. command is executed. This argument does not support command line online help. /: Returns to the root directory of the storage medium. The keyword does not support command line online help.
93
Description
Use the cd command to change the current working directory on the remote FTP server, or to access another authorized directory on the FTP server. Related commands: pwd.
Examples
# Change the working directory to the sub-directory logfile of the current directory.
[ftp] cd logfile 250 CWD command successful.
# Change the working directory to the sub-directory folder of the authorized directory.
[ftp] cd /folder 250 CWD command successful.
cdup
Syntax
cdup
View
FTP client view
Default level
3: Manage level
Parameters
None
Description
Use the cdup command to exit the current directory and enter the upper directory of the FTP server. This command does not change the working directory if the current directory is work-directory. Related commands: cd and pwd.
Examples
# Change the current working directory path to the upper directory.
[ftp] pwd 257 /ftp/subdir is current directory. [ftp] cdup 200 CDUP command successful. [ftp] pwd 257 /ftp is current directory.
close
Syntax
close
View
FTP client view
94
Default level
3: Manage level
Parameters
None
Description
Use the close command to terminate the connection to the FTP server, but remain in FTP client view. This command is equal to the disconnect command.
Examples
# Terminate the connection to the FTP server and remain in FTP client view.
[ftp] close 221 Server closing. [ftp]
debugging
Syntax
debugging undo debugging
View
FTP client view
Default level
3: Manage level
Parameters
None
Description
Use the debugging command to enable FTP client debugging. Use the undo debugging command to disable FTP client debugging. By default, FTP client debugging is disabled.
Examples
# The SecBlade LB module serves as the FTP client. Enable FTP client debugging and use the active mode to download file sample.file from the current directory of the FTP server.
<Sysname> terminal monitor <Sysname> terminal debugging <Sysname> ftp 192.168.1.46 Trying 192.168.1.46 ... Press CTRL+K to abort Connected to 192.168.1.46. 220 FTP service ready. User(192.168.1.46:(none)):ftp 331 Password required for ftp. Password:
95
230 User logged in.
[ftp]undo passive FTP: passive is off
[ftp] debugging FTP: debugging switch is on
[ftp] get sample.file
---> PORT 192,168,1,44,4,21 200 Port command okay. The parsed reply is 200 ---> RETR sample.file 150 Opening ASCII mode data connection for /sample.file. The parsed reply is 150 FTPC: File transfer started with the signal light turned on. FTPC: File transfer completed with the signal light turned off. .226 Transfer complete. FTP: 3304 byte(s) received in 4.889 second(s), 675.00 byte(s)/sec. [ftp]

---> PORT The parsed reply is ---> RETR FTPC: File transfer started with the signal light turned on. FTPC: File transfer completed with the signal light turned off.
Description
Give an FTP order, with data port numbers being The received reply code, defined in RFC 959. Download the file File transfer starts, and the signal light is turned on. File transfer is completed, and the signal light is turned off.
delete
Syntax
delete remotefile
View
FTP client view
Default level
3: Manage level
Parameters
remotefile: File name.
96
Description
Use the delete command to permanently delete a specified file on the remote FTP server. To perform this operation, you must have delete permissions on the FTP server.
Examples
# Delete file temp.c.
[ftp] delete temp.c 250 DELE command successful.
dir
Syntax
dir [ remotefile [ localfile ] ]
View
FTP client view
Default level
3: Manage level
Parameters
remotefile: Name of the file or directory on the remote FTP server. localfile: Name of the local file to save the displayed information.
Description
Use the dir command to view the detailed information of the files and subdirectories under the current directory on the remote FTP server. Use the dir remotefile command to display the detailed information of the specified file or directory on the remote FTP server. Use the dir remotefile localfile command to display the detailed information of the specified file or directory on the remote FTP server, and save the displayed information into a local file specified by the localfile argument. NOTE: The Is command can only display the names of files and directories, whereas the dir command can display other related information of the files and directories, such as the size, and the date they were created.
Examples
# View the detailed information of the files and subdirectories under the current directory on the remote FTP server.
[ftp] dir 227 Entering Passive Mode (192,168,1,46,5,68). 125 ASCII mode data connection already open, transfer starting for /*. drwxrwxrwx -rwxrwxrwx -rwxrwxrwx -rwxrwxrwx drwxrwxrwx 1 noone 1 noone 1 noone 1 noone 1 noone nogroup nogroup nogroup nogroup nogroup 0 Aug 08 4001 Dec 08 3608 Jun 13 0 Dec 03 2006 logfile 2007 config.cfg 2007 startup.cfg 2007 test
20471748 May 11 10:21 test.bin
97
-rwxrwxrwx
1 noone
nogroup
299 Oct 15
2007 key.pub
226 Transfer complete. FTP: 394 byte(s) received in 0.189 second(s), 2.00K byte(s)/sec.
[ftp]
# View the information of the file ar-router.cfg, and save the result to aa.txt.
[ftp] dir ar-router.cfg aa.txt 227 Entering Passive Mode (192,168,1,50,17,158). 125 ASCII mode data connection already open, transfer starting for /ar-router.cfg. ....226 Transfer complete. FTP: 67 byte(s) received in 4.600 second(s), 14.00 byte(s)/sec.
# View the content of aa.txt.

[ftp] quit <Sysname> more aa.txt -rwxrwxrwx 1 noone nogroup 3077 Jun 20 15:34 ar-router.cfg
disconnect
Syntax
disconnect
View
FTP client view
Default level
3: Manage level
Parameters
None
Description
Use the disconnect command to disconnect from the remote FTP server but remain in FTP client view. This command is equal to the close command.
Examples
# Disconnect from the remote FTP server but remain in FTP client view.
[ftp] disconnect 221 Server closing.
display ftp client configuration

Syntax
display ftp client configuration
View
Any view
Default level
1: Monitor level
98
Parameters
None
Description
Use the display ftp client configuration command to display the source IP address configuration of the FTP client. Related commands: ftp client source.
Examples
# Display the source IP address configuration of the FTP client.
<Sysname> display ftp client configuration The source IP address is 192.168.0.123
NOTE: The display ftp client configuration command displays the source IP address configuration of the FTP client. If the specified source IP address is active, this command displays the source IP address. If the specified source interface is active, this command displays the source interface.
ftp
Syntax
ftp [ server-address [ service-port ] [ source { interface interface-type interface-number | ip source-ip-address } ] ]
View
User view
Default level
3: Manage level
Parameters
server-address: IP address or host name (a string of 1 to 20 characters) of a remote FTP server. service-port: TCP port number of the remote FTP server, in the range 0 to 65535. The default value is 21. source { interface interface-type interface-number | ip source-ip-address } ]: Specifies the source address used to establish an FTP connection. interface interface-type interface-number: Specifies the source interface by its type and number. The primary IP address configured on this interface is the source address of the transmitted FTP packets. If no primary IP address is configured on the source interface, the connection fails. ip source-ip-address: The source IP address of the transmitted FTP packets. This source address must be the one that has been configured on the SecBlade LB module.
Description
Use the ftp command to log in to the remote FTP server and enter FTP client view. This command applies to IPv4 networks only. If you use this command without specifying any parameters, you will simply enter the FTP client view without logging in to the FTP server. If you specify the parameters, you will be prompted to enter the username and password for accessing the FTP server.
99
Examples
# Log in the server 192.168.0.21 The source IP address of sent FTP packets is 192.168.0.212. 1.
<Sysname1> ftp 192.168.0.211 source ip 192.168.0.212 Trying 192.168.0.211 ... Press CTRL+K to abort Connected to 192.168.0.211. 220 FTP Server ready. User(192.168.0.211:(none)):abc 331 Password required for abc Password: 230 User logged in.
[ftp]
ftp client source

Syntax
ftp client source { interface interface-type interface-number | ip source-ip-address } undo ftp client source
View
System view
Default level
2: System level
Parameters
interface interface-type interface-number: Specifies the source interface for establishing FTP connections. The primary IP address of the source interface is used as the source IP address of packets sent to an FTP server. If the source interface has no primary IP address specified, no FTP connection can be established. ip source-ip-address: Specifies the source IP address of packets sent to an FTP server, which is one of the IP addresses of the SecBlade LB module.
Description
Use the ftp client source command to specify the source IP address of packets sent to an FTP server. Use the undo ftp client source command to restore the default. By default, the source IP address is the IP address of the output interface of the route to the server is used as the source IP address. Note that: If you use the ftp client source command to first configure a source interface and then a source IP address, the source IP address overwrites the source interface, and vice versa. If you first use the ftp client source command to specify a source IP address and then use the ftp command to specify another source IP address, the latter is used. The source IP address specified with the ftp client source command applies to all FTP connections while the one specified with the ftp command applies to the current FTP connection only.
Related commands: display ftp client configuration.

100
Examples
# Specify the source IP address of packets sent to an FTP server as 2.2.2.2.
<Sysname> system-view [Sysname] ftp client source ip 2.2.2.2
# Specify the IP address of interface GigabitEthernet 0/1 as the source IP address of packets sent to an FTP server.
<Sysname> system-view [Sysname] ftp client source interface GigabitEthernet 0/1
get
Syntax
get remotefile [ localfile ]
View
FTP client view
Default level
3: Manage level
Parameters
remotefile: Name of the file to be downloaded. localfile: File name used after a file is downloaded and saved locally. If this argument is not specified, the local file uses the name of the source file on the FTP server by default.
Description
Use the get command to download a file from a remote FTP server and save it.
Examples
# Download file testcfg.cfg and save it as aa.cfg.
[ftp] get testcfg.cfg aa.cfg
227 Entering Passive Mode (192,168,1,50,17,163). 125 ASCII mode data connection already open, transfer starting for /testcfg.cfg. .....226 Transfer complete. FTP: 5190 byte(s) received in 7.754 second(s), 669.00 byte(s)/sec.
lcd
Syntax
lcd
View
FTP client view
Default level
3: Manage level
Parameters
None
101
Description
Use the lcd command to display the local working directory of the FTP client.
Examples
# Display the local working directory.
[ftp] lcd FTP: Local directory now cfa0:/clienttemp.
The output shows that the working directory of the FTP client before execution of the ftp command is cfa0:/clienttemp.
ls
Syntax
ls [ remotefile [ localfile ] ]
View
FTP client view
Default level
3: Manage level
Parameters
remotefile: Filename or directory on the remote FTP server. localfile: Name of a local file used to save the displayed information.
Description
Use the ls command to view the information of all the files and subdirectories in the current directory of the remote FTP server. The file names and subdirectory names are displayed. Use the ls remotefile command to view the information of a specified file or subdirectory. Use the ls remotefile localfile command to view the information of a specified file or subdirectory, and save the result to a local file specified by the localfile argument. NOTE: The ls command can only display the names of files and directories on the FTP server, whereas the dir command can display other related information of the files and directories, such as the size, and the date they were created.
Examples
# View the information of all files and subdirectories under the current directory of the FTP server.
[ftp] ls 227 Entering Passive Mode (192,168,1,50,17,165). 125 ASCII mode data connection already open, transfer starting for /*. ar-router.cfg logfile mainar.bin arbasicbtm.bin ftp test
102
bb.cfg testcfg.cfg 226 Transfer complete. FTP: 87 byte(s) received in 0.132 second(s) 659.00 byte(s)/sec.
# View the information of directory logfile, and save the result to file aa.txt.
[ftp] ls logfile aa.txt 227 Entering Passive Mode (192,168,1,46,4,3). 125 ASCII mode data connection already open, transfer starting for /logfile/*. ....226 Transfer complete. FTP: 20 byte(s) received in 3.962 second(s), 5.00 byte(s)/sec.
# View the content of file aa.txt.

[ftp] quit <Sysname> more aa.txt . .. logfile.log
mkdir
Syntax
mkdir directory
View
FTP client view
Default level
3: Manage level
Parameters
directory: Name of the directory to be created.
Description
Use the mkdir command to create a subdirectory in the current directory on the remote FTP server. You can do this only if you have permissions on the FTP server.
Examples
# Create subdirectory mytest on the current directory of the remote FTP server.
[ftp] mkdir mytest 257 /mytest new directory created.
open
Syntax
open server-address [ service-port ]
View
FTP client view
103
Default level
3: Manage level
Parameters
server-address: IP address or host name of a remote FTP server. service-port: Port number of the remote FTP server, in the range 0 to 65535. The default value is 21.
Description
Use the open command to log in to the IPv4 FTP server under FTP client view. At login, enter the username and password for accessing the FTP server. If your input is correct, the login succeeds. If you have logged in to the IPv4 FTP server, you cannot use the open command to log in to another server. To do so, you must disconnect from the current server first. Related commands: close.
Examples
# In FTP client view, log in to the FTP server with the IP address of 192.168.1.50.
<Sysname> ftp [ftp] open 192.168.1.50 Trying 192.168.1.50 ... Press CTRL+K to abort Connected to 192.168.1.50. 220 FTP service ready. User(192.168.1.50:(none)):aa 331 Password required for aa. Password: 230 User logged in.
[ftp]
passive
Syntax
passive undo passive
View
FTP client view
Default level
3: Manage level
Parameters
None
Description
Use the passive command to set the data transmission mode to passive. Use the undo passive command to set the data transmission mode to active.
104
The default transmission mode is passive. Data transmission modes fall into the passive mode and the active mode. The active mode specifies the server to initiate connection requests. The passive mode specifies the client to initiate connection requests. This command is mainly used in conjunction with a firewall to restrict FTP connections between private and public network users.
Examples
# Set the data transmission mode to passive.
[ftp] passive FTP: passive is on
put
Syntax
put localfile [ remotefile ]
View
FTP client view
Default level
3: Manage level
Parameters
localfile: Name of the local file to be uploaded. remotefile: File name used after a file is uploaded and saved on the FTP server.
Description
Use the put command to upload a file on the client to the remote FTP server. By default, if no name is assigned to the file to be saved on the FTP server, the name of the source file is used. After a file is uploaded, it will be saved under the users authorized directory, which can be set with the authorization-attribute command.
Examples
# Upload source file cc.txt to the remote FTP server and save it as dd.txt.
[ftp] put cc.txt dd.txt 227 Entering Passive Mode (192,168,1,50,17,169). 125 ASCII mode data connection already open, transfer starting for /dd.txt. 226 Transfer complete. FTP: 9 byte(s) sent in 0.112 second(s), 80.00 byte(s)/sec.
pwd
Syntax
pwd
View
FTP client view
105
Default level
3: Manage level
Parameters
None
Description
Use the pwd command to display the currently accessed directory on the remote FTP server.
Examples
# Display the currently accessed directory on the remote FTP server.
[ftp] cd servertemp [ftp] pwd 257 /servertemp is current directory.
The output shows that the servertemp folder under the root directory of the remote FTP server is being accessed by the user.
quit
Syntax
quit
View
FTP client view
Default level
3: Manage level
Parameters
None
Description
Use the quit command to disconnect the FTP client from the remote FTP server and exit to user view.
Examples
# Disconnect from the remote FTP server and exit to user view.
[ftp] quit 221 Server closing.
<Sysname>
remotehelp
Syntax
remotehelp [ protocol-command ]
View
FTP client view
Default level
3: Manage level
106
Parameters
protocol-command: FTP command.
Description
Use the remotehelp command to display the help information of FTP-related commands supported by the remote FTP server. If no argument is specified, FTP-related commands supported by the remote FTP server are displayed.
Examples
# Display FTP commands supported by the remote FTP server.
[ftp] remotehelp 214-Here is a list of available ftp commands Those with '*' are not yet implemented. USER PORT APPE* MKD NOOP* PASS PASV ALLO* PWD XCUP ACCT* TYPE REST* LIST XCWD CWD STRU* RNFR* NLST XMKD CDUP MODE* RNTO* SITE* XPWD SMNT* RETR ABOR* SYST XRMD QUIT STOR DELE STAT* REIN* STOU* RMD HELP
214 Direct comments to H3C company.
# Display the help information for the user command.

[ftp] remotehelp user 214 Syntax: USER <sp> <username>.
[ftp]

USER PASS CWD CDUP SMNT* QUIT REIN* PORT PASV TYPE STRU* MODE* RETR STOR STOU* APPE*
Description
Username Password Change the current working directory Change to parent directory File structure setting Quit Re-initialization Port number Passive mode Request type File structure Transmission mode Download a file Upload a file Store unique Appended file 107
Field
ALLO* REST* RNFR* RNTO* ABOR* DELE RMD MKD PWD LIST NLST SITE* SYST STAT* HELP NOOP* XCUP XCWD XMKD XPWD XRMD Syntax: USER <sp> <username>.
Description
Allocation space Restart Rename the source Rename the destination Abort the transmission Delete a file Delete a folder Create a folder Print working directory List files List file description Locate a parameter Display system parameters State Help No operation Extension command, the same meaning as CUP Extension command, the same meaning as CWD Extension command, the same meaning as MKD Extension command, the same meaning as PWD Extension command, the same meaning as RMD Syntax of the user command: user (keyword) + space + username
rmdir
Syntax
rmdir directory
View
FTP client view
Default level
3: Manage level
Parameters
directory: Directory name on the remote FTP server.
Description
Use the rmdir command to remove a specified directory from the FTP server.
108
NOTE: Only authorized users are allowed to use this command. Delete all files and subdirectories under a directory before you delete the directory. For how to delete files, see the delete command. When you execute the rmdir command, the files in the remote recycle bin in the directory will be automatically deleted.
Examples
# Delete the temp1 directory from the authorized directory on the FTP server.
[ftp] rmdir /temp1 200 RMD command successful.
user
Syntax
user username [ password ]
View
FTP client view
Default level
3: Manage level
Parameters
username: Login username. password: Login password. You can input this argument a space after the username argument; or you can input this argument when the Password: prompt appears after you input the username and then press Enter.
Description
Use the user command to relog in to the currently accessed FTP server with another username. NOTE: Before using this command, you must configure the corresponding username and password on the FTP server or the login will fail and the FTP connection will close.
Examples
# User ftp1 has logged in to the FTP server. Use username ftp2 to log in to the current FTP server. (Suppose username ftp2 and password 123123123123 have been configured on the FTP server). Method 1
[ftp] user ftp2 331 Password required for ftp2. Password: 230 User logged in. [ftp]
Method 2
[ftp] user ftp2 123123123123
109
331 Password required for ftp. 230 User logged in. [ftp]
verbose
Syntax
verbose undo verbose
View
FTP client view
Default level
3: Manage level
Parameters
None
Description
Use the verbose command to enable display of detailed prompt information received from the server. Use the undo verbose command to disable display of detailed prompt information. By default, the display of detailed prompt information is enabled.
Examples
# Enable display of detailed prompt information.
[ftp] verbose FTP: verbose is on
# Disable display of detailed prompt information. and perform a Get operation.

[ftp] undo verbose FTP: verbose is off
[ftp] get startup.cfg bb.cfg
FTP: 3608 byte(s) received in 0.052 second(s), 69.00K byte(s)/sec. [ftp]
# Enable display of detailed prompt information. and perform a Get operation.

[ftp] verbose FTP: verbose is on
[ftp] get startup.cfg aa.cfg
227 Entering Passive Mode (192,168,1,46,5,85). 125 ASCII mode data connection already open, transfer starting for /startup.cfg. 226 Transfer complete. FTP: 3608 byte(s) received in 0.193 second(s), 18.00K byte(s)/sec.
110
TFTP configuration commands

TFTP client configuration commands
display tftp client configuration
Syntax
display tftp client configuration
View
Any view
Default level
1: Monitor level
Parameters
None
Description
Use the display tftp client configuration command to display source IP address configuration of the TFTP client. Related commands: tftp client source.
Examples
# Display the source IP address configuration of the TFTP client.
<Sysname> display tftp client configuration The source IP address is 192.168.0.123
NOTE: The display tftp client configuration command displays the source IP address configuration of the TFTP client. If the specified source IP address is active, this command displays the source IP address. If the specified source interface is active, this command displays the source interface.
tftp-server acl
Syntax
tftp-server acl acl-number undo tftp-server acl
View
System view
Default level
3: Manage level
111
Parameters
acl-number: Number of a basic ACL, in the range 2000 to 2999.
Description
Use the tftp-server acl command to use an ACL to control the SecBlade LB modules access to a specific TFTP server. Use the undo tftp-server acl command to restore the default. By default, no ACL is used to control the SecBlade LB modules access to a TFTP server. You can use an ACL to deny or permit the SecBlade LB modules access to a specific TFTP server. For more information about ACL, see the Security Configuration Guide.
Examples
# Allow the SecBlade LB module to access the TFTP server with the IP address of 1.1.1.1 only (in IPv4 networking environment).
<Sysname> system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000] rule permit source 1.1.1.1 0 [Sysname-acl-basic-2000] quit [Sysname] tftp-server acl 2000
tftp
Syntax
tftp server-address { get | put | sget } source-filename [ destination-filename ] [ source { interface interface-type interface-number | ip source-ip-address } ]
View
User view
Default level
3: Manage level
Parameters
server-address: IP address or host name of a TFTP server. get: Downloads a file in normal mode. put: Uploads a file. sget: Downloads a file in secure mode. source-filename: Source file name. destination-filename: Destination file name. source: Configures parameters for source address binding. interface interface-type interface-number: Specifies the source interface by its type and number. The primary IP address configured on the source interface is the source IP address of the packets sent by TFTP. If no primary IP address is configured on the source interface, the transmission fails. ip source-ip-address: Specifies the source IP address for the current TFTP client to transmit packets. This source address must be an IP address that has been configured on the SecBlade LB module.
112
Description
Use the tftp command to upload files from the local device to a TFTP server or download files from the TFTP server to the local device. If no destination file name is specified, the saved file uses the source file name. This command applies to IPv4 networks.
Examples
# Download the config.cfg file from the TFTP server with the IP address of 192.168.0.98 and save it as config.bak. Specify the source IP address to be 192.168.0.92.
<Sysname> tftp 192.168.0.98 get config.cfg config.bak source ip 192.168.0.92 ... File will be transferred in binary mode Downloading file from remote TFTP server, please wait.... TFTP: 372800 bytes received in 1 second(s)
File downloaded successfully.
# Upload the config.cfg file from the local device to the default path of the TFTP server with the IP address of 192.168.0.98 and save it as config.bak. Specify the source IP interface to be GigabitEthernet 0/1.
<Sysname> tftp 192.168.0.98 put config.cfg config.bak source interface GigabitEthernet 0/1
File will be transferred in binary mode Sending file to remote TFTP server. Please wait... TFTP: 345600 bytes sent in 1 second(s).
File uploaded successfully.
tftp client source

Syntax
tftp client source { interface interface-type interface-number | ip source-ip-address } undo tftp client source
View
System view
Default level
2: System level
Parameters
interface interface-type interface-number: Specifies the source interface for establishing TFTP connections. The primary IP address of the source interface is used as the source IP address of packets sent to a TFTP server. If the source interface has no primary IP address specified, no TFTP connection can be established. ip source-ip-address: Specifies the source IP address of packets sent to a TFTP server, which is one of the IP addresses configured on the SecBlade LB module.
Description
Use the tftp client source command to specify the source IP address of packets sent to a TFTP server. Use the undo tftp client source command to restore the default.
113
By default, the source IP address is the IP address of the output interface of the route to the server is used as the source IP address.. If you use the tftp client source command to first configure a source interface and then a source IP address, the source IP address overwrites the source interface, and vice versa. If you first use the tftp client source command to specify a source IP address and then use the tftp command to specify another source IP address, the latter is used. The source IP address specified with the tftp client source command applies to all TFTP connections while the one specified with the tftp command applies to the current TFTP connection only. Related commands: display tftp client configuration.
Examples
# Specify the source IP address of packets sent a TFTP server as 2.2.2.2.
<Sysname> system-view [Sysname] tftp client source ip 2.2.2.2
# Specify the IP address of interface GigabitEthernet 0/1 as the source IP address of packets sent to a TFTP server.
<Sysname> system-view [Sysname] tftp client source interface GigabitEthernet 0/1
114
IP performance optimization configuration commands

display fib
Syntax
display fib [{ begin | include | exclude } regular-expression | acl acl-number | ip-prefix ip-prefix-name ]
View
Any view
Default level
1: Monitor level
Parameters
|: Uses a regular expression to match FIB entries. For more information about regular expression, see the System Management Configuration Guide. begin: Displays the first entry that matches the specified regular expression and all the FIB entries following it. exclude: Displays the FIB entries that do not match the specified regular expression. include: Displays the FIB entries that match the specified regular expression. regular-expression: A case-sensitive string of 1 to 256 characters, excluding spaces. acl acl-number: Displays FIB entries matching a specified ACL numbered from 2000 to 2999. If the specified ACL does not exist, all FIB entries are displayed. ip-prefix ip-prefix-name: Displays FIB entries matching a specified IP prefix list, a string of 1 to 19 characters. If the specified IP prefix list does not exist, all FIB entries are displayed.
Description
Use the display fib command to display FIB entries. If no parameters are specified, all FIB entries will be displayed.
Examples
# Display all FIB entries.
<Sysname> display fib Destination count: 4 FIB entry count: 4
Flag: U:Useable R:Relay G:Gateway H:Host B:Blackhole D:Dynamic S:Static
Destination/Mask 10.2.0.0/16 10.2.1.1/32
Nexthop 10.2.1.1 127.0.0.1
Flag U UH
OutInterface XGE0/0.1 InLoop0
InnerLabel Token Null Null Invalid Invalid
115
127.0.0.0/8 127.0.0.1/32
127.0.0.1 127.0.0.1
U UH
InLoop0 InLoop0
Null Null
Invalid Invalid
# Display FIB information passing ACL 2000.

<Sysname> system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000] rule permit source 10.2.0.0 0.0.255.255 [Sysname-acl-basic-2000] display fib acl 2000 Destination count: 2 FIB entry count: 2
Flag: U:Useable R:Relay Destination/Mask 10.2.0.0/16 10.2.1.1/32 Nexthop 10.2.1.1 127.0.0.1 Flag U UH OutInterface XGE0/0.1 InLoop0 InnerLabel Token Null Null Invalid Invalid G:Gateway H:Host B:Blackhole D:Dynamic S:Static
# Display all entries that contain the string 127 and start from the first one.
<Sysname> display fib | begin 127 Flag: U:Useable R:Relay Destination/Mask 10.2.1.1/32 127.0.0.0/8 127.0.0.1/32 Nexthop 127.0.0.1 127.0.0.1 127.0.0.1 Flag UH U UH OutInterface InLoop0 InLoop0 InLoop0 InnerLabel Token Null Null Null Invalid Invalid Invalid G:Gateway H:Host B:Blackhole D:Dynamic S:Static
# Display FIB information passing the IP prefix list abc0.

<Sysname> system-view [Sysname] ip ip-prefix abc0 permit 10.2.0.0 16 [Sysname] display fib ip-prefix abc0 Destination count: 1 FIB entry count: 1
Destination/Mask Nexthop 10.2.0.0/16 10.2.1.1
Flag U
OutInterface XGE0/0.1
InnerLabel Token Null Invalid

Destination count FIB entry count Destination/Mask Nexthop
Description
Total number of destination addresses Total number of FIB entries Destination address/length of mask Address of next hop
116
Field
Description
Flags of routes:
Flag
UUsable route GGateway route HHost route BBlackhole route DDynamic route SStatic route RRelay route
OutInterface InnerLabel Token
Outbound interface Inner label LSP index number
display fib ip-address

Syntax
display fib ip-address [ mask | mask-length ]
View
Any view
Default level
1: Monitor level
Parameters
ip-address: Destination IP address, in dotted decimal notation. mask: IP address mask. mask-length: Length of IP address mask.
Description
Use the display fib ip-address command to display FIB entries that match the specified destination IP address. If no mask or mask length is specified, the FIB entry that matches the destination IP address and has the longest mask will be displayed; if the mask is specified, the FIB entry that exactly matches the specified destination IP address will be displayed.
Examples
# Display the FIB entries that match the destination IP address of 10.2.1.1.
<Sysname> display fib 10.2.1.1 Destination count: 1 FIB entry count: 1
Destination/Mask
Nexthop
Flag
OutInterface
InnerLabel Token
117
10.2.1.1/32
127.0.0.1
UH
InLoop0
Null
Invalid
For the output description, see Table 24.
display icmp statistics

Syntax
display icmp statistics
View
Any view
Default level
1: Monitor level
Parameters
None
Description
Use the display icmp statistics command to display ICMP statistics. Related commands: display ip interface, reset ip statistics.
Examples
# Display ICMP statistics.
<Sysname> display icmp statistics Input: bad formats echo echo reply timestamp 0 5 10 0 bad checksum 0
destination unreachable 0 redirects parameter problem information request mask replies 0 0 0 0
source quench 0
mask requests 0 time exceeded 0 Output:echo echo reply timestamp 10 5 0
destination unreachable 0 redirects parameter problem information reply mask replies 0 0 0 0
source quench 0
mask requests 0 time exceeded 0

bad formats bad checksum echo destination unreachable source quench redirects echo reply
Description
Number of input wrong format packets Number of input wrong checksum packets Number of input/output echo packets Number of input/output destination unreachable packets Number of input/output source quench packets Number of input/output redirection packets Number of input/output replies 118
Field
parameter problem timestamp information request mask requests mask replies information reply time exceeded
Description
Number of input/output parameter problem packets Number of input/output time stamp packets Number of input information request packets Number of input/output mask requests Number of input/output mask replies Number of output information reply packets Number of input/output expiration packets
display ip socket
Syntax
display ip socket [ socktype sock-type ] [ task-id socket-id ]
View
Any view
Default level
1: Monitor level
Parameters
socktype sock-type: Displays the socket information of this type. The sock type is in the range 1 to 3, corresponding to TCP, UDP and raw IP respectively. task-id: Displays the socket information of this task. Task ID is in the range 1 to 150. socket-id: Displays the information of the socket. Socket ID is in the range 0 to 3072.
Description
Use the display ip socket command to display socket information.
Examples
# Display the TCP socket information.
<Sysname> display ip socket SOCK_STREAM: Task = VTYD(38), socketid = 1, Proto = 6, LA = 0.0.0.0:23, FA = 0.0.0.0:0, sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0, socket option SO_SETKEEPALIVE, = SO_ACCEPTCONN SO_KEEPALIVE SO_REUSEPORT SO_SENDVPNID(3073)
socket state = SS_PRIV SS_ASYNC
Task = HTTP(36), socketid = 1, Proto = 6, LA = 0.0.0.0:80, FA = 0.0.0.0:0, sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0, socket option = SO_ACCEPTCONN SO_REUSEPORT,
119
socket state = SS_PRIV SS_NBIO
Task = ROUT(69), socketid = 10, Proto = 6, LA = 0.0.0.0:179, FA = 192.168.1.45:0, sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0, socket option = SO_ACCEPTCONN SO_REUSEADDR SO_REUSEPORT SO_SENDVPNID(0), socket state = SS_PRIV SS_ASYNC
Task = VTYD(38), socketid = 4, Proto = 6, LA = 192.168.1.40:23, FA = 192.168.1.52:1917, sndbuf = 8192, rcvbuf = 8192, sb_cc = 237, rb_cc = 0, socket option = SO_KEEPALIVE SO_OOBINLINE SO_REUSEPORT SO_SENDVPNID(0) SO_SETKEEPALIVE, socket state = SS_ISCONNECTED SS_PRIV SS_ASYNC
Task = VTYD(38), socketid = 3, Proto = 6, LA = 192.168.1.40:23, FA = 192.168.1.84:1503, sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0, socket option = SO_KEEPALIVE SO_OOBINLINE SO_REUSEPORT SO_SENDVPNID(0) SO_SETKEEPALIVE, socket state = SS_ISCONNECTED SS_PRIV SS_ASYNC
Task = ROUT(69), socketid = 11, Proto = 6, LA = 192.168.1.40:1025, FA = 192.168.1.45:179, sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0, socket option = SO_REUSEADDR SO_LINGER SO_SENDVPNID(0), socket state = SS_ISCONNECTED SS_PRIV SS_ASYNC
SOCK_DGRAM: Task = NTPT(37), socketid = 1, Proto = 17, LA = 0.0.0.0:123, FA = 0.0.0.0:0, sndbuf = 9216, rcvbuf = 41600, sb_cc = 0, rb_cc = 0, socket option = SO_UDPCHECKSUM SO_SENDVPNID(3073), socket state = SS_PRIV Task = AGNT(51), socketid = 1, Proto = 17, LA = 0.0.0.0:161, FA = 0.0.0.0:0, sndbuf = 9216, rcvbuf = 41600, sb_cc = 0, rb_cc = 0, socket option = SO_UDPCHECKSUM SO_SENDVPNID(3073), socket state = SS_PRIV SS_NBIO SS_ASYNC Task = RDSO(56), socketid = 1, Proto = 17, LA = 0.0.0.0:1024, FA = 0.0.0.0:0, sndbuf = 9216, rcvbuf = 41600, sb_cc = 0, rb_cc = 0, socket option = SO_UDPCHECKSUM, socket state = SS_PRIV Task = TRAP(52), socketid = 1, Proto = 17, LA = 0.0.0.0:1025, FA = 0.0.0.0:0, sndbuf = 9216, rcvbuf = 0, sb_cc = 0, rb_cc = 0,
120
socket option = SO_UDPCHECKSUM, socket state = SS_PRIV Task = RDSO(56), socketid = 2, Proto = 17, LA = 0.0.0.0:1812, FA = 0.0.0.0:0, sndbuf = 9216, rcvbuf = 41600, sb_cc = 0, rb_cc = 0, socket option = SO_UDPCHECKSUM, socket state = SS_PRIV SOCK_RAW: Task = ROUT(69), socketid = 8, Proto = 89, LA = 0.0.0.0, FA = 0.0.0.0, sndbuf = 262144, rcvbuf = 262144, sb_cc = 0, rb_cc = 0, socket option = SO_SENDVPNID(0) SO_RCVVPNID(0), socket state = SS_PRIV SS_ASYNC
Task = ROUT(69), socketid = 3, Proto = 2, LA = 0.0.0.0, FA = 0.0.0.0, sndbuf = 32767, rcvbuf = 256000, sb_cc = 0, rb_cc = 0, socket option = SO_SENDVPNID(0) SO_RCVVPNID(0), socket state = SS_PRIV SS_NBIO SS_ASYNC
Task = ROUT(69), socketid = 2, Proto = 103, LA = 0.0.0.0, FA = 0.0.0.0, sndbuf = 65536, rcvbuf = 256000, sb_cc = 0, rb_cc = 0, socket option = SO_SENDVPNID(0) SO_RCVVPNID(0), socket state = SS_PRIV SS_NBIO SS_ASYNC
Task = ROUT(69), socketid = 1, Proto = 65, LA = 0.0.0.0, FA = 0.0.0.0, sndbuf = 32767, rcvbuf = 256000, sb_cc = 0, rb_cc = 0, socket option = 0, socket state = SS_PRIV SS_NBIO SS_ASYNC
Task = RSVP(73), socketid = 1, Proto = 46, LA = 0.0.0.0, FA = 0.0.0.0, sndbuf = 4194304, rcvbuf = 4194304, sb_cc = 0, rb_cc = 0, socket option = 0, socket state = SS_PRIV SS_NBIO SS_ASYNC

SOCK_STREAM SOCK_DGRAM SOCK_RAW Task socketid
Description
TCP socket UDP socket Raw IP socket Task number Socket ID 121
Field
Proto LA FA sndbuf rcvbuf sb_cc rb_cc socket option socket state
Description
Protocol number of the socket, indicating the protocol type that IP carries Local address and local port number Remote address and remote port number Sending buffer size of the socket, in bytes Receiving buffer size of the socket, in bytes Current data size in the sending buffer (It is available only for TCP that can buffer data) Data size currently in the receiving buffer Socket option Socket state
display ip statistics
Syntax
display ip statistics
View
Any view
Default level
1: Monitor level
Parameters
None
Description
Use the display ip statistics command to display statistics of IP packets. Related commands: display ip interface, reset ip statistics.
Examples
# Display statistics of IP packets.
<Sysname> display ip statistics Input: sum bad protocol bad checksum Output: forwarding dropped Fragment:input dropped fragmented Reassembling:sum 7120 0 0 0 0 0 0 0 0 couldn't fragment 0 timeouts 0 local bad format bad options local no route output 112 0 0 27 2 0
compress fails 0
122

sum local Input bad protocol bad format bad checksum bad options forwarding local Output dropped no route compress fails input output Fragment dropped fragmented couldn't fragment Reassembling sum timeouts
Description
Total number of packets received Total number of packets with destination being local Total number of unknown protocol packets Total number of packets with incorrect format Total number of packets with incorrect checksum Total number of packets with incorrect option Total number of packets forwarded Total number of packets sent from the local Total number of packets discarded Total number of packets for which no route is available Total number of packets failed to be compressed Total number of fragments received Total number of fragments sent Total number of fragments dropped Total number of packets successfully fragmented Total number of packets that failed to be fragmented Total number of packets reassembled Total number of reassembly timeout fragments
display tcp statistics

Syntax
display tcp statistics
View
Any view
Default level
1: Monitor level
Parameters
None
Description
Use the display tcp statistics command to display statistics of TCP traffic. Related commands: display tcp status, reset tcp statistics.
Examples
# Display statistics of TCP traffic.
<Sysname> display tcp statistics Received packets:
123
Total: 8457 packets in sequence: 3660 (5272 bytes) window probe packets: 0, window update packets: 0 checksum error: 0, offset error: 0, short error: 0
duplicate packets: 1 (8 bytes), partially duplicate packets: 0 (0 bytes) out-of-order packets: 17 (0 bytes) packets of data after window: 0 (0 bytes) packets received after close: 0
ACK packets: 4625 (141989 bytes) duplicate ACK packets: 1702, too much ACK packets: 0
Sent packets: Total: 6726 urgent packets: 0 control packets: 21 (including 0 RST) window probe packets: 0, window update packets: 0
data packets: 6484 (141984 bytes) data packets retransmitted: 0 (0 bytes) ACK-only packets: 221 (177 delayed)
Retransmitted timeout: 0, connections dropped in retransmitted timeout: 0 Keepalive timeout: 1682, keepalive probe: 1682, Keepalive timeout, so connections disconnected : 0 Initiated connections: 0, accepted connections: 22, established connections: 22 Closed connections: 49 (dropped: 0, initiated dropped: 0) Packets dropped with MD5 authentication: 0 Packets permitted with MD5 authentication: 0

Total packets in sequence window probe packets window update packets checksum error Received packets offset error short error duplicate packets partially duplicate packets out-of-order packets packets of data after window packets received after close
Description
Total number of packets received Number of packets arriving in sequence Number of window probe packets received Number of window update packets received Number of checksum error packets received Number of offset error packets received Number of received packets with length being too small Number of completely duplicate packets received Number of partially duplicate packets received Number of out-of-order packets received Number of packets outside the receiving window Number of packets that arrived after connection is closed
124
Field
ACK packets duplicate ACK packets too much ACK packets Total urgent packets control packets window probe packets Sent packets window update packets data packets data packets retransmitted ACK-only packets Retransmitted timeout connections dropped in retransmitted timeout Keepalive timeout keepalive probe Keepalive timeout, so connections disconnected Initiated connections accepted connections established connections
Description
Number of ACK packets received Number of duplicate ACK packets received Number of ACK packets for data unsent Total number of packets sent Number of urgent packets sent Number of control packets sent Number of window probe packets sent; in the brackets are resent packets Number of window update packets sent Number of data packets sent Number of data packets retransmitted Number of ACK packets sent; in brackets are delayed ACK packets Number of retransmission timer timeouts Number of connections broken due to retransmission timeouts Number of keepalive timer timeouts Number of keepalive probe packets sent Number of connections broken due to timeout of the keepalive timer Number of connections initiated Number of connections accepted Number of connections established Number of connections closed; in brackets are connections closed accidentally (before receiving SYN from the peer) and connections closed initiatively (after receiving SYN from the peer) Number of packets dropped by MD5 authentication Number of packets permitted by MD5 authentication
Closed connections
Packets dropped with MD5 authentication Packets permitted with MD5 authentication
display udp statistics

Syntax
display udp statistics
View
Any view
Default level
1: Monitor level
125
Parameters
None
Description
Use the display udp statistics command to display statistics of UDP packets. Related commands: reset udp statistics.
Examples
# Display statistics of UDP packets.
<Sysname> display udp statistics Received packets: Total: 0 checksum error: 0 shorter than header: 0, data length larger than packet: 0 unicast(no socket on port): 0 broadcast/multicast(no socket on port): 0 not delivered, input socket full: 0 input packets missing pcb cache: 0 Sent packets: Total: 0

Total checksum error shorter than header data length larger than packet Received packets unicast(no socket on port) broadcast/multicast(no socket on port) not delivered, input socket full input packets missing pcb cache Sent packets Total
Description
Total number of UDP packets received Total number of packets with incorrect checksum Number of packets with data shorter than head Number of packets with data longer than packet Number of unicast packets with no socket on port Number of broadcast/multicast packets without socket on port Number of packets not delivered to an upper layer due to a full socket cache Number of packets without matching protocol control block (PCB) cache Total number of UDP packets sent
ip redirects enable
Syntax
ip redirects enable undo ip redirects
View
System view
126
Default level
2: System level
Parameters
None
Description
Use the ip redirects enable command to enable sending of ICMP redirection packets. Use the undo ip redirects command to disable sending of ICMP redirection packets. This feature is disabled by default.
Examples
# Enable sending of ICMP redirect packets.
<Sysname> system-view [Sysname] ip redirects enable
ip ttl-expires enable
Syntax
ip ttl-expires enable undo ip ttl-expires
View
System view
Default level
2: System level
Parameters
None
Description
Use the ip ttl-expires enable command to enable sending of ICMP timeout packets. Use the undo ip ttl-expires command to disable sending of ICMP timeout packets. Sending ICMP timeout packets is disabled by default. If the feature is disabled, the device will not send TTL timeout ICMP packets, but still send reassembly timeout ICMP packets.
Examples
# Enable sending of ICMP timeout packets.
<Sysname> system-view [Sysname] ip ttl-expires enable
ip unreachables enable
Syntax
ip unreachables enable undo ip unreachables
127
View
System view
Default level
2: System level
Parameters
None
Description
Use the ip unreachables enable command to enable sending of ICMP destination unreachable packets. Use the undo ip unreachables command to disable sending of ICMP destination unreachable packets. Sending ICMP destination unreachable packets is disabled by default.
Examples
# Enable sending of ICMP destination unreachable packets.
<Sysname> system-view [Sysname] ip unreachables enable
reset ip statistics
Syntax
reset ip statistics
View
User view
Default level
2: System level
Parameters
None
Description
Use the reset ip statistics command to clear statistics of IP packets. Related commands: display ip interface, display ip statistics.
Examples
# Clear statistics of IP packets.
<Sysname> reset ip statistics
reset tcp statistics

Syntax
reset tcp statistics
View
User view
128
Default level
2: System level
Parameters
None
Description
Use the reset tcp statistics command to clear statistics of TCP traffic. Related commands: display tcp statistics.
Examples
# Display statistics of TCP traffic.
<Sysname> reset tcp statistics
reset udp statistics

Syntax
reset udp statistics
View
User view
Default level
2: System level
Parameters
None
Description
Use the reset udp statistics command to clear statistics of UDP traffic.
Examples
# Display statistics of UDP traffic.
<Sysname> reset udp statistics
tcp mss
Syntax
tcp mss value undo tcp mss
View
Interface view
Default level
2: System level
Parameters
value: TCP maximum segment size (MSS) in bytes, ranging from 128 to 2048.
129
Description
Use the tcp mss command to configure the TCP MSS. Use the undo tcp mss command to restore the default. By default, the TCP MSS is 1460 bytes. As the default MTU on an interface is 1500 bytes, and there are link layer cost and IP packet header, so the recommended TCP MSS is about 1200 bytes.
Examples
# Set the TCP MSS to 300 bytes on Ten-GigabitEthernet 0/0.1.
<Sysname> system-view [Sysname] interface Ten-GigabitEthernet 0/0.1 [Sysname-Ten-GigabitEthernet0/0.1] tcp mss 300
tcp timer fin-timeout

Syntax
tcp timer fin-timeout time-value undo tcp timer fin-timeout
View
System view
Default level
2: System level
Parameters
time-value: Length of the TCP finwait timer in seconds, in the range 76 to 3,600.
Description
Use the tcp timer fin-timeout command to configure the length of the TCP finwait timer. Use the undo tcp timer fin-timeout command to restore the default. By default, the length of the TCP finwait timer is 675 seconds. The actual length of the finwait timer is determined by the following formula: Actual length of the finwait timer = (Configured length of the finwait timer 75) + configured length of the synwait timer Related commands: tcp timer syn-timeout, tcp window.
Examples
# Set the length of the TCP finwait timer to 800 seconds.
<Sysname> system-view [Sysname] tcp timer fin-timeout 800
tcp timer syn-timeout

Syntax
tcp timer syn-timeout time-value
130
undo tcp timer syn-timeout
View
System view
Default level
2: System level
Parameters
time-value: TCP finwait timer in seconds, in the range 2 to 600.
Description
Use the tcp timer syn-timeout command to configure the length of the TCP synwait timer. Use the undo tcp timer syn-timeout command to restore the default. By default, the value of the TCP synwait timer is 75 seconds. Related commands: tcp timer fin-timeout, tcp window.
Examples
# Set the length of the TCP synwait timer to 80 seconds.
<Sysname> system-view [Sysname] tcp timer syn-timeout 80
tcp window
Syntax
tcp window window-size undo tcp window
View
System view
Default level
2: System level
Parameters
window-size: Size of the send/receive buffer in KB, in the range 1 to 32.
Description
Use the tcp window command to configure the size of the TCP send/receive buffer. Use the undo tcp window command to restore the default. The size of the TCP send/receive buffer is 8 KB by default. Related commands: tcp timer fin-timeout, tcp timer syn-timeout.
Examples
# Configure the size of the TCP send/receive buffer as 3 KB.
<Sysname> system-view [Sysname] tcp window 3
131
Index
ABCDEFGILMOPQRSTUV
A ascii,91 B binary,92 bye,93 C cd,93 cd,73 cdup,94 close,94 copy,74 D debugging,6 debugging,95 delete,74 delete,96 dir,75 dir,97 disconnect,98 display channel,8 display debugging,7 15 display fib,1 17 display fib ip-address,1 display ftp client configuration,98 display ftp-server,87 display ftp-user,88 18 display icmp statistics,1 display info-center,9 19 display ip socket,1 display ip statistics,122 1 display logbuffer,1 display logbuffer summary,13 display logfile buffer,13 display logfile summary,14 display mib-style,71 display snmp-agent community,42
132
display snmp-agent group,43 display snmp-agent local-engineid,44 display snmp-agent mib-view,44 display snmp-agent statistics,46 display snmp-agent sys-info,48 display snmp-agent trap queue,48 display snmp-agent trap-list,49 display snmp-agent usm-user,50 display tcp statistics,123 1 display tftp client configuration,1 1 display trapbuffer,15 display udp statistics,125 display userlog export,37 E enable log updown,16 enable snmp trap updown,51 execute,76 F file prompt,77 fixdisk,78 format,78 free ftp user,88 ftp,99 ftp client source,100 ftp server acl,89 ftp server enable,90 ftp timeout,90 ftp update,91 G get,101 I info-center channel name,17 info-center console channel,17 info-center enable,18 info-center format unicom,19 info-center logbuffer,19
info-center logfile enable,20 info-center logfile frequency,20 info-center logfile size-quota,21 info-center logfile switch-directory,22 info-center loghost,22 info-center loghost source,23 info-center monitor channel,24 info-center snmp channel,25 info-center source,26 info-center synchronous,28 info-center syslog channel,29 info-center timestamp,30 info-center timestamp loghost,31 info-center trapbuffer,32 ip redirects enable,126 ip ttl-expires enable,127 ip unreachables enable,127 L lcd,101 logfile save,32 ls,102 M mib-style,71 mkdir,79 mkdir,103 more,79 mount,80 move,81 O open,103 P passive,104 ping,1 put,105 pwd,82 pwd,105 Q quit,106 R remotehelp,106 rename,82 reset ip statistics,128
133
reset logbuffer,33 reset recycle-bin,83 reset tcp statistics,128 reset trapbuffer,33 reset udp statistics,129 reset userlog flow export,38 reset userlog flow logbuffer,38 rmdir,84 rmdir,108 S snmp-agent,52 snmp-agent calculate-password,52 snmp-agent community,53 snmp-agent group,55 snmp-agent local-engineid,56 snmp-agent log,57 snmp-agent mib-view,58 snmp-agent packet max-size,59 snmp-agent sys-info,59 snmp-agent target-host,60 snmp-agent trap enable,62 snmp-agent trap if-mib link extended,63 snmp-agent trap life,64 snmp-agent trap queue-size,65 snmp-agent trap source,66 snmp-agent usm-user { v1 | v2c },66 snmp-agent usm-user v3,68 T tcp mss,129 tcp timer fin-timeout,130 tcp timer syn-timeout,130 tcp window,131 terminal debugging,34 terminal logging,34 terminal monitor,35 terminal trapping,36 12 tftp,1 13 tftp client source,1 1 tftp-server acl,1 1 tracert,5 U umount,85 undelete,86
user,109 userlog flow export host,39 userlog flow export source-ip,40 userlog flow export version,40
userlog flow syslog,41 V verbose,1 10
134

05-System Maintenance Command Reference-Book

Transféré par

Informations du document

Description originale:

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

05-System Maintenance Command Reference-Book

Transféré par

Droits d'auteur :

Formats disponibles

H3C SecBlade LB Module

System Maintenance Command Reference

Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Document version: 6PW102-20120217

Port numbering in examples

About the H3C SecBlade LB module documentation set

Command references Configuration examples Software upgrade guide

Operations and maintenance

userlog flow export version 40 userlog flow syslog 41

System maintenance and debugging commands

Table 1 Output description Field

Reply from 1.1.2.2 : bytes=56 Sequence=1 ttl=255 time=1 ms

Table 2 Output description Field

1 1.1.1.2 673 ms 425 ms 30 ms

System debugging commands

Information center configuration commands

Information channel number

Default channel name

ENABLE LOG_LEVEL ENABLE TRAP_LEVEL ENABLE DEBUG_LEVEL

Table 5 Output description Field

Corresponding keyword in commands

Corresponding keyword in commands

%Jun 17 15:57:09:578 2006 Sysname IC/7/SYS_RESTART: System restarted --

The rest is omitted here. Table 7 Output description Field

display logbuffer summary

Table 8 Output description Field

display logfile buffer

Trap 1.3.6.1.6.3.1.1.5.4<linkUp>: ifOperStatus is 1

The rest is omitted here.

display logfile summary

Table 9 Output description Field

Trap 1.3.6.1.6.3.1.1.5.4<linkUp>: ifOperStatus is 1 #Aug Trap 1.3.6.1.6.3.1.1.5.4<linkUp>: ifOperStatus is 1 #Aug

7 08:03:27:439 2009 Sysname IFNET/4/INTERFACE UPDOWN: Interface 983048 is Up, ifAdminStatus is 1,

7 08:03:27:439 2009 Sysname IFNET/4/INTERFACE UPDOWN:

Trap 1.3.6.1.6.3.1.1.5.4<linkUp>: ifOperStatus is 1 #Aug

7 08:03:27:465 2009 Sysname IFNET/4/INTERFACE UPDOWN: Interface 3277798 is Up, ifAdminStatus is 1,

Trap 1.3.6.1.6.3.1.1.5.4<linkUp>: ifOperStatus is 1 #Aug

7 08:05:32:425 2009 Sysname IFNET/4/INTERFACE UPDOWN:

Table 10 Output description Field

enable log updown

info-center channel name

info-center console channel

[Sysname] info-center enable Info: Information center is enabled.

info-center format unicom

info-center logfile enable

info-center logfile frequency

undo info-center logfile frequency

info-center logfile size-quota

info-center logfile switch-directory

# Set the directory to save the log file to flash:/test.

info-center loghost source

info-center monitor channel

info-center snmp channel

LOG Enabled/ disabled

ten-gigabitethernet 0/0.1: link status is UP [Sysname] display interface ten-gigabitethernet

info-center syslog channel

none: Indicates no time information is provided.

# Configure the timestamp format for log information as date.

# Configure the timestamp format for log information as none.

info-center timestamp loghost

Log management commands

Table 12 Output description Field

Source address of exported logs