The CLI offers these privilege levels to help protect the switch from unauthorized access:
|
|
|
![[NOTE: ]](images/note.gif) |
NOTE: CLI commands are not case-sensitive. |
|
|
When you use the CLI to make a configuration change, the switch writes the change to the Running-Config file in volatile memory. This allows you to test your configuration changes before making them permanent. To make changes permanent, you must use the write memory command to save them to the Startup-Config file in non-volatile memory. If you reboot the switch without first using write memory, all changes made since the last reboot or write memory (whichever is later) will be lost. For more on switch memory and saving configuration changes, see Switch Memory and Configuration.
Privilege levels control the type of access to the CLI. To implement this control, you must set at least a Manager password. Without a Manager password configured, anyone having serial port, Telnet, or web browser access to the switch can reach all CLI levels. (For more on setting passwords, See the chapter on usernames and passwords in the Access Security Guide for your switch.)
When you use the CLI to log on to the switch, and passwords are set, you will be prompted to enter a password. For example:
CLI log-on screen with password(s) set
HP J8697A Switch 5406zl
Software revision K.15.12.0001
Copyright (C) 1991-2013 Hewlett-Packard Development Company, L.P.
RESTRICTED RIGHTS LEGEND
Confidential computer software. Valid license from HP required for possession,
use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer
Software, Computer Software Documentation, and Technical Data for Commercial
Items are licensed to the U.S. Government under vendor's standard commercial
license.
HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.
20555 State Highway 249, Houston, TX 77070
We'd like to keep you up to date about:
* Software feature updates
* New product announcements
* Special events
Please register your products now at: www.hp.com/networking/register
Username:
In the above case, you will enter the CLI at the level corresponding to the password you provide (operator or manager).
If no passwords are set when you log onto the CLI, you will enter at the Manager level. For example:
![[CAUTION: ]](images/caution.gif)
At the Operator level you can examine the current configuration and move between interfaces without being able to change the configuration. A ">" character delimits the Operator-level prompt. For example:
When using enable to move to the Manager level, the switch prompts you for the Manager password if one has already been configured.
Manager privileges give you three additional levels of access: Manager, Global Configuration, and Context Configuration. A "#" character delimits any Manager prompt. For example:
-
Manager level: Provides all Operator level privileges plus the ability to perform system-level actions that do not require saving changes to the system configuration file. The prompt for the Manager level contains only the system name and the "#" delimiter, as shown above. To select this level, enter the enable command at the Operator prompt and enter the Manager password, when prompted. For example:
-
Global configuration level: Provides all Operator and Manager level privileges, and enables you to make configuration changes to any of the switch’s software features. The prompt for the Global Configuration level includes the system name and "(config)". To select this level, enter the config command at the Manager prompt. For example:
-
Context configuration level: Provides all Operator and Manager privileges, and enables you to make configuration changes in a specific context, such as one or more ports or a VLAN. The prompt for the Context Configuration level includes the system name and the selected context. For example:
HP Switch(eth-1)# HP Switch(vlan-10)#
The Context level is useful, for example, for executing several commands directed at the same port or VLAN, or if you want to shorten the command strings for a specific context area. To select this level, enter the specific context at the Global Configuration level prompt. For example, to select the context level for an existing VLAN with the VLAN ID of 10, you would enter the following command and see the indicated result:
HP Switch(config)# vlan 10 HP Switch(vlan-10)#
Privilege level hierarchy — Operator Privilege
| Privilege Level | Example of Prompt and Permitted Operations | ||
|---|---|---|---|
| Operator Level |
|
|
View status and configuration information. |
|
|
Perform connectivity tests. |
||
|
|
Move from the CLI interface to the menu interface. |
||
|
|
Move from the CLI interface to the menu interface. |
||
|
|
Exit from the CLI interface and terminate the console session. |
||
|
|
Terminate the current session (same as logout). |
||
Privilege level hierarchy — Manager Privilege
| Privilege Level | Example of Prompt and Permitted Operations | |
|---|---|---|
| Manager Level |
|
Perform system-level actions such as system control, monitoring, and diagnostic commands, plus any of the Operator-level commands. For a list of available commands, enter ? at the prompt. |
| Global Configuration Level |
|
Execute configuration commands, plus all Operator and manager commands. For a list of available commands, enter? at the prompt. |
| Context Configuration Level |
|
Execute context-specific configuration commands, such as a particular VLAN or switch port. This is useful for shortening the command strings you type, and for entering a series of commands for the same context. For a list of available commands, enter? at the prompt. |
| Change in Levels | Example of Prompt, Command, and Result | ||
|---|---|---|---|
| Operator level to Manager level |
|
After you enter enable, the Password prompt appears. After you enter the Manager password, the system prompt appears with the # symbol: | |
| Manager level to Global configuration level |
|
N/A | |
| Global configuration level to a Context configuration level |
|
N/A | |
| Context configuration level to another Context configuration level |
|
The CLI accepts "e" as the abbreviated form of "ethernet". | |
| Move from any level to the preceding level |
|
N/A | |
| Move from any level to the Manager level |
-or-
|
N/A | |
Moving between the CLI and the Menu interface. When moving between interfaces, the switch retains the current privilege level (Manager or Operator). That is, if you are at the Operator level in the menu and select the Command Line Interface (CLI) option from the Main Menu, the CLI prompt appears at the Operator level.
Changing parameter settings. Regardless of which interface is used (CLI, menu interface, or WebAgent), the most recently configured version of a parameter setting overrides any earlier settings for that parameter. For example if you use the menu interface to configure an IP address of "X" for VLAN 1 and later use the CLI to configure a different IP address of "Y" for VLAN 1, then "Y" replaces "X" as the IP address for VLAN 1 in the running-config file. If you subsequently execute write memory in the CLI, then the switch also stores "Y" as the IP address for VLAN 1 in the startup-config file. (For more on the startup-config and running config files, see Chapter 5, "Switch Memory and Configuration".)
At any privilege level you can:
At a given privilege level you can list and execute the commands that level offers, plus all of the commands available at preceding levels. For example, at the Operator level, you can list and execute only the Operator level commands. However, at the Manager level, you can list and execute the commands available at both the Operator and Manager levels.
Type “?” to list available commands. Typing the ? symbol lists the commands you can execute at the current privilege level. For example, typing ? at the Operator level produces this listing:
The Operator-level command listing
HP Switch> ?
chassislocate Control the chassis locate led.
dir Display a list of the files and subdirectories in a
directory on a USB device.
display Display current system information.
enable Enter the Manager Exec context.
exit Return to the previous context or terminate current
console/telnet session if you are in the Operator
context level.
link-test Test the connection to a MAC address on the LAN.
logout Terminate this console/telnet session.
menu Change console user interface to menu system.
page Toggle paging mode.
ping Send IPv4 ping request(s) to a device on the network.
ping6 Send IPv6 ping request(s) to a device on the network.
quit Exit from current command view
services Display parameters for the services module.
show Display switch operation information.
traceroute Trace the IPv4 route to a device on the network.
traceroute6 Trace the IPv6 route to a device on the network.
verify Verify the signature of a switch firmware image.
wireless-services Display parameters for the wireless-services module.
-- MORE --, next page: Space, next line: Enter, quit: Control-C
Typing ? at the Manager level produces the listing in the following example:
The Manager-level command listing
HP Switch# ?
backup Backup next startup-configuration file to TFTP server
boot Reboot the device.
clear Clear table/statistics.
clock Display/set current time, date, and local time
parameters.
command-alias Specify command alias
configure Enter the Configuration context.
copy Copy datafiles to/from the switch.
debug Enable/disable debug logging.
delete Delete a file
diagnostic-level Set the diagnostic level.
end Return to the Manager Exec context.
erase Erase stored data files.
getMIB Retrieve and display the value of the MIB objects
specified.
getNextMIB Retrieve and display the value of the next MIB object
for each OID specified
kill Kill other active console, Telnet, or SSH sessions.
licenses Manage premium features.
log Display log events.
print Execute a command and redirect its output to the device
channel for current session.
-- MORE --, next page: Space, next line: Enter, quit: Control-C
When - - MORE - - appears, there are more commands in the listing. To list the next screen of commands, press the Space bar. To list the remaining commands one-by-one, repeatedly press [Enter].
Typing ? at the Global Configuration level or the Context Configuration level produces similar results.
Use [Tab] To search for or complete a command word. You can use [Tab] to help you find CLI commands or to quickly complete the current word in a command. To do so, type one or more consecutive characters in a command and then press [Tab] (with no spaces allowed). For example, at the Global Configuration level, if you press [Tab] immediately after typing “t”, the CLI displays the available command options that begin with “t”. For example, entering
HP Switch(config)# t
[Tab]
displays the following:
HP Switch(config)# t tacacs-server telnet-server tftp time timesync trunk trunk-load-balance task-monitor telnet terminal test traceroute traceroute6
As mentioned above, if you type part of a command word and press[Tab], the CLI completes the current word (if you have typed enough of the word for the CLI to distinguish it from other possibilities), including hyphenated extensions. For example, entering
HP Switch(config)# port-
[Tab]
displays the following:
HP Switch (config)# port- HP Switch (config)# port-security
Pressing [Tab] after a completed command word lists the further options for that command. For example, entering
HP Switch(config)# qos
[Tab]
displays the following:
HP Switch (config)# qos
udp-port Set UDP port-based priority.
tcp-port Set TCP port-based priority.
device-priority Configure device-based priority for a particular IP
address.
dscp-map Define mapping between a DSCP (Differentiated-Services
Codepoint) value and an 802.1p priority.
protocol Configure protocol-based priority.
queue-config Configure the number of egress priority queues for each
port.
type-of-service Configure the Type-of-Service method the device uses to
prioritize IP traffic.
watch-queue Enables monitoring of per-queue dropped packets due to
outbound congestion on the given port.
You can use the CLI to remind you of the options available for a command by entering command keywords followed by ?. For example, suppose you want to see the command options for configuring the console settings:
How to list the options for a specific command
HP-5406zl-Praseeda(config)# console
?
baud-rate Set the data transmission speed for the device connect
sessions initiated through the Console port.
events Set level of the events displayed in the device's Events
Log.
flow-control Set the Flow Control Method; default is xon-xoff.
idle-timeout The number of seconds of no activity detected before the
switch terminates a session.
inactivity-timer [Deprecated] Set the number of minutes of no activity
detected before the switch terminates a communication
session.
local-terminal Set type of terminal being used for the current console
or Telnet session (default is vt100).
screen-refresh Set refresh time for menu status and counters in
seconds.
terminal Set type of terminal being used for all console and
Telnet sessions (default is vt100).
CLI Help provides two types of context-sensitive information:
Syntax
Displays a listing of command Help summaries for all commands available at the current privilege level. That is, at the Operator level, executing help displays the Help summaries only for Operator-Level commands. At the Manager level, executing help displays the Help summaries for both the Operator and Manager levels, and so on.
For example, to list the Operator-Level commands with their purposes:
Context-sensitive command-list help
HP Switch> help
chassislocate Control the chassis locate led.
dir Display a list of the files and subdirectories in a
directory on a USB device.
display Display current system information.
enable Enter the Manager Exec context.
exit Return to the previous context or terminate current
console/telnet session if you are in the Operator
context level.
link-test Test the connection to a MAC address on the LAN.
logout Terminate this console/telnet session.
.
.
.
Displaying Help for an individual command.
Syntax
For example, to list the Help for theinterface command in the Global Configuration privilege level:
How to display help for a specific command
HP Switch(config)# interface help
Usage: [no] interface < [ethernet] PORT-LIST [...] | loopback <num> >
Description: Enter the Interface Configuration Level, or execute one
command for that level. Without optional parameters
specified, the 'interface' command changes the context to
the Interface Configuration Context Level for execution of
configuration changes to the port or ports in the PORT-LIST
or with loopback keywork it will change context to loopback
mode. Use 'interface ?' to get a list of all valid commands.
Note that trying to list the help for an individual command from a privilege level that does not include that command results in an error message. For example, trying to list the help for the interface command while at the global configuration level produces this result:
HP Switch# speed-duplex help Invalid input: speed-duplex
You can execute any configuration command in the global configuration mode or in selected context modes. However, using a context mode enables you to execute context-specific commands faster, with shorter command strings.
The switch offers interface (port or trunk group) and VLAN context configuration modes:
Port or trunk-group context. Includes port-or trunk-specific commands that apply only to the selected port(s) or trunk group, plus the global configuration, Manager, and Operator commands. The prompt for this mode includes the identity of the selected port(s):
HP Switch(config)# interface c3-c6 HP Switch(eth-C5-C8)# HP Switch(config)# interface trk1 HP Switch(eth-Trk1)#
Commands executed at configuration level for entering port and trk1 static trunk-group contexts, and resulting prompts showing port or static trunk contexts.
HP Switch(eth-C5-C8)# HP Switch(eth-Trk1)# HP Switch(eth-C5-C8)# ? HP Switch(eth-C5-C8)# ?
Lists the commands you can use in the port or static trunk context, plus the Manager, Operator, and context commands you can execute at this level.
VLAN context. Includes VLAN-specific commands that apply only to the selected VLAN, plus Manager and Operator commands. The prompt for this mode includes the VLAN ID of the selected VLAN. For example, if you had already configured a VLAN with an ID of 100 in the switch:
