No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Command Reference

S7700 and S9700 V200R011C10

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Basic Configuration Compatible Commands

Basic Configuration Compatible Commands

set authentication password simple (upgrade-compatible command)

Function

The set authentication password simple command sets the simple format for a local authentiction password.

Format

set authentication password simple password

Parameters

Parameter Description Value
password Specifies a password.

The value is a string of 1 to 16 characters. The password must contain at least two of the following characters: upper-case character, lower-case character, digit, and special character. Special character except the question mark (?) and space.

Views

User view

Default Level

3: Management level

Task Name and Operations

Task Name Operations
telnet-server write

Usage Guidelines

It is replaced by the set authentication password command.

This command is saved in simple text after it is configured, which brings security risks. Saving the command configuration in ciphertext is recommended.

certificate load (upgrade-compatible command)

Function

The certificate load command loads a digital certificate in the Secure Sockets Layer (SSL) policy view.

The undo certificate load command unloads a digital certificate for the SSL policy.

By default, no digital certificate is loaded for the SSL policy.

Format

# Load a PEM digital certificate for the SSL policy.

certificate load pem-cert cert-filename key-pair { dsa | rsa } key-file key-filename auth-code auth-code

# Load a PFX digital certificate for the SSL policy.

certificate load pfx-cert cert-filename key-pair { dsa | rsa } { mac mac-code | key-file key-filename } auth-code auth-code

# Load a PEM certificate chain for the SSL policy.

certificate load pem-chain cert-filename key-pair { dsa | rsa } key-file key-filename auth-code auth-code

Parameters

Parameter Description Value
pem-cert

Loads a PEM digital certificate for the SSL policy.

A PEM digital certificate has a file name extension .pem.

A PEM digital certificate transfers text data between systems.

-
cert-filename

Specifies the name of a certificate file.

The file is in the subdirectory of the system directory security. If the security directory does not exist in the system, create this directory.

The value is a string of 1 to 64 characters.

The file name is the same as that of the uploaded file.

key-pair Specifies the key pair type. -
dsa Sets the key pair type to DSA. -
rsa Sets the key pair type to RSA. -
key-file key-filename

Specifies the key pair file.

The file is in the subdirectory of the system directory security. If the security directory does not exist in the system, create this directory.

The value is a string of 1 to 64 characters.

The file name is the same as that of the uploaded file.

auth-code auth-code

Specifies the authentication code of the key pair file.

The authentication code verifies user identity to ensure that only authorized clients access the server.

When the authentication code is in plain text, the value is a string of 1 to 31 case-sensitive characters without any space.

pfx-cert

Loads a PFX digital certificate for the SSL policy.

A PFX digital certificate has a file name extension .pfx.

A digital certificate can be converted from the PFX format to another format.

-
mac mac-code

Specifies a message authentication code.

The message authentication code ensures the packet data reliability and security.

When the authentication code is in plain text, the value is a string of 1 to 31 case-sensitive characters without any space.

pem-chain

Specifies a PEM certificate chain.

-

Views

SSL policy view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

SSL security mechanism includes:
  • Data transmission security: Uses the symmetric key algorithm to encrypt data.

  • Message integrity: uses the multiplexed analog component (MAC) algorithm to ensure message integrity.

  • Identity authentication mechanism: authenticates users based on the digital signatures and certificates.

The Certificate Authority (CA) issues PEM, ASN1, and PFX digital certificates that provide user identity information. Based on digital certificates, users establish trust relationships with partners who require high security.

A digital certificate data includes the applicant information such as the applicant's name, applicant's public key, digital signature of the CA that issues the certificate, and the certificate validity period. A certificate chain can be released when a certificate is sent so that the receiver can have all certificates in the certificate chain.

Prerequisites

Before running the certificate load command, you have run the ssl policy command to create the SSL policy in the system view.

Precautions

  • You can load a certificate or certificate chain for only one SSL policy. Before loading a certificate or certificate chain, you must unload the existing certificate or certificate chain.
  • When you configure an SSL policy to load a certificate or certificate chain, ensure that the maximum length of the key pair in the certificate or certificate chain is 2048 bits. If the length of the key pair exceeds 2048 bits, the certificate file or certificate chain file cannot be uploaded to the device.

Example

# Load a PEM digital certificate for the SSL policy.

<HUAWEI> system-view
[HUAWEI] ssl policy ftp_server
[HUAWEI-ssl-policy-ftp_server] certificate load pem-cert servercert.pem key-pair dsa key-file serverkey.pem auth-code 123456

# Load a PFX digital certificate for the SSL policy.

<HUAWEI> system-view
[HUAWEI] ssl policy http_server
[HUAWEI-ssl-policy-http_server] certificate load pfx-cert servercert.pfx key-pair dsa key-file serverkey.pfx auth-code %$%$"DlqKik*GE*~`u4H+LFJ(K-=%$%$

# Load a PEM certificate chain for the SSL policy.

<HUAWEI> system-view
[HUAWEI] ssl policy http_server
[HUAWEI-ssl-policy-http_server] certificate load pem-chain chain-servercert.pem key-pair dsa key-file chain-servercertkey.pem auth-code 123456

set device usb-deployment password (upgrade-compatible command)

Function

The set device usb-deployment password command sets an authentication password for USB-based deployment.

Format

set device usb-deployment password password

Parameters

Parameter Description Value
password Specifies the authentication password for USB-based deployment. -

Views

System view

Default Level

3: Management level

Usage Guidelines

This command is available to aid upgrade compatibility. It can only be run during the configuration restoration phase of the upgrade.

A user with a level lower than the management level cannot query the password configured using this command. If this user query the configuration file, the password is displayed as asterisks (******).

set save-configuration backup-to-server server (upgrade-compatible command)

Function

The set save-configuration backup-to-server server command specifies the server where the system periodically saves the configuration file.

The undo set save-configuration backup-to-server server command cancels the server where the system periodically saves the configuration file.

By default, the system does not periodically save configurations to the server.

Format

set save-configuration backup-to-server server server-ip [ transport-type { ftp | sftp } ] path path user user-name password password

set save-configuration backup-to-server server server-ip user user-name password password [ path path ]

undo set save-configuration backup-to-server server [ server-ip ]

Parameters

Parameter Description Value
server server-ip Specifies the IP address of the server where the system periodically saves the configuration file. -
transport-type Specifies the mode in which the configuration file is transmitted to the server. The value can be ftp or sftp.
user user-name Specifies the name of the user who saves the configuration file on the server. The value is a string of 1 to 64 case-sensitive characters without spaces.
password password Specifies the password of the user who saves the configuration file on the server. The value is a string of 1 to 16 or 32 case-sensitive characters without spaces.
path path Specifies the relative save path on the server. The value is a string of 1 to 64 case-sensitive characters without spaces.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

Run this command to periodically save the configuration file to the server.

Precautions

If the mode in which the configuration file is transmitted to the server is not specified, FTP is used.

If the specified path on the server does not exist, configuration files cannot be sent to the server. The system then sends an alarm message indicating the transmission failure to the NMS, and the transmission failure is recorded as a log message on the device.

The user name and password must be the same as those used in FTP or SFTP login mode.

Example

# Specify the server to which the system periodically sends the configuration file, and set the transmission mode to FTP.

<HUAWEI> system-view
[HUAWEI] set save-configuration backup-to-server server 10.1.1.1 transport-type ftp path d:/ftp user huawei password huawei@1234

set save-configuration (upgrade-compatible command)

Function

Using the set save-configuration command, you can enable automatic saving of configurations.

Using the undo set save-configuration command, you can disable automatic saving of configurations.

By default, automatic saving of configurations is not enabled.

Format

set save-configuration nochange-time nochange-time

undo set save-configuration nochange-time [ nochange-time ]

Parameters

Parameter Description Value
nochange-time nochange-time Specifies a period and configures the system to automatically save configurations if no configurations are changed over the specified period. The value is an integer ranging from 30 to 43200, in minutes. The default value is 30.

Views

System view

Default Level

3: Management level

Usage Guidelines

If nochange-time nochange-time is specified in the command, the system automatically saves configurations if no configuration changes in the period specified by nochange-time.

If the interval from the time of the last configuration to the current time is shorter than the set interval, the system cancels the current automatic saving operation.

Example

# Configure the system to automatically save configurations at 60-minute intervals if no configuration changes in the period.

<HUAWEI> system-view
[HUAWEI] set save-configuration nochange-time 60

snmp-agent trap enable configuration (upgrade-compatible command)

Function

The snmp-agent trap enable configuration command enables the trap function of the Configuration module.

By default, the trap function of the Configuration module is disabled.

Format

snmp-agent trap enable configuration

Parameters

None

Views

System view

Default Level

3: Management level

Usage Guidelines

This command is available to aid upgrade compatibility. It can only be run during the configuration restoration phase of the upgrade.

After the upgrade, this command is no longer supported, and it is replaced by the snmp-agent trap enable feature-name configuration command.

snmp-agent trap enable ssh (upgrade-compatible command)

Function

The snmp-agent trap enable ssh command enables the trap function of the SSH module.

By default, the alarm function of the SSH module is disabled.

Format

snmp-agent trap enable ssh

Parameters

None

Views

System view

Default Level

3: Management level

Usage Guidelines

This command is available to aid upgrade compatibility. It can only be run during the configuration restoration phase of the upgrade.

snmp-agent trap enable system (upgrade-compatible command)

Function

The snmp-agent trap enable system command enables the trap function of the system module.

By default, the trap function of the system module is enabled.

Format

snmp-agent trap enable system

Parameters

None

Views

System view

Default Level

3: Management level

Usage Guidelines

This command is available to aid upgrade compatibility. It can only be run during the configuration restoration phase of the upgrade.

After the upgrade, this command is no longer supported, and it is replaced by the snmp-agent trap enable feature-name system command.

snmp-agent trap enable flash (upgrade-compatible command)

Function

The snmp-agent trap enable flash command enables the trap function of the flash module.

By default, the trap function of the flash module is disabled.

Format

snmp-agent trap enable flash

Parameters

None

Views

System view

Default Level

3: Management level

Usage Guidelines

This command is available to aid upgrade compatibility. It can only be run during the configuration restoration phase of the upgrade.

After the upgrade, this command is no longer supported, and it is replaced by the snmp-agent trap enable feature-name vfs { hwflhopernotification | hwflhsyncfailnotification | hwflhsyncsuccessnotification } command.

super (upgrade-compatible command)

Function

The super command changes the level of a user.

Format

super [ level ]

Parameters

Parameter Description Value
level Specifies the user level. The value is an integer that ranges from 0 to 15. The default user level is 3.

Views

User view

Default Level

0: Visit level

Usage Guidelines

Usage Scenario

To prevent illegal intrusion of unauthorized users, when a user switches to a higher user level, the system authenticates the user identity by requiring the user to input the password for the higher user level. If the user inputs an incorrect password, the login fails.

NOTE:

The device supports this command only when the super password command is configured in the history version and the device has upgraded to the current version.

Precautions

Users are assigned one of 16 levels, and these levels correspond to command levels. After logging in to the system, users can use only the commands whose levels are equal to or lower than their user levels.

The password that the user enters is not displayed. If the user inputs the correct password within three times, the user switches to the higher user level. If the password is incorrect, the user level remains unchanged.

Example

# Switch users to level 3.

<HUAWEI> super 3
Password:
Now user privilege is 3 level, and only those commands whose level is equal to or less than this level can be used.
Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE

super password (upgrade-compatible command)

Function

The super password command sets the password used to change a user from a lower level to a higher level.

The undo super password command cancels the current configuration.

By default, the system does not set the password used to change a user from a lower level to a higher level.

Format

super password [ level user-level ] [ simple simple-password | cipher cipher-password ]

undo super password [ level user-level ]

Parameters

Parameter Description Value
level user-level Specifies a user level. The value is an integer that ranges from 1 to 15. By default, the system sets passwords for users of level 3.
simple simple-password Specifies the simple password for changing a user level. The value is a string of 1 to 16 case-sensitive characters.
cipher simple-password Specifies the password in cipher text.
The value is a string of 6 to 16 characters or a string of 32 characters. The password can be in plain or cipher text.
  • The password in plain text is a string of 6 to16 characters. The password must contain at least two of the following characters: upper-case character, lower-case character, digit, and special character. Special character except the question mark (?) and space.
  • The password in cipher text is a string of 32 characters.

The password is displayed in ciphertext in the configuration file regardless of whether it is input in plaintext or cipher text.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The device makes it possible to switch a user from a lower level to a higher level. To prevent illegal intrusion of unauthorized users, when a user switches to a higher user level, the system authenticates the user identity by requiring the user to input the password for the higher user level.

Precautions

  • If the cipher cipher-password parameter is not specified, the system starts the interactive password setting mode. Enter a plain text password of 6 to 16 characters. The requirements for the password are the same as the requirements for the plain text password configured when the cipher keyword is specified. The password you enter will not be displayed on the device. You can press CTRL_C to cancel the password setting.
  • The password is in plain or cipher text and displayed on the device when the cipher cipher-password parameter is specified. When you run the super command to switch the user level, the password must be entered in plain text.
  • Whether the password is entered in cipher or interactive mode, the password is saved in cipher text to the configuration file. Therefore, the password cannot be obtained from the system after it is set. Keep the password secure.
  • This command is saved in simple text after it is configured, which brings security risks. Saving the command configuration in ciphertext is recommended.

Example

# Set the password used when low-level users switch to level 10 to huawei2012.

<HUAWEI> system-view
[HUAWEI] super password level 10
Please configure the login password (6-16)
Enter Password:
Confirm Password: 

# Set the password used when low-level users switch to level 10 to huawei2012.

<HUAWEI> system-view
[HUAWEI] super password level 10 cipher huawei2012

trusted-ca load (upgrade-compatible command)

Function

The trusted-ca load command loads the trusted CA file for the SSL policy for the FTP client.

The undo trusted-ca load command unloads the trusted CA file of the SSL policy.

By default, no trusted CA file is loaded for the SSL policy.

Format

# Load the trusted CA file for the SSL policy in PFX format.

trusted-ca load pfx-ca ca-filename auth-code { auth-code | cipher auth-code }

Parameters

Parameter Description Value
pfx-ca

Load the trusted CA file for the SSL policy in PFX format.

-
ca-filename

Specifies the name of the trusted CA file.

The file is in the subdirectory of the system directory security. If the security directory does not exist in the system, create this directory.

The value is a string of 1 to 64 characters.

The file name is the same as that of the uploaded file.

auth-code auth-code

Specifies the verification code for the trusted CA file in PFX format.

The authentication code verifies user identity to ensure that only authorized users can log in to the server.

When the authentication code is in plain text, the value is a string of 1 to 31 case-sensitive characters without any space.

Views

SSL policy view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

CAs that are widely trusted in the world are called root CAs. Root CAs can authorize other lower-level CAs. The identity information about a CA is provided in the file of a trusted CA. To ensure the communication security and verify the server validity, you must run the trusted-ca load command to load the trusted CA file.

Prerequisites

Before running the trusted-ca load command, you have run the ssl policy command to create the SSL policy in the system view.

Precautions

A maximum of four trusted CA files can be loaded for an SSL policy.

Example

# Load the trusted CA file for the SSL policy in PFX format.

<HUAWEI> system-view
[HUAWEI] ssl policy ftp_server
[HUAWEI-ssl-policy-ftp_server] trusted-ca load pfx-ca servercert.pfx auth-code cipher 123456
Translation
Download
Updated: 2019-10-18

Document ID: EDOC1000178288

Views: 29198

Downloads: 109

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next