Table of Contents

1 CLI Configuration Commands··················································································································1-1

CLI Configuration Commands·················································································································1-1
command-privilege level··················································································································1-1
display history-command·················································································································1-3
super················································································································································1-4
super authentication-mode··············································································································1-5
super password ·······························································································································1-6

i
1 CLI Configuration Commands

CLI Configuration Commands

command-privilege level

Syntax

command-privilege level level view view command

undo command-privilege view view command

View

System view

Parameters

level level: Command level to be set, in the range of 0 to 3.

view view: CLI view. It can be any CLI view that the Ethernet switch supports. The S3100 series support
only the CLI views listed in Table 1-1:

Table 1-1 Available CLI views for the view argument

CLI view Description

acl-adv Advanced ACL view
acl-basic Basic ACL view
Layer 2 ACL view, which is supported by only the S3100-EI
acl-ethernetframe
series
aux Aux 1/0/0 port view, that is, console port view
cluster Cluster view
ethernet 100M Ethernet port view
ftp-client FTP client view
gigabitethernet GigabitEthernet port view

gqinq QinQ view, which is supported by only the S3100-EI series

hwping HWPing test group view
hwtacacs HWTACACS view

isp ISP domain view

loopback Loopback interface view
luser Local user view
manage-vlan Management VLAN view
mst-region MST region view

1-1
 CLI view Description
Monitor link group view, which is supported by only the
mtlk-group
S3100-EI series
null NULL interface view
peer-key-code Public key editing view
peer-public-key Public key view
PoE profile view, which is supported by only the
poe-profile
S3100-TP-PWR-EI series
QoS profile view, which is supported by only the S3100-EI
qos-profile
series
radius-template RADIUS scheme view
shell User view
Smart link group view, which is supported by only the
smlk-group
S3100-EI series
system System view
user-interface User interface view
vlan VLAN view
vlan-interface VLAN interface view

command: Command for which the level is to be set.

Description

Use the command-privilege level command to set the level of a specified command in a specified
view.
Use the undo command-privilege view command to restore the default.
Commands fall into four levels: visit (level 0), monitor (level 1), system (level 2), and manage (level 3).
The administrator can change the level of a command as required. For example, the administrator can
change a command from a higher level to a lower level so that the lower level users can use the
command.
The default levels of commands are described in the following table:

Table 1-2 Default levels of commands

Level Name Command

Commands used to diagnose network, such as ping, tracert, and
0 Visit level
telnet commands.
Commands used to maintain the system and diagnose service fault,
1 Monitor level
such as debugging, terminal and reset commands.
2 System level All configuration commands except for those at the manage level.
Commands associated with the basic operation modules and
support modules of the system, such as file system,
3 Manage level
FTP/TFTP/XMODEM downloading, user management, and level
setting commands.

1-2
 Note that:
z You are recommended to use the default command level or modify the command level under the
guidance of professional staff; otherwise, the change of command level may bring inconvenience
to your maintenance and operation, or even potential security problem.
z When you change the level of a command with multiple keywords or arguments, you should input
the keywords or arguments one by one in the order they appear in the command syntax. Otherwise,
your configuration will not take effect. The values of the arguments should be within the specified
ranges.
z When you configure the undo command-privilege view command, the value of the command
argument can be an abbreviated form of the specified command, that is, you only need to enter the
keywords at the beginning of the command. For example, after the undo command-privilege
view system ftp command is executed, all commands starting with the keyword ftp (such as ftp
server acl, ftp server enable, and ftp timeout) will be restored to the default level; if you have
modified the command level of commands ftp server enable and ftp timeout, and you want to
restore only the ftp server enable command to its default level, you should use the undo
command-privilege view system ftp server command.
z If you modify the command level of a command in a specified view from the default command level
to a lower level, remember to modify the command levels of the quit command and the
corresponding command that is used to enter this view. For example, the default command level of
commands interface and system-view is 2 (system level); if you want to make the interface
command available to the users with the user privilege level of 1, you need to execute the following
three commands: command-privilege level 1 view shell system-view, command-privilege level
1 view system interface gigabitethernet 1/0/1, and command-privilege level 1 view system quit,
so that the login users with the user privilege level of 1 can enter system view, execute the
interface gigabitethernet command, and then return to user view.

Examples

# Set the level of the tftp get command in user view (shell) to 0, and configure the keywords or
arguments one by one in the order they appear in the tftp get command syntax.
[Sysname] command-privilege level 0 view shell tftp
[Sysname] command-privilege level 0 view shell tftp 192.168.0.1
[Sysname] command-privilege level 0 view shell tftp 192.168.0.1 get
[Sysname] command-privilege level 0 view shell tftp 192.168.0.1 get bootrom.btm

# Restore the default level of the tftp get command. To restore the default levels of the commands
starting with the tftp keyword, you only need to specify the tftp keyword.
[Sysname] undo command-privilege view shell tftp

display history-command

Syntax

display history-command

View

Any view

Parameters

None

1-3
Description

Use the display history-command command to display the history commands of the current user, so
that the user can check the configurations performed formerly.
History commands are those commands that were successfully executed recently and saved in the
history command buffer. You can set the size of the buffer by the history-command max-size
command. When the history command buffer is full for that user, the earlier commands will be
overwritten by the new ones.
By default, the CLI can save 10 history commands for each user.
Related commands: history-command max-size in login module.

Examples

# Display the history commands of the current user.

<Sysname> display history-command
system-view
quit
display history-command

super

Syntax

super [ level ]

View

User view

Parameters

level: User level, in the range of 0 to 3.

Description

Use the super command to switch from the current user level to a specified level.
Executing this command without the level argument will switch the current user level to level 3 by
default.
Note that:
z Users logged into the switch fall into four user levels, which correspond to the four command levels
respectively. Users at a specific level can only use the commands at the same level or lower levels.
z You can switch between user levels after logging into a switch successfully. The high-to-low user
level switching is unlimited. However, the low-to-high user level switching requires the
corresponding authentication. The authentication mode can be set through the super
authentication-mode command.
z For security purpose, the password entered is not displayed when you switch to another user level.
You will remain at the original user level if you have tried three times but failed to enter the correct
authentication information.
Related commands: super authentication-mode, super password.

1-4
Examples

# Switch from the current user level to user level 3, using super password authentication.
<Sysname> super 3
Password:
User privilege level is 3, and only those commands can be used
whose level is equal or less than this.
Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE

# Switch from the current user level to level 3, using HWTACACS authentication.
<Sysname> super 3
Username: user@system
Password:
User privilege level is 3, and only those commands can be used
whose level is equal or less than this.
Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE

super authentication-mode

Syntax

super authentication-mode { super-password | scheme }*

undo super authentication-mode

View

User interface view

Parameters

super-password: Adopts super password authentication for low-to-high user level switching.
scheme: Adopts Huawei terminal access controller access control system (HWTACACS)
authentication for low-to-high user level switching.

Description

Use the super authentication-mode command to specify the authentication mode used for low-to-high
user level switching.
Use the undo super authentication-mode command to restore the default.
By default, super password authentication is adopted for low-to-high user level switching.
Note that the two authentication modes, super password authentication and HWTACACS
authentication, are available at the same time to provide authentication redundancy. When both the two
authentication modes are specified, the order to perform the two types of authentication is determined
by the order in which they are specified, as described below.
z If the super authentication-mode super-password scheme command is executed to specify the
authentication mode for user level switching, the super password authentication is preferred and
the HWTACACS authentication mode is the backup.
z If the super authentication-mode scheme super-password command is executed to specify the
authentication mode for low-to-high user level switching, the HWTACACS authentication is
preferred and the super password authentication mode is the backup.

1-5
 z When both the super password authentication and the HWTACACS authentication are specified,
the device adopts the preferred authentication mode first. If the preferred authentication mode
cannot be implemented (for example, the super password is not configured or the HWTACACS
authentication server is unreachable), the backup authentication mode is adopted.

Examples

# Specify HWTACACS authentication as the preferred authentication mode when a VTY 0 user
switches from the current level to a higher level, with the super password authentication as the backup
authentication mode.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface vty 0
[Sysname-ui-vty0] super authentication-mode scheme super-password

super password

Syntax

super password [ level level ] { cipher | simple } password

undo super password [ level level ]

View

System view

Parameters

level level: User level, in the range of 1 to 3. It is 3 by default.

cipher: Stores the password in the configuration file in ciphered text.
simple: Stores the password in the configuration file in plain text.
password: Password to be set. If the simple keyword is used, you must provide a plain-text password,
that is, a string of 1 to 16 characters. If the cipher keyword is used, you can provide a password in either
of the two ways:
z Input a plain-text password, that is, a string of 1 to 16 characters, which will be automatically
converted into a 24-character cipher-text password.
z Directly input a cipher-text password, that is, a string of 1 to 24 characters, which must correspond
to a plain-text password. For example, The cipher-text password “_(TT8F]Y\5SQ=^Q`MAF4<1!!”
corresponds to the plain-text password 1234567.

Description

Use the super password command to set a switching password for a specified user level, which will be
used when users switch from a lower user level to the specified user level.
Use the undo super password command to restore the default configuration.
By default, no such password is set.
Note that, no matter whether a plain-text or cipher-text password is set, users must enter the plain-text
password during authentication.

1-6
Examples

# Set the switching password for level 3 to 0123456789 in plain text.

<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] super password level 3 simple 0123456789

1-7