Configuration Guide - Basic Configuration (V100R002C00 - 05) PDF

Quidway S9300 Terabit Routing Switch
V100R002C00
Configuration Guide - Basic Configuration
Issue
05
Date
2010-01-08
Huawei Proprietary and Confidential

Copyright Huawei Technologies Co., Ltd.
Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. For any
assistance, please contact our local office or company headquarters.
Huawei Technologies Co., Ltd.

Address:
Huawei Industrial Base

Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website:
http://www.huawei.com
Email:
support@huawei.com
Copyright Huawei Technologies Co., Ltd. 2010. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions

and other Huawei trademarks are the property of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.


Contents
Contents
About This Document.....................................................................................................................1
1 How to Use Interfaces...............................................................................................................1-1
1.1 Introduction to Interfaces................................................................................................................................1-2
1.2 Setting Parameters of an Interface...................................................................................................................1-5
1.2.1 Establishing the Configuration Task......................................................................................................1-5
1.2.2 Entering the Interface View...................................................................................................................1-6
1.2.3 Viewing All Commands in the Interface View......................................................................................1-6
1.2.4 Configuring the Description for an Interface.........................................................................................1-7
1.2.5 Starting and Shutting Down an Interface...............................................................................................1-7
1.2.6 Exiting from the Interface View.............................................................................................................1-8
1.2.7 Assigning an IP Address to an Interface................................................................................................1-8
1.2.8 Further Configuration an Interface.........................................................................................................1-9
1.2.9 Checking the Configuration.................................................................................................................1-10
1.3 Configuring the Loopback Interface.............................................................................................................1-10
1.3.1 Establishing the Configuration Task....................................................................................................1-10
1.3.2 Configuring IPv4 Parameters of the Loopback Interface.....................................................................1-11
1.4 Maintaining the Interface..............................................................................................................................1-12
1.4.1 Clearing Statistics Information on the Interface...................................................................................1-12
1.4.2 Debugging the Interface.......................................................................................................................1-12
2 User Login Management...........................................................................................................2-1

2.1 Overview of User Login..................................................................................................................................2-3
2.1.1 User Login Modes..................................................................................................................................2-3
2.1.2 User Interface.........................................................................................................................................2-7
2.1.3 User Authentication................................................................................................................................2-8
2.2 Logging In to the S9300 Through the Console Interface..............................................................................2-10
2.2.2 Logging In to the S9300 Through the Console Interface.....................................................................2-11
2.3 Configuring the Console Interface as the User Interface..............................................................................2-14
2.3.2 Setting Parameters of the User Interface..............................................................................................2-15
2.3.3 Configuring User Authentication.........................................................................................................2-16
Issue 05 (2010-01-08)

Contents

2.3.4 Setting User Levels..............................................................................................................................2-17
2.4 Configuring the Telnet Interface...................................................................................................................2-18

2.4.2 (Optional) Setting Parameters of the VTY Interface............................................................................2-19
2.4.3 Configuring the VTY User Interface to Support the Telnet Service....................................................2-20
2.4.5 Setting User Levels..............................................................................................................................2-23
2.5 Logging In to the S9300 Locally Through Telnet.........................................................................................2-24
2.5.2 Logging In to the S9300 Through Telnet.............................................................................................2-25
2.5.3 Ending the Telnet Connection Periodically.........................................................................................2-26
2.6 Logging In to the S9300 Remotely Through Telnet.....................................................................................2-28
2.6.2 Logging In to the S9300 Remotely Through Telnet............................................................................2-28
2.7 Configuring the SSH Interface......................................................................................................................2-29
2.7.2 Creating an SSH User..........................................................................................................................2-30
2.7.3 Configuring the VTY User Interface to Support the SSH Protocol.....................................................2-30
2.7.4 Creating a Local Key Pair....................................................................................................................2-31
2.7.5 Configuring the Authentication Mode for the SSH User.....................................................................2-32
2.7.6 (Optional) Configuring Basic Authentication Information About the SSH User................................2-33
2.7.7 (Optional) Authorizing SSH Users Through Command Lines............................................................2-34
2.7.8 Configuring the Type of the Service for the SSH User........................................................................2-34
2.7.9 (Optional) Configuring the Authorized Directory of the SFTP Service for the SSH User..................2-34
2.7.10 Deleting an SSH User........................................................................................................................2-35
2.7.11 Checking the Configuration...............................................................................................................2-35
2.8 Logging In to the S9300 Through SSH.........................................................................................................2-36
2.8.2 Logging In to the S9300 Through SSH................................................................................................2-37
2.9 Configuring the FTP Interface......................................................................................................................2-37
2.10 Logging In to the S9300 Through FTP.......................................................................................................2-39
2.10.1 Establishing the Configuration Task..................................................................................................2-39
2.10.2 Logging In to the S9300 Through FTP..............................................................................................2-40
2.11 S9300 Logging In to the TFTP Service Through TFTP.............................................................................2-41
2.11.2 Downloading Files Through TFTP....................................................................................................2-42
ii

Issue 05 (2010-01-08)

Contents
2.11.3 Uploading Files Through TFTP.........................................................................................................2-42

2.12 Limiting the Access to the TFTP Server.....................................................................................................2-42
2.12.2 Configuring the Basic ACL................................................................................................................2-43
2.12.3 Configuring the Basic TFTP ACL.....................................................................................................2-44
2.13 Logging In to the S9300 Through SFTP.....................................................................................................2-44
2.13.2 Logging In to the S9300 Through SFTP............................................................................................2-45
2.14 Logging In to the S9300 Through STelnet..................................................................................................2-45
2.14.2 Logging In to the S9300 Through STelnet.........................................................................................2-46
2.15 Configuring the NMS User to Log In to the S9300 Through the VTY Interface.......................................2-47
2.15.2 Configuring the NMS User................................................................................................................2-47
2.15.3 Configuring the AAA Authentication Mode for the NMS User........................................................2-48
2.16 Maintaining Telnet......................................................................................................................................2-49
2.16.1 Debugging Telnet Terminal Services.................................................................................................2-49
2.17 Configuration Examples..............................................................................................................................2-49
2.17.1 Example for Configuring the Telnet Terminal Service......................................................................2-49
2.17.2 Example for Configuring the TFTP Client........................................................................................2-51
3 How to Use Command Lines...................................................................................................3-1

3.1 Overview of Command Lines.........................................................................................................................3-2
3.2 Command Views.............................................................................................................................................3-2
3.2.1 Hierarchical Structure of Command Views...........................................................................................3-2
3.2.2 Common Views......................................................................................................................................3-4
3.3 Command Levels.............................................................................................................................................3-6
3.3.1 Introduction to Command Levels...........................................................................................................3-6
3.3.2 Relations Between Command Levels and User Levels..........................................................................3-7
3.4 Using the Online Help of Command Lines.....................................................................................................3-8
3.4.1 Providing the Help for a Complete Command Word.............................................................................3-9
3.4.2 Providing the Help for an Incomplete Command Word........................................................................3-9
3.5 Editing Command Lines................................................................................................................................3-10
3.6 Displaying Features of Command Lines.......................................................................................................3-11
3.7 History Commands........................................................................................................................................3-11
3.8 Hotkeys..........................................................................................................................................................3-12
3.8.1 Classification of Hotkeys.....................................................................................................................3-12
3.8.2 Defining Hotkeys.................................................................................................................................3-14
3.8.3 Using Hotkeys......................................................................................................................................3-14
3.9 Configuration Examples................................................................................................................................3-15
3.9.1 Example for Defining Hotkeys............................................................................................................3-15
3.9.2 Example for Copying a Command by Using Hotkeys.........................................................................3-16
Issue 05 (2010-01-08)

iii
Contents

3.9.3 Example for Using the Tab Key...........................................................................................................3-16
4 Common Operations and Configurations.............................................................................4-1

4.1 Overview of Common Operations and Configurations...................................................................................4-2
4.1.1 Introduction to Common Operations......................................................................................................4-2
4.1.2 Introduction to Common Configurations...............................................................................................4-2
4.2 Common Operations....................................................................................................................................... 4-2
4.2.1 Entering the System View......................................................................................................................4-2
4.2.2 Quitting a Command View.................................................................................................................... 4-3
4.2.3 Switching the Language Mode...............................................................................................................4-3
4.2.4 Displaying Information About the System Status..................................................................................4-3
4.2.5 Locking a Login Interface......................................................................................................................4-5
4.2.6 Sending Information from One User Interface to Another User Interface.............................................4-5
4.2.7 Closing the Connection on a Specified User Interface...........................................................................4-6
4.2.8 Setting the Header Text..........................................................................................................................4-6
4.3 Common Configurations.................................................................................................................................4-7
4.3.1 Setting a System Name.......................................................................................................................... 4-7
4.3.2 Setting the System Time........................................................................................................................ 4-7
4.4 Switching Levels of Users and Commands.....................................................................................................4-8
4.4.1 Extending Levels of Commands............................................................................................................4-8
4.4.2 Extending Levels of Users..................................................................................................................... 4-9
4.4.3 Setting the Password for Switching Levels of Users............................................................................. 4-9
4.4.4 Switching the User Level.....................................................................................................................4-10
5 Configuration of the SSH Server and Client........................................................................5-1

5.1 Overview of SSH............................................................................................................................................ 5-2
5.2 Configuring the SSH Server............................................................................................................................5-3
5.2.2 Enabling the STelnet Service.................................................................................................................5-4
5.2.3 Enabling the SFTP Service.................................................................................................................... 5-4
5.2.4 (Optional) Enabling the Later Version to Be Compatible with the Earlier Version..............................5-5
5.2.5 (Optional) Setting the Listening Port Number on the SSH Server........................................................ 5-5
5.2.6 (Optional) Enabling the S9300 to Send Trap Messages........................................................................ 5-6
5.2.7 (Optional) Setting the Interval for Updating the Key Pair.....................................................................5-6
5.2.8 Checking the Configuration...................................................................................................................5-7
5.3 Configuring the STelnet Client.......................................................................................................................5-7
5.3.2 Enabling the Initial Authentication on the STelnet Client.....................................................................5-8
5.3.3 Assigning the RSA Public Key to the SSH Server by the STelnet Client.............................................5-9
5.4 Configuring the SFTP Client.........................................................................................................................5-10
5.4.2 Enabling the Initial Authentication on the SFTP Client......................................................................5-12
5.4.3 Assigning the RSA Public Key to the SSH Server by the SFTP Client...............................................5-12
iv

Issue 05 (2010-01-08)

Contents
5.4.4 (Optional) Managing Directories.........................................................................................................5-13

5.4.5 (Optional) Managing Files...................................................................................................................5-13
5.4.6 (Optional) Displaying Command Help on the SFTP Client................................................................5-14
5.5 Maintaining SSH...........................................................................................................................................5-15
5.5.1 Debugging the SSH Terminal Service.................................................................................................5-15
5.6.1 Example for Configuring the SSH Server to Support the Access from Another Port.........................5-16
5.6.2 Example for Connecting the STelnet Client and the SSH Server........................................................5-22
5.6.3 Example for Connecting the SFTP Clinet and the SSH Server...........................................................5-29
6 Configuration of the FTP Server and Client......................................................................... 6-1

6.1 Overview of FTP.............................................................................................................................................6-2
6.2 Configuring the S9300 as the FTP Server.......................................................................................................6-2
6.2.2 Enabling the FTP Server........................................................................................................................6-3
6.2.3 (Optional) Setting the Timeout Interval for Disconnecting the FTP Server and the Client...................6-3
6.2.4 Setting the Local User Name and Password..........................................................................................6-3
6.2.5 Setting the Type of the Service and Directory for the FTP Login User.................................................6-4
6.2.6 Checking the Configuration...................................................................................................................6-4
6.3 Configuring the S9300 as the FTP Client.......................................................................................................6-5
6.3.2 Logging In to the FTP Server.................................................................................................................6-6
6.3.3 Setting the Type and Mode for Transmitting Files................................................................................6-6
6.3.4 Displaying the Online Help About FTP Commands..............................................................................6-7
6.3.5 Uploading or Downloading Files...........................................................................................................6-7
6.3.6 Managing Directories.............................................................................................................................6-8
6.3.7 Managing Files.......................................................................................................................................6-8
6.3.8 Changing the Login User.......................................................................................................................6-9
6.3.9 Ending an FTP Connection....................................................................................................................6-9
6.4 Maintaining FTP...........................................................................................................................................6-10
6.4.1 Debugging the FTP Server...................................................................................................................6-10
6.5.1 Example for Configuring the FTP Server............................................................................................6-11
6.5.2 Example for Configuring the FTP Client.............................................................................................6-13
6.5.3 Example for Configuring an ACL of the FTP Server..........................................................................6-15
7 File System Management..........................................................................................................7-1

7.1 Overview of the File System...........................................................................................................................7-2
7.1.1 Basic Concepts of the File System.........................................................................................................7-2
7.1.2 Storage Device.......................................................................................................................................7-2
7.1.3 File..........................................................................................................................................................7-2
7.1.4 Directory.................................................................................................................................................7-2
Issue 05 (2010-01-08)

Contents

7.2 Managing a Storage Device............................................................................................................................ 7-2

7.2.2 (Optional) Formatting a Storage Device................................................................................................7-3
7.3 Managing a File...............................................................................................................................................7-3
7.3.2 (Optional) Displaying the Status of the File System..............................................................................7-4
7.3.3 (Optional) Changing the Prompt Mode of the File System................................................................... 7-5
7.3.4 (Optional) Displaying the Contents of a File.........................................................................................7-5
7.3.5 (Optional) Copying a File...................................................................................................................... 7-5
7.3.6 (Optional) Moving a File........................................................................................................................7-6
7.3.7 (Optional) Renaming a File....................................................................................................................7-6
7.3.8 (Optional) Deleting a File...................................................................................................................... 7-6
7.3.9 (Optional) Deleting a File from the Recycle Bin...................................................................................7-7
7.3.10 (Optional) Restoring a Deleted File.....................................................................................................7-7
7.3.11 (Optional) Executing a Batch File........................................................................................................7-7
7.4 Managing a Directory......................................................................................................................................7-8
7.4.2 (Optional) Displaying the Current Working Directory..........................................................................7-9
7.4.3 (Optional) Creating a Directory............................................................................................................. 7-9
7.4.4 (Optional) Deleting a Directory............................................................................................................. 7-9
7.4.5 (Optional) Changing the Working Directory.........................................................................................7-9
7.5 Maintaining the File System.........................................................................................................................7-10
7.6.1 Example for Copying Files..................................................................................................................7-10
8 Management of Configuration Files......................................................................................8-1

8.1 Overview of the Configuration File................................................................................................................8-2
8.1.1 Configuration File..................................................................................................................................8-2
8.1.2 Current Configurations...........................................................................................................................8-2
8.2 Displaying the Current Configurations and the Configurations Saved to a Configuration File..................... 8-2
8.2.1 Displaying All Current Configurations..................................................................................................8-3
8.2.2 Displaying the Current Configurations in the Current View................................................................. 8-3
8.2.3 Displaying the Configurations Saved in a Configuration File...............................................................8-3
8.2.4 Displaying the System Software Used in the Startup of the S9300.......................................................8-4
8.3 Saving the Current Configurations..................................................................................................................8-4
8.4 Deleting a Configuration File..........................................................................................................................8-5
8.5 Loading a Configuration File..........................................................................................................................8-5
8.6 Comparing the Current Configurations with the Configuration File..............................................................8-6
vi

Issue 05 (2010-01-08)

Figures
Figures
Figure 2-1 Networking diagram of the S9300 acting as the Telnet server...........................................................2-5
Figure 2-2 Networking diagram of the S9300 acting as the Telnet client............................................................2-6
Figure 2-3 Networking diagram of the S9300 acting as the cascading Telnet server..........................................2-6
Figure 2-4 Numbering of user interfaces on the S9300.......................................................................................2-8
Figure 2-5 Logging in to the S9300 through the console interface....................................................................2-10
Figure 2-6 Setting up a new connection.............................................................................................................2-11
Figure 2-7 Setting the connection port...............................................................................................................2-12
Figure 2-8 Setting communication parameters for the port................................................................................2-13
Figure 2-9 Selecting a terminal type..................................................................................................................2-14
Figure 2-10 Logging in to the locally through Telnet.......................................................................................2-25
Figure 2-11 Logging in to the S9300 remotely through Telnet.........................................................................2-28
Figure 2-12 Establishing a local SSH connection between the PC and the S9300............................................2-36
Figure 2-13 Setting up an FTP connection between the PC and the S9300.......................................................2-39
Figure 2-14 Setting up a connection between the S9300 and the TFTP server.................................................2-41
Figure 2-15 Networking diagram of the remote login of the Ethernet user.......................................................2-49
Figure 2-16 Networking diagram for configuring TFTP...................................................................................2-52
Figure 3-1 Hierarchical structure of command views..........................................................................................3-2
Figure 3-2 Authority of users at four levels.........................................................................................................3-8
Figure 5-1 Establishing a local SSH connection between the PC and the S9300................................................5-2
Figure 5-2 Networking diagram for configuring the SSH server to support the access from another port.......5-17
Figure 5-3 Networking diagram of connecting the STelnet client and the SSH server.....................................5-23
Figure 5-4 Networking diagram for connecting the SFTP client and the SSH server.......................................5-29
Figure 6-1 Networking diagram of the S9300 functioning as the FTP server...................................................6-11
Figure 6-2 Networking diagram of the S9300 functioning as the FTP client....................................................6-13
Figure 6-3 Networking diagram for configuring an ACL of the FTP server.....................................................6-15
Issue 05 (2010-01-08)

vii

Tables
Tables
Table 1-1 Description of management interfaces.................................................................................................1-2
Table 1-2 Numbers of management interfaces.....................................................................................................1-2
Table 1-3 Rules for numbering service interfaces................................................................................................1-3
Table 2-1 User login modes..................................................................................................................................2-3
Table 2-2 Types of user interfaces....................................................................................................................... 2-7
Table 2-3 Types of login users.............................................................................................................................2-8
Table 2-4 Authentication modes of login users..................................................................................................2-10
Table 2-5 Communication parameters...............................................................................................................2-13
Table 3-1 Types of command views.....................................................................................................................3-3
Table 3-2 Levels of login users............................................................................................................................ 3-8
Table 3-3 Matching relations of error messages and error causes......................................................................3-10
Table 3-4 Accessing history commands.............................................................................................................3-12
Table 3-5 System hotkeys...................................................................................................................................3-13
Issue 05 (2010-01-08)

ix

About This Document
About This Document

Purpose
This document describes features of theS9300 based on configuration procedures and examples.
This document covers the following topics:
l
Feature description
Data preparation
Pre-configuration tasks
Configuration procedures
Checking the configuration
Configuration examples
This document guides you through the configuration and the applicable environment of basic
features of the S9300.
Related Versions
The following table lists the product versions related to this document.
Product Name
Version
S9300
V100R002C00
Intended Audience
This document is intended for:
l
Policy planning engineers
Installation and commissioning engineers
NM configuration engineers
Technical support engineers
Issue 05 (2010-01-08)


About This Document
Organization
This document is organized as follows.
Chapter
Description
1 How to Use Interfaces
Describes how to use the interface of the device.
2 User Login Management
Describes user interface management and user login.
3 How to Use Command

Lines
Describes how to use command lines.
4 Common Operations and

Configurations
Describes common operations and configurations.
5 Configuration of the SSH

Server and Client
Describes how to configure the SSH server and client and

provides examples.
6 Configuration of the FTP

Server and Client
Describes how to configure the FTP server and client and

provides examples.
7 File System Management
Describes the basic knowledge about the file system,

including the methods of managing files, directories, and
storage devices.
8 Management of
Configuration Files
Describes how to view, save, and load configuration files.
Conventions
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol
Description
DANGER
WARNING
CAUTION
TIP
Indicates a hazard with a high level of risk, which if not

avoided, will result in death or serious injury.
Indicates a hazard with a medium or low level of risk, which
if not avoided, could result in minor or moderate injury.
Indicates a potentially hazardous situation, which if not
avoided, could result in equipment damage, data loss,
performance degradation, or unexpected results.
Indicates a tip that may help you solve a problem or save
time.

Issue 05 (2010-01-08)

Symbol
About This Document
Description
Provides additional information to emphasize or supplement
important points of the main text.
NOTE
General Conventions
The general conventions that may be found in this document are defined as follows.
Convention
Description
Times New Roman
Normal paragraphs are in Times New Roman.
Boldface
Names of files, directories, folders, and users are in

boldface. For example, log in as user root.
Italic
Book titles are in italics.
Courier New
Examples of information displayed on the screen are in

Courier New.
Command Conventions
The command conventions that may be found in this document are defined as follows.
Issue 05 (2010-01-08)
Convention
Description
Boldface
The keywords of a command line are in boldface.
Italic
Command arguments are in italics.
[]
Items (keywords or arguments) in brackets [ ] are optional.
{ x | y | ... }
Optional items are grouped in braces and separated by

vertical bars. One item is selected.
[ x | y | ... ]
Optional items are grouped in brackets and separated by

vertical bars. One item is selected or no item is selected.
{ x | y | ... }*
Optional items are grouped in braces and separated by

vertical bars. A minimum of one item or a maximum of all
items can be selected.
[ x | y | ... ]*
Optional items are grouped in brackets and separated by

vertical bars. Several items or no item can be selected.
&<1-n>
The parameter before the & sign can be repeated 1 to n times.
A line starting with the # sign is comments.


About This Document
GUI Conventions
The GUI conventions that may be found in this document are defined as follows.
Convention
Description
Boldface
Buttons, menus, parameters, tabs, window, and dialog titles

are in boldface. For example, click OK.
>
Multi-level menus are in boldface and separated by the ">"

signs. For example, choose File > Create > Folder.
Keyboard Operations
The keyboard operations that may be found in this document are defined as follows.
Format
Description
Key
Press the key. For example, press Enter and press Tab.
Key 1+Key 2
Press the keys concurrently. For example, pressing Ctrl+Alt

+A means the three keys should be pressed concurrently.
Key 1, Key 2
Press the keys in turn. For example, pressing Alt, A means

the two keys should be pressed in turn.
Mouse Operations
The mouse operations that may be found in this document are defined as follows.
Action
Description
Click
Select and release the primary mouse button without moving

the pointer.
Double-click
Press the primary mouse button twice continuously and

quickly without moving the pointer.
Drag
Press and hold the primary mouse button and move the
pointer to a certain position.
Update History
Updates between document issues are cumulative. Therefore, the latest document issue contains
all updates made in previous issues.
Updates in Issue 05 (2010-01-08)

Based on issue 04 (2009-11-10), the document is updated as follows:
4

Issue 05 (2010-01-08)

About This Document
The following contents are updated:

l
The descriptions about the user level and the command level are updated.

The following contents are updated:
l
Some names of reference document are updated.

The following contents are deleted:
l
8.4 Deleting a Configuration File: The system supports hot swap.

The following information is added:
Managing User Login: 2.12 Limiting the Access to the TFTP Server.

Initial commercial release.
Issue 05 (2010-01-08)


How to Use Interfaces
About This Chapter

This chapter describes how to use interfaces of the device.
1.1 Introduction to Interfaces
This section describes the concepts of interfaces.
1.2 Setting Parameters of an Interface
This section describes how to set parameters of an interface.
1.3 Configuring the Loopback Interface
This section describes how to configure the loopback interface.
1.4 Maintaining the Interface
This section describes how to maintain the interface.
Issue 05 (2010-01-08)

1-1

1.1 Introduction to Interfaces

This section describes the concepts of interfaces.
The interfaces are provided by the S9300 to receive and send data.
Interfaces are classified into management interfaces and service interfaces based on their
functions; interfaces are classified into physical interfaces and logical interfaces based on their
physical forms.
NOTE
A physical interface is sometimes called a port. Both physical interfaces and logical interfaces are called
interfaces in this document.
Management Interface
Management interfaces are used for managing and configuring the device. That is, you can log
in to the S9300 through a management interface to configure and manage the S9300.
Management interfaces do not transmit services.
The S9300 provides the following management interfaces:
l
Console interfaces
Ethernet interfaces
Table 1-1 Description of management interfaces

Name
Usage
Console interface
It is connected to the COM port of a configuration terminal and used

to set up a on-site configuration environment.
Ethernet interface
The Ethernet interface is connected to the network interface of the

configuration terminal or the network management workstation. The
configuration environment thus can be established on site or remotely.
The S9300s provide three models: S9303, S9306, and S9312. Console and Ethernet interfaces
are configured on the main control board.
The rules for numbering management interfaces are as follows:
Table 1-2 Numbers of management interfaces
1-2
Name
Number
Console interface
It is a user interface that is numbered console 0.
Ethernet interface
It is numbered Ethernet 0/0/0.

Issue 05 (2010-01-08)

Classification of Service Interfaces

Service interfaces are used to transmit services. They are classified into 1-Gbit/s interfaces and
10-Gbit/s interfaces according to the rates of the interfaces; they are classified into electrical
interfaces and optical interfaces according to their electrical properties.
On the S9300, all the service interfaces are located on the Line Processing Units (LPUs).
The rules for numbering service interfaces are as follows:
The interfaces of the S9300 are numbered in the rule of slot number/sub-card number/interface
sequence number.
l
Slot number: indicates the number of the slot where the LPU is located.
Sub-card number: indicates the number of a sub-card. The value is 0 or 1.
Interface sequence number: indicates the sequence numbers of the interfaces that are
located on an LPU.
Table 1-3 Rules for numbering service interfaces

Row
No. of
the
Interf
ace
Figure Showing Interface Numbering
An LPU has two rows of

interfaces, which are numbered
from top to bottom and then from
left to right. The leftmost interface
in the upper row is numbered 0.
...
...
...
Description
...
The LPU has two rows of

interfaces with the upper-left
interface numbered 0. The other
interfaces are numbered in
ascending order from up to bottom,
and then from left to right.
For example:
If an LPU is installed in slot 3 of the S9300, the fifth interface on the LPU from bottom to up
and from left to right is numbered GE 3/0/4.
Physical Interfaces
Physical interfaces exist on the S9300.
Physical interfaces include management interfaces and service interfaces.
The S9300 supports the following physical interfaces:
l
Issue 05 (2010-01-08)
Console interfaces
1-3


l
Eth interface
Fast Ethernet interfaces
Gigabit Ethernet interfaces
10-Gigabit Ethernet interfaces
Physical interfaces are located on the main control board and LPU of the S9300.
Logical Interfaces
Logical interfaces do not exist and are set up through configurations.
The S9300 supports the following logical interfaces:
l
Eth-Trunks
An Eth-Trunk comprises only Ethernet links.
The Eth-Trunk technology has the following advantages:
Increased bandwidth: The bandwidth of an Eth-Trunk is the total bandwidth of all

member interfaces.
Improved reliability: When a link fails, traffic is automatically switched to other

available links. This ensures the reliability of the connection.
For details about the configuration, see the chapter "Configuring the Eth-Trunk" in the
Quidway S9300 Terabit Routing Switch Configuration Guide - Ethernet.
l
Loopback interfaces
A loopback interface is a virtual interface. The TCP/IP protocol suite defines that the IP
address 127.0.0.0 is a loopback address. When the system starts, it automatically creates
an interface using the loopback address 127.0.0.1 to receive all data packets sent to the
local host. Some applications such as mutual access between Virtual Private Networks
(VPNs), however, need to be configured with a local interface with a specified IP address
when the configuration of a physical interface is not affected. In this case, the IP address
of the local interface is 32-bit mask, which saves IP addresses; the IP address can be
advertised by routing protocols.
The status of the loopback interface is always Up; therefore, the IP address of the loopback
interface can be used as the router ID, the label switching router (LSR) ID, or the tunnel.
For details, see 1.3 Configuring the Loopback Interface.
Null interfaces
Null interfaces are similar to null devices supported by certain operating systems. Any data
packets sent to this interface are discarded. Null interfaces are mainly used for route
selection and policy-based routing (PBR). For example, if no route is matched during route
selection, the packet is sent to the null interface.
Tunnel interfaces
A tunnel interface is a logical interface. It can be used as the backup interface of other
interfaces and used to set up Generic Routing Encapsulation (GRE) tunnels or
Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) tunnels.
For details about the configuration, see the chapter "Configuring the Tunnel Interface" in
the Quidway S9300 Terabit Routing Switch Configuration Guide - VPN.
sub-interface
The sub-interface supports multiple logical interfaces or network interconnections on a
physical port. That is, several logical interfaces are associated with a physical port and use
1-4

Issue 05 (2010-01-08)

the same parameter values. The link-layer parameters and network-layer parameters of the
logical interfaces are different.For the configuration of sub-interfaces, see "Configuring the
sub-interface" in the Quidway S9300 Terabit Routing Switch Configuration Guide Ethernet.
l
VLANIF interfaces
When the S9300 needs to communicate with devices at the network layer, you can create
a logical interface of the Virtual Local Area Network (VLAN) on the S9300, namely, a
VLANIF interface. You can assign IP addresses to VLANIF interfaces because VLANIF
interfaces work at the network layer. The S9300 then communicates with devices at the
network layer through VLANIF interfaces.
For details about the configuration, see the chapter "Configuring the VLANIF Interface"
in the Quidway S9300 Terabit Routing Switch Configuration Guide - Ethernet.
1.2 Setting Parameters of an Interface

This section describes how to set parameters of an interface.
1.2.1 Establishing the Configuration Task
1.2.2 Entering the Interface View
1.2.3 Viewing All Commands in the Interface View
1.2.4 Configuring the Description for an Interface
1.2.5 Starting and Shutting Down an Interface
1.2.6 Exiting from the Interface View
1.2.7 Assigning an IP Address to an Interface
1.2.8 Further Configuration an Interface
1.2.9 Checking the Configuration

Applicable Environment
To facilitate the configuration and maintenance of an interface, the S9300 provides interface
views. The commands related to the interface are valid only in the interface views.
Pre-configuration Tasks
Before setting parameters of an interface, complete the following task:
Installing the LPU on the S9300
Data Preparation
To set parameters of an interface, you need the following data.
Issue 05 (2010-01-08)

1-5

No.
Data
Type and number of the interface to be configured
Description of the interface
1.2.2 Entering the Interface View

Context
Do as follows on the S9300.
Procedure
Step 1 Run:
system-view
The system view is displayed.

Step 2 Run:
interface interface-type interface-number
The view of a specified interface is displayed.

interface-type specifies the type of the interface and interface-number specifies the number of
the interface.
----End
1.2.3 Viewing All Commands in the Interface View

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
interface interface-type interface number

Step 3 Run:
?
All the commands in the view of the specified interface are displayed.
----End
1-6

Issue 05 (2010-01-08)

1.2.4 Configuring the Description for an Interface

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
description description
The description is configured for the interface.

The description configured for an interface on the S9300 helps you identify and memorize the
usage of the interface, which facilitates the management.
----End
1.2.5 Starting and Shutting Down an Interface

Procedure
l
Shutting down the interface

1.
Run:
system-view

2.
Run:

3.
Run:
shutdown
The interface is shut down.

NOTE
By default, an interface is enabled.
Issue 05 (2010-01-08)

1-7

CAUTION
When a physical interface is idle and is not connected to a cable, shut down this interface
by using the shutdown command to protect the interface against interference.
l
Starting an interface
1.
Run:
system-view

2.
Run:

3.
Run:
undo shutdown
The interface is started.

----End
1.2.6 Exiting from the Interface View

Context
Procedure
l
Run the quit command in the interface view to exit form the interface view.
Run the return command in the interface view to return the user view from the interface
view.
----End
1.2.7 Assigning an IP Address to an Interface

Context
You need to assign IP addresses to the following interfaces on the S9300:
l
Ethernet interfaces on the main control board

The interfaces work at the network layer, and do not need to be assigned with IP addresses
through VLANIF interfaces.
VLANIF interfaces
You can assign IP addresses to the VLANIF interfaces that are bound to Layer 2 physical
interfaces.
1-8

Issue 05 (2010-01-08)

Procedure
l
Assigning an IP address to the Ethernet interface

1.
Run:
system-view

2.
Run:
interface Ethernet 0/0/0
The interface view is displayed.

3.
Run:
ip address ip-address { mask | mask-length }
An IP address is assigned to the Ethernet interface.

l
Assigning an IP address to the VLANIF interface

1.
Run:
system-view

2.
Run:
vlan vlan-id
The VLAN view is displayed.

3.
Run:
port gigabitethernet interface-number
The Layer 2 GE interface is added to the VLAN.

4.
Run:
quit
Return to the system view.

5.
Run:
interface vlanif vlan-id
The VLANIF interface view is displayed.

6.
Run:
ip address ip-address { mask | mask-length }
An IP address is assigned to the interface.

----End
1.2.8 Further Configuration an Interface

Context
When you access a network through an interface, you need to further setting multiple parameters
of the interface based on the networking requirements in addition to performing basic
configurations on the interface.
Issue 05 (2010-01-08)

1-9

Further configurations of an interface include:

l
Configuring the operation mode of an interface
Configuring routes
For the detailed Configuration, please see the other configuration manuals of S9300.

Prerequisite
The configurations of parameters on the interface are complete.
Procedure
Step 1 Run the display interface [ interface-type [ interface-number ] ] [ | { begin | exclude |
include } regular-expression ] command to check the running status of the interface and the
statistics on the interface.
Step 2 Run the display interface brief command to check the brief information about the interface
Step 3 Run the display interface description command to check the description of the interface.
Step 4 Run the display ip interface [ interface-type interface-number ] command to check the main
configurations of the interface.
Step 5 Run the display ip interface brief [ interface-type interface-number ] command to check the
brief state of the interface.
----End
1.3 Configuring the Loopback Interface

This section describes how to configure the loopback interface.
1.3.2 Configuring IPv4 Parameters of the Loopback Interface

Some applications such as mutual access between VPNs need to be configured with a local
interface with a specified IP address when the configuration of a physical interface is not affected.
In this case, the IP address of the local interface needs to be advertised by routing protocols.
Loopback interfaces are used to improve the reliability of the configuration.
Before configuring the loopback interface, complete the following task:
1-10

Issue 05 (2010-01-08)

Switching on the S9300
Data Preparation
To configure the loopback interface, you need the following data.
No.
Data
Number of the loopback interface
IP address of the loopback interface
1.3.2 Configuring IPv4 Parameters of the Loopback Interface

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
interface loopback interface-number
A loopback interface is created.

The value of interface-number ranges from 0 to 1023. A maximum of 1024 loopback interfaces
can be created.
Step 3 (Optional) Run:
ip binding vpn-instance vpn-instance-name
The loopback interface is bound to the VPN instance.

Step 4 Run:
ip address ip-address ip-address-mask [ sub ]
An IPv4 address is assigned to the loopback interface.

Step 5 Run:
ip verify source-address
The loopback interface is configured to check the source IPv4 address.

NOTE
You can create or delete a loopback interface. When being created, the loopback interface remains in the
Up state until you delete it.
----End
Issue 05 (2010-01-08)

1-11


Prerequisite
The configurations of the loopback interface are complete.
Procedure
Step 1 Run the display interface loopback [ loopback-number ] [ | { begin | exclude | include }
regular-expression ] command to check the status of the loopback interface.
Step 2 Run the display ip interface [ interface-type interface-number ] command to check the main
configurations of the interface.
----End
1.4 Maintaining the Interface

This section describes how to maintain the interface.
1.4.1 Clearing Statistics Information on the Interface
1.4.2 Debugging the Interface
1.4.1 Clearing Statistics Information on the Interface

Context
CAUTION
The statistics on the interface cannot be restored after you clear them. So, confirm the action
before you use the command.
Procedure
Step 1 Run the reset counters interface [ interface-type [ interface-number ] ] command in the user
view to clear the statistics on the interface.
----End
1.4.2 Debugging the Interface
1-12

Issue 05 (2010-01-08)

Context
CAUTION
Debugging affects the performance of the system. So, after debugging, run the undo debugging
all command to disable it immediately.
For the description about debugging commands, see the Quidway S9300 Terabit Routing
Switch Debugging Reference.
For details about debugging commands on the interface, see the following chapters.
Issue 05 (2010-01-08)

1-13

User Login Management
About This Chapter

This chapter describes how to log in to the S9300 and configure the user interface.
2.1 Overview of User Login
This section describes the modes of user login and application scenarios.
2.2 Logging In to the S9300 Through the Console Interface
This section describes how to log in to the S9300 through the console interface.
2.3 Configuring the Console Interface as the User Interface
This section describes how to configure the console interface as the user interface.
2.4 Configuring the Telnet Interface
This section describes how to configure the Telnet interface.
2.5 Logging In to the S9300 Locally Through Telnet
This section describes how to log in to the S9300 locally through Telnet.
2.6 Logging In to the S9300 Remotely Through Telnet
This section describes how to log in to the S9300 remotely through Telnet.
2.7 Configuring the SSH Interface
This section describes how to configure the SSH interface.
2.8 Logging In to the S9300 Through SSH
This section describes how to log in to the S9300 through SSH.
2.9 Configuring the FTP Interface
This section describes how to configure the FTP interface.
2.10 Logging In to the S9300 Through FTP
This section describes how to log in to the S9300 through FTP.
2.11 S9300 Logging In to the TFTP Service Through TFTP
This section describes how S9300 logs in to the TFTP service through TFTP.
2.12 Limiting the Access to the TFTP Server
This section describes how to limit the access to the client to log in to the TFTP server.
Issue 05 (2010-01-08)

2-1

2.13 Logging In to the S9300 Through SFTP

This section describes how to log in to the S9300 through SFTP.
2.14 Logging In to the S9300 Through STelnet
This section describes how to log in to the S9300 through STelnet.
2.15 Configuring the NMS User to Log In to the S9300 Through the VTY Interface
This section describes how to configure the NMS user to log in to the S9300 through the VTY
interface.
2.16 Maintaining Telnet
This section describes how to maintain Telnet.
2.17 Configuration Examples
This section provides several configuration examples of Telnet.
2-2

Issue 05 (2010-01-08)

2.1 Overview of User Login

This section describes the modes of user login and application scenarios.
2.1.1 User Login Modes
2.1.2 User Interface
2.1.3 User Authentication
2.1.1 User Login Modes

To configure, monitor, and maintain the local or remote S9300, you need to log in to the
S9300 to configure:
l
User interface where users can control the S9300
Authentication mode that ensures the secure login
Terminal services that provide various protocols

NOTE
You must log in to the S9300 from the console interface for the first time.
The S9300 supports the following login modes:

l
Login from the console interface
Login through Telnet
Login through SSH
Login through STelnet
Login through SFTP
Login through FTP
Login through TFTP
For details, see Table 2-1.

Table 2-1 User login modes
Issue 05 (2010-01-08)
Login
Mode
Applicable Scenario
2.2
Logging
In to the
S9300
Through
the
Console
Interface
Logging in to the
S9300 for the first time
Local maintenance
User Type
Description
2.3 Configuring the

Console Interface as
the User Interface
You must log in to the

S9300 for the first time.

2-3

Login
Mode
Applicable Scenario
User Type
Description
2.5
Logging
In to the
S9300
Locally
Through
Telnet
Logging in to the S9300

locally and remotely
2.4 Configuring the

Telnet Interface
You can log in to the

S9300 from any host.
2.8
Logging
In to the
S9300
Through
SSH
Providing local and

remote login with high
security
You can configure

Telnet users and Telnet
terminal services on the
S9300 that functions as
the Telnet server.
2.7 Configuring the
SSH Interface
You need to use the SSH

client software when
you log in to the route
switching devices such
as the S9300 from the
host.
You can configure
Secure Shell (SSH)
users on the S9300 that
functions as the server.
2-4
2.10
Logging
In to the
S9300
Through
FTP
Providing flexible and

reliable file transfer
channels
2.9 Configuring the

FTP Interface
You need to enable the

File Transfer Protocol
(FTP) function and
configure FTP users on
the S9300 that functions
as the FTP server.
2.11
S9300
Logging
In to the
TFTP
Service
Through
TFTP
Providing simple file

transfer channels
Trivial File Transfer

Protocol (TFTP) users
You do not need to

configure the user
interface.
2.13
Logging
In to the
S9300
Through
SFTP
Providing file transfer

channels with SSH as the
authentication mode
The S9300 acts as only a

TFTP client.
2.7 Configuring the

SSH Interface
You need to adopt the

authentication mode of
SSH users, without
using the SSH client
software.
SSH server through this
mode on the device that
is configured with 5.4
Configuring the SFTP
Client.

Issue 05 (2010-01-08)

Login
Mode
Applicable Scenario
User Type
Description
2.14
Logging
In to the
S9300
Through
STelnet
Login through Telnet

with SSH as the
authentication mode
2.7 Configuring the

SSH Interface
You need to adopt the

authentication mode of
SSH users, without
using the SSH client
software.
SSH server through this
mode on the device that
is configured with 5.3
Configuring the
STelnet Client.
You need to manage users and control user authority properly and ensure the security of the
information transmitted.
Telnet Terminal Services

The Telnet protocol is an application layer protocol in the TCP/IP protocol suite. It supports
remote login and virtual terminal services through the TCP connection. The S9300 provides the
following Telnet services.
l
Telnet server
By default, the S9300 functions as the Telnet server. The Telnet client program runs on the
user terminal.
Figure 2-1 Networking diagram of the S9300 acting as the Telnet server
VLAN1
Telnet
Client
Telnet Session
PC
Ethernet
Telnet
Server
L2 Switch
Ethernet
S9300
You can log in to the S9300 on the PC through Telnet to configure and manage the
S9300. A reachable route must exist between the PC and the S9300.
NOTE
To configure the remote S9300, you must set the attributes of the Telnet terminal service, including:
l
Character entry mode
No echo at the local end
Terminal type of VT100
Telnet works normally only when the attributes of the client and server are the same.
Issue 05 (2010-01-08)

2-5


l
Telnet client
The S9300 functions as the Telnet client to initiate a connection, and a router or an
application server functions as the Telnet server, as shown in Figure 2-2.
Figure 2-2 Networking diagram of the S9300 acting as the Telnet client
Telnet Session1
Telnet
Client
Telnet
Server
Telnet
Server
IP network
S9300
Ethernet
Router
Server
Telnet Session2
The S9300 logs in to the router or the application server through Telnet to perform
configuration and management. A route be reachable must exist between the S9300 and
the router or the application server.
l
Cascading Telnet server

As shown in Figure 2-3, the S9300 can function as both the client and the server.
Figure 2-3 Networking diagram of the S9300 acting as the cascading Telnet server
Telnet
Client
S9300-A
VLAN1
VLAN2
Telnet Session1
Telnet Session2
Ethernet
S9300-B
Ethernet
Telnet
Server
S9300-C
S9300-A logs in to S9300-B through Telnet. Then, S9300-B logs in to S9300-C through
Telnet. In this manner, the three S9300s form a cascading login structure. In this case,
S9300-A functions as the client of S9300-B and S9300-B functions as the client of
S9300-C.
It is required that routes be reachable between S9300-A, S9300-B, and S9300-C.
TFTP
Compared with FTP, TFTP is based on UDP. It excludes the interfaces for complicated
interactions or access and authentication control. Thus, TFTP is applicable to the environment
without complicated interactions between a client and a server. For example, you can obtain
memory mapping of the system through TFTP when the system is started.
The client initiates the TFTP transfer. To download files, the client sends a Write Request (WRQ)
to the server. The server then sends data packets to the client. After receiving the data packets,
2-6

Issue 05 (2010-01-08)

the client sends an ACK packet to the server. To upload files, the client sends a Read Request
(RRQ) to the server. After the server receives the request, the client sends a data packet to the
server and waits for an ACK packet from the server.
TFTP supports the following file types:
l
Binary type: is used to transfer program files.
ASCII type: is used to transfer text files.

NOTE
Currently, the S9300 can act as only the TFTP client and transfer files in binary mode only.
2.1.2 User Interface

A user interface (UI) enables users to log in to the S9300. Through a user interface, you can
configure the parameters on all physical and logical interfaces that work in asynchronous and
interactive modes. In this manner, you can manage, authenticate, and authorize the login users.
Types of User Interfaces

Table 2-2 describes the types of user interfaces supported by the S9300.
Table 2-2 Types of user interfaces
Type
Purpose
Description
CON
Local login through the

console interface
It is a linear interface conforming to the EIA/TIA-232

standard. The type of the interface is DCE. Each main
control board provides a console interface.
VTY
Local or remote login

through Telnet or SSH
It is a virtual interface and indicates a logical terminal

line. When you log in to the S9300 through Telnet,
FTP, or SSH, a VTY connection is set up.
Numbering of User Interfaces

You can number a user interface in the following ways:
l
Relative numbering
Relative numbering indicates that the interfaces of the same type are numbered. The relative
numbering uniquely specifies a user interface of a specified type.
The format of the relative numbering is: user interface type + number. It must comply with
the following rules:
Number of the CON interface: console0
Default number of the VTY: vty0, vty1, vty2, vty3, and vty4
Absolute numbering
The S9300 uniquely specifies the default numbers of 0, 34 38 for the user interfaces of
CON and VTY. You can enter a specific user interface view by entering any of these
numbers.
Issue 05 (2010-01-08)

2-7


l
Mapping between relative numbering and absolute numbering

Figure 2-4 shows the mapping between relative and absolute numbering of a user interface.
Figure 2-4 Numbering of user interfaces on the S9300
Types ofset
interface
CON
Relative
numbering
console0
Obsolute
numbering
0
VTY
vty0
34
vty1
35
vty2
36
vty3
37
vty4
38
In the figure, console 0 and 0 indicate the same user interface; vty1 and 35 indicate the
same user interface.
NOTE
On the S9300, the absolute number can be 0 or 34 to 48, and the default value can be 0 or 34 to 38.
2.1.3 User Authentication

When the S9300 is switched on for the first time, no authentication information for login is
available in the system. In this case, you can log in to the S9300 through the console interface
without being authenticated.
If a user logs in to the S9300 through Telnet on an Ethernet interface, the login user must be
authenticated for the sake of security. If the authentication succeeds, the user can log in to the
S9300 to configure and maintain the S9300.
To manage users that try to log in to the S9300, these users are assigned with passwords and
classified into different levels.
Classifying Login Users

According to the service types and rights assigned to the login users on the S9300, the users are
classified, as shown in Table 2-3.
Table 2-3 Types of login users
2-8
User Type
Description
Authentication
Super users
Log in to the S9300 through the console interface and

have all rights.
Not authenticated for

the first login but
recommended later

Issue 05 (2010-01-08)

User Type
Description
Authentication
Telnet users
Log in to the S9300 through Telnet on the Ethernet

interface and have limited rights. A Telnet connection
is set up between the user terminal and the S9300.
Recommended
SSH users
Log in to the S9300 through SSH on the Ethernet

interface and have limited rights. An SSH connection
Recommended
FTP users
Log in to the S9300 through FTP on the Ethernet

interface and have limited rights. An FTP connection
Recommended
Network
Managemen
t System
(NMS) users
Logs in to the S9300 through the Simple Network

Management Protocol (SNMP) or Telnet in machineto-machine mode.
Recommended
The rights that can be obtained by users logging in to the S9300 through Telnet, SSH, and FTP
depend on the priorities of the user interfaces through which they log in to. The S9300 provides
multiple services for a user. To ensure login convenience and security, login users must be
classified, and then assigned levels.
Priorities of Users
The system manages super users and Telnet users according to user levels.
Similar to the command levels, users are classified into 16 levels numbered 0 to 15. The greater
the number, the higher the user level.
NOTE
If the user levels are not set, the four default user levels are used, namly, levels 0 to 3.
The level of the command that a user can run is determined by the level of this user.
l
In the case of non-authentication or password authentication, the level of the command that
the user can run depends on the level of the user interface.
In the case of AAA authentication, the command that the user can run depends on the level
of the local user specified in AAA configuration.
Users of a level can access the commands of this level or lower levels.
For example, user levels 0 to 3 are used in the system. Users of level 2 can access commands of
levels 0, 1, 2. The level 3 user can access commands at all levels.
Authenticating Login Users

After users are configured on the S9300, the system authenticates the users when they log in to
the S9300. The S9300 provides four authentication modes, as shown in Table 2-4.
Issue 05 (2010-01-08)

2-9

Table 2-4 Authentication modes of login users

Authenticatio
n Mode
Description
Nonauthentication
Users can log in to the S9300 without entering the user name and password.
There is a great potential risk on security.
Password
authentication
Users can log in to the S9300 by entering the password rather than the user
name. The security is ensured.
AAA local
authentication
Users need to enter both the user name and password to log in to the
S9300. The S9300 then authenticates the users according to the locally
configured user information. This further improves the security. It applies
to the users logging in to the S9300 through the console interface and
Telnet.
AAA server
authentication
Users need both the user name and the password to log in to the S9300 and
be authenticated by a dedicated AAA server.
2.2 Logging In to the S9300 Through the Console Interface

This section describes how to log in to the S9300 through the console interface.
2.2.2 Logging In to the S9300 Through the Console Interface

You need to log in to the S9300 through the console interface, as shown in Figure 2-5.
Figure 2-5 Logging in to the S9300 through the console interface
RS-232 serial interface
PC
Console interface
S9300
NOTE
If the S9300 is switched on for the first time and you need to manage and configure the S9300, you can
log in to the S9300 through the console interface only.
Before logging in to the S9300 through the console interface, complete the following tasks:
2-10

Issue 05 (2010-01-08)

l
Connecting the PC and the S9300 correctly
Starting the S9300 normally
Data Preparation
None.
2.2.2 Logging In to the S9300 Through the Console Interface

Context
When setting up a local configuration environment through the console interface, you can
connect the PC and the S9300 through the Windows HyperTerminal.
Procedure
Step 1 Enable the HyperTerminal on the PC.
Choose Start > All Programs > Accessories > Communications > HyperTerminal to start
the HyperTerminal.
Step 2 Set up a new connection.
As shown in Figure 2-6, enter the name of the new connection in the Name text box and choose
an icon. Click OK.
Figure 2-6 Setting up a new connection
Step 3 Set the connection port.

After entering the Connect window as shown in Figure 2-7, select a serial port from the
Connect drop-down list box according to the port used by the PC or the configuration terminal.
Select COM1 in this case, and click OK.
Issue 05 (2010-01-08)

2-11

Figure 2-7 Setting the connection port
Step 4 Set communication parameters.

After entering the COM1 Properties window as shown in Figure 2-8, set the communication
parameters according to the description in Table 2-5.
NOTE
In other Windows operating systems, Bits per second may be described as Baud rate; Flow control may
be described as Traffic control.
2-12

Issue 05 (2010-01-08)

Figure 2-8 Setting communication parameters for the port
Table 2-5 Communication parameters

Parameter
Value
Bit per second (Baud rate)
9600
Data bit
Parity check
None
Stop bit
Flow control (Traffic control)
None
Step 5 After the HyperTerminal is started, select File Attributes to enter the Connect Properties
window as shown in Figure 2-9. Choose the Setting tab, select Auto detect or VT100 from the
Emulation drop-down list box. Click OK to complete the setting.
Issue 05 (2010-01-08)

2-13

Figure 2-9 Selecting a terminal type
After the preceding steps are complete, press Enter. If the prompt <Quidway> is displayed, it
indicates that you have logged in to the S9300. At this time, you can enter the command to
configure and manage the S9300.
----End
2.3 Configuring the Console Interface as the User Interface

This section describes how to configure the console interface as the user interface.
2.3.2 Setting Parameters of the User Interface
2.3.3 Configuring User Authentication
2.3.4 Setting User Levels
2-14

Issue 05 (2010-01-08)

You need to log in to the S9300 locally through the console interface to configure and manage
the S9300.
Before configuring the console interface as the user interface, complete the following tasks:
l
Setting the HyperTerminal on the PC correctly
Data Preparation
To configure the console interface as the user interface, you need the following data.
No.
Data
(Optional) Auto-run commands
(Optional) Number of rows on a screen of the terminal display
(Optional) Size of the history command buffer
(Optional) Timeout interval for login users
Type and number of a user interface
(Optional) Authentication mode, authentication password, service type, and user

level
Default level of a user interface
(Optional) Password for switching user levels
NOTE
The preceding data on the S9300 has default values and need not be configured.
2.3.2 Setting Parameters of the User Interface

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
user-interface { 0 | console 0 }
Issue 05 (2010-01-08)

2-15

The user interface view is displayed.

Step 3 Run:
screen-length screen-length
The number of rows on a screen of the terminal display is set.

Step 4 Run:
history-command max-size size
The size of the history command buffer is set.

By default, terminal services are enabled on all user interfaces. The maximum length of a screen
on the terminal display defaults to 24 rows, and the history command buffer can store up to 10
commands.
NOTE
Step 3 and Step 4 are not performed in sequence.
----End

Procedure
l
Configuring the AAA local authentication mode for login users

1.
Run:
system-view

2.
Run:
user-interface console interface-number

3.
Run:
authentication-mode aaa
The AAA authentication mode is set.

4.
Run:
quit
Exit from the user interface view.

5.
Run:
aaa
The AAA view is displayed.

6.
Run:
local-user user-name password { simple | cipher } password
The local user name and password are created.

l
Configuring the password authentication mode for login users

2-16

Issue 05 (2010-01-08)

1.
Run:
system-view

2.
Run:

3.
Run:
authentication-mode password
The password authentication mode is set.

4.
Run:
set authentication password { cipher | simple } password
The password for user authentication is set.

l
Configuring the non-authentication mode for login users

1.
Run:
system-view

2.
Run:

3.
Run:
authentication-mode none
The non-authentication mode is set.

NOTE
After this configuration is performed, you can log in to the S9300 without being authenticated.
This lowers the security of the system; therefore, the non-authentication mode is not
recommended.
----End

Context
In non-authentication or password authentication mode, the commands that a login user can run
are determined by the user interface level. By default, the CON user interface is at level 3. That
is, the users that log in to the S9300 through the console interface are at level 3, and the users
that log in to the S9300 through other interfaces are at level 0.
Procedure
Step 1 Run:
system-view
Issue 05 (2010-01-08)

2-17


Step 2 Run:
user-interface { 0 | console 0 }

Step 3 Run:
user privilege level level
The level of the user that logs in through the console interface is set.
Step 4 Run:
quit

Step 5 Run:
super password [ level user-level ] { simple | cipher } password
The password for switching the user level is set.

If users that log in to the S9300 are at a lower level, they can use the password to switch to a
higher level.
----End

Prerequisite
The configurations of the user interface are complete.
Procedure
l
Run the display users [ all ] command to check the status of the user interface.
Run the display user-interface [ ui-number | ui-type number ] [ summary ] command to

check the physical attributes and configurations of the user interface.
----End
2.4 Configuring the Telnet Interface

This section describes how to configure the Telnet interface.
2.4.2 (Optional) Setting Parameters of the VTY Interface
2.4.3 Configuring the VTY User Interface to Support the Telnet Service
2-18

Issue 05 (2010-01-08)


To configure and manage the S9300 on an Ethernet interface, you can log in to the S9300 through
Telnet. In this case, the S9300 must provide the Telnet terminal service.
When you log in to the S9300 through Telnet on another device or log in to another device on
the S9300, all the configurations are performed according to the role that the S9300 plays in the
Telnet terminal service.
Before configuring the Telnet terminal service, complete the following tasks:
l
Configuring the user interface on the S9300 to allow users to log in
Setting the HyperTerminal on the PC correctly
Data Preparation
To configure the Telnet terminal service, you need the following data.
No.
Data
(Optional) Auto-run commands
(Optional) Number of rows on a screen of the terminal display
(Optional) Size of the history command buffer
(Optional) Timeout interval for login users
(Optional) Prompt message of login authentication and configuration
(Optional) Maximum number of VTY user interfaces and limit of calling in and
calling out
ID of the VLAN and VLANIF interfaces on the server
IP address and mask of the server
(Optional) Authentication information about the login user on the server
10
IP address and host name of the Telnet connection on the client
11
(Optional) TCP port number of the Telnet connection on the client
NOTE
The preceding data on the S9300 has default values and need not be configured.
2.4.2 (Optional) Setting Parameters of the VTY Interface

Issue 05 (2010-01-08)

2-19

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
user-interface { ui-number | vty first-number [ last-number ] }
The VTY user interface view is displayed.

You can configure a single VTY user interface or multiple VTY user interfaces.
Step 3 Run:
screen-length screen-length
The number of rows on a screen of the terminal display is set.

Step 4 Run:
history-command max-size size
The size of the history command buffer is set.

By default, the terminal service is enabled on all user interfaces. The maximum length of a screen
on the terminal display defaults to 24 rows, and the history command buffer can store up to 10
commands.
Step 3 and Step 4 are not listed in sequence.
----End
2.4.3 Configuring the VTY User Interface to Support the Telnet

Service
Context
Procedure
Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
shell
2-20

Issue 05 (2010-01-08)

The terminal service is enabled.

Step 4 Run:
protocol inbound telnet
The user interface is configured to support the Telnet service.

NOTE
By default, the user interface supports the Telnet service; therefore, you do not need to perform steps 3 and
4.
----End

Context
NOTE
By default, the users logging in to the S9300 through telnet are authenticated through passwords.
Procedure
l
Configuring the non-authentication mode for login users

1.
Run:
system-view

2.
Run:

3.
Run:
authentication-mode none
The non-authentication mode is configured.

After this configuration is performed, you can log in to the S9300 without being
authenticated. This lowers the security of the system. Thus, this mode is not
recommended.
l
Configuring the password authentication mode for login users

NOTE
In password authentication mode, you must set a password to log in to the S9300.

1.
Run:
system-view

2.
Run:
Issue 05 (2010-01-08)

2-21


3.
Run:
authentication-mode password
The password authentication mode is configured.

4.
Run:
set authentication password { cipher | simple } password
The password for user authentication is set.

l
Configuring the AAA local authentication mode for login users

1.
Run:
system-view

2.
Run:

3.
Run:

4.
Run:
quit

5.
Run:
aaa

6.
Run: local-user user-name password { simple | cipher } password The local user
name and password are set.
7.
(Optional) Run:
local-user user-name service-type { ftp | ppp | ssh | telnet | terminal }
*
The service type is set for local users.

8.
Run: local-user user-name level level The login level of the user is set.
9.
Run:
authentication-scheme authentication-scheme-name
An authentication scheme is created and the authentication scheme view is displayed.

10. Run:
authentication-mode local
The AAA local authentication mode is set.

NOTE
After setting the user name or password, service type, and login level, you can perform Step
9 and Step 10 to configure the local authentication.
2-22

Issue 05 (2010-01-08)

When you log in to the S9300, you can use the commands of which the levels are
determined by the user level and the user interface level. If both levels need to be
configured, you can access the system according to the user level.
For example:
If Tom's user level is 3, but the default level of VTY0 interface is 1, Tom can use
the commands at or lower than level 3. If no user level is set for Tom, he can only
use the commands at or lower than level 1.
Configuring the AAA server for authenticating login users

For details, see the chapter "AAA Configuration" in the S9300 Terabit Routing Switch
Configuration Guide - Security.
----End

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:

Step 3 Run: user privilege level level The level of the commands that users logging in through the
current user interface can use is set.
Step 4 Run:
quit

Step 5 Run:

In the case of non-authentication or password authentication mode, the user logging in to the
S9300 can use the commands whose levels are determined by the user interface level. By default,
the CON user interface is at level 3. That is, the users that log in to the S9300 through the console
interface are at level 3, and the users that log in to the S9300 through other interfaces are at level
0.
If users that log in to the S9300 are at a lower level, they can use the password set in Step 5 to
switch to a higher level.
Issue 05 (2010-01-08)

2-23

CAUTION
l
If simple is specified, the password is saved to the configuration file in plain text. Users at
a lower level then can obtain the switching password by viewing the configuration file. In
such a case, the network security cannot be guaranteed. Therefore, it is recommended that
the parameter cipher be specified to save the password in cipher text.
If cipher is specified to set the password, the password cannot be obtained from the system.
Keep the password properly to avoid forgetting or losing it.
----End

Prerequisite
The configurations the Telnet user interface are complete.
Procedure
l
Run the display users [ all ] command to check the status of the user interface.
Run the display user-interface maximum-vty command to check the maximum number
of VTY user interfaces.
Run the display user-interface [ ui-number | ui-type number ] [ summary ] command to

check the physical attributes and related configurations of the user interface.
Run the display tcp status command to check the status of all the established TCP
connections.
----End
2.5 Logging In to the S9300 Locally Through Telnet

This section describes how to log in to the S9300 locally through Telnet.
2.5.2 Logging In to the S9300 Through Telnet
2.5.3 Ending the Telnet Connection Periodically

As shown in Figure 2-10, you need to log in to the S9300 through Telnet on the Ethernet
interface.
2-24

Issue 05 (2010-01-08)

Figure 2-10 Logging in to the locally through Telnet

Ethernet port
Ethernet port
Straight through cable
(1)
PC
Ehtnernet port
(2)
Ethernet port
Crossover cable
HUB
PC
Ethernet port
(3)
PC
S9300
Ethernet port
Crossover cable or fible
L2 Sw itch
S9300
The Ethernet interface of the PC or the configuration terminal is directly connected to the
Ethernet interface or the Eth interface of the S9300.
The Ethernet interface of the PC or the configuration terminal is connected to the Ethernet
interface or the Eth interface of the S9300 through the HUB.
The Ethernet interface of the PC or the configuration terminal is connected to the Ethernet
interface or the Eth interface of the S9300 through the switch.
Before logging in to the S9300 locally through Telnet, complete the following tasks:
l
Connecting the PC and the S9300 correctlyS9300
Data Preparation
None.
2.5.2 Logging In to the S9300 Through Telnet

Procedure
l
Log in to the S9300 through Telnet on the local PC or the terminal.

When logging in to the S9300 through Telnet on the local PC, you can set up a connection
between the Telnet client in the Windows operating system and the S9300.
1.
Start the Command Prompt on the PC.

Choose Start > All Programs > Accessories > Command Line Prompt to start the
Command Prompt in Windows.
The following is displayed in the Command Prompt window.
Microsoft Windows XP [Version 5.1.2600]
Issue 05 (2010-01-08)

2-25

(c) Copyright 1985-2001 Microsoft Corp.

C:\>
2.
Log in to the Telnet client.

Enter telnet after the system prompts C:\>. The following is displayed in the
Command Prompt window.
C:\> telnet
Press Enter, and then you log in to the Telnet client. The following is displayed in
the Command Prompt window.
Welcome to Microsoft Telnet Client
Escape character is '[CTRL+]'
Microsoft Telnet>
3.
Connect to the Telnet server.

After the system prompts Microsoft Telnet>, enter the following command to connect
to the Telnet server.
open { ip-address | host-name } [ port ]
ip-address: specifies the IP address of the Telnet server.
host-name: specifies the host name of the Telnet server.
port: specifies the number of the interface for the Telnet service on a Telnet server.
The default value of this parameter is 23.
For example:
# Connect the S9300 whose IP address is 1.1.1.1. The default port number is 23.
Welcome to Microsoft Telnet Client
Escape character is '[CTRL+]'
Microsoft Telnet> open 1.1.1.1
Trying 1.1.1.1 ...
Press CTRL+K to abort
Connected to 1.1.1.1 ...
info: The max number of VTY users is 20, and the current number
of VTY users on line is 1.
<Quidway>
NOTE
Steps 2 and 3 can be combined as one step. That is, run the telnet [ -a source-ip-address ] hostname [ port-number ] command to directly connect the Telnet server after C:\> is displayed.
host-name can be the host name or IP address of the host.
NOTE
The Telnet command can be entered after C:\> or any other prompts.
Log in to the S9300 through Telnet on the device that functions as the client.
Run the telnet [ -a source-ip-address ] host-name [ port-number ] command to establish a
connection with the Telnet server.
----End
2.5.3 Ending the Telnet Connection Periodically

2-26

Issue 05 (2010-01-08)

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
user-interface [ ui-type ] first-ui-number [ last-ui-number ]

Step 3 Run:
idle-timeout minutes [ seconds ]
The Telnet connection is ended periodically.

NOTE
When the idle-timeout is set to 0, the Telnet connection is not ended.
----End

Prerequisite
The configurations of login through Telnet are complete.
Procedure
l
Run the display users command to check the connection of the current user interface.
Run the display users all command to check the connection of each user interface.
Run the display tcp status command to check the status of all the established TCP
connections.
----End
Example
Run the display tcp status command, and you can view the status of the TCP connection. If the
status of the TCP connection is displayed as Established, it means that a TCP connection is
established.
<S9300> display tcp status
TCPCB
Tid/Soid
Local Add:port
39952df8 36 /1509
0.0.0.0:0
32af9074 59 /1
0.0.0.0:21
Listening
34042c80 73 /17
10.164.39.99:23
Established
Issue 05 (2010-01-08)
Foreign Add:port
0.0.0.0:0
0.0.0.0:0
10.164.6.13:1147

VPNID
0
14849
State
Closed
2-27

2.6 Logging In to the S9300 Remotely Through Telnet

This section describes how to log in to the S9300 remotely through Telnet.
2.6.2 Logging In to the S9300 Remotely Through Telnet

As shown in Figure 2-11, to configure and manage the S9300 on the PC or the configuration
terminal, you need to log in to the S9300 remotely through Telnet.
Figure 2-11 Logging in to the S9300 remotely through Telnet
VLAN1
Telnet
Client
Telnet Session
PC
Ethernet
Telnet
Server
L2 Switch
Ethernet
S9300
You can log in to the S9300 remotely through Telnet to configure and manage the S9300. It is
required that the route between the PC and the S9300 should be reachable.
Before logging in to the S9300 remotely through Telnet, complete the following tasks:
l
Connecting the PC and the S9300 correctlyS9300
Data Preparation
None.
2.6.2 Logging In to the S9300 Remotely Through Telnet
2-28

Issue 05 (2010-01-08)

Procedure
Step 1 The method of logging in to the S9300 remotely through Telnet is similar to the method of
logging in to the S9300 locally through Telnet. For details, see 2.5.2 Logging In to the S9300
Through Telnet.
----End
2.7 Configuring the SSH Interface

This section describes how to configure the SSH interface.
2.7.2 Creating an SSH User
2.7.3 Configuring the VTY User Interface to Support the SSH Protocol
2.7.4 Creating a Local Key Pair
2.7.5 Configuring the Authentication Mode for the SSH User
2.7.6 (Optional) Configuring Basic Authentication Information About the SSH User
2.7.7 (Optional) Authorizing SSH Users Through Command Lines
2.7.8 Configuring the Type of the Service for the SSH User
2.7.9 (Optional) Configuring the Authorized Directory of the SFTP Service for the SSH User
2.7.10 Deleting an SSH User

The STelnet or SFTP client can log in to the SSH server to perform configurations only after
the SSH user is correctly configured on the SSH server.
Before configuring the SSH user interface, complete the following tasks:
l
Creating a local user
Configuring the RSA public key of the client on the SSH server
Data Preparation
To configure the SSH user interface, you need the following data.
Issue 05 (2010-01-08)

2-29

No.
Data
Name and password of an SSH user
Authentication mode of an SSH user
Type of the service of an SSH user
RSA public key of the peer assigned to an SSH user
SFTP working directory of an SSH user
2.7.2 Creating an SSH User

Context
Do as follows on the S9300 that functions as the SSH server.
Procedure
Step 1 Run:
system-view

Step 2 Run:
ssh user user-name authentication-type { all | password | password-rsa | rsa }
An SSH user is created.

In the case of password or password-rsa authentication, you must create a local user in the
AAA view before creating an SSH user.
1.
Run:
aaa

2.
Run:
local-user user-name password { cipher | simple } password
The local user is created.

NOTE
If you do not run the ssh user user-name command to create an SSH user independently, you can create
an SSH user when performing the following configurations:
l
----End
2.7.3 Configuring the VTY User Interface to Support the SSH

Protocol
2-30

Issue 05 (2010-01-08)

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
user-interface [ vty ] first-ui-number [ last-ui-number ]

Step 3 Run:

Step 4 Run:
protocol inbound ssh
The VTY user interface is configured to support the SSH protocol.

NOTE
You can run the protocol inbound ssh command to configure the VTY user interface to support the protocol
only when the AAA authentication mode is configured.
----End
2.7.4 Creating a Local Key Pair

Context
Do as follows on the S9300s that function as the client and server separately.
Procedure
Step 1 Run:
system-view

Step 2 Run:
rsa local-key-pair create
A local RSA key pair is created.

NOTE
To log in to the S9300 successfully or perform other SSH configurations, you must run the rsa local-keypair create command to generate a local public RSA key pair.
Issue 05 (2010-01-08)

2-31


NOTE
If the system displays the following information, it indicates that the Flash memory is not formatted:
% Fail to save RSA host keys.
When you run the dir (user-view) command in the user view to check the Flash, the system displays the
following information:
Error: The device is not formatted.
You can run the formate command to format the Flash memory, and then configure the key.
----End

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
ssh user username
authentication-type { password | rsa | password-rsa | all }
An authentication mode is configured.

Run the following command as required:
l
Configure the password authentication for the SSH user.
Run:
ssh user user-name authentication-type password
The password authentication mode is configured for the SSH user.
Run:
ssh authentication-type default password
The default password authentication mode is configured for the SSH user.
In the case of local authentication or HWTACACS authentication, the password
authentication mode is used when there are a small number of users; the default password
authentication mode is used when there are a large number of users.
NOTE
To create a local user in the AAA view, see 2.7.2 Creating an SSH User.
l
Configure the RSA authentication mode for the SSH user.

1.
Run:
ssh user user-name authentication-type rsa
The RSA authentication mode is configured for the SSH user.

2.
Run:
rsa peer-public-key key-name
The public key view is displayed.

2-32

Issue 05 (2010-01-08)

3.
Run:
public-key-code begin
The public key edit view is displayed.

4.
Enter hex-data to edit the public key.
5.
Run:
public-key-code end
Exit the public key edit view.

6.
Run:
peer-public-key end
Exit the public key view and return to the system view.
7.
Run:
ssh user user-name assign rsa-key key-name
The public key is assigned to the SSH user.

NOTE
After entering the public key edit view, you can send the RSA public key that is generated on the
client to the server. Copy and paste the RSA public key to the S9300 that functions as the SSH
server.
Before the SSH server assigns the RSA public key to the SSH user, the SSH client must generate
the RSA public key and copy it to the SSH server.
----End
2.7.6 (Optional) Configuring Basic Authentication Information

About the SSH User
Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
ssh server rekey-interval hours
The interval for updating the key on the server is set.

Step 3 Run:
ssh server timeout seconds
The timeout interval for authenticating an SSH session is set.

Step 4 Run:
ssh server authentication-retries times
The number of times for retrying to authenticating an SSH session is set.

----End
Issue 05 (2010-01-08)

2-33

2.7.7 (Optional) Authorizing SSH Users Through Command Lines

Context
NOTE
SSH users can be authenticated in four modes: password, RSA, password-rsa, and all. For authorizing SSH
users through command lines in password authentication mode, see the chapter "AAA Configuration"in
the Quidway S9300 Terabit Routing Switch Configuration Guide - ecurity and Reliability. This section
describes how to authorize SSH users through command lines in RSA authentication mode.
Procedure
Step 1 Run:
system-view

Step 2 Run:
ssh user user-name authorization-cmd aaa
Authorization through command lines is configured for the specified SSH user.
After configuring authorization through command lines for the SSH user in RSA mode, you
have to configure the authentication in AAA mode. Otherwise, authorization through command
lines for the SSH user does not take effect.
----End
Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
ssh user user-name service-type { all | sftp | stelnet }
The type of the service is configured for the SSH user.

----End
2.7.9 (Optional) Configuring the Authorized Directory of the SFTP

Service for the SSH User
2-34

Issue 05 (2010-01-08)

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
ssh user user-name sftp-directory path
The authorized directory of the SFTP service is configured for the SSH user.
NOTE
The S9300 supports the flash memory and the Compact Flash (CF) card. Therefore, the value of
path in Step 2 can only be flash: or cfcard:. cfcard: depends on the device that is configured with the
CF card or not.
If the S9300 provides the CF card, the default path is cfcard:. You can set the path to the subdirectory
name of the CF card.
----End
2.7.10 Deleting an SSH User

Procedure
l
Deleting a specified SSH user

1.
Run:
system-view

2.
Run:
undo ssh user user-name
The SSH user with a specified user name is deleted.

l
Deleting all SSH users

1.
Run:
system-view

2.
Run:
undo ssh user
All SSH users are deleted.

----End

Issue 05 (2010-01-08)

2-35

Prerequisite
The configurations the SSH user interface are complete.
Procedure
l
Run the display ssh user-information command to check information about all SSH users
on the SSH server.
Run the display ssh user-information user-name command to check information about a
specified SSH user on the SSH server.
----End
Example
Run the display ssh user-information user-name command, and you can view that the
authentication mode of the SSH user named client001 is set to password, with sftp as the type
of the service.
<Quidway> display ssh user-information client001
User Name: client001
Authentication-type: password
User-public-key-name: Sftp-directory: Service-type: sftp
Authorization-cmd: No
2.8 Logging In to the S9300 Through SSH

This section describes how to log in to the S9300 through SSH.
2.8.2 Logging In to the S9300 Through SSH

terminal, you need to log in to the S9300 through SSH on the Ethernet interface or the Eth
interface.
Figure 2-12 Establishing a local SSH connection between the PC and the S9300
VLAN1
SSH
Client
PC
2-36
SSH Connection
Ethernet
SSH
Server
L2 Switch
Ethernet

S9300
Issue 05 (2010-01-08)

In the actual networking, a route is required to be reachable between the PC and the S9300.
Before logging in to the S9300 through SSH, complete the following tasks:
l
Setting the private key file and user name used for logging in to the S9300
Data Preparation
None.
2.8.2 Logging In to the S9300 Through SSH

Prerequisite
Before logging in to the S9300 through SSH, configure the SSH server on the S9300, for details
see 5.6.2 Example for Connecting the STelnet Client and the SSH Server and 5.6.3 Example
for Connecting the SFTP Clinet and the SSH Server.
Procedure
l
Run the client software that supports SSH1.5 on the PC or the configuration terminal to
access the login interface. After entering the user name, you can log in to the S9300.
On the S9300 that functions as the client, log in to the SSH server through 2.13.2 Logging
In to the S9300 Through SFTP or 2.14.2 Logging In to the S9300 Through STelnet.
----End
2.9 Configuring the FTP Interface

This section describes how to configure the FTP interface.

To transfer files between the client and server, you need to create FTP users and password.
The client can log in to the FTP server to perform configurations only after the FTP user is
correctly configured on the FTP server.
Issue 05 (2010-01-08)

2-37

Before configuring the FTP user, complete the following tasks:
l
Data Preparation
To configure the FTP user, you need the following data.
No.
Data
User name and password used to log in to the FTP server
Authentication mode of the FTP user
Service type and authorized directory of the FTP user

Context
NOTE
Currently, the S9300 supports only the AAA authentication mode.
Do as follows on the S9300 that functions as the FTP server.
Procedure
Step 1 Run:
system-view

Step 2 Run:
aaa

Step 3 Run:
The local user name and password are created.

Step 4 Run:
local-user user-name service-type ftp
The service type of the user is set to ftp.

Step 5 Run:
local-user user-name ftp-directory path
2-38

Issue 05 (2010-01-08)

The authorized directory of the FTP user is configured.

----End

Prerequisite
The configurations the FTP user interface are complete.
Procedure
l
Run the display ftp-users command to check the information about the FTP login user.
----End
2.10 Logging In to the S9300 Through FTP

This section describes how to log in to the S9300 through FTP.
2.10.2 Logging In to the S9300 Through FTP

terminal, you need to log in to the S9300 through FTP on the Ethernet interface or the Eth
interface.
Figure 2-13 Setting up an FTP connection between the PC and the S9300
VLAN1
FTP
Client
PC
FTP Connection
Ethernet
FTP
Server
L2 Switch
Ethernet
S9300
Before logging in to the S9300 through FTP, complete the following tasks:
Issue 05 (2010-01-08)

2-39


l
Setting the user name and password used for login
Starting the S9300
Data Preparation
None.
2.10.2 Logging In to the S9300 Through FTP

Context
When logging in to the S9300 locally through FTP, you can connect to the S9300 by using FTP
client in the Windows operating system.
Procedure
l
Log in to the S9300 through FTP on the local PC or the terminal.

When logging in to the S9300 locally through FTP, you can set up a connection between
the FTP client in the Windows operating system and the S9300.
1.
Start the Command Prompt on the PC.

Choose Start > All Programs > Accessories > Command Line Prompt to start the
Command Prompt in Windows.
The following is displayed in the Command Prompt window.
C:\>
2.
Start the FTP client.

After the system prompts C:\>, enter FTP. The following information is displayed in
the Command Prompt window.
C:\> ftp
Press Enter, and then you log in to the FTP client. The following information is
displayed in the Command Prompt window.
ftp>
3.
Connect to the FTP server.

After the system prompts FTP>, enter the following command to connect to the FTP
server.
Run the open [ -a source-ip-address ] host [ port-number ] command to set up a
connection with the FTP server.
port: specifies the number of the interface for the FTP service on an FTP server. The
default value of this parameter is 20.
2-40

Issue 05 (2010-01-08)

NOTE
Steps 2 and 3 can be combined as one step. That is, run the FTP [ -a source-ip-address ]
[host [ port-number ] ] command to directly connect to the FTP server after C:\> is prompted.
Log in to the S9300 through FTP on the device that functions as the client.
Run the ftp [ -a source-ip-address ] [ host [ port-number ] ] command to establish a
connection with the FTP server.
NOTE
For the application of the client, see 6.3 Configuring the S9300 as the FTP Client.
----End
2.11 S9300 Logging In to the TFTP Service Through TFTP

This section describes how S9300 logs in to the TFTP service through TFTP.
2.11.2 Downloading Files Through TFTP
2.11.3 Uploading Files Through TFTP

NOTE
The S9300 can function as only the client to access the TFTP server.
As shown in Figure 2-14, the S9300 transfers files through TFTP.

Figure 2-14 Setting up a connection between the S9300 and the TFTP server
TFTP session
PC
configuration
cable
TFTP Client
TFTP Server
In the actual networking, a route is required to be reachable between the S9300 and the TFTP
server.
Before logging in to the S9300 through TFTP, complete the following tasks:
l
Configuring a reachable route between the S9300 and the TFTP server
Starting the S9300 and the TFTP server normally
Issue 05 (2010-01-08)

2-41

Data Preparation
None.
2.11.2 Downloading Files Through TFTP

Context
Do as follows on the S9300 that functions as the TFTP client.
Procedure
Step 1 Run:
tftp [ -a source-ip-address ] tftp-server get source-filename [ destinationfilename ]
Files are downloaded through TFTP.

Step 2 If the server is assigned an IPv6 address, run the following command on the S9300:
tftp ipv6 [ -a source-ip-address ] tftp-server get source-filename [ destinationfilename ]
Files are downloaded through TFTP.

----End
2.11.3 Uploading Files Through TFTP

Context
Do as follows on the S9300 that functions as the TFTP client.
Procedure
Step 1 Run:
tftp [ -a source-ip-address ] tftp-server put source-filename [ destinationfilename ]
Files are uploaded through TFTP.

Step 2 If the server is assigned an IPv6 address, run the following command on the S9300:
tftp ipv6 [ -a source-ip-address ] tftp-server put source-filename [ destinationfilename ]
Files are uploaded through TFTP.

----End
2.12 Limiting the Access to the TFTP Server

This section describes how to limit the access to the client to log in to the TFTP server.
2-42

Issue 05 (2010-01-08)

2.12.2 Configuring the Basic ACL

2.12.3 Configuring the Basic TFTP ACL

When the S9300 serves as the TFTP client, you can configure the ACL on the S9300. After the
configuration, you can control the TFTP server to which the device can log in through TFTP.
Before configuring a limit to access the TFTP server, complete the following tasks:
l
Powering on the S9300
Connecting the TFTP client to the server
Data Preparation
To configure a limit to access to the TFTP server, you need the following data.
No.
Data
Source IP address of the TFTP client
IP address of the TFTP server
ACL number
2.12.2 Configuring the Basic ACL

Context
NOTE
TFTP supports only the basic ACL.
Do as follows on the S9300 that serves as the TFTP client:
Procedure
Step 1 Run:
system-view

Step 2 Run:
acl acl-number
The ACL view is displayed.

Step 3 Run:
Issue 05 (2010-01-08)

2-43

rule [ rule-id ] { deny | permit } [ fragment | logging | source { source-ip-address

soucer-wildcard | any } | time-range time-name |] *
The ACL rule is configured.

----End
2.12.3 Configuring the Basic TFTP ACL

Context
Do as follows on the Switch that serves as the TFTP client:
Procedure
Step 1 Run:
system-view

Step 2 Run:
tftp-server [ ipv6 ] acl acl-number
ACL is used to limit the access to the TFTP server.

----End
2.13 Logging In to the S9300 Through SFTP

This section describes how to log in to the S9300 through SFTP.
2.13.2 Logging In to the S9300 Through SFTP

As shown in Figure 2-12, if the client needs to securely transfer files to the S9300 that functions
as the SSH server, you need to log in to the S9300 through SFTP.
Before logging in to the S9300 through SFTP, complete the following tasks:
2-44
Configuring the SSH user on the SSH server
Configuring the client as the SFTP client
Connecting the client and the S9300 correctly

Issue 05 (2010-01-08)

Data Preparation
None.
2.13.2 Logging In to the S9300 Through SFTP

Context
NOTE
You can only log in to the SSH server through SFTP on only the S9300 that is configured as the SFTP
client.
The SFTP client is a type of SSH clients.
Do as follows on the S9300 that functions as the SSH client.
Procedure
Step 1 Run:
system-view

Step 2 Run:
sftp [ -a source-address ] host [ port ] [ [ -vpn-instance vpn-instance-name ] |
[ prefer_kex { dh_group1 | dh_exchange_group } ] [ prefer_ctos_cipher { des | 3des
| aes128 } ] [ prefer_stoc_cipher { des | 3des | aes128 } ] [ prefer_ctos_hmac
{ sha1 | sha1_96 | md5 | md5_96 } ] [ prefer_stoc_hmac { sha1 | sha1_96 | md5 |
md5_96 } ] ] *
You log in to the SSH server through SFTP.

NOTE
The command used to enable the SFTP client functions the same as the command used to enable the STelnet
client. When accessing the SSH server, both the clients can carry the source address and select a key
exchange algorithm, an encryption algorithm, and an HMAC algorithm.
----End
2.14 Logging In to the S9300 Through STelnet

This section describes how to log in to the S9300 through STelnet.
2.14.2 Logging In to the S9300 Through STelnet

As shown in Figure 2-12, a Telnet connection needs to be set up between the client and the
S9300 with high security ensured. In this case, you need to log in to the S9300 through STelnet.
Issue 05 (2010-01-08)

2-45

In the actual networking, a route is required to be reachable between the STelnet client and the
S9300.
Before logging in to the S9300 through STelnet, complete the following tasks:
l
Configuring the STelnet service on the client
Enabling the STelnet service on the client and S9300
Data Preparation
None.
2.14.2 Logging In to the S9300 Through STelnet

Context
NOTE
You can log in to the SSH server through STelnet only on the S9300 that is configured as the STelnet
client.
The STelnet client is a type of SSH clients.
Procedure
Step 1 Run:
system-view

Step 2 Run:
stelnet { [ -a source-address ] host-ipv4 [ port ] [ prefer_kex { dh_group1 |
dh_exchange_group } ] [ prefer_ctos_cipher { des | 3des | aes128 } ]
[ prefer_stoc_cipher { des | 3des | aes128 } ] [ prefer_ctos_hmac { sha1 | sha1_96
| md5 | md5_96 } ] [ prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ] [ -vpninstance vpn-instance-name ]
You log in to the SSH server through STelnet.

NOTE
The STelnet client can carry the source address and select a key exchange algorithm, an encryption
algorithm, and an HMAC algorithm when logging in to the SSH server.
----End
2-46

Issue 05 (2010-01-08)

2.15 Configuring the NMS User to Log In to the S9300

Through the VTY Interface
This section describes how to configure the NMS user to log in to the S9300 through the VTY
interface.
2.15.2 Configuring the NMS User
2.15.3 Configuring the AAA Authentication Mode for the NMS User

The NMS user can log in to the S9300 through the VTY interface to set parameters about the
S9300.
Before configuring the NMS user to log in to the S9300, complete the following task:
l
Configuring a reachable route between the NMS and the S9300
Data Preparation
To configure the NMS user to log in to the S9300, you need the following data.
No.
Data
User name and password
Type and number of a user interface
2.15.2 Configuring the NMS User

Context
Do as follows on the S9300 that needs to be managed by the NMS.
Procedure
Step 1 Run:
system-view
Issue 05 (2010-01-08)

2-47


Step 2 Run:
aaa

Step 3 Run:
local-user user-name password { simple | cipher } password
A local user is created.

Step 4 Run:
local-user user-name service-type web
The local user is configured to be the NMS user.

----End
2.15.3 Configuring the AAA Authentication Mode for the NMS

User
Context
Do as follows on the S9300 that needs to be managed by the NMS.
Procedure
Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:

----End

Prerequisite
The configurations of the NMS user logging in to the S9300 through the VTY interface are
complete.
Procedure
l
Run the display vty mode command to check the VTY mode.
----End
2-48

Issue 05 (2010-01-08)

2.16 Maintaining Telnet

This section describes how to maintain Telnet.
2.16.1 Debugging Telnet Terminal Services
2.16.1 Debugging Telnet Terminal Services

Context
CAUTION
Debugging affects the performance of the system. So, after debugging, run the undo debugging
When a running fault occurs, run the debugging command in the user view to locate the fault.
Procedure
Step 1 Run the debugging telnet command to enable the debugging of Telnet.
----End

This section provides several configuration examples of Telnet.
2.17.1 Example for Configuring the Telnet Terminal Service
2.17.2 Example for Configuring the TFTP Client
2.17.1 Example for Configuring the Telnet Terminal Service

Networking Requirements
As shown in Figure 2-15, after logging in to S9300-A, the user logs in to S9300-B through
Telnet by using the default interface 23.
Figure 2-15 Networking diagram of the remote login of the Ethernet user
Eth1/0/1 Eth1/0/1
PC
Issue 05 (2010-01-08)
S9300-A
10.10.10.8/24
S9300-B
10.10.10.9/24

2-49

Configuration Roadmap
The configuration roadmap is as follows:
1.
Assign IP addresses to S9300-A and S9300-B.
2.
Configure an authentication mode and password on S9300-B.
3.
Log in toS9300-B from S9300-A.
Data Preparation
To complete the configuration, you need the following data:
l
ID of the VLAN
IP address and number of the interface on the S9300-A that functions as the Telnet client
IP address and number of the interface on the S9300-B that functions as the Telnet server
Authentication mode and the password for a user to log in to S9300-B through Telnet
Procedure
Step 1 Assign IP addresses.
# Assign IP address to S9300-A that functions as the Telnet client.
<S9300-A> system-view
[S9300-A] vlan 2
[S9300-A-vlan2] quit
[S9300-A] interface GigabitEthernet 1/0/1
[S9300-A-GigabitEthernet1/0/1] port hybrid pvid vlan 2
[S9300-A-GigabitEthernet1/0/1] port hybrid untagged vlan 2
[S9300-A-GigabitEthernet1/0/1] quit
[S9300-A] interface vlanif 2
[S9300-A-Vlanif2] ip address 10.10.10.8 255.255.255.0
[S9300-A-Vlanif2] quit
[S9300-A]
# Assign an IP address to S9300-B that functions as the Telnet server.

<S9300-B> system-view
[S9300-B] vlan 2
[S9300-B-vlan2] quit
[S9300-B] interface GigabitEthernet 1/0/1
[S9300-B-GigabitEthernet1/0/1] port hybrid pvid vlan 2
[S9300-B-GigabitEthernet1/0/1] port hybrid untagged vlan 2
[S9300-B-GigabitEthernet1/0/1] quit
[S9300-B] interface vlanif 2
[S9300-B-Vlanif2] ip address 10.10.10.9 255.255.255.0
[S9300-B-Vlanif2] quit
[S9300-B]
Step 2 Configure the authentication mode and password for S9300-B.

<S9300-B> system-view
[S9300-B] user-interface vty 0 4
[S9300-B-ui-vty0-4] authentication-mode password
[S9300-B-ui-vty0-4] set authentication password simple 123456
[S9300-B-ui-vty0-4] quit
[S9300-B]
Step 3 Verify the configuration.

2-50

Issue 05 (2010-01-08)

# Log in to S9300-B on S9300-A through Telnet.

<S9300-A> telnet 10.10.10.9
Trying 10.10.10.9 ...
Connected to 10.10.10.9 ...
Login authentication
Password:
<S9300-B>
----End
Configuration Files
l
Configuration file of S9300-A

#
sysname S9300-A
#
vlan batch 2
#
interface Vlanif2
ip address 10.10.10.8 255.255.255.0
#
interface GigabitEthernet1/0/1
port hybrid pvid vlan 2
port hybrid untagged vlan 2
#
return
Configuration file of S9300-B

#
sysname S9300-B
#
vlan batch 2
#
interface Vlanif2
ip address 10.10.10.9 255.255.255.0
#
#
user-interface vty 0 4
set authentication password simple 123456
#
return
2.17.2 Example for Configuring the TFTP Client

As shown in Figure 2-16, the S9300 cannot function as the TFTP server. The remote server at
10.1.1.2 functions as the TFTP server.
The S9300 acts as a TFTP client. VLAN 10 is created on the S9300, and GigabitEthernet 3/0/1
is added to VLAN 10. The IP address 10.1.1.1/24 is assigned to VLANIF 10.
The S9300 downloads files from the TFTP server.
Issue 05 (2010-01-08)

2-51

Figure 2-16 Networking diagram for configuring TFTP

TFTP session
PC
configuration
cable
TFTP Client
TFTP Server
1.
Run the TFTP software on the TFTP server and set the position where the source file is
located on the S9300.
2.
Download files through TFTP commands on the S9300.
Data Preparation
l
TFTP software installed on the TFTP server
Path of the source file on the TFTP server
Name of the destination file and position where the destination file is located on the S9300
Procedure
Step 1 Enable TFTP on the remote server to ensure that the TFTP application software is started.
Step 2 Create VLAN 10 on the S9300 and assign the IP address 10.1.1.1/24 to VLANIF 10.
<Quidway> system-view
[Quidway] vlan 10
[Quidway] quit
[Quidway] interface GigabitEthernet 3/0/1
[Quidway-GigabitEthernet2/0/2] port hybrid pvid vlan 10
[Quidway-GigabitEthernet2/0/2] port hybrid untagged vlan 10
[Quidway-GigabitEthernet2/0/2] quit
[Quidway] interface vlanif 10
[Quidway-Vlanif10] ip address 10.1.1.1 24
Step 3 On the S9300, initiate a connection to the TFTP server and download the 8031.cc file.
<Quidway> tftp 10.1.1.2 get 8031.cc 8031new.cc
Transfer file in binary mode.
Now begin to download file from remote tftp server, please wait for a while...
----End
Configuration Files
None.
2-52

Issue 05 (2010-01-08)

3 How to Use Command Lines
How to Use Command Lines
About This Chapter

This chapter describes how to use command lines.
3.1 Overview of Command Lines
This section describes the basic concepts of command lines.
3.2 Command Views
This section describes the hierarchical structure of command views, the relations between
command views and interfaces, and the common views.
3.3 Command Levels
This section describes the command levels, the user levels, and the relations between them.
3.4 Using the Online Help of Command Lines
This section describes how to use the online help of command lines.
3.5 Editing Command Lines
This section describes how to edit command lines.
3.6 Displaying Features of Command Lines
This section describes how to use displaying features of command lines.
3.7 History Commands
This section describes the concept and usage of history commands.
3.8 Hotkeys
This section describes how to use hotkeys.
This section provides several configuration examples of command lines.
Issue 05 (2010-01-08)

3-1

3.1 Overview of Command Lines

This section describes the basic concepts of command lines.
The knowledge that you need to learn before using command lines, including command views,
command levels, command line editing, command line displaying, history commands, and
shortcut keys, is described here. Mastering the knowledge of command lines facilitates the
configuration of related services.
3.2 Command Views

This section describes the hierarchical structure of command views, the relations between
command views and interfaces, and the common views.
3.2.1 Hierarchical Structure of Command Views
3.2.2 Common Views
3.2.1 Hierarchical Structure of Command Views

Figure 3-1 shows the hierarchical structure of command views.
Figure 3-1 Hierarchical structure of command views
Ethernet
OAM views
Ethernet
related views
MPLS
related views
QoS
related views
Log in
User view
System view
System
related views
Routing
views
FTP client view
VPN views
Multicast views
PBB
related views
BFD
related views
3-2

Issue 05 (2010-01-08)

Command views are applied to different configuration scenarios, and there are differences and
relations between the command views. For example, when you log in to the S9300, the user
view is displayed. In this view, you can view only the running status and statistics. Then, if you
run the system-view command, the system view is displayed, where you can run commands to
enter protocol and interface views.
Table 3-1 shows the types of command views.
Table 3-1 Types of command views
Issue 05 (2010-01-08)
Views
Types
Common views
User views, system views, user interface views, Rivest-Shamir-Adleman

(RSA) Algorithm views, Access Control List (ACL) views, File Transfer
Protocol (FTP) client views, public key views, and public key editing
views
Ethernet related
views
Eth-Trunk interface views, Eth-Trunk sub-interface views, interface

views, sub-interface views, GE interface views, GE sub-interface views,
Ethernet interface views, Ethernet sub-interface views, Virtual Local
Area Network (VLAN) views, VLANIF interface views, Virtual Switch
Interface (VSI) views, and Multiple Spanning Tree (MST) region views
Multiprotocol
Label Switching
(MPLS) related
views
MPLS views, MPLS-LDP views, MPLS-LDP remote peer views, tunnel

interface views, tunnel policy views, and explicit path views
Quality of
Service (QoS)
related views
Traffic policy views, traffic classifier views, and traffic behavior views
Security related
views
Authentication, Authorization, and Accounting (AAA) views, AAA

domain views, Secure FTP (SFTP) client views, recording scheme views,
accounting scheme views, authentication scheme views, authorization
scheme views, HWTACACS template views, and Remote Authentication
Dial-In User Service (RADIUS) template views
Multicast views
Multicast VLAN views, user VLAN views, and VSI views
Virtual Private
Network (VPN)
views
Layer 2 Tunneling Protocol (L2TP) group views, Generic Routing

Encapsulation (GRE) group views, L2TP network server (LNS) group
views, MPLS-L2VPN views, and tunnel policy views
Routing related
views
Loopback interface views, Open Shortest Path First (OSPF) views, OSPF
area views, Intermediate System-to-Intermediate System (IS-IS) views,
Border Gateway Protocol (BGP) views, BGP-IPv4 unicast addressfamily views, BGP-L2VPN address-family views, BGP-VPLS address
family views, and Route-Policy views

3-3

Views
Types
Provider
Backbone
Bridging-Traffic
Engineering
(PBB-TE)
related views
Tunnel views and service instance (SI) views
Bidirectional
Forwarding
Detection (BFD)
related views
BFD session views and BFD views
Ethernet
Operation,
Administration,
and Maintenance
(OAM) related
views
Maintenance Association (MA) views and Maintenance Domain (MD)

views
3.2.2 Common Views

User View
Item
Description
Function
Displays the running status and statistics of the S9300.
Entry command
Enters the user view after the connection is set up.
Prompt upon
entry
<Quidway>
Quit command
<Quidway>quit
Prompt upon quit
None.
Item
Description
Function
Sets the system parameters of the S9300, and enters other function views
from this view.
Entry command
Prompt upon
entry
[Quidway]
System View
3-4

Issue 05 (2010-01-08)

Item
Description
Quit command
[Quidway] quit
Prompt upon quit
<Quidway>
Ethernet Interface View

l
Fast Ethernet (FE) interface view
Item
Description
Function
Sets parameters related to FE interfaces of the S9300 and manages the FE

interfaces.
Entry command
[Quidway] interface ethernet X/Y/Z
Prompt upon
entry
[Quidway-EthernetX/Y/Z]
Quit command
[Quidway-EthernetX/Y/Z] quit
Prompt upon quit
[Quidway]
NOTE
X/Y/Z indicates the number of an FE interface that needs to be configured. It is in the format of slot number/
sub card number/interface sequence number.
l
GE interface view
Item
Description
Function
Configures related parameters about the GE interfaces of the S9300 and

manages the GE interfaces.
Entry command
[Quidway] interface GigabitEthernet X/Y/Z
Prompt upon
entry
[Quidway-GigabitEthernetX/Y/Z]
Quit command
[Quidway-GigabitEthernetX/Y/Z] quit
Prompt upon quit
[Quidway]
NOTE
X/Y/Z indicates the number of a GE interface that needs to be configured. It is in the format of slot number/
sub card number/interface sequence number.
If an LPU provides GE interfaces and 10GE interfaces, the difference lies in the subcard where the 10GE
interfaces reside. Generally, the sequence number of a 10GE interface is 1. If an LPU provides only 10GE
interfaces, the method of entering the 10GE interface view is the same as the method of entering the GE
interface view.
Issue 05 (2010-01-08)

3-5

3.3 Command Levels

This section describes the command levels, the user levels, and the relations between them.
3.3.1 Introduction to Command Levels
3.3.2 Relations Between Command Levels and User Levels
3.3.1 Introduction to Command Levels

To ensure the security of the system, by default, the commands are divided into 4 levels in
ascending order.
By default, the commands are divided into four levels ranging from 0 to 3:
l
0: visit level. The levels of the commands for network diagnostic tools (ping and tracert)
and the commands for accessing external devices from the local device (Telnet and SSH)
are level 0. The configuration files cannot be saved by running the commands of level 0.
1: monitoring level. The levels of the commands for maintaining the system and the display
commands are level 1. The configuration files cannot be saved by running the commands
of level 1.
2: configuration level. Service configuration commands, including routing commands and

commands at each network layer, are used to directly provide network services for users.
3: management level. The levels of the commands for system operation and service support
are level 3. The commands of level 3 include:
File system commands
FTP commands
TFTP commands
Commands for switching configuration files
Commands for controlling a secondary SCU
User management commands
Commands for setting the levels of users
Commands for setting the internal parameters of the system
Debugging commands for diagnosing service faults
To enable refined control of the authority, you can extend the levels of commands to 16 levels
ranging from 0 to 15. For details, see 4.4 Switching Levels of Users and Commands.
NOTE
The default levels of some commands may be higher than the levels defined by command rules according
to the importance of the commands.
The levels of login users are divided into 16 levels to correspond to the levels of commands.
After logging in to the S9300, a user can run only the commands whose levels are equal to or
lower than the level of the user. For user levels, see 2.1 Overview of User Login.
3-6

Issue 05 (2010-01-08)

Commands at the Visit Level

By default, commands at the visit level include the following.
Level
Accessible Command
Visit
level
Commands such as cluster, language-mode, ping, quit, super, telnet, and

tracert
Commands at the Monitoring Level

By default, commands at the monitoring level include the following:
Level
Accessible Command
Monitori
ng level
Commands such as display, reset, send, and terminal
Commands at the Configuration Level

By default, commands at the configuration level include the following.
Level
Accessible Command
Configur
ation
level
Commands such as cluster-ftp, cluster-tftp, compare, mpls, ntdp, reset,

save, and system-view
Commands at the Management Level

By default, commands at the management level include the following.
Level
Accessible Command
Managem
ent level
Commands such as cd, clock, copy, delete, dir, format, free, ftp, lock,
mkdir, more, move, patch, pwd, reboot, rename, rmdir, schedule, startup,
undelete, and tftp
3.3.2 Relations Between Command Levels and User Levels

To ensure that the S9300 manages login users according to user levels, the levels of login users
are divided into 16 levels. Similar to the command levels, login users are divided into four levels
ranging from level 0 to level 3 by default. Table 3-2 lists the levels of login users.
Issue 05 (2010-01-08)

3-7

Table 3-2 Levels of login users

Level
Name
Accessible Command
Visit
level
Commands such as language-mode, ping, quit, super, telnet, and

tracert
Monitori
ng level
Commands such as display, language-mode, ping, quit, reset, send,

super, telnet, terminal, tracert, and undo
Configur
ation
level
All configuration commands except file system commands, FTP

commands, and TFTP commands
Manage
ment
level
All commands
After logging in to the S9300, users obtain the authority that is determined by their own levels.
Users can use only the commands at a level that is equal to or lower than their own levels. Figure
3-2 shows the user authority.
Figure 3-2 Authority of users at four levels
Authority of login users
Authority
of level-3
users
Authority
of level-2
users
Authority
of level-1
users
Commands of various levels

Authority
of level-0
users
Visit level
Monitoring level
Configuration
level
Management
level
For example, users at the configuration level can use only the commands at the visit level,
monitoring level, and configuration level. Users at the management level can use commands at
all levels. When users at a lower level switch to a higher level, authentication is required to
prevent unauthorized users from logging in to the S9300.
NOTE
If the command levels are upgraded from 0 to 15, the user levels must also be extended from 0-3 to 0-15.
For details see 4.4 Switching Levels of Users and Commands.
3.4 Using the Online Help of Command Lines

This section describes how to use the online help of command lines.
3-8

Issue 05 (2010-01-08)

3.4.1 Providing the Help for a Complete Command Word

3.4.2 Providing the Help for an Incomplete Command Word
3.4.1 Providing the Help for a Complete Command Word

Context
You can obtain the online help from a command view in the following ways:
Procedure
l
Enter "?" to list all commands and their brief description in this command view. This
command is valid in any command view. For example:
<Quidway> ?
Enter a command and ? separated by a space. If a key word is in the position of the ?, all
key words and description are listed. For example:
<Quidway>
chinese
english
<Quidway>
<cr>
language-mode ?
Chinese environment
English environment
language-mode chinese ?
chinese and english are key words. Chinese environment and English environment describe
the two key words separately.
<cr> indicates that no key word or parameter is in this position. You can press Enter to
repeat the command in the next command line.
l
Enter a command and ? separated by a space. If a parameter is in the position of the ?, all
parameters and descriptions are listed. For example:
[Quidway] sysname ?
TEXT Host name(1 to 30 characters)
TEXT is a parameter with Host name(1 to 30 characters) as its descriptions.

----End
3.4.2 Providing the Help for an Incomplete Command Word

Context
You can obtain the help from a command view in the following ways.
Procedure
l
Enter a character string followed by "?" with no space between them, and the system lists
all commands with the character string as the beginning. For example:
<Quidway> d?
debugging
delete
dir
display
Enter a command and a string closely followed by a ?. All keywords of the command
beginning with this string are listed. For example:
<Quidway> display v?
version
vlan
Issue 05 (2010-01-08)

3-9

Enter the preceding letters of a keyword of a command and press Tab. The complete
keyword is displayed. The preceding letters, however, must identify the keyword.
Otherwise, after Tab is continuously pressed, different keywords are displayed, from which
you can select one as required.
If you run the language-mode chinese command in the user view, all the preceding help
messages are displayed in Chinese.
If the commands entered pass the grammar check, it indicates that they are correctly run.
Otherwise, error messages are reported to the user.
Table 3-3 shows the matching relations of error messages and error causes.
Table 3-3 Matching relations of error messages and error causes
Error Message in English
Cause
Unrecognized command
Indicates that no command is found.

Indicates that no keyword is found.
Indicates that the parameter type is incorrect.
Indicates that the parameter value is out of the
permitted range.
Incomplete command
Indicates that the input command is incomplete.
Too many parameters
Indicates that the input parameters are excessive.
Ambiguous command
Indicates that the input parameters are ambiguous.
Wrong parameter
Indicates that the input parameters are incorrect.
----End
3.5 Editing Command Lines

This section describes how to edit command lines.
You can edit commands in a Command Line Interface (CLI) that supports multi-line editing.
Each command can contain up to 256 characters.
3-10
Key
Function
Common key
Presses the key to insert a character in the position of the cursor

and moves the cursor to the right if the editing buffer is not fully
occupied.
Backspace
Presses the key to delete a character before the cursor and moves
the cursor forward.
or Ctrl+B
Presses the key to move the cursor to the left by the space of a
character.
Issue 05 (2010-01-08)

Key
Function
or Ctrl+F
Presses the key to move the cursor to the right by the space of a
character.
Tab
Presses Tab after entering an incomplete key word. The system

runs the help for an incomplete key word.
l
If the keyword matching the input one is unique, the system

replaces the entered one with the complete keyword and
displays it in a new line with the cursor a space behind.
If the parameter of the command is not unique or the keyword

matching the input one is not unique, the system displays the
prefix first. You can press Tab to switch from one matched key
word to another. In this case, the cursor closely follows the end
of a word, and you can press a spacebar and enter the next word.
If an incorrect key word is entered, press Tab and it is displayed

in a new line without being changed.
3.6 Displaying Features of Command Lines

This section describes how to use displaying features of command lines.
A CLI displays the information in the following ways:
l
Prompts and help can be displayed in Chinese and English.
When the information displayed exceeds a full screen, the pause function can be applied.
You have three choices.
Key or Command
Function
Ctrl+C
Stops displaying and running a command.
Spacebar
Continues to display the next screen.
Enter
Continues to display the next line of information.
NOTE
To stop the display, you can press any key excluding F1, PageUp, PageDown, and End. For example,
you can use a letter, a number, or a tab character.
3.7 History Commands

This section describes the concept and usage of history commands.
The commands that are entered are saved automatically in the CLI. You can invoke and run the
commands saved in the CLI repeatedly at any time.
By default, the CLI can store up to 10 history commands for each user. Table 3-4 describes the
operations for accessing the history commands.
Issue 05 (2010-01-08)

3-11

Table 3-4 Accessing history commands

Action
Command or Key
Result
Displaying history
commands
display history-command
The history commands

entered by users are
displayed.
Accessing the last

history command
Up cursor key or Ctrl+P
If there is an earlier history

command, the last history
command is retrieved.
Otherwise, an alarm is
generated.
Accessing the next

history command
Down cursor key or Ctrl+N
If there is a later history

command, the next history
command is retrieved.
Otherwise, the command is
cleared and an alarm is
generated.
NOTE
On the HyperTerminal of Windows 9X, the cursor key is invalid, because the key is defined differently.
In this case, you can use the shortcut keys Ctrl+P instead of the cursor key .
When you use the history commands, note the following:

l
The history commands saved on the S9300 must be the same as the commands entered by
the user. For example, if a user enters an incomplete command, the saved command must
also be incomplete.
If the user runs the same command several times, the last command is saved on the
S9300. If the command is entered in different formats, they are considered as different
commands.
For example, if the display ip routing-table command is run several times, only the last
one is saved in the history commands.
If the display ip routing-table command is run in the formats of display ip routing and
display ip routing-table, two commands are saved on the S9300.
3.8 Hotkeys
This section describes how to use hotkeys.
3.8.1 Classification of Hotkeys
3.8.2 Defining Hotkeys
3.8.3 Using Hotkeys
3.8.1 Classification of Hotkeys

The hotkeys are classified into the following types:
3-12

Issue 05 (2010-01-08)

l
Hotkeys that the user can define, including CTRL_G, CTRL_L, CTRL_O and CTRL_T
You can assign commands to the hotkeys as required. When the hotkeys are entered, the
commands corresponding to them are run. For the methods of defining the hotkeys, see
3.8.2 Defining Hotkeys.
System hotkeys
The hotkeys are not defined by users, and their functions are fixed. Table 3-5 describes
system hotkeys and their functions.
NOTE
Different terminal software defines hotkeys differently; therefore, the shortcut keys on the terminal may
be different from the hotkeys listed in this section.
Table 3-5 System hotkeys
Issue 05 (2010-01-08)
Hotkeys
Function
CTRL_A
Moves the cursor to the beginning of the current

line.
CTRL_B
Moves the cursor to the left by the space of a

character.
CTRL_C
Terminates the running function.
CTRL_D
Deletes the character where the cursor lies.
CTRL_E
Moves the cursor to the end of the current line.
CTRL_F
Moves the cursor to the right by the space of a

character.
CTRL_H
Deletes a character on the left of the cursor.
CTRL_K
Terminates the outbound connection.
CTRL_N
Displays the next command in the history

command buffer.
CTRL_P
Displays the previous command in the history

command buffer.
CTRL_R
Re-displays information about the current line.
CTRL_U
Deletes all the characters on the left of the cursor.
CTRL_V
Pastes the contents on the clipboard.
CTRL_W
Deletes a character string or a character on the

left of the cursor.
CTRL_X
Deletes all the characters on the left of the cursor.
CTRL_Y
Deletes all characters on the right of the cursor.
CTRL_Z
Returns to the user view.
CTRL_]
Ends the inbound connection or redirects the

connection.
3-13

Hotkeys
Function
ESC_B
Moves the cursor to the left by the space of a

word.
ESC_D
Deletes a word on the right of the cursor.
ESC_F
Moves the cursor to the right by the space of a

word.
ESC_N
Moves the cursor downward a line.
ESC_P
Moves the cursor upward a line.
ESC_<
Locates the cursor at the beginning of text in the

clipboard.
ESC_>
Locates the cursor at the end of text in the

clipboard.
3.8.2 Defining Hotkeys

NOTE
When assigning a command to the hotkeys, you need to mark the command with double quotation marks
if the command consists of several words, that is, the command includes spaces. You need not mark the
command with double quotation marks if the command consists of only one word, that is, the command
includes no space.
Perform the following operation in the system view.

Operation
Command
Assigning a
command to the
hotkeys
hotkey { CTRL_G | CTRL_L | CTRL_O | CTRL_T } command-text
The default values of the CTRL_G, CTRL_L, and CTRL_O hotkeys are described as follows:
l
CTRL_G: corresponds to the display current-configuration command.
CTRL_L: corresponds to the display ip routing-table command.
CTRL_O: corresponds to the undo debugging all command.
The system does not set default values for the other hotkeys.
3.8.3 Using Hotkeys

l
3-14
You can use hotkeys where a command can be run. When hotkeys are executed in the
system, the command assigned to the hotkeys is displayed the same as the complete
command is entered.
Issue 05 (2010-01-08)

After entering part of a command and before pressing Enter, the system deletes all the
input characters and displays the command assigned to the hotkeys by entering the hotkeys
that the command is assigned to. This is equivalent to deleting all the input characters and
entering the complete command.
Using hotkeys is the same as running the command assigned to the hotkeys. After hotkeys
are used, the corresponding commands are recorded in the command buffer and log for
fault location and query.
NOTE
The terminals that you use may affect the functions of hotkeys. For example, the function of the hotkey
that is defined by the terminal used by a user varies with the function of the hotkey on the S9300. In this
case, after a user enters hotkeys, the command assigned to the hotkeys is not run.
You can run the following commands in all views.

Operation
Command
Display the hotkeys in use.
display hotkey

This section provides several configuration examples of command lines.
3.9.1 Example for Defining Hotkeys
3.9.2 Example for Copying a Command by Using Hotkeys
3.9.3 Example for Using the Tab Key
3.9.1 Example for Defining Hotkeys

Procedure
Step 1 Define the hotkeys CTRL_T on the S9300 and assign the display ip routing-table command
to the hotkeys. Then, run the command.
[Quidway] hotkey ctrl_t "display ip routing-table"
Step 2 Type Ctrl+T following [Quidway] to display the display ip routing-table command.
[Quidway] display ip routing-table
Route Flags: R - relied, D - download to fib
-----------------------------------------------------------------------------Routing Tables: Public
Destinations : 9
Routes : 9
Destination/Mask
Proto Pre Cost Flags NextHop
Interface
1.1.1.1/32 Direct 0
0
D 127.0.0.1
InLoopBack0
10.1.1.1/32 Direct 0
0
D 127.0.0.1
InLoopBack0
44.0.0.0/24 Direct 0
0
D 44.0.0.1
Vlanif44
44.0.0.1/32 Direct 0
0
D 127.0.0.1
InLoopBack0
127.0.0.0/8 Direct 0
0
D 127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
D 127.0.0.1
InLoopBack0
192.168.0.0/16 Direct 0
0
D 192.168.32.9
Ethernet0/0/0
192.168.32.9/32 Direct 0
0
D 127.0.0.1
InLoopBack0
----End
Issue 05 (2010-01-08)

3-15

3.9.2 Example for Copying a Command by Using Hotkeys

Procedure
Step 1 Enter a command in any view on the S9300. Move the cursor to the beginning of the command,
and then press ESC_<. Move the cursor to the end of the command, and then press ESC_>.
Then, the contents are written to the clipboard.
<Quidway> display ip routing-table
Step 2 After the command is copied, run the display clipboard command to view the contents of the
clipboard.
<Quidway> display clipboard
---------------- CLIPBOARD----------------display ip routing-table
Step 3 Press CTRL_SHIFT_V to view the contents of the clipboard in any view.
<Quidway> display ip routing-table
----End
3.9.3 Example for Using the Tab Key

Procedure
l
If only one keyword contains the incomplete keyword,

do as follows on the S9300.
1.
Enter an incomplete keyword.

[Quidway] info-
2.
Press Tab.
The system replaces the incomplete keyword with a complete keyword and displays
the complete keyword in another line. There is only one space between the cursor and
the end of the keyword.
[Quidway] info-center
If more than one keyword contains the incomplete keyword,

do as follows on the S9300.
# The keyword info-center can be followed by the following keywords.
[Quidway] info-center log?
logbuffer
logfile
loghost
1.
Enter an incomplete keyword.

[Quidway] info-center l
2.
Press Tab.
The system displays the prefix of all the matched keywords. The prefix in this example
is log.
[Quidway] info-center log
3.
Continue to press Tab to display all the keywords. There is no space between the
cursor and the end of the keywords.
[Quidway] info-center loghost
3-16

Issue 05 (2010-01-08)

[Quidway] info-center logbuffer

[Quidway] info-center logfile
Stop pressing Tab when you find the required keyword logfile.
4.
Enter a space and enter the next keyword channel.

[Quidway] info-center logfile channel
----End
Issue 05 (2010-01-08)

3-17

4 Common Operations and Configurations
Common Operations and Configurations
About This Chapter

This chapter describes common operations and configurations of commands.
4.1 Overview of Common Operations and Configurations
This section describes the basic concepts of common operations and configurations.
4.2 Common Operations
This section describes common operations.
4.3 Common Configurations
This section describes common configurations.
4.4 Switching Levels of Users and Commands
This section describes how to switch levels of users and commands.
Issue 05 (2010-01-08)

4-1

4.1 Overview of Common Operations and Configurations

This section describes the basic concepts of common operations and configurations.
4.1.1 Introduction to Common Operations
4.1.2 Introduction to Common Configurations
4.1.1 Introduction to Common Operations

Before configuring services, you need to perform the following common operations:
l
4.2.1 Entering the System View
4.2.2 Quitting a Command View
4.2.3 Switching the Language Mode
4.2.4 Displaying Information About the System Status
4.2.5 Locking a Login Interface
4.2.6 Sending Information from One User Interface to Another User Interface
4.2.7 Closing the Connection on a Specified User Interface
4.2.8 Setting the Header Text
4.1.2 Introduction to Common Configurations

Before configuring services, you need to perform common configurations based on the system
running environment, such as 4.3.1 Setting a System Name and 4.3.2 Setting the System
Time.
4.2 Common Operations

This section describes common operations.
4.2.6 Sending Information from One User Interface to Another User Interface

4-2

Issue 05 (2010-01-08)

Context
After logging in to the S9300, you enter the user view.
Procedure
Step 1 Run:
system-view

----End

Context
Do as follows in any view on the S9300.
Procedure
Step 1 Run:
quit
The command view of a lower level is displayed.

----End

Context
Do as follows in the user view.
Procedure
Step 1 Run:
language-mode { chinese | english }
The language mode is switched.

----End
Postrequisite
The help of the S9300 can be displayed in English or Chinese. By default, the language mode
of the S9300 is English.

Issue 05 (2010-01-08)

4-3

Context
You can view information about the status of the system by using the display commands. The
display commands can be classified into the following types according to their functions:
l
Commands for displaying the configurations about the system
Commands for displaying the running status of the system
Commands for displaying the statistics about the system
For details about the display commands of different protocols and interfaces, see related
chapters. This section describes only the display commands related to the status of the system.
NOTE
You can use the display commands in any view.
Procedure
l
View the commands for displaying the configurations about the system.
1.
Run:
display clock
The system clock is displayed.

2.
Run:
display current-configuration
The current configuration is displayed.

3.
Run:
display saved configuration
The configuration file to be used in the next startup is displayed.

4.
Run:
display this
The configuration in the current view is displayed.

The preceding steps are independent of each other and can be configured as required.
l
View the commands for displaying the running status of the system.
1.
Run:
display users [ all ]
The terminal users are displayed.

2.
Run:
display version [ slot-id ]
The version of the system is displayed.

3.
Run:
display debugging [ interface interface-type interface-number ] [ modulename ]
The debugging status of the system is displayed.

4-4

Issue 05 (2010-01-08)

View the commands for displaying the statistics about the system.
1.
Run:
display diagnostic-information [ file-name ]
The diagnostic information about the system is displayed.

When a fault occurs on the system or when you perform routine maintenance, you
need to collect a large amount of information to locate the fault. You can hardly collect
all information at one time because there are a great number of display commands. In
this case, you can use the display diagnostic-information command to collect all
running information about each module.
Information displayed by using the display diagnostic-information command
contains information displayed by using the following commands on the terminal:
display clock
display version
display interface
display current-configuration
display saved-configuration
----End

Context
To prevent unauthorized users from operating the terminal interface when you leave the
operation terminal temporarily, you can lock the configuration interface.
Procedure
Step 1 Run:
lock
The user interface is locked.

----End
Postrequisite
Before locking the user interface, you need to enter a password and confirm it. Before unlocking
the user interface, you must enter a correct password.
4.2.6 Sending Information from One User Interface to Another User

Interface
Issue 05 (2010-01-08)

4-5

Context
To send information to another user interface, do as follows on the S9300.
Procedure
Step 1 Run:
send { all | number | ui-type ui-number }
Information is sent from the current interface to another user interface.

----End

Context
To end the connection on a specified user interface, do as follows on the S9300.
Procedure
Step 1 Run:
free user-interface { number | ui-type ui-number }
The connection on a specified user interface is ended.

----End

Context
The header text is the message displayed by the system when:
l
A user sets up a connection with the S9300.
The system authenticates the login user that starts to configure the S9300.
To provide login users with explicit prompts, you can perform this configuration.
Procedure
Step 1 Run:
system-view

Step 2 Run:
header login { information text | file file-name }
The header text that is displayed when a user logs in to the S9300 is set.
Step 3 Run:
header shell { information text | file file-name }
4-6

Issue 05 (2010-01-08)

The header text that is displayed after the user succeeds in logging in to the S9300 is set.
----End
4.3 Common Configurations

This section describes common configurations.
4.3.1 Setting a System Name
4.3.2 Setting the System Time
4.3.1 Setting a System Name

Context
The default name of the S9300 is Quidway. You can change the name of the S9300 as required.
Procedure
Step 1 Run:
system-view

Step 2 Run:
sysname
host-name
The name of the S9300 is set.

----End
4.3.2 Setting the System Time

Context
To ensure that the S9300 can interoperate with other devices, you need to set the system time
accurately. The S9300 supports the time zone and the daylight saving time.
Procedure
Step 1 Run:
clock datetime HH:MM:SS YYYY-MM-DD
The local standard time is set.

Step 2 Run:
clock timezone time-zone-name { add | minus } offset
Issue 05 (2010-01-08)

4-7

The local time zone is set.

Step 3 Run:
clock daylight-saving-time time-zone-name one-year start-time start-data end-time
end-data offset Or, clock daylight-saving-time time-zone-name repeating start-time
{ start-year month { first | second | third | fourth | fifth | last } weekday |
start-date } end-time { end-year month { first | second | third | fourth | fifth
| last } weekday | end-date } offset
The daylight saving time is set.

----End
4.4 Switching Levels of Users and Commands

This section describes how to switch levels of users and commands.
4.4.1 Extending Levels of Commands
4.4.2 Extending Levels of Users
4.4.3 Setting the Password for Switching Levels of Users
4.4.4 Switching the User Level
4.4.1 Extending Levels of Commands

Context
You can extend the levels of commands from 4 levels (level 0 to level 3) to 16 levels (level 0 to
level 15).
Procedure
Step 1 Run:
system-view

Step 2 Run:
command-privilege level rearrange
The command levels are extended in batches.

Step 3 Run:
command-privilege level level view view-name command-key
The command level is set.

Step 2 and Step 3 are independent of each other.
----End
4-8

Issue 05 (2010-01-08)

Postrequisite
NOTE
By performing Step 2, you can extend the levels of the commands whose current levels are level 2
to level 10 and extend the levels of the commands whose current levels are level 3 to level 15. No
command lines exist in Level 2 to Level 9 and Level 11 to Level 14. The user can adjust the command
lines to these levels separately to refine the management of privilege.
By default, the system sets views and levels for all commands; therefore, you need not re-set a view
or level for a command.
When running the command-privilege level rearrange command, the system prompts you to set
the super password for a level 15 user if the password for switching to level 15 is not set. The system
also asks you whether to continue the operation of extending the levels of commands. If you select
N, then you set a password. If you select Y, the system extends the levels of commands in batches.
The users who do not use console ports cannot extend their levels; thus, they cannot use the commands
of higher levels.
4.4.2 Extending Levels of Users

Context
If the command levels are upgraded from 0 to 15, the user levels must also be extended from
0-3 to 0-15. Users obtain the authority that is determined by their own levels. Users can use only
the commands at a level that is equal to or lower than their own levels.
Procedure
Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
user privilege level level
The levels of the commands that the current user can access are extended.
----End
4.4.3 Setting the Password for Switching Levels of Users

Context
Before a user at a lower level switches to a higher level after logging in to the S9300, the user
must enter a password. The password must be set before the user switches to a higher level.
Issue 05 (2010-01-08)

4-9

NOTE
If simple is specified, the password is saved in the configuration file in plain text. A user at a lower level
then can easily obtain the password for switching to a higher level by viewing the configuration file. In
such a case, the network security cannot be guaranteed. Therefore, it is recommended that the parameter
cipher be specified to save the password in cipher text.
If cipher is specified to set the password, the password cannot be obtained from the system. Keep the
password safe to avoid forgetting or losing it.
Procedure
Step 1 Run:
system-view

Step 2 Run:

----End
4.4.4 Switching the User Level

Context
When switching from a lower level to a higher one, you need to enter a correct password.
Procedure
Step 1 Run:
super [ level ]
The user level is switched.

NOTE
When a user logging in to the S9300 switches from a lower level to a higher level by using the super
command, the system sends out a trap message automatically and records the switching of the user level
in a log. If the user switches to a lower level, the system only records the switching in a log.
----End
4-10

Issue 05 (2010-01-08)

5 Configuration of the SSH Server and Client
Configuration of the SSH Server and Client
About This Chapter

This chapter describes how to configure the Secure Shell (SSH) server, Secure Telnet (STelnet)
client, and Secure FTP (SFTP) client.
5.1 Overview of SSH
This section describes the basic concepts of the SSH terminal service.
5.2 Configuring the SSH Server
This section describes how to configure the SSH server.
5.3 Configuring the STelnet Client
This section describes how to configure the STelnet client.
5.4 Configuring the SFTP Client
This section describes how to configure the SFTP client.
5.5 Maintaining SSH
This section describes how to maintain SSH.
This section provides several configuration examples of SSH.
Issue 05 (2010-01-08)

5-1

5.1 Overview of SSH

This section describes the basic concepts of the SSH terminal service.
Introduction to SSH
SSH works at the application layer in the TCP/IP protocol suite. SSH provides remote login and
virtual terminal on the network where security is guaranteed. Based on TCP connections, SSH
guarantees security and provides authentication for transmitted information, preventing the
following attacks shown in Figure 5-1:
l
IP spoofing
Interception of the password in plain text
Denial of Service (DoS)
Figure 5-1 Establishing a local SSH connection between the PC and the S9300
VLAN1
Telnet
Client
Telnet Session
PC
Ethernet
Telnet
Server
L2 Switch
Ethernet
S9300
SSH adopts the client/server model and sets up multiple secure transmission channels. The
S9300, as the SSH server, can be connected to multiple PCs that function as SSH clients. A
Layer 2 switch may exist between the PC and the SSH server. In the actual networking, a route
is required to be reachable between the PC and the S9300.
Currently, there are three SSH versions including v1.0, v1.5, and v2.0. SSHv1.5 and SSHv1.0
are compatible but SSHv2.0 and SSHv1.5 are incompatible.
Advantages of SSH
Different from Telnet and FTP terminal services, SSH provides secure remote access on the
network without security guaranteed. The advantages of SSH are described as follows:
l
STelnet client functions

There is a potential risk on security for login through Telnet because there is no
authentication and the data transmitted through TCP is in plain text. The insecure access
results in malicious attacks including DoS attacks, IP spoofing attacks, and route spoofing
attacks.
SSH provides secure remote access on an insecure network by supporting the following
functions:
5-2
Supporting Revest-Shamir-Adleman Algorithm (RSA) authentication
Supporting Data Encryption Standard (DES) and 3DES

Issue 05 (2010-01-08)

Supporting the encrypted transfer of the user name or password
Supporting the encrypted transfer of interactive data
SSH adopts RSA. After the public key and the private key are generated according to the
encryption principle of the asymmetric encryption system, the following information is
transmitted with security between the SSH client and the SSH server:
Key
User name or password
Interactive data
SFTP client functions

SFTP provides the following types of applications:
By using SFTP, you can securely log in to the S9300 to manage files from the remote
device. In this manner, the security of data transmission is improved when files need to
be transferred during the upgrade of the remote system.
The S9300 can function as the client to log in to the remote device through FTP to
transfer files with security.
Setting Up an SSH Connection

The procedure for setting up an SSH connection is as follows:
1.
Negotiating the SSH version
2.
Negotiating the key
3.
Authenticating the user identity
4.
Initiating a session request
5.
Performing the interactive session
For details, see the chapter "Setting Up an SSH Connection" in the Quidway S9300 Terabit
Routing Switch Feature Description - Basic Configuration.
5.2 Configuring the SSH Server

This section describes how to configure the SSH server.
5.2.2 Enabling the STelnet Service
5.2.3 Enabling the SFTP Service
5.2.4 (Optional) Enabling the Later Version to Be Compatible with the Earlier Version
5.2.5 (Optional) Setting the Listening Port Number on the SSH Server
5.2.6 (Optional) Enabling the S9300 to Send Trap Messages
5.2.7 (Optional) Setting the Interval for Updating the Key Pair

Issue 05 (2010-01-08)

5-3

You must enable STelnet or SFTP on the SSH server before performing other configurations.
On the SSH server, you can set a listening port number. If you change the default listening port
on the SSH server to another port, attackers will not be aware of this change. In this manner,
attackers cannot consume the bandwidths and system resources by accessing port 22.
Before configuring the SSH server, complete the following tasks:
l
Connecting the SSH client and server properly
Configuring a reachable route between the SSH client and the server
Configuring the Virtual Type Terminal (VTY) user interface to support the SSH protocol
on the SSH server
Creating a local RSA key pair on the SSH server
Data Preparation
To configure the SSH server, you need the following data.
No.
Data
Listening port number on the SSH server
5.2.2 Enabling the STelnet Service

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
stelnet server enable
The STelnet service is enabled.

----End
5.2.3 Enabling the SFTP Service

5-4

Issue 05 (2010-01-08)

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
sftp server enable
The SFTP service is enabled.

----End
5.2.4 (Optional) Enabling the Later Version to Be Compatible with

the Earlier Version
Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
ssh server compatible-ssh1x enable
An earlier version is enabled to be compatible.

By default, SSH2.0 is compatible with SSH1.X. If the client that is enabled with any SSH
protocol from SSH1.3 to SSH1.99 cannot log in to the S9300, you can run the undo ssh server
compatible-ssh1x enable command to enable the earlier version to be compatible.
NOTE
Compared with SSH1.X, SSH2.0 is extended in structure and supports more authentication modes and key
exchange methods. In addition, SSH2.0 supports more advanced services such as SFTP.
----End
5.2.5 (Optional) Setting the Listening Port Number on the SSH

Server
Context
Issue 05 (2010-01-08)

5-5

Procedure
Step 1 Run:
system-view

Step 2 Run:
ssh server port port-number
The listening port number is set on the SSH server.

NOTE
If a new listening port number is set, the SSH server tears down all established STelnet and SFTP
connections, and then uses the new port number. By default, the listening port number on the SSH server
is 22.
----End
5.2.6 (Optional) Enabling the S9300 to Send Trap Messages

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
snmp-agent trap enable ssh
The S9300 is enabled to send trap messages.

NOTE
The S9300 is enabled to send trap messages to only the Simple Network Management Protocol (SNMP)
module. To view trap messages on the SNMP module, you need to perform related configurations on the
SNMP module. For details, see the chapters "Configuring the Trap Function" and "Configuring the
S9300 to Send Trap Messages in Inform Mode" in the Quidway S9300 Terabit Routing Switch
Configuration Guide - Network Management.
----End
5.2.7 (Optional) Setting the Interval for Updating the Key Pair
Context
5-6

Issue 05 (2010-01-08)

Procedure
Step 1 Run:
system-view

Step 2 Run:
ssh server rekey-interval interval
The interval for updating the key pair on the server is set.
----End

Prerequisite
The configurations of the SSH server are complete.
Procedure
l
Run the display ssh server status command to check the global configuration of the SSH
server.
----End
Example
Run the display ssh server status command, and you can view that the protocol version enabled
in the SSH session is SSH1.99, and that the number of times for setting up an SSH session is 5.
<Quidway> display ssh server status
SSH version : 1.99
SSH connection timeout : 60 seconds
SSH server key generating interval : 2 hours
SSH Authentication retries : 5 times
SFTP server: Enable
STelnet server: Enable
SSH server port: 55535
NOTE
If the default listening port is in use, information about the current listening port is not displayed.
5.3 Configuring the STelnet Client

This section describes how to configure the STelnet client.
5.3.2 Enabling the Initial Authentication on the STelnet Client
5.3.3 Assigning the RSA Public Key to the SSH Server by the STelnet Client
Issue 05 (2010-01-08)

5-7


After the negotiation between the SSH client and server, the STelnet user can access the SSH
server with security.
The negotiation process includes configurations on the server and on the client.
l
For details about the configuration on the server, see 2.7 Configuring the SSH
Interface.
For the configuration on the client, you can perform configuration tasks of 5.3.2 Enabling
the Initial Authentication on the STelnet Client and 5.3.3 Assigning the RSA Public
Key to the SSH Server by the STelnet Client.
NOTE
The preceding configurations are exclusive; therefore, you only need to perform either of them.
Before connecting the STelnet client and the SSH server, complete the following tasks:
l
Configuring the STelnet user on the SSH server
Enabling the STelnet service on the SSH server
Data Preparation
To connect the STelnet client and the SSH server, you need the following data.
No.
Data
Name of the SSH server
Current listening port number on the SSH server
Preferred encryption algorithm from the STelnet client to the SSH server
Preferred encryption algorithm from the SSH server to the STelnet client
Preferred HMAC algorithm from the STelnet client to the SSH server
Preferred HMAC algorithm from the SSH server to the STelnet client
Preferred key exchange algorithm
Name of the outbound interface
Source address
5.3.2 Enabling the Initial Authentication on the STelnet Client

5-8

Issue 05 (2010-01-08)

Context
Do as follows on the S9300 that functions as the STelnet client.
Procedure
Step 1 Run:
system-view

Step 2 Run:
ssh client first-time enable
The initial authentication is enabled on the STelnet client.

NOTE
After the initial authentication is enabled, the validity of the RSA public key of the SSH server need
not be checked when an STelnet user logs in to the SSH server for the first time. This is because the
PSA public key of the SSH server is not kept on the STelnet client.
If the initial authentication is not enabled, an STelnet user fails to log in to the SSH server, because
checking the validity of the RSA public fails.
NOTE
In addition to enabling the initial authentication on the STelnet client, you can perform the task of 5.3.3
Assigning the RSA Public Key to the SSH Server by the STelnet Client to implement this function.
----End
5.3.3 Assigning the RSA Public Key to the SSH Server by the
STelnet Client
Context
NOTE
Before the STelnet client assigns the RSA public key to the SSH server, the server must generate the key
and send it to the client. In this manner, checking the validity of the RSA public key on the SSH server can
succeed.
Do as follows on the S9300 that functions as the STelnet client.
Procedure
Step 1 Run:
system-view

Step 2 Run:
ssh client server-name assign rsa-key key-name
The RSA public key is assigned to the SSH server.

----End
Issue 05 (2010-01-08)

5-9


Prerequisite
The configurations of the STelnet client are complete.
Procedure
l
Run the display ssh server-info command to check the mapping between the SSH server
and the RSA public key on the SSH client.
Run the display ssh server session command to check the session of the SSH client on the
SSH server.
----End
Example
Run the display ssh server session command, and you can view inforamtion including the
following:
l
The user logs in to the server through VTY3.
The type of the service is set to stelnet, with the authentication mode as password.
[Quidway] display ssh server session

Session 1:
Conn:
VTY 3
Version:
2.0
State:
started
Username:
client001
Retry:
1
CTOS Cipher:
aes128-cbc
STOC Cipher:
aes128-cbc
CTOS Hmac:
hmac-sha1-96
STOC Hmac:
hmac-sha1-96
Kex:
diffie-hellman-group1-sha1
Service Type:
stelnet
Authentication Type: password
5.4 Configuring the SFTP Client

This section describes how to configure the SFTP client.
5.4.2 Enabling the Initial Authentication on the SFTP Client
5.4.3 Assigning the RSA Public Key to the SSH Server by the SFTP Client
5.4.4 (Optional) Managing Directories
5.4.5 (Optional) Managing Files
5.4.6 (Optional) Displaying Command Help on the SFTP Client

5-10

Issue 05 (2010-01-08)

By using SFTP, you can remotely log in to the S9300 to manage files with security. In this
manner, the security of data transmission is improved when files need to be transferred during
the upgrade of the remote system. The S9300 can function as the client; therefore, you can log
in to the remote device through FTP to transfer files with security from the S9300.
The negotiation process includes configurations on the server and on the client.
l
For details about the configuration on the server, see 2.7 Configuring the SSH
Interface.
For the configuration on the client, you can perform configuration tasks of 5.4.2 Enabling
the Initial Authentication on the SFTP Client and 5.4.3 Assigning the RSA Public Key
to the SSH Server by the SFTP Client.
NOTE
The preceding configurations are exclusive; therefore, you only need to perform either of them.
Before connecting the SFTP client and the SSH server, complete the following tasks:
l
Configuring the SFTP user on the SSH server
Enabling the SFTP service on the SSH server
Data Preparation
To connect the SFTP client and the SSH server, you need the following data.
Issue 05 (2010-01-08)
No.
Data
Name of the SSH server
Current listening port number on the SSH server
Preferred encryption algorithm from the SFTP client to the SSH server
Preferred encryption algorithm from the SSH server to the SFTP client
Preferred HMAC algorithm from the SFTP client to the SSH server
Preferred HMAC algorithm from the SSH server to the SFTP client
Preferred key exchange algorithm
Name of the outbound interface
Source address
10
Name of the directory
11
Name of the file

5-11

5.4.2 Enabling the Initial Authentication on the SFTP Client

Context
Do as follows on the S9300 that functions as the SFTP client.
Procedure
Step 1 Run:
system-view

Step 2 Run:
The initial authentication is enabled on the SFTP client.

NOTE
After the initial authentication is enabled, the validity of the RSA public key of the SSH server need
not be checked when an SFTP user logs in to the SSH server for the first time, because the PSA public
key of the SSH server is not kept on the SFTP client.
If the initial authentication is not enabled, an SFTP user fails to log in to the SSH server, because
checking the validity of the RSA public fails.
NOTE
In addition to enabling the initial authentication on the SFTP client, you can perform the task of 5.4.3
Assigning the RSA Public Key to the SSH Server by the SFTP Client to implement this function.
----End
5.4.3 Assigning the RSA Public Key to the SSH Server by the SFTP
Client
Context
NOTE
Before the SFTP client assigns the RSA public key to the SSH server, the server must generate the key and
send it to the client. In this manner, checking the validity of the RSA public on the SSH server can be
successful.
Do as follows on the S9300 that functions as the SFTP client.
Procedure
Step 1 Run:
system-view

Step 2 Run:
ssh client server-name assign rsa-key key-name
5-12

Issue 05 (2010-01-08)

The RSA public key is assigned to the SSH server.

----End
5.4.4 (Optional) Managing Directories

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
sftp [ -a ip-address ] host [ port ] [ prefer_ctoc_cipher { 3des | aes128 | des } ]
[ prefer_ctos_hmac { md5 | md5_96 | sha1 | sha1_96 } ] [ prefer_kex
{ dh_exchange_group | dh_group1 } ] [ prefer_stoc_cipher { 3des | aes128 | des } ]
[ prefer_stoc_hmac { md5 | md5_96 | sha1 | sha1_96 } ]
A user logs in to the SSH server through SFTP.

Step 3 Run the following command as required:
l
To change the current working directory of a user, run:

cd remote-directory
To change the current working directory to the parent directory, run:

cdup
To display the current working directory of a user, run:

pwd
To display the file list in the specified directory, run:

dir/ls [ remote-directory ]
To delete a directory from the server, run:

rmdir path
To create a directory on the server, run:

mkdir path
NOTE
After logging in to the SSH server, the SFTP client can create or delete the directory on the server, display
the current working directory, and display the files or information in the specified directory.
----End
5.4.5 (Optional) Managing Files

Context
Issue 05 (2010-01-08)

5-13

Procedure
Step 1 Run:
system-view

Step 2 Run:
sftp [ -a ip-address ] host [ port ] [ prefer_ctoc_cipher { 3des | aes128 | des } ]
[ prefer_ctos_hmac { md5 | md5_96 | sha1 | sha1_96 } ] [ prefer_kex
{ dh_exchange_group | dh_group1 } ] [ prefer_stoc_cipher { 3des | aes128 | des } ]
[ prefer_stoc_hmac { md5 | md5_96 | sha1 | sha1_96 } ]

l
To change the name of a specified file on the server, run:

rename old-name new-name
To download files from the remote server, run:

get remote-file [ local-file ]
To upload local files to the remote server, run:

put local-file [ remote-file ]
To delete files from the server, run:

remove path-filename
NOTE
After logging in to the SSH server, the SFTP client can change the file name, delete files, view the file list,
and upload and download files.
----End
5.4.6 (Optional) Displaying Command Help on the SFTP Client

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
sftp [ -a source-address ] host [ port ] [ [ -vpn-instance vpn-instance-name ] |
[ prefer_kex { dh_group1 | dh_exchange_group } ] [ prefer_ctos_cipher { des | 3des
| aes128 } ] [ prefer_stoc_cipher { des | 3des | aes128 } ] [ prefer_ctos_hmac
{ sha1 | sha1_96 | md5 | md5_96 } ] [ prefer_stoc_hmac { sha1 | sha1_96 | md5 |
md5_96 } ] ] *

Step 3 Run:
help [ all | command-name ]
5-14

Issue 05 (2010-01-08)

The command help of the SFTP client is displayed.

----End

Prerequisite
The configurations of the SFTP client are complete.
Procedure
l
Run the display ssh server session command to check the session of the SSH client on the
SSH server.
----End
Example
Run the display ssh server session command, and you can view information including the
following:
l
The user logs in to the server through VTY4.
The type of the service is set to sftp, with the authentication mode as rsa.
<Quidway> display ssh server session

Session 2:
Conn
: VTY 4
Version
: 2.0
State
: started
Username
: client002
Retry
: 1
CTOS Cipher
: aes128-cbc
STOC Cipher
: aes128-cbc
CTOS Hmac
: hmac-sha1-96
STOC Hmac
: hmac-sha1-96
Kex
: diffie-hellman-group1-sha1
Service Type
: sftp
Authentication Type : rsa
5.5 Maintaining SSH

This section describes how to maintain SSH.
5.5.1 Debugging the SSH Terminal Service
5.5.1 Debugging the SSH Terminal Service

Context
NOTE
Debugging affects the performance of the system. So, after debugging, run the undo debugging ssh server
When a running fault occurs, run the following debugging command in the user view to locate
the fault. For the procedure of displaying the debugging information, see the chapter "Monitoring
Issue 05 (2010-01-08)

5-15

and Debugging" in the S9300 Terabit Routing Switch Configuration Guide - Device
Management.
Procedure
Step 1 Run the debugging ssh server { all | vty index } { all | event | message | packet } command to
enable the debugging of SSH functions.
----End

This section provides several configuration examples of SSH.
5.6.1 Example for Configuring the SSH Server to Support the Access from Another Port
5.6.2 Example for Connecting the STelnet Client and the SSH Server
5.6.3 Example for Connecting the SFTP Clinet and the SSH Server
5.6.1 Example for Configuring the SSH Server to Support the Access
from Another Port
The standard listening port is numbered 22, as defined in the SSH protocol. If attackers access
the standard port continuously, the bandwidth is consumed and the performance of the server is
degraded. As a result, other valid users cannot access the port.
If the listening port on the SSH server is changed to a non-default one, attackers will not aware
of this change and continue to send a request for the socket connection to port 22. In this case,
the SSH server detects that it is not the listening port, and then denies the the request for
establishing the socket connection.
Therefore, only valid users can use the specified listening port to set up a socket connection
through the following procedures:
5-16
Negotiating the version of the SSH protocol
Negotiating the algorithm
Generating the session key
Authenticating
Sending a request for a session
Performing the interactive session

Issue 05 (2010-01-08)

Figure 5-2 Networking diagram for configuring the SSH server to support the access from
another port
SSH Server
GE1/0/1
10.164.39.222/24
GE1/0/1
10.164.39.220/24
Client001
GE1/0/1
10.164.39.221/24
Client002
S9300
Interface
VLANIF interface
IP address
SSH server
GigabitEthernet 1/0/1
VLANIF 10
10.164.39.222/24
Client001
VLANIF 10
10.164.39.220/24
Client002
VLANIF 10
10.164.39.221/24
1.
Create a VLAN that each interface belongs to and assign an IP address to each VLANIF
interface.
2.
Configure Client001 and Client002 on the SSH server.
3.
Create a local key pair on the SFTP client and SSH server separately.
4.
Generate an RSA public key on the SSH server and bind the RSA public key of the SSH
client to Client002.
5.
Enable the STelnet and SFTP services on the SSH server.
6.
Configure the type of the service and authenticated directory for the SSH user.
7.
Set the listening port number on the SSH server.
8.
Client001 and Client002 log in to the SSH server through STelnet and SFTP separately.
Data Preparation
l
IP addresses of the FTP server and client, as shown in Figure 5-2
SSH user name and authentication mode
Password or RSA public key of the SSH user
Server name
Listening port number on the SSH server
Issue 05 (2010-01-08)

5-17

Procedure
Step 1 Create a VLAN that each interface belongs to and assign an IP address to each VLANIF interface.
Create VLAN 10 on the S9300 that functions as the server and assign IP address
10.164.39.222/24 to VLANIF 10.
[Quidway] vlan 10
[Quidway-vlan10] quit
Assigning an IP address to theS9300 that functions as Client001 or Client002 is the same as

assigning an IP address to VLANIF 10, and is not mentioned here.
Step 2 A local key pair generated on the SSH server
[Quidway] rsa local-key-pair create
The key name will be: Quidway_Host
The range of public key size is (512 ~ 2048).
info: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
...........++++++++++++
..................++++++++++++
...++++++++
...........++++++++
Step 3 Configure the RSA public key on the server.

# Create a local key pair on the client.
[Quidway] sysname client002
[client002] rsa local-key-pair create
# Check the RSA public key generated on the client.

[client002] display rsa local-key-pair public
=====================================================
Time of Key pair created: 16:38:51 2007/5/25
Key name: client002_Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
0240
BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB
203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8
EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43
1D7E3E1B
0203
010001
Host public key for PEM format code:
---- BEGIN SSH2 PUBLIC KEY ---AAAAB3NzaC1yc2EAAAADAQABAAAAQQC/815LxhvXhvkHtd59Z3DD5f0XqyA8j8u7
yP3y98tnTlGehBkPa5eo6pH8S7nhiDZedL/VTGh3Z6ica0Mdfj4b
---- END SSH2 PUBLIC KEY ---Public key code for pasting into OpenSSH authorized_keys file :
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAQQC/815LxhvXhvkHtd59Z3DD5f0XqyA8j8u7yP3y98tn
TlGehBkPa5eo6pH8S7nhiDZedL/VTGh3Z6ica0Mdfj4b rsa-key
5-18

Issue 05 (2010-01-08)

=====================================================
Key name: client002_Server
=====================================================
Key code:
3067
0260
BCFAC085 49A2E70E 1284F901 937D7B63 D7A077AB
D2797280 4BCA86C0 4CD18B70 5DFAC9D3 9A3F3E74
9B2AF4CB 69FA6483 E87DA590 7B47721A 16391E27
1C76ABAB 743C568B 1B35EC7A 8572A096 BCA9DF0E
BC89D3DB 5A83698C 9063DB39 A279DD89
0203
010001
[client002]
# Send the RSA public key generated on the client to the server.
[Quidway] rsa peer-public-key RsaKey001
Enter "RSA public key" view, return system view with "peer-public-key end".
[Quidway-rsa-public-key] public-key-code begin
Enter "RSA key code" view, return last view with "public-key-code end".
[Quidway-rsa-key-code] 3047
[Quidway-rsa-key-code] BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB
[Quidway-rsa-key-code] 203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8
[Quidway-rsa-key-code] EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43
[Quidway-rsa-key-code] 1D7E3E1B
[Quidway-rsa-key-code] public-key-code end
[Quidway-rsa-public-key] peer-public-key end
Step 4 Create an SSH user on the server.

NOTE
SSH users can be authenticated in four modes: password, RSA, password-rsa, and all.
l
Before configuring the authentication mode of password or password-rsa, you must configure a local
user.
Before configuring the authentication mode of RSA, password-rsa, or all, you must copy the RSA
public key of the SSH client to the server.
# Configure a VTY user interface.

[Quidway] user-interface vty 0 4
[Quidway-ui-vty0-4] authentication-mode aaa
[Quidway-ui-vty0-4] protocol inbound ssh
[Quidway-ui-vty0-4] quit
# Create an SSH user named Client001, and configure the authentication mode as password
for the user.
[Quidway] ssh user client001
[Quidway] ssh user client001 authentication-type password
# Set the password of Client001 to huawei.

[Quidway] aaa
[Quidway-aaa] local-user client001 password simple huawei
[Quidway-aaa] local-user client001 service-type ssh
[Quidway-aaa] quit
# Set the type of service of Client001 to STelnet.

[Quidway] ssh user client001 service-type stelnet
Issue 05 (2010-01-08)

5-19

# Create an SSH user named Client002, and configure the authentication mode as RSA for the
user. Bind the RSA public key of the SSH client to Client002.
[Quidway] ssh user client002 authentication-type rsa
[Quidway] ssh user client002 assign rsa-key RsaKey001
# Set the type of service of Client002 to SFTP and the authorized directory as cfcard:/.
[Quidway] ssh user client002 service-type sftp
[Quidway] ssh user client002 sftp-directory cfcard:/
Step 5 Enable the STelnet and SFTP services on the SSH server.
[Quidway] stelnet server enable
[Quidway] sftp server enable
Step 6 Configure the new listening port number on the SSH server.
[Quidway] ssh server port 1025
Step 7 Connect the SSH client and the SSH server.

# You must enable the initial authentication on the SSH client for the first login.
[client001] ssh client first-time enable
# The STelnet client logs in to the SSH server by using the new listening port.
[client001] stelnet 10.164.39.222 1025
Please input the username:client001
Trying 100.2.150.13 ...
Connected to 100.2.150.13 ...
he server is not authenticated. Do you continue to access it?(Y/N):y
Do you want to save the server's public key?(Y/N):y
he server's public key will be saved with the name: 10.164.39.222. Please wait...
Enter password:
Enter the password huawei, and information indicating that the login succeeds is displayed as
follows:
<Quidway>
# The SFTP client logs in to the SSH server by using the new listening port.
[client002]sftp 10.164.39.222 1025
Input Username:client002
Trying 100.2.150.13 ...
The server's public key does not match the one we cached.
The server is not authenticated. Do you continue to access it?(Y/N):y
Do you want to update the server's public key we cached?(Y/N):y
sftp-client>

Attackers fail to log in to the SSH server by using port 22.
[client002] sftp 10.164.39.222
Trying 10.164.39.222 ...
Can't establish tcp connection to server
5-20

Issue 05 (2010-01-08)

After the configuration, run the commands of display ssh server status and display ssh server
session on the SSH server. You can check the current listening port number on the SSH server,
and that the STelnet or SFTP client logs in to the server successfully.
# Check the status of the SSH server.
[Quidway] display ssh server status
SSH version : 1.99
SFTP server: Enable
STELNET server: Enable
SSH server port: 1025
# Check the connection of the SSH server.

Session 1:
Conn: VTY 3
Version: 2.0
State: started
Username: client001
Retry: 1
CTOS Cipher: aes128-cbc
STOC Cipher: aes128-cbc
CTOS Hmac: hmac-sha1-96
STOC Hmac: hmac-sha1-96
Kex: diffie-hellman-group1-sha1
Service Type: stelnet
Session 2:
Conn: VTY 4
Version: 2.0
State: started
Username: client002
Retry: 1
Service Type: sftp
Authentication Type: rsa
----End
Configuration Files
l
Configuration file of the Quidway, the SSH server

#
sysname Quidway
#
vlan batch 10
#
interface Vlanif10
ip address 10.164.39.222 255.255.255.0
#
rsa peer-public-key rsakey001
3047
0240
C4989BF0 416DA8F2 2675910D 7F2997E8 5573A35D 0163FD4A FAC39A6E 0F45F325
A4E3AA1D 54692B04 C6A28D3D C58DE2E8 E0D58D65 7A25CF92 A74D21F9 E917182B
0203
010001
public-key-code end
peer-public-key end
Issue 05 (2010-01-08)

5-21

#
aaa
local-user client001 password simple huawei
local-user client001 service-type ssh
#
sftp server enable
ssh server port 1025
ssh user client001
ssh user client002
ssh user client001 authentication-type password
ssh user client002 authentication-type RSA
ssh user client002 assign rsa-key RsaKey001
ssh user client001 service-type stelnet
ssh user client002 service-type sftp
ssh user client002 sftp-directory flash:
#
#
#
return
l
Configuration file of Client001, the SSH client

#
sysname client001
#
vlan batch 10
#
interface Vlanif10
ip address 10.164.39.220 255.255.255.0
#
#
#
return

#
sysname client002
#
vlan batch 10
#
interface Vlanif10
ip address 10.164.39.221 255.255.255.0
#
#
#
return
5.6.2 Example for Connecting the STelnet Client and the SSH Server
5-22

Issue 05 (2010-01-08)

As shown in Figure 5-3, after the STelnet service is enabled on the SSH server, the STelnet
client can log in to the SSH server in the authentication mode of password, RSA, password-rsa,
or all.
The following login users need to be configured.
l
Client001, with the password as huawei and the authentication mode as password
Client002, with the password as rsakey001 and the authentication mode as RSA
The user interface supports only the SSH protocol.

Figure 5-3 Networking diagram of connecting the STelnet client and the SSH server
SSH Server
GE1/0/1
10.164.39.222/24
GE1/0/1
10.164.39.220/24
Client001
GE1/0/1
10.164.39.221/24
Client002
S9300
Interface
VLANIF interface
IP address
SSH server
VLANIF 10
10.164.39.222/24
Client001
VLANIF 10
10.164.39.220/24
Client002
VLANIF 10
10.164.39.221/24
1.
interface.
2.
3.
Create a local key pair on the STelnet client and SSH server separately.
4.
Generate an RSA public key on the SSH server and bind the RSA public key of the SSH
client to Client002.
5.
Enable the STelnet service on the SSH server.
6.
Client001 and Client002 log in to the SSH server through STelnet.
Data Preparation
l
Issue 05 (2010-01-08)

5-23

l
Password or RSA public key
SSH server name

Procedure
10.164.39.222/24 to VLANIF 10.
[Quidway] vlan 10
[Quidway] quit
Assigning an IP address to theS9300 that functions as Client001 or Client002 is the same as

Step 2 Create a local key pair on the SSH server.
info: If the key modulus is greater than 512,
Generating keys...
.......++++++++++++
..........++++++++++++
...................................++++++++
......++++++++

NOTE
l
Before configuring the authentication mode of password or password-rsa, you must configure a local
user.
Before configuring the authentication mode of RSA, password-rsa, or all, you must copy the RSA
public key of the SSH client to the server.

l
Create an SSH user named Client001.

# Create an SSH user named Client001 and configure the authentication mode as
password for the user.

5-24

Issue 05 (2010-01-08)

[Quidway] aaa
l
# Create an SSH user named Client002 and configure the authentication mode as RSA for
the user.

# Check the RSA public key generated on the client.

=====================================================
=====================================================
Key code:
3047
0240
1D7E3E1B
0203
010001
=====================================================
=====================================================
Key code:
3067
0260
9B2AF4CB 69FA6483 E87DA590 7B47721A 16391E27
BC89D3DB 5A83698C 9063DB39 A279DD89
0203
010001
[client002]
# Send the RSA public key generated on the client to the server.
Issue 05 (2010-01-08)

5-25


Step 5 Bind the RSA public key of the SSH client to Client002.
Step 6 Enable the STelnet service on the SSH server.

# Enable the STelnet service.
[Quidway] stelnet server enable
Step 7 Set the service type of Client001 and Client002 to STelnet.

Step 8 Connect the STelnet and the SSH server.

# Client001 logs in to the SSH server in password authentication mode by entering the user
name and password.
<client001> system-view
[client001] stelnet 10.164.39.222
Please input the username:client001
Trying 10.164.39.222 ...
Connected to 10.164.39.222 ...
he server is not authenticated. Do you continue to access it?(Y/N):y
Do you want to save the server's public key?(Y/N):y
he server's public key will be saved with the name: 10.164.39.222. Please wait...
Enter password:
Enter the password huawei, and information indicating that the login succeeds is displayed as
follows:
<Quidway>
# Client002 logs in to the SSH server in RSA authentication mode.

[client002] stelnet 10.164.39.222
Please input the username: client002
Trying 10.164.39.222 ...
Connected to 10.164.39.222 ...
***********************************************************
<Quidway>

After the configuration, run the commands of display ssh server status and display ssh server
session on the SSH server. You can view that the STelnet service is enabled, and that the STelnet
client logs in to the server successfully.
5-26

Issue 05 (2010-01-08)


SSH version : 1.99
SFTP server: Disable
STELNET server: Enable

Session 1:
Conn: VTY 3
Version: 2.0
State: started
Username: client001
Retry: 1
Session 1:
Conn: VTY 4
Version: 2.0
State: started
Username: client002
Retry: 1
# Check information about the SSH user.

[Quidway] display ssh user-information
User 1:
User-public-key-name: Sftp-directory: Service-type: stelnet
User 2:
Authentication-type: rsa
User-public-key-name: RsaKey001
Sftp-directory: Service-type: stelnet
----End
Configuration Files
l

#
sysname Quidway
#
vlan batch 10
#
interface Vlanif10
ip address 10.164.39.222 255.255.255.0
Issue 05 (2010-01-08)

5-27

#
3047
0240
BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB 203C8FCB BBC8FDF2 F7CB674E
519E8419 0F6B97A8 EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43
1D7E3E1B
0203
010001
public-key-code end
peer-public-key end
#
aaa
#
ssh user client001
ssh user client002
ssh user client002 authentication-type rsa
#
#
#
return
l

#
sysname client001
#
vlan batch 10
#
interface Vlanif10
ip address 10.164.39.220 255.255.255.0
#
#
#
return

#
sysname client002
#
vlan batch 10
#
interface Vlanif10
ip address 10.164.39.221 255.255.255.0
#
#
#
return
5-28

Issue 05 (2010-01-08)

5.6.3 Example for Connecting the SFTP Clinet and the SSH Server
As shown in Figure 5-4, after the SFTP service is enabled on the SSH server, the SFTP client
can log in to the SSH server in the authentication mode of password, RSA, password-rsa, or all.
Figure 5-4 Networking diagram for connecting the SFTP client and the SSH server
SSH Server
GE1/0/1
10.164.39.222/24
GE1/0/1
10.164.39.220/24
Client001
GE1/0/1
10.164.39.221/24
Client002
S9300
Interface
VLANIF interface
IP address
SSH server
VLANIF 10
10.164.39.222/24
Client001
VLANIF 10
10.164.39.220/24
Client002
VLANIF 10
10.164.39.221/24
1.
interface.
2.
3.
Create a local key pair on the SFTP client and SSH server separately.
4.
Create an RSA public key on the SSH server and bind the RSA public key of the SSH client
to Client002.
5.
Enable the SFTP service on the SSH server.
6.
Configure the type of service and authenticated directory for the SSH user.
7.
Client001 and Client002 log in to the SSH server through SFTP.
Data Preparation
l
Password or RSA public key of the SSH user
Issue 05 (2010-01-08)

5-29

l

SSH server name
Procedure
10.164.39.222/24 to VLANIF 10.
[Quidway] vlan 10
[Quidway] quit
Assigning an IP address to the S9300 that functions as Client001 or Client002 is the same as
Step 2 Create a local key pair on the SSH server.
NOTES: If the key modulus is greater than 512,
Generating keys...
...........++++++++++++
..................++++++++++++
...++++++++
...........++++++++

NOTE
l
In password or password-rsa authentication mode, you must configure a local user.
In RSA or all authentication mode, you must copy the RSA public key of the SSH client to the server.

l
Create an SSH user named Client001.

# Create an SSH user named Client001 and configure the authentication mode as
password for the user.

[Quidway] aaa
l
5-30
# Create an SSH user named Client002 and configure the authentication mode as RSA for
the user.
Issue 05 (2010-01-08)



# Check the RSA public key created on the client.

=====================================================
=====================================================
Key code:
3047
0240
1D7E3E1B
0203
010001
=====================================================
=====================================================
Key code:
3067
0260
9B2AF4CB 69FA6483 E87DA590 7B47721A 16391E27
BC89D3DB 5A83698C 9063DB39 A279DD89
0203
010001
[client]
# Send the RSA public key created on the client to the server.
Issue 05 (2010-01-08)

5-31

Step 5 Bind the RSA public key of the SSH client to Client002.
Step 6 Enable the SFTP service on the SSH server.

# Enable the SFTP service.
[Quidway] sftp server enable
Step 7 On the SSH server, set the type of service for the SSH user and the authorized directory.
Two SSH users are configured on the SSH server: Client001 in the password authentication
mode and Client002 in the RSA authentication mode.
[Quidway]
[Quidway]
[Quidway]
[Quidway]
ssh
ssh
ssh
ssh
user
user
user
user
client001
client001
client002
client002
service-type sftp
sftp-directory flash:
service-type sftp
sftp-directory flash:
Step 8 Connect the SFTP client and the SSH server.

# Client001 logs in to the SSH server in password authentication mode.

[client001] sftp 10.164.39.222
Trying 10.164.39.222 ...
Enter password:
sftp-client>
# Client002 logs in to the SSH server in RSA authentication mode.

[client002] sftp 10.164.39.222
Input Username: client002
Trying 10.164.39.222 ...
sftp-client>

After the configuration, run the display ssh server status and display ssh server session
commands on the SSH server. You can view that the SFTP service is enabled, and that the SFTP
client logs in to the server successfully.
SSH version : 1.99
SFTP server: Enable
STELNET server: Disable

Session 1:
Conn: VTY 3
Version: 2.0
State: started
5-32

Issue 05 (2010-01-08)

Username: client001
Retry: 1
Service Type: sftp
Session 2:
Conn: VTY 4
Version: 2.0
State: started
Username: client002
Retry: 1
Service Type: sftp
# Check information about the SSH user.

[Quidway] display ssh user-information
User 1:
User-public-key-name: Sftp-directory: flash:
Service-type: sftp
User 2:
Authentication-type: rsa
User-public-key-name: RsaKey001
Sftp-directory: flash:
Service-type: sftp
----End
Configuration Files
l

#
sysname Quidway
#
vlan batch 10
#
interface Vlanif10
ip address 10.164.39.222 255.255.255.0
#
3047
0240
C4989BF0 416DA8F2 2675910D 7F2997E8 5573A35D 0163FD4A FAC39A6E 0F45F325
A4E3AA1D 54692B04 C6A28D3D C58DE2E8 E0D58D65 7A25CF92 A74D21F9 E917182B
0203
010001
public-key-code end
peer-public-key end
#
aaa
Issue 05 (2010-01-08)

5-33

#
sftp server enable
ssh user client001
ssh user client002
ssh user client002 authentication-type rsa
#
#
#
return
l

#
sysname client001
#
vlan batch 10
#
interface Vlanif10
ip address 10.164.39.220 255.255.255.0
#
#
#
return

#
sysname client002
#
vlan batch 10
#
interface Vlanif10
ip address 10.164.39.221 255.255.255.0
#
#
#
return
5-34

Issue 05 (2010-01-08)

6 Configuration of the FTP Server and Client
Configuration of the FTP Server and Client
About This Chapter

This chapter describes how to configure the File Transfer Protocol (FTP) server and client.
6.1 Overview of FTP
This section describes the basic concepts of FTP.
6.2 Configuring the S9300 as the FTP Server
This section describes how to enable the FTP server, set the timeout interval of disconnection,
set the local user name and password, and set the type of the service and authorization method.
6.3 Configuring the S9300 as the FTP Client
This section describes how to configure the FTP client, log in to the server, upload files,
download files, manage directories, and manage files.
6.4 Maintaining FTP
This section describes how to maintain FTP.
This section provides several configuration examples of FTP.
Issue 05 (2010-01-08)

6-1

6.1 Overview of FTP

This section describes the basic concepts of FTP.
In the TCP/IP protocol suite, FTP works at the application layer. It is used to transfer files
between remote hosts. FTP is based on the related file system.
The FTP services include the following:
l
FTP server: You can log in to the S9300 to access files on the S9300 by running the FTP
program on the host or client.
FTP client: When you set up a connection between the PC and the S9300 through the
emulation terminal program or the Telnet program, you can type the FTP command on the
S9300 to set up a connection with the remote FTP server and access files on remote hosts.
6.2 Configuring the S9300 as the FTP Server

This section describes how to enable the FTP server, set the timeout interval of disconnection,
set the local user name and password, and set the type of the service and authorization method.
6.2.2 Enabling the FTP Server
6.2.3 (Optional) Setting the Timeout Interval for Disconnecting the FTP Server and the Client
6.2.4 Setting the Local User Name and Password
6.2.5 Setting the Type of the Service and Directory for the FTP Login User

The S9300 functions as an FTP server. After logging in to the S9300 through FTP on the client,
you can transfer files remotely between the client and the server.
Before configuring the FTP server, complete the following tasks:
l
Installing the S9300 and switching it on properly
Configuring a reachable route between the client and the S9300
Data Preparation
To configure the FTP server, you need the following data.
6-2

Issue 05 (2010-01-08)

No.
Data
Timeout interval for disconnecting the FTP server and the client
FTP user name and password
Working directory for the FTP login user
6.2.2 Enabling the FTP Server

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
ftp server enable
The FTP server is enabled.

----End
6.2.3 (Optional) Setting the Timeout Interval for Disconnecting the

FTP Server and the Client
Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
ftp timeout minutes
The timeout interval for disconnecting the FTP server and the client is set.
----End
6.2.4 Setting the Local User Name and Password

Issue 05 (2010-01-08)

6-3

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
aaa
The Authentication, Authorization, and Accounting (AAA) view is displayed.

Step 3 Run:
The local user name and password are set.

----End
6.2.5 Setting the Type of the Service and Directory for the FTP Login
User
Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
aaa

Step 3 Run:
local-user user-name service-type ftp
The type of the service is set to FTP.

Step 4 Run:
local-user user-name ftp-directory directory
The directory for the FTP login user is set.

----End

6-4

Issue 05 (2010-01-08)

Prerequisite
The configurations of the FTP server are complete.
Procedure
l
Run the display ftp-server command to check the configuration and status of the FTP
server.
Run the display ftp-users command to check information about the FTP login user.
----End
Example
After configuring the FTP server is complete, run the display ftp-server command. You can
view that the FTP server is running.
<Quidway> display ftp-server
FTP server is running
Max user number
User count
Timeout value(in minute)
Acl number
FTP server's source address
5
0
30
0
0.0.0.0
Run the display ftp-users command, and you can view information about the FTP user name,
port number, and directory for the FTP login user.
<Quidway> display ftp-users
username
hostport
zll
100.2.150.226
idle
2320
top
0
dir
flash:
6.3 Configuring the S9300 as the FTP Client

This section describes how to configure the FTP client, log in to the server, upload files,
download files, manage directories, and manage files.
6.3.2 Logging In to the FTP Server
6.3.3 Setting the Type and Mode for Transmitting Files
6.3.4 Displaying the Online Help About FTP Commands
6.3.5 Uploading or Downloading Files
6.3.6 Managing Directories
6.3.7 Managing Files
6.3.8 Changing the Login User
6.3.9 Ending an FTP Connection

Issue 05 (2010-01-08)

6-5

You can configure the S9300 as the FTP client, and then log in to the FTP server through the
S9300 to perform operations, such as transferring files and managing directories of the server.
Before configuring the S9300 as the FTP client, complete the following tasks:
l
Configuring a reachable route between the S9300 and the FTP server
Data Preparation
To configure the S9300 as the FTP client, you need the following data.
No.
Data
Host name or IP address of the FTP server
Port number used for setting up the FTP connection
User name and password for login
6.3.2 Logging In to the FTP Server

Context
The modes of setting up connections with the FTP server vary according to view.
Do as follows on the S9300 that functions as the FTP client.
Procedure
Step 1 Run the following command in the user view:
ftp [ -a source-ip-address ] [ host [ port-number ] ]
A connection with the FTP server is set up.

----End
6.3.3 Setting the Type and Mode for Transmitting Files

Context
By default, files are transmitted in ASCII mode and the data is transmitted in passive mode.
6-6

Issue 05 (2010-01-08)

Procedure
Step 1 Run:
A connection with the FTP server is set up and the FTP client view is displayed.
ascii | binary
The file is transmitted in ASCII code or in binary mode.

passive
The file is transmitted in passive mode.

----End
6.3.4 Displaying the Online Help About FTP Commands

Context
Procedure
Step 1 Run:
Step 2 Run:
remotehelp [ command ]
The online help about an FTP command is displayed.

----End
6.3.5 Uploading or Downloading Files

Context
Procedure
Step 1 Run:
l
To upload local files to the remote FTP server, run:

put local-filename [ remote-filename ]
Issue 05 (2010-01-08)

6-7

local-filename specifies the local filename. remote-filename specifies the filename that is
uploaded to the remote FTP server and can be renamed. If this parameter is not used, the
name of the file is the same as the name of the file to be uploaded.
l
To download files from the FTP server and store them in a local folder, run:
get remote-filename [ local-filename ]
remote-filename specifies the filename on the server. local-filename specifies the filename
that is downloaded from the FTP server and saved on the local device. If this parameter is
not used, the name of the file is the same as the name of the file on the server.
----End
6.3.6 Managing Directories

Context
Procedure
Step 1 Run:

l
To change the working path of the remote FTP server, run:

cd pathname
To change the working path of the FTP server to the parent directory, run:
cdup
To display the working path of the FTP server, run:

pwd
To display or change the working path of the FTP client, run:

lcd [ pathname ]
To create a directory on the FTP server, run:

mkdir remote-directory
To delete a directory from the FTP server, run:

rmdir remote-directory
NOTE
The directory can contain letters and numerals, but cannot contain special characters such as <, >, ?, \, or ?
If the mkdir /abc command is used, a subdirectory named abc is created in the root directory.
----End
6.3.7 Managing Files

Context
6-8

Issue 05 (2010-01-08)

Procedure
Step 1 Run:

l
To display information about a specified directory or a file on the FTP server, run:
ls [ remote-filename ] [ local-filename ]
To display detailed information about a specified directory or a file on the FTP server, run:
dir [ remote-filename ] [ local-filename ]
To delete a specified file from the FTP server, run:

delete remote-filename
When local-filename is specified, the displayed information about the file can be downloaded
locally.
----End
6.3.8 Changing the Login User

Context
Procedure
Step 1 Run:

Step 2 Run:
user user-name [ password ]
The current login user name and password are changed, then the user can login again using
another name and password.
----End
6.3.9 Ending an FTP Connection

Context
Procedure
Step 1 Run:
bye
Or,
Issue 05 (2010-01-08)

6-9


quit
The client is disconnected from the FTP server and the user view is displayed.
NOTE
This configuration can be performed only in the FTP client view.
----End

Prerequisite
The configurations of the FTP client are complete.
Procedure
Step 1 Run the display ftp-users command to check information about the FTP login user.
----End
Example
Run the display ftp-users command, and you can view information about the FTP user name,
port number, and directory for the FTP login user.
<Quidway> display ftp-users
username
host
zll
100.2.150.226
port
2320
idle
0
topdir
flash:
6.4 Maintaining FTP

This section describes how to maintain FTP.
6.4.1 Debugging the FTP Server
6.4.1 Debugging the FTP Server

Context
NOTE
Debugging affects the performance of the system. So, after debugging, run the undo debugging all
command to disable it immediately.
When a running fault of the FTP server occurs, run the following debugging command in the
user view to locate the fault. For the procedure of displaying the debugging information, see the
chapter "Monitoring and Debugging" in the Quidway S9300 Terabit Routing Switch
Configuration Guide - Device Management. For details about the debugging command, see the
Quidway S9300 Terabit Routing Switch Command Reference.
6-10

Issue 05 (2010-01-08)

Procedure
Step 1 Run the debugging ftp-server command to enable the debugging of the FTP server.
----End

This section provides several configuration examples of FTP.
6.5.1 Example for Configuring the FTP Server
6.5.2 Example for Configuring the FTP Client
6.5.3 Example for Configuring an ACL of the FTP Server
6.5.1 Example for Configuring the FTP Server

As shown in Figure 6-1, the local PC functions as the FTP client of which the IP address is
10.1.1.1/24.
The S9300 acts as the FTP server. VLAN 10 is created on the S9300 and GE 3/0/1 is added to
VLAN 10. The IP address 10.1.1.2/24 is assigned to VLANIF 10.
The PC uploads files to the S9300.
Figure 6-1 Networking diagram of the S9300 functioning as the FTP server
VLAN10
FTP
Client
FTP Session
PC
Ethernet
FTP
Server
L2 Switch
Ethernet
S9300
1.
Set the correct FTP user name and password on the S9300 that functions as the FTP server.
2.
Log in to the S9300 through FTP from the PC.
3.
Upload files to the FTP server.
Data Preparation
Issue 05 (2010-01-08)

6-11

IP address of the FTP server
Name of the FTP user set as u1 and the password set as ftppwd on the server
Correct path of the source file on the PC
Name of the destination file and position where the destination files are located on the
S9300
Procedure
Step 1 Create VLAN 10 on the S9300 and assign the IP address 10.1.1.2/24 to VLANIF 10.
[Quidway] vlan 10
Step 2 Start the FTP server on the S9300, and set the FTP user name to u1 and password to ftpwd.
[Quidway] ftp server enable
[Quidway] aaa
[Quidway-aaa] local-user u1 password simple ftppwd
[Quidway-aaa] local-user u1 service-type ftp
[Quidway-aaa] local-user u1 ftp-directory cfcard:/
[Quidway-aaa]return
Step 3 On the PC, initiate a connection to the S9300 with the user name u1 and the password
ftppwd.
Use Windows XP on the FTP client to illustrate the preceding operations.
C:\WINDOWS\Desktop> ftp 10.1.1.2
Connected to 10.1.1.2.
220 FTP service ready
User (10.1.1.1:(none)): u1
331 Password required for ftpuser.
Password:
230 User logged in.
ftp>
Step 4 Set the mode of transferring files to binary and the local directory on the PC.
ftp> binary
200 Type set to I.
ftp> lcd c:\temp
Local directory now C:\temp.
Step 5 Upload d006.cc and vrpcfg.cfg to the S9300 on the PC.

ftp> put d006.cc d006.cc
ftp> put vrpcfg.cfg vrpcfg.cfg
ftp> quit
C:\WINDOWS\Desktop>
----End
Configuration Files
#
sysname Quidway
#
FTP server enable
#
6-12

Issue 05 (2010-01-08)

vlan batch 10
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
#
aaa
local-user u1 password simple ftppwd
local-user u1 service-type ftp
local-user u1 ftp-directory cfcard:/
#
Return
6.5.2 Example for Configuring the FTP Client

As shown in Figure 6-2, the remote server at 10.1.1.2 serves as the FTP server. The S9300 and
the FTP server are directly connected and on the same network segment. The S9300 has a
reachable route to the FTP server.
The S9300 acts as the FTP client. Interfaces ranging from GE 3/0/1 to GE 3/0/4 can be used to
set up FTP connections and they share the IP address 10.1.1.1.
The S9300 downloads files from the FTP server.
Figure 6-2 Networking diagram of the S9300 functioning as the FTP client
FTP session
PC
configuration
cable
FTP Client
FTP Server
1.
Log in to the FTP server from the FTP client.
2.
Download files from the server to the storage device of the client.
Data Preparation
l
IP address of the FTP server
Name of the destination file and position where the destination files are located on the
S9300
Name of the FTP user set as u1 and the password set as ftppwd on the client
Issue 05 (2010-01-08)

6-13

Procedure
Step 1 Enable FTP on the remote FTP server. Add an FTP user named u1 and set the password to
ftppwd.
Step 2 Create VLAN 10 on the S9300 and assign the IP address 10.1.1.1 to VLANIF10.
[Quidway] vlan 10
[Quidway-GigabitEthernet3/0/1] port hybrid
pvid vlan 10
untagged vlan 10
pvid vlan 10
untagged vlan 10
pvid vlan 10
untagged vlan 10
pvid vlan 10
untagged vlan 10
Step 3 On theS9300, initiate a connection to the FTP server with the user name tpuser and the password
ftppwd.
<Quidway> ftp 10.1.1.2
Trying 10.1.1.2 ...
Connected to 10.1.1.2.
220 FTP-Server v2.5 for WinSock ready...
User(10.1.1.1:(none)):u1
331 User name okay, need password.
Password:
230 User logged in, proceed.
[ftp]
Step 4 On the S9300, set the mode of transferring files to binary and the flash directory.
[ftp] binary
200 Type set to I.
[ftp] lcd flash:/
Info: Local directory
now
flash:.
Step 5 Download the files of d006.cc and vrpcfg.cfg from the remote FTP server on the S9300.
[ftp] get d006.cc d006.cc
[ftp] get vrpcfg.cfg vrpcfg.cfg
[ftp] quit
<Quidway>
----End
Configuration Files
#
sysname Quidway
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
6-14

Issue 05 (2010-01-08)


#
#
#
#
return
6.5.3 Example for Configuring an ACL of the FTP Server

As shown in Figure 6-3, the IP address of the FTP server is 172.16.104.110/24.
The routes between PC1, PC2, and FTP server are reachable. On the S9300 that functions as the
FTP server, it is required that the FTP server should permit only PC1 with the IP address as
172.16.104.111 to download and upload files through FTP, and PC2 should not connect to the
FTP server after the ACL is configured.
Figure 6-3 Networking diagram for configuring an ACL of the FTP server
FTP Server
172.16.104.110/24
172.16.104.111/24
172.16.105.111/24
PC1
PC2
1.
Perform basic configurations on the FTP server.
2.
Configure the ACL on the FTP server.
Data Preparation
l
Name of the FTP user set as u1 and password set as huawei on the server
Number of the ACL
Issue 05 (2010-01-08)

6-15

Procedure
Step 1 Configure basic FTP functions.
For details, see 6.5.1 Example for Configuring the FTP Server.
Step 2 Configure an ACL.
[Quidway] acl number 2001
[Quidway-acl-basic-2001] rule permit source 172.16.104.111 0.0.0.0
[Quidway-acl-basic-2001] quit
Step 3 Configure the ACL supported by the FTP server.

[Quidway] ftp acl 2001
Step 4 Connect PC1 to the FTP server.

This step needs to be performed on the DOS of the PC.
c:\ ftp 172.16.104.110
Connected to 172.16.104.110
220 FTP service ready.
User (100.2.150.40:(none)):u1
331 Password required for u1
Password:
230 User logged in.
ftp>
Step 5 Connect PC2 to the FTP server.

This step needs to be performed on the DOS of the PC.
c:\ ftp 172.16.104.110
Connected to 172.16.104.110.
Info:ACL was denied by remote host!
Connection closed by remote host.
----End
Configuration Files
Configuration file of the FTP server
#
sysname Quidway
#
FTP server enable
FTP acl 2001
#
acl number 2001
rule 5 permit source 172.16.104.111 0.0.0.0
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
ip address 10.1.1.2 255.255.255.0
#
port default vlan 10
#
aaa
local-user u1 password simple huawei
local-user u1 service-type ftp
local-user u1 ftp-directory cfcard:/
authentication-scheme default
6-16

Issue 05 (2010-01-08)

#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
return
Issue 05 (2010-01-08)

6-17

File System Management
About This Chapter

This chapter describes the basic knowledge of the file system, including the methods of managing
files, directories, and storage devices.
7.1 Overview of the File System
This section describes the concepts of the file system.
7.2 Managing a Storage Device
This section describes how to repair and format a storage device.
7.3 Managing a File
This section describes how to view, copy, move, rename, delete, and execute a batch file.
7.4 Managing a Directory
This section describes how to create and delete directories.
7.5 Maintaining the File System
This section describes how to maintain the file system.
This section provides several configuration examples of the file system.
Issue 05 (2010-01-08)

7-1

7.1 Overview of the File System

This section describes the concepts of the file system.
7.1.1 Basic Concepts of the File System
7.1.2 Storage Device
7.1.3 File
7.1.4 Directory
7.1.1 Basic Concepts of the File System

A file system allows you to manage files and directories on the storage devices. In the file system,
you can create, delete, modify, and rename a file or a directory, and view contents of a file.
The file system provides the following functions:
l
Managing the files that are stored on the storage devices
Managing the storage devices
7.1.2 Storage Device

A storage device is a hardware device used to store data.
Different products support different storage devices. Currently, the S9300 supports the flash
memory and the Compact Flash (CF) card.
7.1.3 File
A file stores and manages information.
7.1.4 Directory
A directory collects and organizes files. It is a logical container of files.
7.2 Managing a Storage Device

This section describes how to repair and format a storage device.
7.2.2 (Optional) Formatting a Storage Device

7-2

Issue 05 (2010-01-08)

When the S9300 fails to access information, you need to repair the damaged storage device.
Before managing a storage device, complete the following tasks:
l
Client logging in to the S9300
Data Preparation
To manage a storage device, you need the following data.
No.
Data
Device name
7.2.2 (Optional) Formatting a Storage Device

Context
NOTE
After the format device-name command is run, the files and directories in the specified storage device are
cleared and cannot be restored. So, confirm the action before you use the command.
Procedure
Step 1 Run the following command in the user view:
format device-name
A storage device is formatted.

----End
7.3 Managing a File

This section describes how to view, copy, move, rename, delete, and execute a batch file.
7.3.2 (Optional) Displaying the Status of the File System
7.3.3 (Optional) Changing the Prompt Mode of the File System
7.3.4 (Optional) Displaying the Contents of a File
7.3.5 (Optional) Copying a File
7.3.6 (Optional) Moving a File
Issue 05 (2010-01-08)

7-3

7.3.7 (Optional) Renaming a File

7.3.8 (Optional) Deleting a File
7.3.9 (Optional) Deleting a File from the Recycle Bin
7.3.10 (Optional) Restoring a Deleted File
7.3.11 (Optional) Executing a Batch File

To display, create, delete, or rename files on the S9300, you need to configure files by using the
file system.
Before configuring the file system, complete the following task:
Data Preparation
To configure the file system, you need the following data.
No.
Data
Name of a file to be created
Name of a file to be deleted
7.3.2 (Optional) Displaying the Status of the File System

Context
Procedure
Step 1 Run:
dir [ /all ] [ filename | cfcard: | flash: ]
The files and directories in the current path are displayed.

NOTE
The parameter cfcard: cannot be specified if the device does not provide a CF card.
----End
7-4

Issue 05 (2010-01-08)

7.3.3 (Optional) Changing the Prompt Mode of the File System

Context
The S9300 provides the following prompt modes for the file system:
l
Alert
If a user attempts to perform an operation that may cause data loss or data damage, for
example, deleting a file, the S9300 prompts the user to confirm the operation.
Quiet
The S9300 does not display any message.
By default, the S9300 adopts the prompt mode of alert.

Do as follows on the S9300 where the prompt mode of the file system needs to be changed.
Procedure
Step 1 Run:
system-view

Step 2 Run:
file prompt { alert | quiet }
The prompt mode of the file system is changed.

----End
7.3.4 (Optional) Displaying the Contents of a File

Context
Procedure
Step 1 Run:
more filename
The contents of a file are displayed.

----End
7.3.5 (Optional) Copying a File

Context
Issue 05 (2010-01-08)

7-5

Procedure
Step 1 Run:
copy source-filename destination-filename
A file is copied.
----End
7.3.6 (Optional) Moving a File

Context
Procedure
Step 1 Run:
move source-filename destination-filename
A file is moved.
----End
7.3.7 (Optional) Renaming a File

Context
Procedure
Step 1 Run:
rename source-filename destination-filename
A file is renamed.
----End
7.3.8 (Optional) Deleting a File

Context
Procedure
Step 1 Run:
delete [/unreserved ] filename
A file is deleted.
7-6

Issue 05 (2010-01-08)

NOTE
Deleting a file means moving a file into the recycle bin of the S9300.
The files that are deleted by using the parameter [ /unreserved ] cannot be restored.
----End
7.3.9 (Optional) Deleting a File from the Recycle Bin

Context
Procedure
Step 1 Run:
reset recycle-bin [ filename ]
A file is deleted from the recycle bin.

----End
7.3.10 (Optional) Restoring a Deleted File

Context
Procedure
Step 1 Run:
undelete filename
A deleted file is restored.

NOTE
If the current directory is not a root directory, you must perform an operation on the file in the absolute
path.
If you use the parameter [ /unreserved ] in the command for deleting the file, the file cannot be restored
after being deleted.
----End
7.3.11 (Optional) Executing a Batch File

Context
Issue 05 (2010-01-08)

7-7

Procedure
Step 1 Run:
system-view

Step 2 Run:
execute batch-filename
A batch file is executed.

----End
7.4 Managing a Directory

This section describes how to create and delete directories.
7.4.2 (Optional) Displaying the Current Working Directory
7.4.3 (Optional) Creating a Directory
7.4.4 (Optional) Deleting a Directory
7.4.5 (Optional) Changing the Working Directory

To view, create, or delete directories on the S9300, you need to configure the directories by
using the file system.
Before managing directories, complete the following task:
l
Data Preparation
To manage directories, you need the following data.
7-8
No.
Data
Name of the directory to be created
Name of the directory to be deleted

Issue 05 (2010-01-08)

7.4.2 (Optional) Displaying the Current Working Directory

Context
Procedure
Step 1 Run:
pwd
The current working directory is displayed.

----End
7.4.3 (Optional) Creating a Directory

Context
Procedure
Step 1 Run:
mkdir directory
A directory is created.
----End
7.4.4 (Optional) Deleting a Directory

Context
Procedure
Step 1 Run:
rmdir directory
A directory is deleted.
----End
7.4.5 (Optional) Changing the Working Directory

Context
Issue 05 (2010-01-08)

7-9

Procedure
Step 1 Run:
cd path
The current working directory is changed to the specified directory.

----End
7.5 Maintaining the File System

This section describes how to maintain the file system.
Context
NOTE
Debugging affects the performance of the system. So, after debugging, run the undo debugging all
command to disable it immediately.
When a running fault of the file system occurs, run the following debugging command in the
user view to locate the fault. For the procedure of displaying the debugging information, see the
chapter "Debugging and Diagnosis" in the S9300Terabit Routing Switch Configuration Guide
- Device Management.
Procedure
Step 1 Run the debugging vfs { flash | low } command to enable the debugging of the file system.
----End

This section provides several configuration examples of the file system.
7.6.1 Example for Copying Files
7.6.1 Example for Copying Files

After configuring the file system of the S9300, you can copy files to the specified directory
through the console interface on the S9300. The path of a file in the storage device must be
correct. If the destination file name is not specified, the source file name is used by default. That
is, the name of the destination file is the same as that of the source file.
7-10
1.
Check the files in a certain directory.
2.
Copy the files to the directory.

Issue 05 (2010-01-08)

3.
Check the directory, and find that the files in the directory are copied to a specified directory.
Data Preparation
l
Names of the source file and destination file
Paths of the source file and destination file
Procedure
Step 1 Display information about the files in the current directory.
<Quidway> dir
Directory of cfcard:/
Idx
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
Attr
-rw-rwdrw-rw-rw-rw-rw-rw-rw-rw-rw-rw-rw-rw-rw-rw-rw-rw-rw-rw-rw-rw-rw-
Size(Byte)
2,210
198
4
4,309
0
140,708
198
22,064,779
10,405
2,449
5,344
11,077
9,893
10,021
10,605
13,717
1,481
0
16,981
3,249
12,885
1,664
Date
Mar 25
May 20
May 22
May 25
May 20
Apr 03
Apr 03
Mar 30
Mar 11
Mar 31
Mar 19
Mar 25
Apr 02
Apr 02
Apr 02
Apr 02
Apr 02
Nov 27
Nov 28
Apr 02
May 20
Apr 03
Feb 20
2009
2009
2009
2009
2009
2009
2009
2009
2009
2009
2009
2009
2009
2009
2009
2009
2009
2008
2008
2009
2009
2009
2009
Time
10:24:30
10:10:08
15:28:48
11:34:20
16:51:42
17:49:04
18:06:56
18:42:28
18:26:08
14:17:52
15:20:10
16:20:28
16:13:18
17:11:16
17:19:32
19:11:38
19:52:36
12:02:52
11:39:28
20:17:32
16:51:42
18:06:14
09:14:50
FileName
vrpcfg.zip
$_patchstate_a
logfile
snmpnotilog.txt
private-data.txt
stickymac.txt
patchhistory
$_patchstate_a.backup
s9300v100r001c02b118.cc
bfd.pat
vrpcfg0319.zip
vrrp0320.zip
bfd_slave0402.pat
bfd_slave0402_1.pat
bfd_slave0402_2.pat
bfd_slave111.pat
bfd_slave112.pat
backupvrpcfg.zip
epon.zip
bfd_slave113.pat
vrpcfg0325.zip
bfd_slave22.pat
on1018399.dat
506,744 KB total (446,192 KB free)
Step 2 Copy the files from flash:/hostkey to cfcard:/hostkey.

<Quidway> copy flash:/hostkey.txt cfcard:/hostkey.txt
Warning: File flash:/hostkey will be copied to cfcard:/hostkey. Continue? [Y/N]:
y
Info: Copying file flash:/hostkey to cfcard:/hostkey
...100%
Step 3 Display information about the files in the current directory, and you can view that the files are
copied to the specified directory.
<Quidway> dir
Directory of cfcard:/
Idx
0
1
2
3
4
5
6
7
8
Issue 05 (2010-01-08)
Attr
-rw-rwdrw-rw-rw-rw-rw-rw-rw-
Size(Byte)
2,210
198
4
4,309
0
140,708
198
22,064,779
Date
Mar 25
May 20
May 22
May 25
May 20
Apr 03
Apr 03
Mar 30
Mar 11
2009
2009
2009
2009
2009
2009
2009
2009
2009
Time
10:24:30
10:10:08
15:28:48
11:34:20
16:51:42
17:49:04
18:06:56
18:42:28
18:26:08
FileName
vrpcfg.zip
$_patchstate_a
logfile
snmpnotilog.txt
private-data.txt
stickymac.txt
patchhistory
$_patchstate_a.backup
s9300v100r001c02b118.cc

7-11


9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
-rw-rw-rw-rw-rw-rw-rw-rw-rw-rw-rw-rw-rw-rw-rw-
10,405
2,449
5,344
11,077
9,893
10,021
10,605
13,717
1,481
0
16,981
3,249
12,885
1,664
684
Mar
Mar
Mar
Apr
Apr
Apr
Apr
Apr
Nov
Nov
Apr
May
Apr
Feb
May
31
19
25
02
02
02
02
02
27
28
02
20
03
20
25
2009
2009
2009
2009
2009
2009
2009
2009
2008
2008
2009
2009
2009
2009
2009
14:17:52
15:20:10
16:20:28
16:13:18
17:11:16
17:19:32
19:11:38
19:52:36
12:02:52
11:39:28
20:17:32
16:51:42
18:06:14
09:14:50
17:53:38
bfd.pat
vrpcfg0319.zip
vrrp0320.zip
bfd_slave0402.pat
bfd_slave0402_1.pat
bfd_slave0402_2.pat
bfd_slave111.pat
bfd_slave112.pat
backupvrpcfg.zip
epon.zip
bfd_slave113.pat
vrpcfg0325.zip
bfd_slave22.pat
on1018399.dat
hostkey
506,744 KB total (445,508 KB free)
----End
Configuration Files
None.
7-12

Issue 05 (2010-01-08)

8 Management of Configuration Files
Management of Configuration Files
About This Chapter

This chapter describes how to view, save, and load configuration files.
8.1 Overview of the Configuration File
This section describes the basic concepts of the configuration file.
8.2 Displaying the Current Configurations and the Configurations Saved to a Configuration File
This section describes how to view the current configuration file and the system software.
8.3 Saving the Current Configurations
This section describes how to save configuration files to the storage device.
8.4 Deleting a Configuration File
This section describes how to delete a configuration file from the storage device.
8.5 Loading a Configuration File
This section describes how to load a configuration file on the S9300.
8.6 Comparing the Current Configurations with the Configuration File
This section describes how to compare the current configurations with the configuration file.
Issue 05 (2010-01-08)

8-1

8.1 Overview of the Configuration File

This section describes the basic concepts of the configuration file.
8.1.1 Configuration File
8.1.2 Current Configurations
8.1.1 Configuration File

A configuration file consists of the configuration items loaded to the S9300 for the current or
next startup.
A configuration file is a text file, and its format is as follows:
l
A configuration file is saved in the format of commands.
The default parameters are not saved to save space. For details about the default values of
configuration parameters, see the following chapters.
Commands are organized according to command views. The commands used in the same
command view are organized to form a section. Sections are separated from each other by
one or several blank lines or comment lines beginning with #.
Sections are arranged in the sequence of global configurations, physical interface

configurations, logical interface configurations, and routing protocol configurations.
NOTE
The command that can be properly executed by the system, including the commands in an incomplete
format, can contain up to 256 characters.
If a command is used in an incomplete format, the configuration file may contain a command line
consisting of more than 256 characters. This is because the command used is saved to the configuration
file in complete format. When the system restarts, the commands used in incomplete format cannot be
restored.
8.1.2 Current Configurations

When the S9300 is powered on, it accesses a configuration file through the default path for its
initialization. The configurations in the configuration file are called initial configurations. If no
configuration file is stored in the default storage path, the S9300 uses default parameters for
initialization. To distinguish from initial configurations, the configurations taking effect when
the S9300 works are called current configurations.
You can change the current configurations of the S9300 through command line interfaces. By
using the save command to save current configurations to a default storage device, you can use
the current configurations as initial configurations for the next startup of the S9300.
8.2 Displaying the Current Configurations and the

Configurations Saved to a Configuration File
This section describes how to view the current configuration file and the system software.
8.2.1 Displaying All Current Configurations
8-2

Issue 05 (2010-01-08)

8.2.2 Displaying the Current Configurations in the Current View

8.2.3 Displaying the Configurations Saved in a Configuration File
8.2.4 Displaying the System Software Used in the Startup of the S9300
8.2.1 Displaying All Current Configurations

Context
By using the display current-configuration command, you can view the current configurations
in all views. Do as follows on the S9300.
NOTE
Currently, controller controller-type cannot be set on the S9300.
Procedure
Step 1 Run:
display current-configuration [ configuration [ configuration-type ] | controller
controller-type | interface interface-type [ interface-number ] ] [ | { begin |
exclude | include } regular-expression | feature feature-name [ filter regularexpression ] | filter regular-expression ]
The current configurations are displayed.

----End
8.2.2 Displaying the Current Configurations in the Current View

Context
By using the display this command, you can view the current configurations in the current view.
NOTE
If the display this command is used in the protocol view, all configurations in the protocol view are
displayed; if the display this command is used in the protocol sub-view, the configurations may be not
displayed.
Procedure
Step 1 Run:
display this
Current configurations are displayed.

----End
8.2.3 Displaying the Configurations Saved in a Configuration File

Issue 05 (2010-01-08)

8-3

Context
Procedure
Step 1 Run:
display saved-configuration [ last ]
The saved configurations are displayed.

By using this command, you can view the configuration file loaded to the S9300 for the current
or next startup.
l
By using the display saved-configuration command, you can view the configuration file
used in the next startup of the S9300. That is, you can view the configuration specified by
the startup saved-configuration command.
By using the display saved-configuration last command, you can view the configurations
saved in the previous startup of the S9300. That is, you can view the configuration file used
in the current startup of the S9300.
----End
8.2.4 Displaying the System Software Used in the Startup of the

S9300
Context
Procedure
Step 1 Run:
display startup
The system software and name of the configuration file used in the current startup of the
S9300 are displayed.
The system software and configuration file to be loaded in the next startup of the S9300 are
saved to the root directory of the storage device.
----End
8.3 Saving the Current Configurations

This section describes how to save configuration files to the storage device.
Context
You can change the current configurations of the S9300 through command line interfaces. By
using the save command to save current configurations to a CF card, you can use the current
configurations as initial configurations for the next startup of the S9300.
8-4

Issue 05 (2010-01-08)

Procedure
Step 1 Run:
save [ configuration-file ]
Current configurations are saved.

The extension name of the configuration file must be .cfg or .zip, and the system startup
configuration file must be saved in the root directory of the storage device.
NOTE
When a configuration file is saved for the first time, the S9300 automatically saves the configuration file
as vrpcfg.cfg if configuration-file is not specified.
----End
8.4 Deleting a Configuration File

This section describes how to delete a configuration file from the storage device.
Context
You need to delete the configuration file from the CF card in either of the following situations:
l
After the software of the S9300 is upgraded, the upgraded software does not match the
configuration file.
The configuration file is damaged or an incorrect configuration file is loaded.
Procedure
Step 1 Run:
reset saved-configuration
The contents of the configuration file currently loaded are deleted.

----End
Postrequisite
You can use the reset saved-configuration command to delete the contents of the configuration
file that is currently loaded to the S9300. After the configuration file is deleted, the S9300 uses
default configuration parameters for initialization in the next startup in the following scenarios:
l
The startup saved-configuration command is used to re-specify the configuration file

containing correct configurations.
The save command is used to save the configuration file.
8.5 Loading a Configuration File

This section describes how to load a configuration file on the S9300.
Issue 05 (2010-01-08)

8-5

Context
By default, the S9300 accesses a configuration file from the CF card for initialization when it is
powered on. The configurations in this configuration file are called initial configurations. If the
CF card does not contain any configuration file, the S9300 uses default parameters for
initialization.
To distinguish from initial configurations, the configurations taking effect when the S9300 works
are called current configurations.
To configure the configuration file to be loaded in the next startup of the S9300, do as follows
on the S9300.
Procedure
l
Run:
startup saved-configuration configuration-file
The configuration file to be loaded for the next startup of the S9300 is configured.
l
Run:
startup system-software file-name slave-board
The configuration file to be loaded for the next startup of the slave board is configured.
----End
8.6 Comparing the Current Configurations with the

Configuration File
This section describes how to compare the current configurations with the configuration file.
Context
Procedure
Step 1 Run:
compare configuration [ current-line-number save-line-number ]
The current configurations are compared with the configuration file.

If no parameter is specified, the comparison starts from the first line of the configuration file.
After current-line-number and save-line-number are set, the system skips the line where the
difference is found and resumes the comparison from the line where the parameter is specified.
After the difference is detected, the system displays the content of a certain number of characters
from the line in which the difference is found. By default, the system displays 150 characters.
If the number of the characters from where the difference is found to the end of the file is less
than 150, the system displays the content of the configuration file till the end.
----End
8-6

Issue 05 (2010-01-08)

Configuration Guide - Basic Configuration (V100R002C00 - 05) PDF

Caricato da

Informazioni sul documento

Descrizione originale:

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Configuration Guide - Basic Configuration (V100R002C00 - 05) PDF

Caricato da

Copyright:

Formati disponibili

Quidway S9300 Terabit Routing Switch