huawei CLI introduction

Huawei router CLITo start working with Huawei devices, it is necessary to look at CLI (Command Line Interface). All Huawei datacom devices use the same OS called VRP (Versatile Routing Platform). As an example we can take NE40E router with V600R001C00SPC900 software installed.

When you establish connection with the router, it does not matter it is telnet, ssh or console, you enter the user view with the prompt of <Quidway>. The prompt < > indicates user view and the prompt [ ] indicates other views. To start configuring the router you should move from user view to system view. You can do this by using “system-view” command.

<Quidway> system-view
[Quidway]

From system view you are able to configure all functions available in VRP software. Let’s assume that you want to configure MPLS, both globally and on Ethernet interface.

[Quidway]
[Quidway]mpls
[Quidway-mpls]quit
[Quidway]interface GigabitEthernet 1/0/5
[Quidway-GigabitEthernet1/0/5]mpls

Besides command line views the system adopts a hierarchical protection mode that has 16 command levels. The default command levels are as follows:

  • Level 0 – visit
  • Level 1 – monitoring
  • Level 2 – configuration
  • Level 3 – management

You can change default to 16 command levels by “command-privilege level rearrange” command.

[Quidway]command-privilege level rearrange

You will be asked about super password for level 15, so be careful and follow instructions displayed. Otherwise you will have problem, after this change, to log into the router.

If you don’t adjust a command level separately, after the command level is updated, all originally registered command lines adjust automatically according to the following rules:

  • Level 0 and Level 1 – unchanged
  • Level 2 – Level 10
  • Level 3 – Level 15

You can adjust the command lines to remaining levels separately to refine the management of privilege.

You can enter “?” in any command line views to display all available commands with a short description.

[Quidway]mpls ?
l2vpn        Operate on MPLS L2 VPN
ldp          Label Distribution Protocol(LDP)
lsr-id       Specify LSR(Label Switched Router) identifier
oam          Specify OAM(Operation, Administration and Maintenance)
             configuration information
switch-l2vc  Specifying switch-l2vc configuration information
<cr>

You can enter a character string with a “?” closely following it to display all commands that begin with this character string.

[Quidway]d?
 dhcp            diffserv
 display         dns
 dustproof

Common error massages of the command line:

Error messages Cause of the error
Unrecognized command The command cannot be found
The key word cannot be found
Wrong parameter Parameter type error
The parameter value exceeds the limit
Incomplete command Incomplete command entered
Too many parameters Too many parameters entered
Ambiguous command Indefinite parameters entered

System-defined shortcut keys:

Key Function
CTRL_A The cursor moves to the beginning of the current line.
CTRL_B The cursor moves to the left by the space of a character.
CTRL_C Terminates the running function.
CTRL_D Deletes the character where the cursor lies.
CTRL_E The cursor moves to the end of the current line.
CTRL_F The cursor moves to the right by the space of a character.
CTRL_H Deletes one character on the left of the cursor.
CTRL_K Stops the creation of the outbound connection.
CTRL_N Displays the next command in the history command buffer.
CTRL_P Displays the previous command in the history command buffer.
CTRL_R Repeats the display of the information of the current line.
CTRL_T Terminates the outbound connection.
CTRL_V Pastes the contents on the clipboard.
CTRL_W Deletes a character string or character on the left of the cursor.
CTRL_X Deletes all the characters on the left of the cursor.
CTRL_Y Deletes all the characters on the right of the cursor.
CTRL_Z Returns to the user view.
CTRL_] Terminates the inbound or redirection connections.
ESC_B The cursor moves to the left by the space of a word.
ESC_D Deletes a word on the right of the cursor.
ESC_F The cursor moves to the right to the next word end.
ESC_N The cursor moves downward to the next line.
ESC_P The cursor moves upward to the previous line.
ESC_SHIFT_< Sets the position of the cursor to the beginning of the clipboard.
ESC_SHIFT_> Sets the position of the cursor to the end of the clipboard.

You can also define shortcut keys using the following command:

[Quidway]hotkey CTRL_U "display ip interface brief"

By default three shortcut keys are defined:

  • CTRL_G – display current-configuration
  • CTRL_L – display ip routing-table
  • CTRL_O – undo debugging all

There are also two hidden modes available for Huawei R&D:

[Quidway]_h
Now you enter a hidden command view for developer's testing, some
commands may affect operation by wrong use, please carefully use it
with HUAWEI engineer's direction.
[Quidway-hidecmd]
[Quidway]_d
Now you enter diagnose command view.
[Quidway-diagnose]

There are many commands but using them by normal engineer is not safe ;-)

I wanted to show you the basic structure of Huawei VRP CLI. Next time I will show you a basic system configuration. If you have any additional questions, anything is not clear for you, would like to know more, do not hesitate to ask.

Download as PDF

Advertisements

19 thoughts on “huawei CLI introduction

  1. labnario Post author

    Your comment is the first on my blog. Thank you. Hope I will find more time to write posts more often and these posts will be useful for engineers working with Huawei devices. I have lots of ideas I’d like to place in my posts but little time at the end of the year :( .

    Reply
  2. labnario Post author

    I have not found any Huawei knowledge base in Internet yet. If you want to ask a question or you have any problem with Huawei device you can use official Huawei forum at forum.huawei.com. Hope that this blog becomes such knowledge base in the future. Any question, you can send email to me and I will try to do my best to answer you ASAP.

    Reply
  3. Zahid

    Hi labnario,
    I have USG2100 V100R005C00SPC500. I have created two local-users with privilege level 1 and 3. When I login using level 3 credential, I have full control but when I login using level 1, I know I have very limited privilege… My Question is if I enter in super mode when logged in via level 1 credential, would I be able to change anything in router or not? I have set a super password of level 15 but when I am trying to enter in super mode using level 1 privilege, It is showing access denied. Please suggest.

    Reply
  4. labnario Post author

    Hello Zahid,
    I do not have USG to check but I did configuration on S3300 switch. I think it should be the same:
    #
    super password level 2 simple test2
    super password level 15 simple test
    #
    aaa
    local-user labnario password simple labnario
    local-user labnario privilege level 1
    local-user labnario service-type telnet
    #
    user-interface vty 0 4
    authentication-mode aaa
    #

    Now I am trying to log into the switch by telnet using labnario account (level1):
    Login authentication

    Username:labnario
    Password:
    Info: The max number of VTY users is 5, and the number
    of current VTY users on line is 1.

    Now I am writing supper password for level 15:
    super 15
    Password: (password test in my config)
    Now user privilege is 15 level, and only those commands whose level is equal to or less than this level can be used.
    Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE

    As you can see the level is 15 and I have full right to do anything on this switch.

    I am logging again using labnario account:
    Login authentication

    Username:labnario
    Password:
    Info: The max number of VTY users is 5, and the number
    of current VTY users on line is 1.
    Now I am using super password for level 2:
    super 2
    Password:
    Now user privilege is 2 level, and only those commands whose level is equal to or less than this level can be used.
    Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE

    As you can see the level is 2.

    If you still have problem to configure super password please send configuration of your device and I will check it.
    I will also look into manual of USG and check if there are any differences in configuration between S3300 and USG, but I don’t suppose.

    Reply
    1. Zahid

      Hi,
      It worked fine now. I was doing mistake in giving command super.. I was giving super instead of super 15. Now I typed super 15 and it worked perfectly fine.
      Thanx alot….

      Reply
  5. labnario Post author

    You can also type only “super” but you have to check what is a default setting. For example the default setting for S5700 switch:

    Format
    super [ level ]

    Parameters
    Parameter Description Value level Specifies the user level. The value is an integer ranging from 0 to 15. By default, the level is 3.

    I suppose the same default is also for USG. That’s why you got notification that access is not possible.

    Reply
  6. udayakumar

    Hi, u r the mankind (share the knowledge)… I am nu to Huawei… its amazing posts and clear to nu peoples from other side like Cisco and Avaya(Nortel)… thanks so much..

    Reply
    1. labnario Post author

      Hi, thanks a lot and welcome on board. Hope you will find more interesting posts here on Labnario. If you would like to receive new information from my blog, just click follow button or be part of our “Huawei From Scratch” community on Facebook.

      Reply
  7. Piotr

    Hello, It seems that since V200R003 (S9300) the hidden menu ( _h and _d) has desapeared, or maybe the way you enter that mode has changed.
    There is a diagnose comamnd, though. Is that a substitute for _h and _d ?
    Regards

    Reply
    1. labnario Post author

      As I know hidden mode didn’t sound good for customers. It looks like we have only diagnose mode now which includes all diagnose commands, both _h and _d.

      Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s