- Table of Contents
-
- H3C S7500 Series Command Manual(Release 3100 Series)-(V1.04)
- 00-1Cover
- 01-CLI Commands
- 02-Login Commands
- 03-Configuration File Management Commands
- 04-VLAN Commands
- 05-Extended VLAN Application Commands
- 06-IP Address-IP Performance-IPX Commands
- 07-GVRP Commands
- 08-QinQ Commands
- 09-Port Basic Configuration Commands
- 10-Link Aggregation Commands
- 11-Port Isolation Commands
- 12-Port Binding Commands
- 13-DLDP Commands
- 14-MAC Address Table Commands
- 15-MSTP Commands
- 16-Routing Protocol Commands
- 17-Multicast Commands
- 18-802.1x Commands
- 19-AAA-RADIUS-HWTACACS-EAD Commands
- 20-Traffic Accounting Commands
- 21-VRRP-HA Commands
- 22-ARP Commands
- 23-DHCP Commands
- 24-ACL Commands
- 25-QoS Commands
- 26-Mirroring Commands
- 27-Cluster Commands
- 28-PoE Commands
- 29-UDP-Helper Commands
- 30-SNMP-RMON Commands
- 31-NTP Commands
- 32-SSH Terminal Service Commands
- 33-File System Management Commands
- 34-FTP and TFTP Commands
- 35-Information Center Commands
- 36-DNS Commands
- 37-System Maintenance and Debugging Commands
- 38-HWPing Commands
- 39-RRPP Commands
- 40-NAT-Netstream-Policy Routing Commands
- 41-Telnet Protection Commands
- 42-Hardware-Dependent Software Configuration Commands
- 43-Appendix
- Related Documents
-
Title | Size | Download |
---|---|---|
02-Login Commands | 159 KB |
1.1.9 history-command max-size
1.1.20 set authentication password
Chapter 2 Commands for User Control
2.1 Commands for Controlling Logging in Users
Chapter 1 Login Commands
1.1 Login Commands
1.1.1 authentication-mode
Syntax
authentication-mode { password | scheme [ command-authorization ] | none }
View
User interface view
Parameters
password: Authenticates users with the local password.
scheme: Authenticates users locally or remotely with usernames and passwords.
command-authorization: Performs command authorization on TACACS authentication server.
none: Does not authenticate users.
Description
Use the authentication-mode command to specify the authentication mode.
l If you specify the password keyword to authenticate users with the local password, remember to set the local password using the set authentication password { cipher | simple } password command.
l If you specify the scheme keyword to authenticate users locally or remotely with usernames and passwords, the actual authentication mode, that is, local or remote, depends on related configuration.
If this command is executed with the command-authorization keyword, authorization is performed on the TACACS server whenever you attempt to execute a command, and the command can be executed only when you pass the authorization. The available commands are defined on a TACACS server for different users. When you specify to perform local password authentication on the Console port, users logging in through the Console port can log into the switch without password; whereas on other user interfaces, a password needs to be configured for users (such as VTY users) to log into the switch.
By default, users logging in through the Console port are not authenticated, whereas modem users and Telnet users are authenticated with password.
Examples
# Configure to authenticate users with local password on the AUX interface.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] user-interface aux 0
[H3C-ui-aux0] authentication-mode password
1.1.2 auto-execute command
Syntax
auto-execute command text
undo auto-execute command
View
User interface view
Parameters
text: Command to be executed automatically.
Description
Use the auto-execute command command to set the command that is executed automatically after a user logs in.
Use the undo auto-execute command command to disable the specified command from being automatically executed.
Normally, the telnet command is specified to be executed automatically to enable the user to Telnet to a specified network device automatically.
By default, no command is automatically executed.
Caution:
l The auto-execute command command may cause you unable to perform common configuration in the user interface, so use it with caution.
l Before executing the auto-execute command command and saving your configuration, make sure you can log into the switch in other ways to cancel the configuration.
Examples
# Configure the telnet 10.110.100.1 command to be executed automatically after users log into VTY 0.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] user-interface vty 0
[H3C-ui-vty0] auto-execute command telnet 10.110.100.1
% This action will lead to configuration failure through ui-vty0. Are you sure?[Y/N]y
1.1.3 databits
Syntax
databits { 7 | 8 }
undo databits
View
User interface view
Parameters
7: Sets the data bits to 7.
8: Sets the data bits to 8.
Description
Use the databits command to set the databits for the user interface.
Use the undo databits command to revert to the default data bits.
Execute these two commands in AUX user interface view only.
The default data bits is 8.
Examples
# Set the data bits to 7.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] user-interface aux 0
[H3C-ui-aux0] databits 7
1.1.4 display user-interface
Syntax
display user-interface [ type number | number ] [ summary ]
View
Any view
Parameters
type: User interface type.
number: User interface index.
summary: Displays the summary information about a user interface.
Description
Use the display user-interface command to display the information about a specified user interface or all user interfaces. If the summary keyword is not specified, this command displays user interface type, absolute/relative user interface index, transmission speed, available command level, authentication mode, and physical position. If the summary keyword is specified, this command displays the number and type of the user interfaces, including those that are in use and those that are not in use.
Examples
# Display the information about user interface 0.
<H3C> display user-interface 0
Idx Type Tx/Rx Modem Privi Auth Int
F 0 AUX 0 9600 - 3 N -
+ : Current user-interface is active.
F : Current user-interface is active and work in async mode.
Idx : Absolute index of user-interface.
Type : Type and relative index of user-interface.
Privi: The privilege of user-interface.
Auth : The authentication mode of user-interface.
Int : The physical location of UIs.
A : Authenticate use AAA.
N : Current UI need not authentication.
P : Authenticate use current UI's password.
Table 1-1 Descriptions on the fields of the display user-interface command
Filed |
Description |
+ |
The user interface is in use. |
F |
The user interface is in use and operates in asynchronous mode. |
Idx |
The absolute index of the user interface |
Type |
User interface type and the relative index |
Tx/Rx |
Transmission speed of the user interface |
Modem |
Indicates whether or not a modem is used. |
Privi |
Available command level |
Auth |
Authentication mode |
Int |
Physical position of the user interface |
A |
The current user is authenticated by AAA. |
N |
The current user needs not to be authenticated. |
P |
The current user needs to provide the password to pass the authentication. |
# Display the summary information about the user interface.
<H3C>display user-interface summary
User interface type : [AUX]
0:UXXX XXXX
User interface type : [VTY]
8:UUUU X
5 character mode users. (U)
8 UI never used. (X)
5 total UI in use
1.1.5 display users
Syntax
display users [ all ]
View
Any view
Parameters
all: Displays the usage information about all user interfaces.
Description
Use the display users command to display the usage information about user interfaces. If you do not specify the all keyword, only the information about the current user interface is displayed.
Examples
# Display the usage information about the current user interface.
<H3C> display users
UI Delay Type Ipaddress Username Userlevel
F 0 AUX 0 00:00:00 3
1 VTY 0 00:06:08 TEL 192.168.0.3
+ : Current operation user.
F : Current operation user work in async mode.F 0 AUX 0 00:00:00
Table 1-2 Descriptions on the fields of the display users command
Field |
Description |
F |
The information is about the current user interface, and the current user interface operates in asynchronous mode. |
UI |
The numbers in the left sub-column are the absolute user interface indexes, and those in the right sub-column are the relative user interface indexes. |
Delay |
The period (in seconds) the user interface idles for. |
Type |
User type |
IPaddress |
The IP address from which the user logs in. |
Username |
The login name of the user that logs into the user interface. |
Userlevel |
The level of the commands available to the users logging into the user interface |
+ |
The user interface is in use. |
1.1.6 flow-control
Syntax
flow-control { hardware | none | software }
undo flow-control
View
Parameters
hardware: Performs hardware flow control.
none: Performs no flow control.
software: Performs software flow control.
Description
Use the flow-control command to configure the flow control mode of the user interface.
Use the undo flow-control command to restore the default flow control mode of the user interface.
By default, flow control is not performed.
This command can be executed in AUX user interface view only.
Examples
# Set flow control mode to software flow control.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] user-interface aux 0
[H3C-ui-aux0] flow-control software
1.1.7 free user-interface
Syntax
free user-interface [ type ] number
View
User view
Parameters
type: User interface type.
number: Index of the user interface. This argument can be an absolute user interface index (if you do not provide the type argument) or a relative user interface index (if you provide the type argument).
Description
Use the free user-interface command to release the specified user interface. If you execute this command, the corresponding user interface will be disconnected.
Note that you cannot release the current user interface through this command.
Examples
# Release user interface VTY 0.
<H3C> free user-interface vty 0
Are you sure you want to free user-interface vty0 [Y/N]? y
[OK]
After you execute this command, user interface VTY 0 will be disconnected. The user in it must log in again to connect to the switch.
1.1.8 header
Syntax
header [ incoming | login | shell ] text
undo header { incoming | login | shell }
View
System view
Parameters
incoming: Sets the incoming banner for users that log in through modems. If authentication is required, the banner appears after a Modem user passes the authentication. (The session banner does not appear in this case.)
login: Sets the login banner. The banner set by this keyword is valid only when authentication is required for users’ login, and appears while the switch prompts for inputting username and password.
shell: Sets the session banner, which appears after a session is established. If authentication is required, the banner appears after a user passes the authentication.
text: Banner to be displayed. If no keyword (incoming, login, or shell) is specified, this argument is the login banner by default. You can provide this argument in two ways.
l Enter the banner in the same line as the command (A command line can accept up to 254 characters, including the keywords and spaces).
l Enter the banner in multiple lines (you can start a new line by pressing <Enter>,) where you can enter a banner that can contain up to 2000 characters (including the invisible characters).
Note that the first character is treated as the beginning character and the end character of the banner. After entering the end character, you can press <Enter> to exit the interaction.
Description
Use the header command to set the banners that are displayed when a user logs into a switch. The login banner is displayed on the terminal when the connection is established. And the session banner is displayed on the terminal if a user successfully logs in.
Use the undo header command to disable displaying a specific banner or all banners.
Note that if you specify any one of the three keywords without providing the text argument, the specified keyword will be regarded as the content of the login banner.
You can specify the banner in the following three ways, each of which requires that the first character and the last character of the banner be the same.
l Enter the banner in multiple lines. If you only type one character in the first line of a banner, the character and the last character do not act as part of the banner. The following gives an example of this way.
[H3C] header shell 0
Input banner text, and quit with the character '0'.
Welcome!0
When you log in the next time, “Welcome!” is displayed as the banner. The beginning character and the end character (character 0) do not appear.
l Enter the banner in multiple lines. If you type multiple characters in the first line of a banner and the beginning and the end characters of the banner in this line are not the same, the beginning character is part of the banner. The following is an example.
[H3C] header shell hello
Input banner text, and quit with the character 'h'.
my friend !
h
When you log in the next time, “hello” and “my friend !“ is displayed respectively in two lines as the banner. The beginning character “h” appears in the banner.
l Enter the banner in a single line. You can also specify the banner in a single line. In this case, the banner does contain the beginning and the end character. The following is an example.
[H3C] header shell 0welcome,my friend!0
When you log in the next time, “welcome, my friend!” is displayed as the banner.
Examples
# Set the session banner.
Option 1: Enter the banner in the same line as the command.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] header shell %SHELL: Hello! Welcome%
(Make sure the beginning and end characters of the banner are the same.)
When you log in the next time, the session banner appears on the terminal as the following:
[H3C] quit
<H3C> quit
Please press ENTER
SHELL: Hello! Welcome
(The beginning and end characters of the banner are not displayed.)
<H3C>
Option 2: Enter the banner in multiple lines.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] header shell %SHELL:
(Following appears after you press <Enter>:)
Input banner text, and quit with the character '%'.
Continue entering the banner and end the banner with the character identical with the beginning character of the banner.
Hello! Welcome %
(Press <Enter>.)
[H3C]
When you log in the next time, the session banner appears on the terminal as the following:
[H3C] quit
<H3C> quit
Please press ENTER
%SHELL:
(Note that the beginning character of the banner appears.)
Hello! Welcome
<H3C>
1.1.9 history-command max-size
Syntax
history-command max-size value
undo history-command max-size
View
User interface view
Parameters
value: Size of the history command buffer. This argument ranges from 0 to 256 and defaults to 10. That is, the history command buffer can store 10 commands by default.
Description
Use the history-command max-size command to set the size of the history command buffer.
Use the undo history-command max-size command to revert to the default history command buffer size.
Examples
# Set the size of the history command buffer of AUX 0 to 20, that is, the history command buffer of AUX 0 can store up to 20 commands.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] user-interface aux 0
[H3C-ui-aux0] history-command max-size 20
1.1.10 idle-timeout
idle-timeout minutes [ seconds ]
undo idle-timeout
View
User interface view
Parameters
minutes: Number of minutes. This argument ranges from 0 to 35,791.
seconds: Number of seconds. This argument ranges from 0 to 59.
Description
Use the idle-timeout command to set the timeout time. The connection to a user interface is terminated if no operation is performed in the user interface within the timeout time.
Use the undo idle-timeout command to revert to the default timeout time.
You can use the idle-timeout 0 command to disable the timeout function.
The default timeout time is 10 minutes.
Examples
# Set the timeout time of AUX 0 to 1 minute.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] user-interface aux 0
[H3C-ui-aux0] idle-timeout 1 0
1.1.11 lock
Syntax
lock
View
User view
Parameters
None
Description
Use the lock command to lock the current user interface to prevent unauthorized operations in the user interface.
With the execution of this command, the system prompts to enter and confirm the password, and then locks the user interface. The password the system can identify is in the range of 1 to 16 characters.
Enter the correct password to cancel the lock. If the password you set is more than 16 characters, the system will cancel the lock as long as the first 16 characters are matched.
Examples
# Lock the current user interface.
<H3C> lock
Password:
Again:
locked !
1.1.12 modem
Syntax
modem [ call-in | both ]
undo modem [ call-in | both ]
View
Parameters
call-in: Permits call in.
both: Permits both call in and call out.
Description
Use the modem command to configure the call in and call out attribute of the Modem.
Use the undo modem command to disable the call in and call out configuration.
Both call in and call out are allowed when the modem command is executed without any keyword.
Both call in and call out are disabled when the undo modem command is executed without any keyword.
The command can be executed in AUX user interface view only.
Examples
# Permit Modem call in and call out.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] user-interface aux 0
[H3C-ui-aux0] modem both
1.1.13 modem auto-answer
Syntax
modem auto-answer
undo modem auto-answer
View
User interface view
Parameters
None
Description
Use the modem auto-answer command to set the answer mode to auto answer.
Use the undo modem auto-answer command to set the answer mode to manual answer.
By default, manual answer mode is adopted.
The command can be executed in AUX user interface view only.
Examples
# Set the answer mode of Modem to auto answer.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] user-interface aux 0
[H3C>-ui-aux0] modem auto-answer
1.1.14 modem timer answer
Syntax
modem timer answer seconds
undo modem timer answer
View
User interface view
Parameters
seconds: Waiting timeout time, in seconds, ranging from 1 to 60. The default timeout time is 30 seconds.
Description
Use the modem timer answer to configure the carrier detection timeout time after off-hook during call-in connection setup.
Use the undo modem timer answer command to restore the default timeout time.
The command can be executed in AUX user interface view only.
Examples
# Set the timeout time to 45 seconds.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] user-interface aux 0
[H3C-ui-aux0] modem timer answer 45
1.1.15 parity
Syntax
parity { even | mark | none | odd | space }
undo parity
View
User interface view
Parameters
even: Performs even checks.
mark: Performs mark checks.
none: Does not check.
odd: Performs odd checks.
space: Performs space checks.
Description
Use the parity command to set the check mode of the user interface.
Use the undo parity command to revert to the default check mode.
Use these two commands in AUX user interface view only.
No check is performed by default.
Examples
# Set to perform even checks.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] user-interface aux 0
[H3C-ui-aux0] parity even
1.1.16 protocol inbound
Syntax
protocol inbound { all | ssh | telnet }
View
User interface view
Parameters
all: Supports both Telnet protocol and SSH protocol.
ssh: Supports SSH protocol.
telnet: Supports Telnet protocol.
Description
Use the protocol inbound command to specify the protocols supported by the user interface.
Both Telnet protocol and SSH protocol are supported by default.
Related commands: user-interface vty.
Examples
# Configure that only SSH protocol is supported in VTY 0.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] user-interface vty 0
[H3C-ui-vty0] protocol inbound ssh
1.1.17 screen-length
Syntax
screen-length screen-length
undo screen-length
View
User interface view
Parameters
screen-length: Number of lines the screen can contain. This argument ranges from 0 to 512 and defaults to 24.
Description
Use the screen-length command to set the number of lines the terminal screen can contain.
Use the undo screen-length command to revert to the default number of lines.
By default, the terminal screen can contain up to 24 lines.
You can use the screen-length 0 command to disable the function of displaying information in pages.
Examples
# Set the number of lines the terminal screen can contain to 20.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] user-interface aux0
[H3C-ui-aux0] screen-length 20
1.1.18 send
Syntax
send { all | number | type number }
View
User view
Parameters
all: Sends messages to all user interfaces.
type: User interface type.
number: Absolute or relative index of the user interface.
Description
Use the send command to send messages to a specified user interface or all user interfaces.
Examples
# Send hello to all user interfaces.
<H3C> send all
Enter message, end with CTRL+Z or Enter; abort with CTRL+C:
hello^Z
Send message? [Y/N]y
1.1.19 service-type
Syntax
service-type { ftp [ ftp-directory directory ] | lan-access | { ssh | telnet | terminal }* [ level level ] }
undo service-type { ftp [ ftp-directory ] | lan-access | { ssh | telnet | terminal }* }
View
Local user view
Parameters
ftp: Specifies the users to be FTP users.
ftp-directory directory: Specifies the path for FTP users. The directory argument is a string up to 64 characters.
lan-access: Specifies the users to be of LAN-access type, which normally means Ethernet users, such as 802.1x users.
ssh: Specifies the users to be SSH users.
telnet: Specifies the users to be Telnet users.
terminal: Makes Terminal services available to authorized users (logging in through the Console port).
level level: Specifies the user level for Telnet users, Terminal users, or SSH users. The level argument is an integer, ranges from 0 to 3 and defaults to 0.
Description
Use the service-type command to specify the login type and the corresponding available command level.
Use the undo service-type command to cancel login type configuration.
Commands fall into four levels: access, monitor, system, and administration, which are described as follows:
l Access level: Commands of this level are used to diagnose network and change the language mode of user interface, such as the ping, tracert, and language-mode command. The Telnet command is also of this level. Commands of this level cannot be saved in configuration files.
l Monitor level: Commands of this level are used to maintain the system, to debug service problems, and so on. The display and debugging commands are of monitor level. Commands of this level cannot be saved in configuration files.
l System level: Commands of this level are used to configure services. Commands concerning routing and network layers are of system level. You can utilize network services by using these commands.
l Administration level: Commands of this level are for the operation of the entire system and the system supporting modules. Services are supported by these commands. Commands concerning file system, File Transfer Protocol (FTP), Trivial File Transfer Protocol (TFTP), downloading using XMODEM, user management, and level setting are of administration level.
Examples
# Configure commands of level 0 are available to the user logging in with the username being zbr.
System View: return to User View with Ctrl+Z.
[H3C] local-user zbr
[H3C-luser-zbr] service-type telnet level 0
# To verify the above configuration, you can quit the system, log in again using the username zbr, and you can see only commands of level 0 are listed on the terminal.
[H3C] quit
<H3C> ?
User view commands:
cluster Run cluster command
debugging Enable system debugging functions
language-mode Specify the language environment
ping Send echo messages
quit Exit from current command view
super Privilege the current user a specified priority level
telnet Establish one TELNET connection
tracert Trace route function
undo Cancel current setting
1.1.20 set authentication password
Syntax
set authentication password { cipher | simple } password
undo set authentication password
View
User interface view
Parameters
cipher: Specifies to display the local password in encrypted text when you display the current configuration.
simple: Specifies to display the local password in plain text when you display the current configuration.
password: Password. The password must be in plain text if you specify the simple keyword in the set authentication password command. If you specify the cipher keyword, the password can be in either encrypted text or plain text. When you enter the password in plain text containing up to 16 characters (such as 123), the system converts the password to the corresponding 24-character encrypted password (such as 7-CZB#/YX]KQ=^Q`MAF4<1!!). Make sure you are aware of the corresponding plain password if you enter the password in ciphered text (such as 7-CZB#/YX]KQ=^Q `MAF4<1!!).
Description
Use the set authentication password command to set the local password.
Use the undo set authentication password command to remove the local password.
Note that only plain text passwords are expected when users are authenticated.
& Note:
By default, modem users and Telnet users need to provide their passwords to log in. If no password is set, the “Login password has not been set !” message appears on the terminal when users log in.
Examples
# Set the local password of VTY 0 to 123.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] user-interface vty 0
[H3C-ui-vty0] set authentication password simple 123
1.1.21 shell
Syntax
shell
undo shell
View
User interface view
Parameters
None
Description
Use the shell command to make terminal services available for the user interface(s).
Use the undo shell command to make terminal services unavailable to the user interface(s).
By default, terminal services are available in all user interfaces.
Note the following when using the undo shell command:
l This command is available in all user interfaces except the AUX (Console) user interface.
l This command is unavailable in the current user interface.
l This command prompts for confirmation when being executed in any valid user interface.
Examples
# Log into user interface 0 and make terminal services unavailable in VTY 0 through VTY 4.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] user-interface vty 0 4
[H3C-ui-vty0-4] undo shell
1.1.22 speed
Syntax
speed speed-value
undo speed
View
User interface view
Parameters
speed-value: Transmission speed (in bps). This argument can be 300, 600, 1200, 2400, 4800, 9600, 19,200, 38,400, 57,600, and 115,200 and defaults to 9,600.
Description
Use the speed command to set the transmission speed of the user interface.
Use the undo speed command to revert to the default transmission speed.
Use these two commands in the AUX user interface view only.
Examples
# Set the transmission speed of the AUX user interface to 115,200 bps.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] user-interface aux 0
[H3C-ui-aux0] speed 115200
1.1.23 stopbits
Syntax
stopbits { 1 | 1.5 | 2 }
undo stopbits
View
User interface view
Parameters
1: Sets the stop bits to 1.
1.5: Sets the stop bits to 1.5.
2: Sets the stop bits to 2.
Description
Use the stopbits command to set the stop bits of the user interface.
Use the undo stopbits command to revert to the default stop bits.
Use these two commands in the AUX user interface only.
By default, the stop bits is 1.
& Note:
Changing the value of the stop bits does not affect the communications between the switch and the terminal.
Examples
# Set the stop bits to 2.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] user-interface aux 0
[H3C-ui-aux0] stopbits 2
1.1.24 sysname
Syntax
sysname string
undo sysname
View
System view
Parameters
string: Domain name of the switch. This argument can contain 1 to 30 characters and defaults to H3C.
Description
Use the sysname command to set a domain name for the switch.
Use the undo sysname command to revert to the default domain name.
The CLI prompt reflects the domain name of a switch. For example, if the domain name of a switch is H3C, then the prompt of user view is <H3C>.
Examples
# Set the domain name of the switch to ABC.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] sysname ABC
[ABC]
1.1.25 telnet
Syntax
telnet { hostname | ip-address } [ service-port ]
View
User view
Parameters
hostname: Host name of the remote switch. You can use the ip host command to assign a host name to a switch.
ip-address: IP address of the remote switch.
service-port: TCP port number that provides Telnet service on the switch. This argument ranges from 0 to 65,535.
Description
Use the telnet command to Telnet to another switch from the current switch to manage the former remotely. You can terminate a Telnet connection by pressing <Ctrl + K> or by executing the quit command.
The default TCP port number is 23.
Related commands: display tcp status, ip host.
Examples
# Telnet to the switch with the host name of H3C2 and IP address of 129.102.0.1 from the current switch (with the host name of H3C1).
<H3C1> telnet 129.102.0.1
Trying 129.102.0.1 ...
Press CTRL+K to abort
Connected to 129.102.0.1 ...
<H3C2>
1.1.26 user-interface
Syntax
user-interface [ type ] first-number [ last-number ]
View
System view
Parameters
type: User interface type.
first-number: User interface index, which identifies the first user interface to be configured.
last-number: User interface index, which identifies the last user interface to be configured.
Description
Use the user-interface command to enter one or more user interface views to perform configuration.
Examples
# Enter VTY 0 user interface view.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] user-interface vty 0
[H3C-ui-vty0]
1.1.27 user privilege level
Syntax
user privilege level level
undo user privilege level
View
User interface view
Parameters
level: Command level ranging from 0 to 3.
Description
Use the user privilege level command to configure the command level available to the users logging into the user interface.
Use the undo user privilege level command to revert to the default command level.
By default, the commands of level 3 are available to the users logging into the AUX user interface. The commands of level 0 are available to the users logging into VTY user interfaces.
Examples
# Configure that commands of level 0 are available to the users logging into VTY 0.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] user-interface vty 0
[H3C-ui-vty0] user privilege level 0
# You can verify the above configuration by Telneting to VTY 0 and displaying the available commands. You can see only commands of level 0 are displayed, as listed in the following.
User view commands:
cluster Run cluster command
debugging Enable system debugging functions
language-mode Specify the language environment
ping Send echo message
quit Exit from current command view
super Privilege current user a specified priority level
telnet Establish one TELNET connection
tracert Trace route function
undo Cancel current setting
Chapter 2 Commands for User Control
2.1 Commands for Controlling Logging in Users
2.1.1 acl
Syntax
acl acl-number { inbound | outbound }
undo acl { inbound | outbound }
View
User interface view
Parameters
acl-number: ACL number ranging from 2,000 to 3,999.
inbound: Filters the users Telneting to the current switch.
outbound: Filters the users Telneting to other switches from the current switch.
Description
Use the acl command to apply an ACL to filter Telnet users.
Use the undo acl command to disable the switch from filtering Telnet users through the ACL.
By default, Telnet users are not filtered by ACLs.
Examples
# Apply ACL 2000 to filter users Telneting to the current switch (assuming that ACL 2,000 already exists.)
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] user-interface vty 0 4
[H3C-ui-vty0-4] acl 2000 inbound
2.1.2 snmp-agent community
Syntax
snmp-agent community { read | write } community-name [ mib-view view-name | acl acl-number ]*
undo snmp-agent community community-name
View
System view
Parameters
read: Specifies that the community has read-only permission in the specified view.
write: Specifies that the community has read/write permission in the specified view.
community-name: Community name. A string ranges from 1 to 32 characters.
mib-view: Sets the name of the MIB view accessible to the community.
view-name: MIB view name, 1 to 32 characters long.
acl acl-number: Specifies the ACL number. The acl-number argument ranges from 2,000 to 2,999.
Description
Use the snmp-agent community command to set a community name and to enable users to access the switch through SNMP. You can also optionally use this command to apply an ACL to filter network management users.
Use the undo snmp-agent community command to cancel community-related configuration for the specified community.
By default, SNMPv1 and SNMPv2c access a switch by community names.
Examples
# Set the community name to h123, enable users to access the switch with the community name (with read-only permission), and apply ACL 2,000 to filter network management users (assuming that ACL 2000 already exists.)
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] snmp-agent community read h123 acl 2000
2.1.3 snmp-agent group
Syntax
snmp-agent group { v1 | v2c } group-name [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ]
undo snmp-agent group { v1 | v2c } group-name
snmp-agent group v3 group-name [ authentication | privacy ] [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ]
undo snmp-agent group v3 group-name [ authentication | privacy ]
View
System view
Parameters
v1: Specifies to adopt v1 security scheme.
v2c: Specifies to adopt v2c security scheme.
v3: Specifies to adopt v3 security scheme.
group-name: Group name. This argument can be of 1 to 32 characters.
authentication: Specifies to authenticate SNMP data without encrypting the data.
privacy: Authenticates and encrypts packets.
read-view: Sets a read-only view.
read-view: Name of the view to be set to read-only. This argument can be of 1 to 32 characters.
write-view: Sets a readable & writable view.
write-view: Name of the view to be set to readable & writable. This argument can be of 1 to 32 characters.
notify-view: Sets a notifying view.
notify-view: Name of the view to be set to a notifying view. This argument can be of 1 to 32 characters.
acl acl-number: Specifies an ACL. The acl-number argument ranges from 2,000 to 2,999.
Description
Use the snmp-agent group command to create a SNMP group. You can also optionally use this command to apply an ACL to filter network management users.
Use the undo snmp-agent group command to remove a specified SNMP group.
By default, the snmp-agent group v3 group-name command is provided without the authentication and privacy keyword. That is, the switch does not authenticate or encrypt the specified group.
Examples
# Create a SNMP group named h123 and apply ACL 2001 to filter network management users (assuming that ACL 2001 already exists).
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] snmp-agent group v1 h123 acl 2001
2.1.4 snmp-agent usm-user
Syntax
snmp-agent usm-user { v1 | v2c } user-name group-name [ acl acl-number ]
undo snmp-agent usm-user { v1 | v2c } user-name group-name
snmp-agent usm-user v3 user-name group-name [ authentication-mode { md5 | sha } auth-password ] [ privacy des56 priv-password ] [ acl acl-number ]
undo snmp-agent usm-user v3 user-name group-name { local | engineid engineid-string }
View
System view
Parameters
v1: Specifies to adopt v1 security scheme.
v2c: Specifies to adopt v2c security scheme.
v3: Specifies to adopt v3 security scheme.
user-name: User name. This argument can be of 1 to 32 characters.
group-name: Group name the user corresponds to. This argument can be of 1 to 32 characters.
authentication-mode: Specifies to authenticate users.
md5: Specifies the authentication protocol to be HMAC-MD5-96.
sha: Specifies the authentication protocol to be HMAC-SHA-96.
auth-password: Authentication password. This argument can be of 1 to 64 characters.
privacy: Specifies to encrypt data.
des56: Specifies the encrypting protocol to be DES.
priv-password: Encrypting password string. This argument can be of 1 to 64 characters.
acl acl-number: Specifies the ACL number. The acl-number argument ranges from 2,000 to 2,999.
local: Specifies the user to be a local user entity.
engineid: Specifies the ID of the engine associated with the user.
engineid-string: Engine ID, a string of 10 to 64 hexadecimal digits.
Description
Use the snmp-agent usm-user command to add a user to the specified SNMP group. You can also optionally use this command to apply an ACL to filter network management users.
Use the undo snmp-agent usm-user command to remove a user from the corresponding SNMP group. The operation also frees the user from the corresponding ACL-related configuration.
Examples
# Add the user named aaa to the SNMP group named group1, specifying to authenticate the user, specifying the authentication protocol to be HMAC-MD5-96, the authentication password to be 123, and applying ACL 2002 to filter network management users (assuming that ACL 2002 already exists).
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] snmp-agent usm-user v3 aaa group1 authentication-mode md5 123 acl 2002