Syntax
authentication-mode { password | scheme [ command-authorization
] | none }
View
User interface view
Parameter
password: Authenticates users using the local password.
scheme:
Authenticates users locally or remotely using usernames and passwords.
command-authorization: Performs command authorization on TACACS authentication server.
none: Does
not authenticate users.
Description
Use the authentication-mode command
to specify the authentication mode.
l
If you specify the password keyword to
authenticate users using the local password, remember to set the local password
using the set authentication password { cipher | simple } password command.
l
If you specify the scheme keyword to authenticate
users locally or remotely using usernames and passwords, the actual
authentication mode depends on other related configuration. Refer to the
Security module for more.
l
If this command is executed with the command-authorization
keywords specified, authorization is performed on the TACACS server whenever
you attempt to execute a command, and the command can be executed only when you
pass the authorization. Normally, a TACACS server contains a list of the
commands available to different users.
If you specify to perform local
authentication when a user logs in through the Console port, a user can log
into the switch with the password not configured. But for a VTY user interface,
a password is needed for a user to log into the switch through it under the
same circumstance.
By default, users logging in through the
Console port are not authenticated, whereas modem users and Telnet users are
authenticated.
To improve security and avoid malicious attack to the unused SOCKETs,
TCP 23 and TCP 22, ports for Telnet and SSH services respectively, will be
enabled or disabled after corresponding configurations.
l
If the authentication mode is none, TCP
23 will be enabled, and TCP 22 will be disabled.
l
If the authentication mode is password,
and the corresponding password has been set, TCP 23 will be enabled, and TCP 22
will be disabled.
l
If the authentication mode is scheme, there
are three scenarios: when the supported protocol is specified as telnet,
TCP 23 will be enabled; when the supported protocol is specified as ssh,
TCP 22 will be enabled; when the supported protocol is specified as all,
both the TCP 23 and TCP 22 port will be enabled.
Example
# Configure to authenticate AUX users using
the local password.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] user-interface aux0
[H3C-ui-aux0] authentication-mode
password
Syntax
auto-execute command text
undo auto-execute command
View
User interface view
Parameter
text:
Command to be executed automatically.
Description
Use the auto-execute command command
to set the command that is executed automatically after a user logs in.
Use the undo auto-execute command command
to disable the specified command from being automatically executed.
Normally, the telnet command is
specified to be executed automatically to enable the user to Telnet to a
specific network device automatically.
By default, no command is automatically
executed.
Caution:
l
The auto-execute command command may
cause you unable to perform common configuration in the user interface, so use
it with caution.
l
Before executing the auto-execute command
command and save your configuration, make sure you can log into the switch in
other modes and cancel the configuration.
Example
# Configure the telnet 10.110.100.1
command to be executed automatically after users log into VTY 0.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] user-interface vty0
[H3C-ui-vty0] auto-execute command
telnet 10.110.100.1
% This action will lead to
configuration failure through ui-vty0. Are you sure?[
Y/N]y
Syntax
databits {
7 | 8 }
undo databits
View
User interface view
Parameter
7: Sets the data bits to 7.
8: Sets the data bits to 8.
Description
Use the databits command to set the databits
for the user interface.
Use the undo databits command to
revert to the default data bits.
Execute these two commands in AUX user
interface view only.
The default data bits is 8.
Example
# Set the data bits to 7.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] user-interface aux0
[H3C-ui-aux0] databits 7
Syntax
display user-interface [ type number | number ] [ summary ]
View
Any view
Parameter
type: User
interface type.
number: User
interface number.
summary:
Display summary information of the user interface.
Description
Use the display user-interface
command to display the information about a specified user interface or all user
interfaces. If the summary keyword is not specified, this command
displays user interface type, absolute/relative user interface number,
transmission speed, available command level, authentication mode, and physical
position. If the summary keyword is specified, this command displays the
number and type of the user interfaces, including those that are in use and
those that are not in use.
Example
# Display the information about user
interface 0.
<H3C> display user-interface 0
Idx
Type Tx/Rx Modem Privi Auth Int
F 0 AUX 0 9600 -
3 N -
+ : Current user-interface is
active.
F : Current user-interface is
active and work in async mode.
Idx : Absolute index of user-interface.
Type : Type and relative index of
user-interface.
Privi: The privilege of
user-interface.
Auth : The authentication mode of
user-interface.
Int : The physical location of
UIs.
A : Authenticate use AAA.
N : Current UI need not authentication.
P : Authenticate use current UI's
password.
Table 1-1 Descriptions on the fields of the display user-interface
command
|
Filed
|
Description
|
|
+
|
The information displayed is about the
current user interface.
|
|
F
|
The information displayed is about the
current user interface. And the current user interface operates in
asynchronous mode.
|
|
Idx
|
The absolute index of the user interface
|
|
Type
|
User interface type and the relative
index
|
|
Tx/Rx
|
Transmission speed of the user interface
|
|
Modem
|
Indicates whether or not a modem is used.
|
|
Privi
|
The available command level
|
|
Auth
|
The authentication mode
|
|
Int
|
The physical position of the user
interface
|
|
A
|
The current user is authenticated by AAA.
|
|
N
|
Users are not authenticated.
|
|
P
|
Users need to provide passwords to pass
the authentication.
|
# Display the summary information about the
user interface.
<H3C>display user-interface
summary
User interface type : [AUX]
0:X
User interface type : [VTY]
1:UXXX X
1 character mode users. (U)
5 UI never used. (X)
1 total UI in use
Syntax
display users [ all ]
View
Any view
Parameter
all:
Displays the information about all user interfaces.
Description
Use the display users command to display
the information about user interfaces. If you do not specify the all
keyword, only the information about the current user interface is displayed.
Example
# Display the information about the current
user interface.
<H3C> display users
UI Delay Type Ipaddress
Username Userlevel
F 0 AUX 0
00:00:00 3
+ : Current operation user.
F : Current operation user work in
async mode.F 0 AUX 0 00:00:00
Table 1-2 Descriptions on the fields of the display users command
|
Field
|
Description
|
|
F
|
The information is about the current user
interface, and the current user interface operates in asynchronous mode.
|
|
UI
|
The numbers in the left sub-column are
the absolute user interface indexes, and those in the right sub-column are
the relative user interface indexes.
|
|
Delay
|
The period in seconds the user interface
idles for.
|
|
Type
|
User type
|
|
IPaddress
|
The IP address form which the user logs
in.
|
|
Username
|
The login name of the user that logs into
the user interface.
|
|
Userlevel
|
The level of the commands available to
the users logging into the user interface
|
|
+
|
The user interface is in use.
|
1.1.6 free user-interface
Syntax
free user-interface [ type ] number
View
User view
Parameter
type: User
interface type.
number:
Index of the user interface. This argument can be an absolute user interface
index (if you do not provide the type argument) or a relative user
interface index (if you provide the type argument).
Description
Use the free user-interface command
to release a specified user interface. If you execute this command, the
corresponding user interface will be disconnected.
Note that the current user interface cannot
be released.
Example
# Log into user interface 0 and release
user interface VTY 0.
<H3C> free user-interface vty 0
Are you sure you want to free
user-interface vty0 [Y/N]? y
[OK]
After you execute this command, user
interface VTY 0 will be disconnected. The user in it must log in again to
connect to the switch.
Syntax
header [ shell
| incoming | login ] text
undo header {
shell | incoming | login }
View
System view
Parameter
login: Sets
the login banner. The banner set by this keyword is valid only when users are
authenticated before they log into the switch and appears while the switch
prompts for user name and password.
shell: Sets
the session banner, which appears after a session is established. If you
specify to authenticate login users, the banner appears after a user passes the
authentication.
Sets the login banner for users that log in
through modems. If you specify to authenticate login users, the banner appears
after a user passes the authentication. (The session does not appear in this
case.)
text: Banner
to be displayed. If no keyword is specified, this argument is the login banner.
You can provide this argument in two ways. One is to enter the banner in the
same line as the command (A command line can accept up to 254 characters.) The
other is to enter the banner in multiple lines (you can start a new line by
pressing <Enter>,) where you can enter a banner that can contain up to
2000 characters (including the invisible characters). Note that the first
character is the beginning character and the end character of the banner. After
entering the end character, you can press <Enter> to exit the
interaction.
Description
Use the header command to set the
banners that are displayed when a user logs into a switch. The login banner is
displayed on the terminal when the connection is established. And the session
banner is displayed on the terminal if a user successfully logs in.
Use the undo header command to
disable displaying a specific banner or all banners.
Note that if you specify any one of the
three keywords without providing the text argument, the specified
keyword will be regarded as the login information.
You can specify the banner in the following
three ways, each of which requires that the first character and the last
character of the banner be the same.
l
Enter the banner in multiple lines. If you only
type one character in the first line of a banner, the character and the last
character do not act as part of the banner. The following gives an example of
this way.
[H3C] header shell 0
Input banner text, and quit with the
character '0'.
Welcome!0
When you log in the next time,
“Welcome!” is displayed as the banner. The beginning character and
the end character (character 0) do not appear.
l
Enter the banner in multiple lines. If you type
multiple characters in the first line of a banner and the beginning and the end
characters of the banner in this line are not the same, the beginning character
is part of the banner. The following is an example.
[H3C] header shell hello
Input banner text, and quit with the
character 'h'.
my friend !
h
When you log in the next time,
“hello” and “my friend !“ is displayed respectively in
two lines as the banner. The beginning character “h” appears in the
banner.
l
Enter the banner in a single line. You can also
specify the banner in a single line. In this case, the banner does contain the
beginning and the end character. The following is an example.
[H3C] header shell 0welcome,my
friend!0
When you log in the next time,
“welcome, my friend!” is displayed as the banner.
Example
# Set the session banner.
Option 1: Enter the banner in the same line
as the command.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] header shell %SHELL: Hello!
Welcome%(Make sure the beginning and end characters of the banner are the
same.)
When you log in again, the session banner
appears on the terminal as the following:
[H3C] quit
<H3C> quit
Please press ENTER
SHELL: Hello! Welcome(The beginning
and end characters of the banner are not displayed.)
<H3C>
Option 2: Enter the banner in new lines.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] header shell %SHELL: (Following
appears when you press <Enter>:)
Input banner text, and quit with the
character '%'.
Continue entering the banner and end the
banner with the character identical with the beginning character of the banner.
Hello! Welcome % (Press
<Enter>.)
[H3C]
When you log in again, the session banner
appears on the terminal as the following:
[H3C] quit
<H3C> quit
Please press ENTER
%SHELL: (Note that the beginning
character of the banner appears.)
Hello! Welcome
<H3C>
Syntax
history-command max-size value
undo history-command max-size
View
User interface view
Parameter
value: Size
of the history command buffer. This argument ranges from 0 to 256 and defaults
to 10. That is, the history command buffer can store 10 commands by default.
Description
Use the history-command max-size
command to set the size of the history command buffer.
Use the undo history-command max-size
command to revert to the default history command buffer size.
Example
# Set the size of the history command
buffer to 20 to enable it to store up to 20 commands.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] user-interface aux 0
[H3C-ui-aux0] history-command
max-size 20
Syntax
idle-timeout minutes [ seconds ]
undo idle-timeout
View
User interface view
Parameter
minutes:
Number of minutes. This argument ranges from 0 to 35,791.
seconds:
Number of seconds. This argument ranges from 0 to 59.
Description
Use the idle-timeout command to set
the timeout time. The connection to a user interface is terminated if no
operation is performed in the user interface within the specified period.
Use the undo idle-timeout command to
revert to the default timeout time.
You can use the idle-timeout 0
command to disable the timeout function.
The default timeout time is 10 minutes.
Example
# Set the timeout time of AUX 0 to 1
minute.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] user-interface aux0
[H3C-ui-aux0] idle-timeout 1 0
Syntax
ip http shutdown
undo ip http shutdown
View
System view
Parameter
None
Description
Use the ip http shutdown command to
shut down the Web server.
Use the undo ip http shutdown
command to launch the Web server.
By default, the Web server is launched.
To improve security and avoid malicious attack to the unused SOCKETs,
TCP 80 port for HTTP service will be enabled or disabled after corresponding
configurations.
If you use the undo ip http shutdown command to enable the
Web Server, TCP 80 will be enabled; if you use the ip http shutdown
command to disabled the Web Server, TCP 80 will be disabled.
Caution:
After the Web file
is upgraded, you need to specify a new Web file from the boot menu. Otherwise,
the Web Server function cannot be used normally.
Example
# Shut down the Web server.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ip http shutdown
%Apr 4 01:30:12:080 2000 H3C
HTTPD/5/Log:- 1 -Stopped HTTP server.
# Launch the Web server.
[H3C] undo ip http shutdown
%Apr 4 01:33:16:212 2000 H3C
HTTPD/5/Log:- 1 -Starting HTTP server.
Syntax
lock
View
User view
Parameter
None
Description
Use the lock command to lock the
current user interface to prevent unauthorized users from operating the user
interface.
After the command is executed, you are
prompted to enter a password of 1 to 16 characters and make a confirmation. Then
the current user interface is locked.
Enter the right password and press
<Enter>, and then the user interface is unlocked. If you have set a
password longer than 16 characters, the system only matches the first 16
characters during unlocking. That is, once the first 16 characters are correct,
the user interface will be unlocked.
Example
# Lock the current user interface.
<H3C> lock
Password:
Again:
locked !
Syntax
parity { even
| none | odd }
undo parity
View
User interface view
Parameter
even:
Performs even checks.
none: Does
not check.
odd:
Performs odd checks.
Description
Use the parity command to set the
check mode of the user interface.
Use the undo parity command to
revert to the default check mode.
Use these two commands in AUX user interface view only.
No check is performed by default.
Example
# Set to perform even checks.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] user-interface aux 0
[H3C-ui-aux0] parity even
Syntax
protocol inbound { all | ssh | telnet }
View
User interface view
Parameter
all:
Supports both Telnet protocol and SSH protocol.
ssh:
Supports SSH protocol.
telnet:
Supports Telnet protocol.
Description
Use the protocol inbound command to
specify the protocols supported by the user interface.
Both Telnet protocol and SSH protocol are
supported by default.
Use this command in VTY user interface view only.
Related command: user-interface vty.
To improve security
and avoid malicious attack to the unused SOCKETs, TCP 23 and TCP 22, ports for
Telnet and SSH services respectively, will be enabled or disabled after
corresponding configurations.
l
If the authentication mode is none, TCP
23 will be enabled, and TCP 22 will be disabled.
l
If the authentication mode is password,
and the corresponding password has been set, TCP 23 will be enabled, and TCP 22
will be disabled.
l
If the authentication mode is scheme, there
are three scenarios: when the supported protocol is specified as telnet,
TCP 23 will be enabled; when the supported protocol is specified as ssh,
TCP 22 will be enabled; when the supported protocol is specified as all,
both the TCP 23 and TCP 22 port will be enabled.
Example
# Configure that only SSH protocol is
supported in VTY 0.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] user-interface vty0
[H3C-ui-vty0] protocol inbound ssh
Syntax
screen-length screen-length
undo screen-length
View
User interface view
Parameter
screen-length: Number of lines the screen can contain. This argument ranges from
0 to 512 and defaults to 24.
Description
Use the screen-length command to set
the number of lines the terminal screen can contain.
Use the undo screen-length command
to revert to the default number of lines.
By default, the terminal screen can contain
up to 24 lines.
You can use the screen-length 0
command to disable the function to display information in pages.
Example
# Set the number of lines the terminal
screen can contain to 20.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] user-interface aux0
[H3C-ui-aux0] screen-length 20
1.1.15 send
Syntax
send { all
| number | type number }
View
User view
Parameter
all: Specifies
to send messages to all user interfaces.
type: User
interface type.
number:
Absolute or relative index of the user interface.
Description
Use the send command to send
messages to a specified user interface or all user interfaces.
Example
# Send “hello” to all user
interfaces.
<H3C> send all
Enter message, end with CTRL+Z or
Enter; abort with CTRL+C:
hello^Z
Send message? [Y/N]y
<H3C>
***
***
***Message from aux0 to aux0
***
hello
Syntax
service-type
{ ftp | lan-access | { ssh | telnet | terminal
}* [ level level ] }
undo service-type { ftp | lan-access | { ssh | telnet |
terminal }* }
View
Local user view
Parameter
ftp:
Specifies the users to be of FTP type.
lan-access:
Specifies the users to be of LAN-access type, which normally means Ethernet
users, such as 802.1x users.
ssh:
Specifies the users to be of SSH type.
telnet:
Specifies the users to be of Telnet type.
terminal:
Makes terminal services available to users logging in through the Console port.
level level: Specifies the user level for Telnet users, Terminal users, or SSH
users. The level argument ranges from 0 to 3 and defaults to 0.
Description
Use the service-type command to
specify the login type and the corresponding available command level.
Use the undo service-type command to
cancel login type configuration.
Commands fall into four command levels:
access, monitor, system, and administration, which are described as follows:
l
Access level: Commands of this level are used to
diagnose network and change the language mode of user interface, such as the ping,
tracert, and language-mode command. The Telnet command is
also of this level. Commands of this level cannot be saved in configuration
files.
l
Monitor level: Commands of this level are used
to maintain the system, to debug service problems, and so on. The display
and debugging command are of monitor level. Commands of this level
cannot be saved in configuration files.
l
System level: Commands of this level are used to
configure services. Commands concerning routing and network layers are of
system level. You can utilize network services by using these commands.
l
Administration level: Commands of this level are
for the operation of the entire system and the system supporting modules.
Services are supported by these commands. Commands concerning file system, file
transfer protocol (FTP), trivial file transfer protocol (TFTP), downloading
using XModem, user management, and level setting are of administration level.
To improve security
and avoid malicious attack to the unused SOCKETs, TCP 23 and TCP 22, ports for
Telnet and SSH services respectively, will be enabled or disabled after
corresponding configurations.
l
If the authentication mode is none, TCP
23 will be enabled, and TCP 22 will be disabled.
l
If the authentication mode is password,
and the corresponding password has been set, TCP 23 will be enabled, and TCP 22
will be disabled.
l
If the authentication mode is scheme, there
are three scenarios: when the supported protocol is specified as telnet,
TCP 23 will be enabled; when the supported protocol is specified as ssh,
TCP 22 will be enabled; when the supported protocol is specified as all,
both the TCP 23 and TCP 22 port will be enabled.
Example
# Configure commands of level 0 are
available to the users logging in using the user name of “zbr”.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] local-user zbr
[H3C-luser-zbr] service-type telnet
level 0
# To verify the above configuration, you
can quit the system, log in again using the user name of “zbr”, and
then list the available commands, as listed in the following.
[H3C] quit
<H3C> ?
User view commands:
cluster Run cluster
command
language-mode Specify the
language environment
ping Ping function
quit Exit from
current command view
super Set the
current user priority level
telnet Establish one
TELNET connection
tracert Trace route
function
Syntax
set authentication password { cipher | simple } password
undo set authentication password
View
User interface view
Parameter
cipher:
Specifies to display the local password in encrypted text when you display the
current configuration.
simple:
Specifies to display the local password in plain text when you display the
current configuration.
password: If
you specify the simple keyword, provide this argument in plain text. If
you specify the cipher keyword, you can provide this argument in two
ways: First you can enter a plain text password, which contains 16 characters
at most. For example, you can enter 123, and then the system will change it to
the 24-character cipher text “7-CZB#/YX]KQ=^Q`MAF4<1!!”. Or you
just enter a cipher text password, which must contain 24 characters. For
example, you can enter “7-CZB#/YX]KQ=^Q`MAF4<1!!”, and then you
must know that its plain text is 123.
Description
Use the set authentication password
command to set the local password.
Use the undo set authentication password
command to remove the local password.
Note that only plain text passwords are
expected when users are authenticated.
By default, modem
users and Telnet users need to provide their passwords to log in. If no
password is set, the “Login password has not been set !” message
appears on the terminal when users log in.
Example
# Set the local password of VTY 0 to “123”.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] user-interface vty0
[H3C-ui-vty0] set authentication
password simple 123
Syntax
shell
undo shell
View
User interface view
Parameter
None
Description
Use the shell command to make
terminal services available for the user interface.
Use the undo shell command to make
terminal services unavailable to the user interface.
By default, terminal services are available
in all user interfaces.
Note the following when using the undo shell
command:
l
This command is available in all user interfaces
except the AUX user interface, because the AUX port (also the Console) is
exclusively used for configuring the switch.
l
This command is unavailable in the current user
interface.
l
This command prompts for confirmation when being
executed in any valid user interface.
Example
# Log into user interface 0 and make
terminal services unavailable in VTY 0 through VTY 4.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] user-interface vty 0 4
[H3C-ui-vty0-4] undo shell
Syntax
speed speed-value
undo speed
View
User interface view
Parameter
speed-value:
Transmission speed in bps. This argument can be 300, 600, 1200, 2400, 4800, 9600,
19,200, 38,400, 57,600, or 115,200 and defaults to 9,600.
Description
Use the speed command to set the
transmission speed of the user interface.
Use the undo speed command to revert
to the default transmission speed.
Use these two commands in the AUX user interface view only.
Example
# Set the transmission speed of the AUX
user interface to 9,600 bps.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] user-interface aux0
[H3C-ui-aux0] speed 9600
Syntax
stopbits {
1 | 1.5 | 2 }
undo stopbits
View
User interface view
Parameter
1: Sets the
stop bits to 1.
1.5: Sets
the stop bits to 1.5.
2: Sets the
stop bits to 2.
Description
Use the stopbits command to set the
stop bits of the user interface.
Use the undo stopbits command to
revert to the default stop bits.
Use these two commands in the AUX user interface only.
By default, the stop bits is 1.
Example
# Set the stop bits to 2.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] user-interface aux0
[H3C-ui-aux0] stopbits 2
Syntax
sysname text
undo sysname
View
System view
Parameter
text: Domain
name of the switch. This argument can contain 1 to 30 characters and defaults
to “H3C”.
Description
Use the sysname command to set a
domain name for the switch.
Use the undo sysname command to
revert to the default domain name.
The CLI prompt reflects the domain name of
a switch. For example, if the domain name of a switch is “H3C”,
then the prompt of user view is <H3C>.
Example
# Set the domain name of the switch to “ABC”.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] sysname ABC
[ABC]
1.1.22 telnet
Syntax
telnet { hostname | ip-address } [ service-port ]
View
User view
Parameter
hostname:
Host name of the remote switch. You can use the ip host command to
assign a host name to a switch.
ip-address:
IP address of the remote switch.
service-port:
TCP port number of the port that provides Telnet service on the switch. This
argument ranges from 0 to 65,535.
Description
Use the telnet command to Telnet to
another switch from the current switch to manage the former remotely. You can
terminate a Telnet connection by pressing <Ctrl + K>.
The default TCP port number is 23.
Related command: display tcp status.
Example
# Telnet to the switch with the host name
of H3C2 and IP address of 129.102.0.1 from the current switch (with the host
name of H3C1).
<H3C1> telnet 129.102.0.1
<H3C2>
Syntax
user-interface [ type ] first-number [ last-number ]
View
System view
Parameter
type: User
interface type.
first-number:
User interface index, which identifies the first user interface to be
configured.
last-number:
User interface index, which identifies the last user interface to be
configured.
Description
Use the user-interface command to
enter one or more user interface views to perform configuration.
Example
# Enter VTY 0 user interface view.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] user-interface vty 0
[H3C-ui-vty0]
1.1.24 user privilege
level
Syntax
user privilege level level
undo user privilege level
View
User interface view
Parameter
level:
Command level ranging from 0 to 3.
Description
Use the user privilege level command
to configure the command level available to the users logging into the user
interface.
Use the undo user privilege level
command to revert to the default command level.
By default, the commands of level 3 are
available to the users logging into the AUX user interface. The commands of
level 0 are available to the users logging into VTY user interfaces.
Example
# Configure that commands of level 0 are available
to the users logging into VTY 0.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] user-interface vty0
[H3C-ui-vty0] user privilege level 0
# You can verify the above configuration by
Telneting to VTY 0 and displaying the available commands, as listed in the
following.
<H3C> ?
User view commands:
cluster Run cluster
command
language-mode Specify the
language environment
ping Ping function
quit Exit from
current command view
super Set the
current user priority level
telnet Establish one
TELNET connection
tracert Trace route
function
Syntax
acl acl-number { inbound | outbound }
undo acl { inbound
| outbound }
View
User interface view
Parameter
acl-number: ACL
number ranging from 2,000 to 3,999.
inbound:
Filters the users Telneting to the current switch.
outbound:
Filters the users Telneting to other switches from the current switch.
Description
Use the acl command to apply an ACL
to filter Telnet users.
Use the undo acl command to
disable the switch from filtering Telnet users using the ACL.
You can define ACL rules to filter the
source IP, destination IP, source port and destination port. But the system
cannot match such advanced fields as fragment, tos, precedence
and dscp defined in ACL rules here.
Example
# Apply ACL 2000 to filter users Telneting
to the current switch (assuming that ACL 2,000 already exists.)
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] user-interface vty 0 4
[H3C-ui-vty0-4] acl 2000 inbound
Syntax
free web-users { all | user-id userid | user-name username
}
View
User view
Parameter
userid: Web
user ID.
username:
User name of the Web user. This argument can contain 1 to 80 characters.
all:
Specifies all Web users.
Description
Use the free web-users command to
disconnect a specified Web user or all Web users by force.
Example
# Disconnect all Web users by force.
<H3C> free web-users all
Syntax
ip http acl
acl-number
undo ip http
acl
View
System view
Parameter
acl-number: ACL
number ranging from 2,000 to 2,999.
Description
Use the ip http acl command to apply
an ACL to filter Web users.
Use the undo ip http acl
command to disable the switch from filtering Web users using the ACL.
Example
# Apply ACL 2000 to filter Web users
(assuming that ACL 2,000 already exists.)
<H3C> system-view
[H3C] ip http acl 2000
Syntax
snmp-agent community { read | write } community-name [ mib-view
view-name | acl acl-number ]*
undo snmp-agent community community-name
View
System view
Parameter
read: Specifies
that the community has read-only permission in the specified view.
writeSpecifies
that the community has read/write permission in the specified view.
community-name: Community name.
mib-view:
Sets the name of the MIB view accessible to the community.
view-name: MIB
view name.
acl acl-number: Specifies the ACL number. The acl-number argument ranges
from 2,000 to 2,999.
Description
Use the snmp-agent community command
to set a community name and to enable users to access the switch through SNMP.
You can also optionally use this command to apply an ACL to filter network
management users.
Use the undo snmp-agent community
command to cancel community-related configuration for the specified community.
By default, SNMPV1 and SNMPV2C access a
switch by community names.
Example
# Set the community name to “H3C”,
enable users to access the switch in the name of the community (with read-only
permission), and apply ACL 2,000 to filter network management users (assuming
that ACL 2000 already exists.)
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] snmp-agent community read H3C acl
2000
Syntax
snmp-agent group { v1 | v2c } group-name [ read-view read-view
] [ write-view write-view ] [ notify-view notify-view
] [ acl acl-number ]
undo snmp-agent
group { v1 | v2c } group-name
snmp-agent group v3 group-name [ authentication |
privacy ] [ read-view read-view ] [ write-view write-view
] [ notify-view notify-view ] [ acl acl-number ]
undo snmp-agent
group v3 group-name [ authentication | privacy ]
View
System view
Parameter
v1: Specifies
to adopt V1 security scheme.
v2c: Specifies
to adopt V2 security scheme.
v3: Specifies
to adopt V3 security scheme.
group-name: Group
name. This argument can be of 1 to 32 characters.
authentication: Specifies to authenticate SNMP data without encrypting the data.
privacy: Authenticates
and encrypts packets.
read-view: Sets
a read-only view.
read-view: Name
of the view to be set to read-only. This argument can be of 1 to 32 characters.
write-view: Sets
a readable & writable view.
write-view: Name
of the view to be set to readable & writable. This argument can be of 1 to
32 characters.
notify-view:
Sets a notifying view.
notify-view:
Name of the view to be set to a notifying view. This argument can be of 1 to 32
characters.
acl acl-number: Specifies an ACL. The acl-number argument ranges from 2,000
to 2,999.
Description
Use the snmp-agent group command to
configure a SNMP group. You can also optionally use this command to apply an
ACL to filter network management users.
Use the undo snmp-agent group
command to remove a specified SNMP group.
Example
# Create a SNMP group named “H3C”
and apply ACL 2001 to filter network management users (assuming that ACL 2001
already exists).
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] snmp-agent group v1 H3C acl
2001
Syntax
snmp-agent usm-user { v1 | v2c } user-name group-name [ acl
acl-number ]
undo snmp-agent usm-user { v1 | v2c } user-name group-name
snmp-agent usm-user v3 user-name group-name [ authentication-mode
{ md5 | sha } auth-password ] [ privacy des56 priv-password
] [ acl acl-number ]
undo snmp-agent usm-user v3 user-name group-name { local | engineid
engineid-string }
View
System view
Parameter
v1: Specifies
to adopt V1 security scheme.
v2c: Specifies
to adopt V2 security scheme.
v3: Specifies
to adopt V3 security scheme.
user-name: User
name. This argument can be of 1 to 32 characters.
group-name: Group
name the user corresponds to. This argument can be of 1 to 32 characters.
authentication-mode: Specifies to authenticate users.
md5: Specifies
the authentication protocol to be HMAC-MD5-96.
sha: Specifies
the authentication protocol to be HMAC-SHA-96.
auth-password: Authentication password. This argument can be of 1 to 64 characters.
privacy: Specifies
to encrypt data.
des56: Specifies
the encrypting protocol to be DES.
priv-password: Encrypting password. This argument can be of 1 to 64 characters.
acl acl-number: Specifies the ACL number. The acl-number argument ranges
from 2,000 to 2,999.
local:
Specifies the user to be a local user entity.
engineid:
Specifies the ID of the engine associated with the user.
engineid-string: Engine ID, in the range of 10 to 64 characters. It must consist of
hexadecimal values.
Description
Use the snmp-agent usm-user command
to add a user to a specified SNMP group. You can also optionally use this
command to apply an ACL to filter network management users.
Use the undo snmp-agent usm-user
command to remove a user from the corresponding SNMP group. The operation also
frees the user from the corresponding ACL-related configuration.
Example
# Add the user named “H3C” to
the SNMP group named “H3Cgroup”, specifying to authenticate the
user, specifying the authentication protocol to be HMAC-MD5-96, the authentication
password to be “H3C”, and applying ACL 2002 to filter network
management users (assu
