Chapter 1 Login Commands
Syntax
authentication-mode { password | scheme [ command-authorization
] | none }
View
User interface view
Parameter
password: Authenticates users with the local password.
scheme:
Authenticates users locally or remotely with usernames and passwords.
command-authorization: Performs command authorization on TACACS authentication server.
none: Does
not authenticate users.
Description
Use the authentication-mode command
to specify the authentication mode.
l
If you specify the password keyword to
authenticate users with the local password, remember to set the local password
using the set authentication password { cipher | simple } password command.
l
If you specify the scheme keyword to
authenticate users locally or remotely with usernames and passwords, the actual
authentication mode, that is, local or remote, depends on related
configuration.
If this command is executed with the command-authorization
keyword, authorization is performed on the TACACS server whenever you attempt
to execute a command, and the command can be executed only when you pass the
authorization. The available commands are defined on a TACACS server for
different users. When you specify to perform local password authentication on
the Console port, users logging in through the Console port can log into the
switch without password; whereas on other user interfaces, a password needs to
be configured for users (such as VTY users) to log into the switch.
By default, users logging in through the Console
port are not authenticated, whereas modem users and Telnet users are
authenticated with password.
Example
# Configure to authenticate users with
local password on the AUX interface.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] user-interface aux 0
[H3C-ui-aux0] authentication-mode
password
Syntax
auto-execute command text
undo auto-execute command
View
User interface view
Parameter
text:
Command to be executed automatically.
Description
Use the auto-execute command command
to set the command that is executed automatically after a user logs in.
Use the undo auto-execute command
command to disable the specified command from being automatically executed.
Normally, the telnet command is
specified to be executed automatically to enable the user to Telnet to a
specified network device automatically.
By default, no command is automatically
executed.
Caution:
l
The auto-execute command command may
cause you unable to perform common configuration in the user interface, so use
it with caution.
l
Before executing the auto-execute command
command and saving your configuration, make sure you can log into the switch in
other ways to cancel the configuration.
Example
# Configure the telnet 10.110.100.1
command to be executed automatically after users log into VTY 0.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] user-interface vty 0
[H3C-ui-vty0] auto-execute command
telnet 10.110.100.1
% This action will lead to configuration
failure through ui-vty0. Are you sure?[Y/N]y
Syntax
databits {
7 | 8 }
undo databits
View
User interface view
Parameter
7: Sets the data bits to 7.
8: Sets the data bits to 8.
Description
Use the databits command to set the
databits for the user interface.
Use the undo databits command to
revert to the default data bits.
Execute these two commands in AUX user
interface view only.
The default data bits is 8.
Example
# Set the data bits to 7.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] user-interface aux 0
[H3C-ui-aux0] databits 7
Syntax
display user-interface [ type number | number ] [ summary ]
View
Any view
Parameter
type: User
interface type.
number: User
interface index.
summary:
Displays the summary information about a user interface.
Description
Use the display user-interface
command to display the information about a specified user interface or all user
interfaces. If the summary keyword is not specified, this command
displays user interface type, absolute/relative user interface index,
transmission speed, available command level, authentication mode, and physical
position. If the summary keyword is specified, this command displays the
number and type of the user interfaces, including those that are in use and
those that are not in use.
Example
# Display the information about user
interface 0.
<H3C> display user-interface 0
Idx
Type Tx/Rx Modem Privi Auth Int
F 0 AUX 0 9600 -
3 N -
+ : Current user-interface is
active.
F : Current user-interface is
active and work in async mode.
Idx : Absolute index of
user-interface.
Type : Type and relative index of
user-interface.
Privi: The privilege of
user-interface.
Auth : The authentication mode of
user-interface.
Int : The physical location of
UIs.
A : Authenticate use AAA.
N : Current UI need not
authentication.
P : Authenticate use current UI's
password.
Table 1-1 Descriptions
on the fields of the display user-interface command
|
Filed
|
Description
|
|
+
|
The user interface is in use.
|
|
F
|
The user interface is in use and operates
in asynchronous mode.
|
|
Idx
|
The absolute index of the user interface
|
|
Type
|
User interface type and the relative
index
|
|
Tx/Rx
|
Transmission speed of the user interface
|
|
Modem
|
Indicates whether or not a modem is used.
|
|
Privi
|
Available command level
|
|
Auth
|
Authentication mode
|
|
Int
|
Physical position of the user interface
|
|
A
|
The current user is authenticated by AAA.
|
|
N
|
The current user needs not to be
authenticated.
|
|
P
|
The current user needs to provide the
password to pass the authentication.
|
# Display the summary information about the
user interface.
<H3C>display user-interface
summary
User interface type : [AUX]
0:UXXX XXXX
User interface type : [VTY]
8:UUUU X
5 character mode users. (U)
8 UI never used. (X)
5 total UI in use
Syntax
display users [ all ]
View
Any view
Parameter
all:
Displays the usage information about all user interfaces.
Description
Use the display users command to
display the usage information about user interfaces. If you do not specify the all
keyword, only the information about the current user interface is displayed.
Example
# Display the usage information about the
current user interface.
<H3C> display users
UI Delay Type
Ipaddress Username Userlevel
F 0 AUX 0
00:00:00 3
1 VTY 0 00:06:08 TEL
192.168.0.3
+ : Current operation user.
F : Current operation user work in
async mode.F 0 AUX 0 00:00:00
Table 1-2 Descriptions
on the fields of the display users command
|
Field
|
Description
|
|
F
|
The information is about the current user
interface, and the current user interface operates in asynchronous mode.
|
|
UI
|
The numbers in the left sub-column are
the absolute user interface indexes, and those in the right sub-column are
the relative user interface indexes.
|
|
Delay
|
The period (in seconds) the user
interface idles for.
|
|
Type
|
User type
|
|
IPaddress
|
The IP address from which the user logs
in.
|
|
Username
|
The login name of the user that logs into
the user interface.
|
|
Userlevel
|
The level of the commands available to
the users logging into the user interface
|
|
+
|
The user interface is in use.
|
1.1.6 flow-control
Syntax
flow-control
{ hardware | none | software }
undo flow-control
View
User interface view
Parameter
hardware: Performs
hardware flow control.
none:
Performs no flow control.
software:
Performs software flow control.
Description
Use the flow-control command to
configure the flow control mode of the user interface.
Use the undo flow-control command to
restore the default flow control mode of the user interface.
By default, flow control is not performed.
This command can be executed in AUX user
interface view only.
Example
# Set flow control mode to software flow
control.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] user-interface aux 0
[H3C-ui-aux0] flow-control software
Syntax
free user-interface [ type ] number
View
User view
Parameter
type: User
interface type.
number:
Index of the user interface. This argument can be an absolute user interface
index (if you do not provide the type argument) or a relative user
interface index (if you provide the type argument).
Description
Use the free user-interface command
to release the specified user interface. If you execute this command, the
corresponding user interface will be disconnected.
Note that you cannot release the current
user interface through this command.
Example
# Release user interface VTY 0.
<H3C> free user-interface vty 0
Are you sure you want to free
user-interface vty0 [Y/N]? y
[OK]
After you execute this command, user
interface VTY 0 will be disconnected. The user in it must log in again to
connect to the switch.
Syntax
header [
incoming | login | shell ] text
undo header {
incoming | login | shell }
View
System view
Parameter
incoming:
Sets the incoming banner for users that log in through modems. If
authentication is required, the banner appears after a Modem user passes the authentication.
(The session banner does not appear in this case.)
login: Sets
the login banner. The banner set by this keyword is valid only when
authentication is required for users’ login, and appears while the switch
prompts for inputting username and password.
shell: Sets
the session banner, which appears after a session is established. If
authentication is required, the banner appears after a user passes the
authentication.
text: Banner
to be displayed. If no keyword (incoming, login, or shell)
is specified, this argument is the login banner by default. You can provide
this argument in two ways.
l
Enter the banner in the same line as the command
(A command line can accept up to 254 characters, including the keywords and
spaces).
l
Enter the banner in multiple lines (you can
start a new line by pressing <Enter>,) where you can enter a banner that
can contain up to 2000 characters (including the invisible characters).
Note that the first character is treated as
the beginning character and the end character of the banner. After entering the
end character, you can press <Enter> to exit the interaction.
Description
Use the header command to set the
banners that are displayed when a user logs into a switch. The login banner is
displayed on the terminal when the connection is established. And the session
banner is displayed on the terminal if a user successfully logs in.
Use the undo header command to
disable displaying a specific banner or all banners.
Note that if you specify any one of the
three keywords without providing the text argument, the specified
keyword will be regarded as the content of the login banner.
You can specify the banner in the following
three ways, each of which requires that the first character and the last character
of the banner be the same.
l
Enter the banner in multiple lines. If you only
type one character in the first line of a banner, the character and the last
character do not act as part of the banner. The following gives an example of
this way.
[H3C] header shell 0
Input banner text, and quit with the
character '0'.
Welcome!0
When you log in the next time,
“Welcome!” is displayed as the banner. The beginning character and
the end character (character 0) do not appear.
l
Enter the banner in multiple lines. If you type
multiple characters in the first line of a banner and the beginning and the end
characters of the banner in this line are not the same, the beginning character
is part of the banner. The following is an example.
[H3C] header shell hello
Input banner text, and quit with the
character 'h'.
my friend !
h
When you log in the next time,
“hello” and “my friend !“ is displayed respectively in
two lines as the banner. The beginning character “h” appears in the
banner.
l
Enter the banner in a single line. You can also
specify the banner in a single line. In this case, the banner does contain the
beginning and the end character. The following is an example.
[H3C] header shell 0welcome,my
friend!0
When you log in the next time,
“welcome, my friend!” is displayed as the banner.
Example
# Set the session banner.
Option 1: Enter the banner in the same line
as the command.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] header shell %SHELL: Hello!
Welcome%
(Make sure the beginning and end characters
of the banner are the same.)
When you log in the next time, the session
banner appears on the terminal as the following:
[H3C] quit
<H3C> quit
Please press ENTER
SHELL: Hello! Welcome
(The beginning and end characters of the
banner are not displayed.)
<H3C>
Option 2: Enter the banner in multiple
lines.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] header shell %SHELL:
(Following appears after you press
<Enter>:)
Input banner text, and quit with the
character '%'.
Continue entering the banner and end the
banner with the character identical with the beginning character of the banner.
Hello! Welcome %
(Press <Enter>.)
[H3C]
When you log in the next time, the session
banner appears on the terminal as the following:
[H3C] quit
<H3C> quit
Please press ENTER
%SHELL:
(Note that the beginning character of the
banner appears.)
Hello! Welcome
<H3C>
Syntax
history-command max-size value
undo history-command max-size
View
User interface view
Parameter
value: Size
of the history command buffer. This argument ranges from 0 to 256 and defaults
to 10. That is, the history command buffer can store 10 commands by default.
Description
Use the history-command max-size
command to set the size of the history command buffer.
Use the undo history-command max-size
command to revert to the default history command buffer size.
Example
# Set the size of the history command
buffer of AUX 0 to 20, that is, the history command buffer of AUX 0 can store
up to 20 commands.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] user-interface aux 0
[H3C-ui-aux0] history-command max-size
20
Syntax
idle-timeout minutes [ seconds ]
undo idle-timeout
View
User interface view
Parameter
minutes:
Number of minutes. This argument ranges from 0 to 35,791.
seconds:
Number of seconds. This argument ranges from 0 to 59.
Description
Use the idle-timeout command to set
the timeout time. The connection to a user interface is terminated if no
operation is performed in the user interface within the timeout time.
Use the undo idle-timeout command to
revert to the default timeout time.
You can use the idle-timeout 0
command to disable the timeout function.
The default timeout time is 10 minutes.
Example
# Set the timeout time of AUX 0 to 1
minute.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] user-interface aux 0
[H3C-ui-aux0] idle-timeout 1 0
1.1.11 lock
Syntax
lock
View
User view
Parameter
None
Description
Use the lock command to lock the current
user interface to prevent unauthorized operations in the user interface.
With the execution of this command, the
system prompts to enter and confirm the password, and then locks the user
interface. The password the system can identify is in the range of 1 to 16
characters.
Enter the correct password to cancel the
lock. If the password you set is more than 16 characters, the system will
cancel the lock as long as the first 16 characters are matched.
Example
# Lock the current user interface.
<H3C> lock
Password:
Again:
locked !
Syntax
modem [ call-in
| both ]
undo modem [
call-in | both ]
View
User interface view
Parameter
call-in:
Permits call in.
both:
Permits both call in and call out.
Description
Use the modem
command to configure the call in and call out attribute of the Modem.
Use the undo modem command to
disable the call in and call out configuration.
Both call in and call out are allowed when
the modem command is executed without any keyword.
Both call in and call out are disabled when
the undo modem command is executed without any keyword.
The command can be executed in
AUX user interface view only.
Example
# Permit Modem call in and call out.
<H3C> system-view
System View: return to User View
with Ctrl+Z.
[H3C] user-interface aux 0
[H3C-ui-aux0] modem both
Syntax
modem auto-answer
undo modem auto-answer
View
User interface view
Parameter
None
Description
Use the modem auto-answer command to set the
answer mode to auto answer.
Use the undo modem auto-answer command to
set the answer mode to manual answer.
By default, manual answer mode is adopted.
The command can be
executed in AUX user interface view only.
Example
# Set the answer mode of Modem to auto answer.
<H3C> system-view
System View: return to User View
with Ctrl+Z.
[H3C] user-interface aux 0
[H3C>-ui-aux0] modem auto-answer
Syntax
modem timer answer seconds
undo modem timer answer
View
User interface view
Parameter
seconds: Waiting timeout time, in seconds,
ranging from 1 to 60.The default timeout time is 30 seconds.
Description
Use the modem timer answer to configure the
carrier detection timeout time after off-hook during call-in connection setup.
Use the undo modem timer answer command to restore
the default timeout time.
The command can be
executed in AUX user interface view only.
Example
# Set the timeout time to 45 seconds.
<H3C> system-view
System View: return to User View
with Ctrl+Z.
[H3C] user-interface aux 0
[H3C-ui-aux0] modem timer answer 45
Syntax
parity { even | mark | none | odd | space }
undo parity
View
User interface view
Parameter
even: Performs even checks.
mark: Performs mark checks.
none: Does not check.
odd: Performs odd checks.
space: Performs space checks.
Description
Use the parity command to set the check mode of
the user interface.
Use the undo parity command to revert to the
default check mode.
Use these two
commands in AUX user interface view only.
No check is performed by default.
Example
# Set to perform even checks.
<H3C> system-view
System View: return to User View
with Ctrl+Z.
[H3C] user-interface aux 0
[H3C-ui-aux0] parity even
Syntax
protocol inbound { all | ssh | telnet }
View
User interface view
Parameter
all: Supports both Telnet protocol and
SSH protocol.
ssh: Supports SSH protocol.
telnet: Supports Telnet protocol.
Description
Use the protocol inbound command to specify the
protocols supported by the user interface.
Both Telnet protocol and SSH protocol are supported by
default.
Related command: user-interface vty.
Example
# Configure that only SSH protocol is supported in VTY 0.
<H3C> system-view
System View: return to User View
with Ctrl+Z.
[H3C] user-interface vty 0
[H3C-ui-vty0] protocol inbound
ssh
Syntax
screen-length screen-length
undo screen-length
View
User interface view
Parameter
screen-length: Number of lines the screen can
contain. This argument ranges from 0 to 512 and defaults to 24.
Description
Use the screen-length command to set the number of
lines the terminal screen can contain.
Use the undo screen-length command to revert to
the default number of lines.
By default, the terminal screen can contain up to 24
lines.
You can use the screen-length 0 command to disable
the function of displaying information in pages.
Example
# Set the number of lines the terminal screen can contain
to 20.
<H3C> system-view
System View: return to User View
with Ctrl+Z.
[H3C] user-interface aux0
[H3C-ui-aux0] screen-length 20
Syntax
send { all | number | type number }
View
User view
Parameter
all: Sends messages to all user
interfaces.
type: User interface type.
number: Absolute or relative index of the
user interface.
Description
Use the send command to send messages to a
specified user interface or all user interfaces.
Example
# Send “hello” to all user interfaces.
<H3C> send all
Enter message, end with CTRL+Z or
Enter; abort with CTRL+C:
hello^Z
Send message? [Y/N]y
Syntax
service-type { ftp [ ftp-directory directory ] | lan-access | { ssh | telnet | terminal }* [ level level ] }
undo service-type { ftp [ ftp-directory ] | lan-access | { ssh | telnet | terminal }* }
View
Local user view
Parameter
ftp: Specifies the users to be FTP users.
ftp-directory directory: Specifies
the path for FTP users. The directory argument is a string up to 64
characters.
lan-access: Specifies the users to be of
LAN-access type, which normally means Ethernet users, such as 802.1x users.
ssh: Specifies the users to be SSH users.
telnet: Specifies the users to be Telnet
users.
terminal: Makes Terminal services available to
authorized users (logging in through the Console port).
level level: Specifies
the user level for Telnet users, Terminal users, or SSH users. The level
argument is an integer, ranges from 0 to 3 and defaults to 0.
Description
Use the service-type command to specify the login
type and the corresponding available command level.
Use the undo service-type command to cancel login
type configuration.
Commands fall into four levels: access, monitor, system,
and administration, which are described as follows:
l
Access level:
Commands of this level are used to diagnose network and change the language
mode of user interface, such as the ping, tracert, and language-mode
command. The Telnet command is also of this level. Commands of this
level cannot be saved in configuration files.
l
Monitor
level: Commands of this level are used to maintain the system, to debug service
problems, and so on. The display and debugging commands are of
monitor level. Commands of this level cannot be saved in configuration files.
l
System level:
Commands of this level are used to configure services. Commands concerning
routing and network layers are of system level. You can utilize network
services by using these commands.
l
Administration
level: Commands of this level are for the operation of the entire system and
the system supporting modules. Services are supported by these commands.
Commands concerning file system, file transfer protocol (FTP), trivial file
transfer protocol (TFTP), downloading using XModem, user management, and level
setting are of administration level.
Example
# Configure commands of level 0 are available to the user
logging in with the username being “zbr”.
<H3C>
system-view
System View: return to User View with Ctrl+Z.
[H3C] local-user zbr
[H3C-luser-zbr] service-type telnet level 0
# To verify the above configuration, you can quit the
system, log in again using the username “zbr”, and you can see only
commands of level 0 are listed on the terminal.
[H3C] quit
<H3C> ?
User view commands:
cluster Run cluster
command
debugging Enable
system debugging functions
language-mode Specify the
language environment
ping Send echo
messages
quit Exit from
current command view
super Privilege
the current user a specified priority level
telnet Establish
one TELNET connection
tracert Trace route
function
undo Cancel
current setting
Syntax
set authentication password { cipher | simple } password
undo set authentication password
View
User interface view
Parameter
cipher: Specifies to display the local
password in encrypted text when you display the current configuration.
simple: Specifies to display the local
password in plain text when you display the current configuration.
password: Password. The password must be in
plain text if you specify the simple keyword in the set
authentication password command. If you specify the cipher keyword,
the password can be in either encrypted text or plain text. When you enter the
password in plain text containing up to 16 characters (such as 123), the system
converts the password to the corresponding 24-character encrypted password
(such as 7-CZB#/YX]KQ=^Q`MAF4<1!!). Make sure you are aware of the
corresponding plain password if you enter the password in ciphered text (such
as 7-CZB#/YX]KQ=^Q `MAF4<1!!).
Description
Use the set authentication password command to set
the local password.
Use the undo set authentication password command
to remove the local password.
Note that only plain text passwords are expected when
users are authenticated.
Example
# Set the local password of VTY 0 to “123”.
<H3C> system-view
System View: return to User View
with Ctrl+Z.
[H3C] user-interface vty 0
[H3C-ui-vty0] set authentication
password simple 123
Syntax
shell
undo shell
View
User interface view
Parameter
None
Description
Use the shell command to make terminal services
available for the user interface(s).
Use the undo shell command to make terminal
services unavailable to the user interface(s).
By default, terminal services are available in all user
interfaces.
Note the following when using the undo shell command:
l
This command
is available in all user interfaces except the AUX (Console) user interface.
l
This command
is unavailable in the current user interface.
l
This command
prompts for confirmation when being executed in any valid user interface.
Example
# Log into user interface 0 and make terminal services
unavailable in VTY 0 through VTY 4.
<H3C> system-view
System View: return to User View
with Ctrl+Z.
[H3C] user-interface vty 0 4
[H3C-ui-vty0-4] undo shell
Syntax
speed speed-value
undo speed
View
User interface view
Parameter
speed-value: Transmission speed (in bps). This
argument can be 300, 600, 1200, 2400, 4800, 9600, 19,200, 38,400, 57,600, and
115,200 and defaults to 9,600.
Description
Use the speed command to set the transmission
speed of the user interface.
Use the undo speed command to revert to the
default transmission speed.
Use these two
commands in the AUX user interface view only.
Example
# Set the transmission speed of the AUX user interface to
115,200 bps.
<H3C> system-view
System View: return to User View
with Ctrl+Z.
[H3C] user-interface aux 0
[H3C-ui-aux0] speed 115200
Syntax
stopbits { 1 | 1.5 | 2 }
undo stopbits
View
User interface view
Parameter
1: Sets the stop bits to 1.
1.5: Sets the stop bits to 1.5.
2: Sets the stop bits to 2.
Description
Use the stopbits command to set the stop bits of
the user interface.
Use the undo stopbits command to revert to the
default stop bits.
Use these two
commands in the AUX user interface only.
By default, the stop bits is 1.
