When configuring user interface, go
to these sections for information you are interested in:
l
User Interface Overview
l
Configuring User Interface
l
Configuring Asynchronous
Serial Interface Attributes
l
Configuring Terminal Attributes
l
Configuring Modem Attributes
l
Configuring the auto-execute
Command
l
Configuring User Privilege
Level
l
Configuring Access Restriction
on VTY User Interface(s)
l
Configuring Supported Protocols
on VTY User Interface(s)
l
Configuring Authentication
Mode at Login
l
Sending Messages to the
Specified User Interface(s)
l
Releasing the Connection
Established on the User Interface(s)
l
Displaying and Maintaining
User Interface(s)
1.1 User Interface Overview
User interface view is a feature that
allows you to manage asynchronous serial interfaces that work in flow mode. By
operating under user interface view, you can centralize the management of
various configurations.
At present, the system supports the
following three configuration modes:
l
Local configuration via the Console port
l
Local/Remote configuration via the AUX port
(Auxiliary port)
l
Local/Remote configuration through Telnet or SSH
The three modes correspond to four types of
user interfaces. They are:
l
Console port: A view which you log in from the
console port. Console port is a line device port. The device has only one console port, with the port type as
EIA/TIA-232 DCE.
l
AUX port: A view which you log in from the AUX
port. AUX port is also a line device port. The device has only one AUX port of EIA/TIA-232 DTE type. This port
is usually used for dialup access via modem.
l
VTY (Virtual Type Terminal): A view which you
log in through VTY. VTY port is a logical terminal line used when you access
the device by means of Telnet or SSH. Currently, each device supports up to
five VTY users to access simultaneously.
User interfaces can be numbered in two
ways: absolute numbering and relative numbering.
I. Absolute numbering
Absolute numbering allows you to uniquely
specify a user interface or a group of user interfaces. The numbering system
starts from number 0 (representing the Console port), and followed by 1
(representing the AUX port), then 2 to represent VTY 0, and so on.
The numbering
approach numbers the three types of user interfaces in the sequence of: console
port, AUX port and VTY. The console port and the AUX port each occupy a number,
and the VTY user interfaces are numbered from 2 to 6.
You can use the display
user-interface command to view the number of the user interfaces.
II. Relative numbering
Relative numbering numbers a user interface
in the form of “user interface type + number”. In this way, it can
specify a user interface or a group of user interfaces of a specific type. This
form of number is valid only when used under that type of user interface. It
makes no sense when used under other types of user interfaces. The rules of
relative numbering are as follows:
l
CON is numbered CON 0.
l
AUX is numbered AUX 0.
l
VTYs are numbered from 0 in ascending order,
with a step of 1.
1.2 Configuring User Interface
Complete these tasks to configure user
interface:
1.3 Configuring Asynchronous Serial Interface
Attributes
Follow these steps to configure
asynchronous attributes of a serial interface:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
––
|
|
Enter user interface view
|
user-interface { first-num1 [ last-num1 ] | { aux | console
| vty } first-num2 [ last-num2 ] }
|
––
|
|
Configure transmission speed
|
speed speed-value
|
Optional
9600 bps by default
|
|
Configure flow control mode
|
flow-control { none | software | hardware }
|
Optional
none by default
|
|
Set parity bits
|
parity { none
| even | odd | mark | space }
|
Optional
none by
default
|
|
Set stop bits
|
stopbits {
1.5 | 1 | 2 }
|
Optional
1 by default
Currently, stop bits 1.5 cannot be
configured.
|
|
Set data bits
|
databits {
5 | 6 | 7 | 8 }
|
Optional
8 by default
Currently, data bits 5 and 6 cannot be
configured.
|
The above
configuration takes effect only when the asynchronous serial interface is
working in asynchronous flow mode.
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
––
|
|
Enter user interface view
|
user-interface { first-num1 [ last-num1 ] | { aux |
console | vty } first-num2 [ last-num2 ] }
|
––
|
|
Start the terminal service
|
shell
|
Optional
The terminal service is enabled on all
user interfaces by default.
|
|
Set the idle-timeout disconnection
function for terminal users
|
idle-timeout minutes [ seconds ]
|
Optional
10 minutes by default.
|
|
Set the screen-length of the terminal
screen
|
screen-length screen-length
|
Optional
The screen displays 24 lines of data by
default.
|
|
Set the display type of a terminal
|
terminal type { ansi | vt100 }
|
Optional
ANSI by default.
|
|
Set the number of the history commands
that can be stored in the history buffer
|
history-command max-size size-value
|
Optional
The history buffer can store 10 commands
by default.
|
|
Return to user view
|
return
|
––
|
|
Lock user interface, preventing
unauthorized users from using this interface
|
lock
|
Optional
Disabled by default.
|
The system supports
two types of terminal display: ANSI and VT100. If the terminal display of the
device and the client (for example, hyper terminal or Telnet terminal) is
inconsistent or is set to ANSI, and if the total number of the characters of
the currently using command line exceeds 80, anomalies such as cursor corruption
or abnormal display of the terminal display may occur on the client. Therefore,
you are recommended to set the display type of both the device and the client
to VT100.
In the event
of dial-in through a modem into an asynchronous interface, you can manage and
configure the modem-concerned parameters in user interface view.
Follow these
steps to configure the modem attributes:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
––
|
|
Enter user interface view
|
user-interface { first-num1 [ last-num1 ] | { aux | vty
} first-num2 [ last-num2 ] }
|
––
|
|
Set the interval for a user from hookoff
to dial-up when dial-in connection is established
|
modem timer answer time
|
Optional
30 seconds by default
|
|
Enable auto answer for the modem
|
modem auto-answer
|
Optional
Manual answer by default
|
|
Enable the modem to dial in, dial out or
both
|
modem {
both | call-in | call-out }
|
Optional
Disabled by default
|
The above
configuration takes effect only for the AUX and VTY ports working in flow mode.
1.6 Configuring the auto-execute Command
With the auto-execute command command
enabled, the system automatically executes the configured command when you log
in. After the command is completed or after the tasks triggered by the command
are completed, the connection breaks automatically.
This command is normally used to configure
the Telnet command to enable you to connect to the specified host
automatically.
Follow these steps to configure
auto-execute command:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter
system view
|
system-view
|
––
|
|
Enter user
interface view
|
user-interface { first-num1 [ last-num1 ] | { aux | vty
} first-num2 [ last-num2 ] }
|
––
|
|
Configure
the command to be automatically executed
|
auto-execute
command command
|
Required
No command
is set to be automatically executed by default.
|
The auto-execute command
command is supported on all types of user interfaces except the Console port
and the AUX port functioning as the console port.
Caution:
The auto-execute
command command may disable you from configuring the system through the
terminal line to which the command is applied. Therefore, before configuring
the command and saving the configuration (using the save command), make sure
that you can access the system by other means to remove the configuration in
case a problem occurs.
1.7 Configuring User Privilege Level
You can restrict a user to use only a
subset of all the system commands through settings on two aspects: user
interface level and user level.
l
If username and password are needed in the
configured authentication mode, the user privilege level is defined by the user
level. For SSH users, when they use RSA public key authentication, their
privilege level is defined by the level configured on the user interface.
l
If no authentication is adopted or the password
authentication is adopted, the user privilege level is defined by the user
interface level used when login.
l
If the setting of user interface level is
inconsistent with that of the user level, the user level applies. For example,
if user1 can use level 3 commands, and the user interface VTY0 can use level 2
commands, then user1 can use commands of level 3 or a lower level when logging
onto the system through VTY0.
Setting of the user level: Use the local-user
command in system view to create a user and enter local user view, in which use
the level command to specify the user level. For the detailed
description of the local-user and level commands, refer to AAA
RADIUS HWTACACS Configuration Commands in Security Volume.
Follow these steps to configure the user
privilege level under a user interface:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
––
|
|
Enter user interface view
|
user-interface { first-num1 [ last-num1 ] | { aux |
console | vty } first-num2 [ last-num2 ] }
|
––
|
|
Configure user’s privilege level
under the current user interface
|
user privilege level level
|
Optional
By default, users logging in from Console
port have a privilege level of 3; users logging in from other user interfaces
have a privilege level of 0.
|
1.8 Configuring Access Restriction on VTY User
Interface(s)
You can configure access restriction on the
VTY user interface through referencing an ACL. For details regarding ACL, refer
to ACL Configuration in QoS ACL Volume.
Follow these steps to configure access restriction
on VTY user interfaces:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
––
|
|
Enter VTY user interface view
|
user-interface { first-num1 [ last-num1 ] | vty first-num2
[ last-num2 ] }
|
––
|
|
Configure the access restriction on the
VTY user interface
|
By referencing basic/advanced ACL
|
acl [ ipv6
] acl-number { inbound | outbound
}
|
Use either command
No restriction is set by default.
|
|
By referencing Layer 2 ACL
|
acl acl-number inbound
|
1.9 Configuring Supported Protocols on VTY User Interface(s)
Currently, only the VTY user interface
allows configuration on the supported protocols.
Follow these steps to configure supported
protocols on the active VTY user interface:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
––
|
|
Enter VTY user interface view
|
user-interface { first-num1 [ last-num1 ] | vty first-num2
[ last-num2 ] }
|
––
|
|
Configure the supported protocol(s) on
the active user interface
|
protocol inbound { all | ssh | telnet }
|
Optional
Both Telnet and SSH are supported by
default.
|
Caution:
l
If SSH is configured, you must set the
authentication mode to scheme using the authentication-mode scheme command
to guarantee a successful login. The protocol inbound ssh command fails
if the authentication mode is password or none. For the
corresponding configuration, refer to the authentication-mode command in
User Interface Commands in System Volume.
l
The protocol(s) configured through the protocol
inbound command takes effect next time you log in from that user interface.
1.10 Configuring Authentication Mode at
Login
With the configuration of user interface
authentication mode, you can decide whether to authenticate users when they log
on through the specified user interface, thus enhancing the security of the
device. The supported authentication modes on the device are none, password,
and scheme.
l
If you specify the authentication mode as none,
then no username and password are needed when users log on through the
specified user interface, which may be insecure.
l
If you specify the authentication mode as password,
then password authentication is needed when users log on through the specified
user interface. Input of empty or wrong password may result in login failure.
Before terminating the redirected Telnet connection, set the password of the specified
user interface.
l
If you specify the authentication mode as scheme,
then username and password authentication is needed when users log on through
the specified user interface. Input of empty or wrong password may result in
login failure. Before terminating the redirected Telnet connection, set the
username and password.
Follow these
steps to configure authentication mode at login as none:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
––
|
|
Enter user interface view
|
user-interface { first-num1 [ last-num1 ] | { aux |
console | vty } first-num2 [ last-num2 ] }
|
––
|
|
Set authentication mode at login to none
|
authentication-mode none
|
Required
By default, the authentication mode is password
for VTY and AUX user interfaces and is none for Console interface.
|
Follow these steps to configure
authentication mode at login as password:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
––
|
|
Enter user interface view
|
user-interface { first-num1 [ last-num1 ] | { aux |
console | vty } first-num2 [ last-num2 ] }
|
––
|
|
Set authentication mode at login to password
|
authentication-mode password
|
Required
By default, the authentication mode is password
for VTY and AUX user interfaces and is none for Console interface.
|
|
Set local authentication password
|
set authentication password { cipher | simple } password
|
Required
No local authentication password is set
by default.
|
Follow these steps to configure
authentication mode at login as scheme:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
––
|
|
Enter user interface view
|
user-interface { first-num1 [ last-num1 ] | { aux |
console | vty } first-num2 [ last-num2 ] }
|
––
|
|
Set authentication mode at login to scheme
|
authentication-mode scheme [ command-authorization ]
|
Required
By default, the authentication mode is
password for VTY and AUX user interfaces and is none for Console interface.
|
|
Set authentication username and enter
local user view
|
