Login
- Table of Contents
-
- H3C S3610[S5510] Series Ethernet Switches Command Manual-Release 5303(V1.01)
- 00-1Cover
- 01-Login Commands
- 02-VLAN Commands
- 03-IP Addressing and Performance Commands
- 04-QinQ-BPDU Tunneling Commands
- 05-Port Correlation Configuration Commands
- 06-Link Aggregation Commands
- 07-MAC Address Table Management Commands
- 08-IP Source Guard Commands
- 09-MSTP Commands
- 10-IPv6 Commands
- 11-Routing Overview Commands
- 12-IPv4 Routing Commands
- 13-BFD-GR Commands
- 14-IPv6 Routing Commands
- 15-Multicast Protocol Commands
- 16-802.1x-HABP-MAC Authentication Commands
- 17-AAA-RADIUS-HWTACACS Commands
- 18-ARP Commands
- 19-DHCP Commands
- 20-ACL Commands
- 21-QoS Commands
- 22-Port Mirroring Commands
- 23-Cluster Management Commands
- 24-UDP Helper Commands
- 25-SNMP-RMON Commands
- 26-NTP Commands
- 27-DNS Commands
- 28-File System Management Commands
- 29-Information Center Commands
- 30-System Maintaining and Debugging Commands
- 31-NQA Commands
- 32-VRRP Commands
- 33-SSH Commands
- 34-MCE Commands
- 35-OAM Commands
- 36-DLDP Commands
- 37-RRPP Commands
- 38-SSL-HTTPS Commands
- 39-PKI Commands
- 40-Appendix
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-Login Commands | 151.95 KB |
Table of Contents
Chapter 1 Commands for Logging into an Ethernet Switch
1.1 Commands for Logging into an Ethernet Switch
1.1.5 display telnet client configuration
1.1.12 history-command max-size
1.1.21 set authentication password
Chapter 2 Commands for Controlling Login Users
2.1 Commands for Controlling Login Users
Chapter 1 Commands for Logging into an Ethernet Switch
1.1 Commands for Logging into an Ethernet Switch
1.1.1 activation-key
Syntax
activation-key character
undo activation-key
View
User interface view
Parameter
character: Shortcut key for starting terminal sessions, a character or its ASCII decimal equivalent in the range 0 to 127; or a string of 1 to 3 characters.
Description
Use the activation-key command to define a shortcut key for starting a terminal session.
Use the undo activation-key command to restore the default shortcut key.
Use these two commands in the AUX user interface only.
You can use a single character (or its corresponding ASCII code value in the range 0 to 127) or a string of 1 to 3 characters to define a shortcut key. In the latter case, the system takes only the first character to define the shortcut key. For example, if you input an ASCII code value 97, the system will set the shortcut key to <a>; if you input the string b@c, the system will set the shortcut key to <b>.
You may use the display current-configuration command to verify the shortcut key you have defined.
By default, pressing Enter key will start a terminal session.
Example
# Set the shortcut key for starting terminal sessions to <s>.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface aux 0
[Sysname-ui-aux0] activation-key s
To verify the configuration, do the following:
# Exit the terminal session on the aux port, and enter <s> at the prompt of “Please press ENTER”. You will see the terminal session being started.
[Sysname-ui-aux0] return
<Sysname> quit
**************************************************************************
* Copyright(c) 2004-2007 Hangzhou H3C Tech. Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
**************************************************************************
User interface aux0 is available.
Please press ENTER.
<Sysname>
%Apr 28 04:33:11:611 2005 Sysname SHELL/5/LOGIN: Console login from aux0
1.1.2 authentication-mode
Syntax
authentication-mode { none | password | scheme [ command-authorization ] }
View
User interface view
Parameter
none: Does not authenticate users.
password: Authenticates users using the local password.
scheme: Authenticates users locally or remotely using usernames and passwords.
command-authorization: Performs command authorization on TACACS authentication server.
Description
Use the authentication-mode command to specify the authentication mode.
l If you specify the password keyword to authenticate users using the local password, remember to set the local password using the set authentication password { cipher | simple } password command.
l If you specify the scheme keyword to authenticate users locally or remotely using usernames and passwords, the actual authentication mode depends on other related configuration. Refer to the AAA-RADIUS-HWTACACS module of this manual for more.
l If this command is executed with the command-authorization keywords specified, authorization is performed on the TACACS server whenever you attempt to execute a command, and the command can be executed only when you pass the authorization. Normally, a TACACS server contains a list of the commands available to different users.
After you specify to perform local password authentication, when a user logs in through the Console port, a user can log into the switch even if the password is not configured on the switch. But for a VTY user interface, a password is needed for a user to log into the switch through it under the same condition.
By default, users logging in through the Console port are not authenticated, whereas modem users and Telnet users are authenticated.
Caution:
For VTY user interface, if you want to set the login authentication mode to none or password, you must first verify that the SSH protocol is not supported by the user interface. Otherwise, your configuration will fail. Refer to section 1.1.17 "protocol inbound”.
Example
# Configure to authenticate users using the local password.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface aux 0
[Sysname-ui-aux0] authentication-mode password
1.1.3 auto-execute command
Syntax
auto-execute command text
undo auto-execute command
View
User interface view
Parameter
text: Command to be executed automatically.
Description
Use the auto-execute command command to set the command that is executed automatically after a user logs in.
Use the undo auto-execute command command to disable the specified command from being automatically executed.
Use these two commands in the VTY user interface only.
Normally, the telnet command is specified to be executed automatically to enable the user to Telnet to a specific network device automatically.
By default, no command is automatically executed.
Caution:
l The auto-execute command command may cause you unable to perform common configuration in the user interface, so use it with caution.
l Before executing the auto-execute command command and save your configuration, make sure you can log into the switch in other modes and cancel the configuration.
Example
# Configure the telnet 10.110.100.1 command to be executed automatically after users log into VTY 0.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface vty 0
[Sysname-ui-vty0] auto-execute command telnet 10.110.100.1
% This action will lead to configuration failure through ui-vty0. Are you sure?[Y/N]y
1.1.4 databits
Syntax
databits { 5 | 6 | 7 | 8 }
undo databits
View
User interface view
Parameter
5: Five data bits.
6: Six data bits.
7: Seven data bits.
8: Eight data bits.
Description
Use the databits command to set the databits for the user interface.
Use the undo databits command to revert to the default data bits.
Execute these two commands in AUX user interface view only.
The default data bits is 8.
& Note:
S3610&S5510 Series Ethernet Switches only support data bits 7 and 8. To establish the connection again, you need to modify the configuration of the termination emulation utility running on your PC accordingly.
Example
# Set the data bits to 7.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface aux 0
[Sysname-ui-aux0] databits 7
1.1.5 display telnet client configuration
Syntax
display telnet client configuration
View
Any view
Parameter
None
Description
Use the display telnet client configuration command to display the source IP address or source interface configured for the current device.
Example
# Display the source IP address or source interface configured for the current device.
<Sysname> display telnet client configuration
The source IP address is 1.1.1.1.
1.1.6 display user-interface
Syntax
display user-interface [ type number | number ] [ summary ]
View
Any view
Parameter
type: User interface type.
number: Absolute or relative index of the user interface. This argument can be an absolute user interface index (if you do not provide the type argument) or a relative user interface index (if you provide the type argument).
summary: Displays the summary information about a user interface.
Description
Use the display user-interface command to view information about the specified or all user interfaces.
When the summary keyword is absent, the command will display the type of the user interface, the absolute or relative number, the speed, the user privilege level, the authentication mode and the physical location.
When the summary keyword is present, the command will display all the number and type of user interfaces under use and without use.
Example
# Display the information about user interface 0.
<Sysname> display user-interface 0
Idx Type Tx/Rx Modem Privi Auth Int
F 0 AUX 0 9600 - 3 N -
+ : Current user-interface is active.
F : Current user-interface is active and work in async mode.
Idx : Absolute index of user-interface.
Type : Type and relative index of user-interface.
Privi: The privilege of user-interface.
Auth : The authentication mode of user-interface.
Int : The physical location of UIs.
A : Authenticate use AAA.
L : Authentication use local database.
N : Current UI need not authentication.
P : Authenticate use current UI's password.
Table 1-1 Descriptions on the fields of the display user-interface command
|
Filed |
Description |
|
+ |
The information displayed is about the current user interface. |
|
F |
The information displayed is about the current user interface. And the current user interface operates in asynchronous mode. |
|
Idx |
The absolute index of the user interface |
|
Type |
User interface type and the relative index |
|
Tx/Rx |
Transmission speed of the user interface |
|
Modem |
Indicates whether or not a modem is used. |
|
Privi |
The available command level |
|
Auth |
The authentication mode |
|
Int |
The physical position of the user interface |
1.1.7 display users
Syntax
display users [ all ]
View
Any view
Parameter
all: Displays the information about all user interfaces.
Description
Use the display users command to display the information about user interfaces. If you do not specify the all keyword, only the information about the current user interface is displayed.
Example
# Display the information about the current user interface.
<Sysname> display users
The user application information of the user interface(s):
Idx UI Delay Type Userlevel
1 VTY 0 00:11:45 TEL 3
2 VTY 1 00:16:35 TEL 3
3 VTY 2 00:16:54 TEL 3
+ 4 VTY 3 00:00:00 TEL 3
Following are more details.
VTY 0 :
Location: 192.168.0.123
VTY 1 :
Location: 192.168.0.43
VTY 2 :
Location: 192.168.0.2
VTY 3 :
User name: user
Location: 192.168.0.33
+ : Current operation user.
F : Current operation user work in async mode.
Table 1-2 Descriptions on the fields of the display users command
|
Field |
Description |
|
+ |
The information displayed is about the current user interface. |
|
F |
The information is about the current user interface, and the current user interface operates in asynchronous mode. |
|
UI |
The numbers in the left sub-column are the absolute user interface indexes, and those in the right sub-column are the relative user interface indexes. |
|
Delay |
The period in seconds the user interface idles for. |
|
Type |
User type |
|
Userlevel |
The level of the commands available to the users logging into the user interface |
|
Location |
The IP address form which the user logs in. |
|
User name |
The login name of the user that logs into the user interface. |
1.1.8 display web users
Syntax
display web users
View
Any view
Parameter
None
Description
Use the display web users command to display information about web users.
Example
# Display information about the current web users.
<Sysname> display web users
UserID Name Language Level State LinkCount LoginTime LastTime
ab820000 admin Chinese Management Enable 0 08:41:50 08:45:59
Table 1-3 Description on the fields of the display web users command
|
Field |
Description |
|
UserID |
ID of a web user |
|
Name |
Name of the web user |
|
Language |
Login language used by the web user |
|
Level |
Level of the web user |
|
State |
State of the web user |
|
LinkCount |
Number of tasks that the web user runs |
|
LoginTime |
Time when the web user logged in |
|
LastTime |
Last time when the web user accessed the switch |
1.1.9 escape-key
Syntax
escape-key { default | character }
undo escape-key
View
User interface view
Parameter
default: Restores the default escape key combination <CTL+C>.
character: Specifies the shortcut key for aborting a task, a single character (or its corresponding ASCII code value in the range 0 to 127) or a string of 1 to 3 characters.
Description
Use the escape-key command to define a shortcut key for aborting tasks.
Use the undo escape-key command to restore the default shortcut key.
You can use a single character (or its corresponding ASCII code value in the range 0 to 127) or a string of 1 to 3 characters to define a shortcut key. But in fact, only the first character functions as the shortcut key. For example, if you enter an ASCII value 113, the system will use its corresponding character <q> as the shortcut key; if you input the string q@c, the system will use the first letter <q> as the shortcut key.
By default, you can use <Ctrl+C> to terminate a task. You can use the display current-configuration command to verify the shortcut key you have defined.
Example
# Define <Q> as the escape key.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface aux 0
[Sysname-ui-aux0] escape-key Q
To verify the configuration, do the following:
# Run the ping command to test the connection.
<Sysname> ping –c 20 125.241.23.46
PING 125.241.23.46: 56 data bytes, press Q to break
Request time out
--- 125.241.23.46 ping statistics ---
2 packet(s) transmitted
0 packet(s) received
100.00% packet loss
Enter <Q>, if the ping task is terminated and return to the current view, the configuration is correct.
<Sysname>
1.1.10 flow-control
Syntax
flow-control { hardware | none | software }
undo flow-control
View
User interface view
Parameter
hardware: Configures to perform hardware flow control.
none: Configures no flow control.
software: Configures to perform software flow control.
Description
Using flow-control command, you can configure the flow control mode on AUX port. Using undo flow-control command, you can restore the default flow control mode.
This command can only be performed in AUX user interface view.
By default, the value is none. That is, no flow control will be performed.
& Note:
S3610&S5510 Series Ethernet Switches only support none keyword.
Example
# Configure software flow control on AUX port.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface aux 0
[Sysname-ui-aux0] flow-control none
1.1.11 free user-interface
Syntax
free user-interface [ type ] number
View
User view
Parameter
type: User interface type.
number: Absolute user interface index or relative user interface index.
l Relative user interface index: If you provide the type argument, number indicates the user interface index of the type. When the type is AUX, the number is 0; when the type is VTY, the number ranges from 0 to 4.
l Absolute user interface index: If you do not provide the type argument, number indicates absolute user interface index, which ranges from 0 to 5.
Description
Use the free user-interface command to clear a specified user interface. If you execute this command, the corresponding user interface will be disconnected.
Note that the current user interface can not be cleared.
Example
# Log into user interface 0 and clear user interface 1.
<Sysname> free user-interface 1
Are you sure to free user-interface vty0
[Y/N]y
[OK]
After you execute this command, user interface 1 will be disconnected. The user in it must log in again to connect to the switch.
1.1.12 history-command max-size
Syntax
history-command max-size value
undo history-command max-size
View
User interface view
Parameter
value: Size of the history command buffer. This argument ranges from 0 to 256 and defaults to 10. That is, the history command buffer can store 10 commands by default.
Description
Use the history-command max-size command to set the size of the history command buffer.
Use the undo history-command max-size command to revert to the default history command buffer size.
Example
# Set the size of the history command buffer to 20 to enable it to store up to 20 commands.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface aux 0
[Sysname-ui-aux0] history-command max-size 20
1.1.13 idle-timeout
idle-timeout minutes [ seconds ]
undo idle-timeout
View
User interface view
Parameter
minutes: Number of minutes. This argument ranges from 0 to 35,791.
seconds: Number of seconds. This argument ranges from 0 to 59.
Description
Use the idle-timeout command to set the timeout time. The connection to a user interface is terminated if no operation is performed in the user interface within the specified period.
Use the undo idle-timeout command to revert to the default timeout time.
You can use the idle-timeout 0 command to disable the timeout function.
The default timeout time is 10 minutes.
Example
# Set the timeout time of AUX 0 to 1 minute.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface aux 0
[Sysname-ui-aux0] idle-timeout 1 0
1.1.14 ip http enable
Syntax
ip http enable
undo ip http enable
View
System view
Parameter
None
Description
Use the ip http enable command to launch the Web server.
Use the undo ip http enable command to shut down the Web server.
By default, the Web server is launched.
Example
# Shut down the Web server.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] undo ip http enable
# Launch the Web server.
[Sysname] ip http enable
1.1.15 lock
Syntax
lock
View
User view
Parameter
None
Description
Use the lock command to lock the current user interface to prevent unauthorized users from operating the user interface.
With the execution of this command, the system prompts to enter and confirm the password (up to 16 characters), and then locks the user interface.
To cancel the lock, press the Enter key and enter the correct password.
By default, the system will not lock the current user interface automatically.
Example
# Lock the current user interface.
<Sysname> lock
Please input password<1 to 16> to lock current user terminal interface:
Password:
Again:
locked !
# Cancel the lock.
Password:
<Sysname>
1.1.16 parity
Syntax
parity { even | mark | none | odd | space }
undo parity
View
User interface view
Parameter
even: Performs even checks.
mark: Performs mark checks.
none: Does not check.
odd: Performs odd checks.
space: Performs space checks.
Description
Use the parity command to set the check mode of the user interface.
Use the undo parity command to revert to the default check mode.
Use these two commands in AUX user interface view only.
No check is performed by default.
& Note:
S3610&S5510 series Ethernet switches support the even, none, and odd check modes only. To establish the connection again, you need to modify the configuration of the termination emulation utility running on your PC accordingly.
Example
# Set to perform mark checks.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface aux 0
[Sysname-ui-aux0] parity mark
1.1.17 protocol inbound
Syntax
protocol inbound { all | ssh | telnet }
View
User interface view
Parameter
all: Supports both Telnet protocol and SSH protocol.
ssh: Supports SSH protocol.
telnet: Supports Telnet protocol.
Description
Use the protocol inbound command to configure the user interface to support specified protocols.
Both Telnet and SSH protocols are supported by default.
Use this command in VTY user interface view only.
Related command: user-interface vty.
Caution:
If you want to configure the user interface to support SSH, to ensure a successful login, you must first configure the authentication mode to scheme on the user interface. If you set the authentication mode to password or none, the protocol inbound ssh command will fail. Refer to section 1.1.2 "authentication-mode”.
Example
# Configure VTY 0 to support only SSH protocol.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface vty 0
[Sysname-ui-vty0] protocol inbound ssh
1.1.18 screen-length
Syntax
screen-length screen-length
undo screen-length
View
User interface view
Parameter
screen-length: Number of lines the screen can contain. This argument ranges from 0 to 512 and defaults to 24.
Description
Use the screen-length command to set the number of lines the terminal screen can contain.
Use the undo screen-length command to revert to the default number of lines.
You can use the screen-length 0 command to disable the function to display information in pages.
Example
# Set the number of lines the terminal screen can contain to 20.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface aux 0
[Sysname-ui-aux0] screen-length 20
1.1.19 send
Syntax
send { all | number | type number }
View
User view
Parameter
all: Specifies to send messages to all user interfaces.
type: User interface type.
number: Absolute user interface index or relative user interface index.
l Relative user interface index: If you provide the type argument, the number argument indicates the user interface index of the type. When the type is AUX, number is 0; when the type is VTY, number ranges from 0 to 4.
l Absolute user interface index: If you do not provide the type argument, the number argument indicates the absolute user interface index, and ranges from 0 to 5.
Description
Use the send command to send messages to a specified user interface or all user interfaces.
Example
# Send messages to all user interfaces.
<Sysname> send all
Enter message, end with CTRL+Z or Enter; abort with CTRL+C:
hello^Z
Send message? [Y/N]y
<Sysname>
***
***
***Message from vty0 to vty0
***
hello
<Sysname>
1.1.20 service-type
Syntax
service-type { ftp [ ftp-directory directory ] | lan-access | { ssh | telnet | terminal }* [ level level ] }
undo service-type { ftp [ ftp-directory ] | lan-access | { ssh | telnet | terminal }* }
View
Local user view
Parameter
ftp: Specifies the users to be of FTP type.
ftp-directory directory: Specifies the path for the FTP user, directory is a string of 1 to 135 characters.
lan-access: Specifies the users to be of LAN-access type, which normally means Ethernet users, such as 802.1x users.
ssh: Specifies the users to be of SSH type.
telnet: Specifies the users to be of Telnet type.
terminal: Makes terminal services available to users logging in through the Console port.
level level: Specifies the user level for Telnet users, Terminal users, or SSH users. The level argument ranges from 0 to 3 and defaults to 0.
Description
Use the service-type command to specify the login type and the corresponding available command level.
Use the undo service-type command to cancel login type configuration.
Commands fall into four command levels: visit, monitor, system, and manage, which are described as follows:
l Visit level: Commands of this level are used to diagnose network and change the language mode of user interface, such as the ping, tracert, and language-mode command. The Telnet command is also of this level. Commands of this level cannot be saved in configuration files.
l Monitor level: Commands of this level are used to maintain the system, to debug service problems, and so on. The display and debugging command are of monitor level. Commands of this level cannot be saved in configuration files.
l System level: Commands of this level are used to configure services. Commands concerning routing and network layers are of system level. You can utilize network services by using these commands.
l Manage level: Commands of this level are for the operation of the entire system and the system supporting modules. Services are supported by these commands. Commands concerning file system, file transfer protocol (FTP), trivial file transfer protocol (TFTP), downloading using XModem, user management, and level setting are of administration level.
Example
# Configure commands of level 0 are available to the users logging in using the user name of “zbr”.
System View: return to User View with Ctrl+Z.
[Sysname] local-user zbr
[Sysname-luser-zbr] service-type telnet level 0
# To verify the above configuration, you can quit the system, log in again using the user name of “zbr”, and then list the available commands, as listed in the following.
[Sysname] quit
<Sysname> ?
User view commands:
cluster Run cluster command
language-mode Specify the language environment
ping Ping function
quit Exit from current command view
super Set the current user priority level
telnet Establish one TELNET connection
tracert Trace route function
undo Undo a command or set to its default status
1.1.21 set authentication password
Syntax
set authentication password { cipher | simple } password
undo set authentication password
View
User interface view
Parameter
cipher: Specifies to display the local password in encrypted text when you display the current configuration.
simple: Specifies to display the local password in plain text when you display the current configuration.
password: Password. The password must be in plain text if you specify the simple keyword in the set authentication password command. If you specify the cipher keyword, the password can be in either encrypted text or plain text. Whether the password is in encrypted text or plain text depends on the password string entered. Strings containing up to 16 characters (such as 123) are regarded as plain text passwords and are converted to the corresponding 24-character encrypted password (such as !TP<\*EMUHL,408`W7TH!Q!!). A encrypted password must contain 24 characters and must be in ciphered text (such as !TP<\*EMUHL,408`W7TH!Q!!).
Description
Use the set authentication password command to set the local password.
Use the undo set authentication password command to remove the local password.
Note that only plain text passwords are expected when users are authenticated.
& Note:
By default, modem users and Telnet users need to provide their passwords to log in. If no password is set, the “Login password has not been set !” message appears on the terminal when users log in.
Example
# Set the local password of VTY 0 to “123”.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface vty 0
[Sysname-ui-vty0] set authentication password simple 123
1.1.22 shell
Syntax
shell
undo shell
View
User interface view
Parameter
None
Description
Use the shell command to make terminal services available for the user interface.
Use the undo shell command to make terminal services unavailable to the user interface.
By default, terminal services are available in all user interfaces.
Note the following when using the undo shell command:
l This command is available in all user interfaces except the AUX user interface, because the AUX port (also the Console) is exclusively used for configuring the switch.
l This command is unavailable in the current user interface.
l This command prompts for confirmation when being executed in any valid user interface.
Example
# Log into user interface 0 and make terminal services unavailable in VTY 0 through VTY 4.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface vty 0 4
[Sysname-ui-vty0-4] undo shell
% Disable ui-vty0-4 , are you sure ? [Y/N]y
1.1.23 speed
Syntax
speed speed-value
undo speed
View
User interface view
Parameter
speed-value: Transmission speed (in bps). This argument can be 300, 600, 1200, 2400, 4800, 9600, 19,200, 38,400, 57,600, 115,200 and defaults to 9,600.
Description
Use the speed command to set the transmission speed of the user interface.
Use the undo speed command to revert to the default transmission speed.
Use these two commands in the AUX user interface view only.
& Note:
After you use the speed command to configure the transmission speed of the AUX user interface, you must change the corresponding configuration of the terminal emulation program running on the PC, to keep the configuration consistent with that on the switch.
Example
# Set the transmission speed of the AUX user interface to 9,600 bps.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface aux 0
[Sysname-ui-aux0] speed 9600
1.1.24 stopbits
Syntax
stopbits { 1 | 1.5 | 2 }
undo stopbits
View
User interface view
Parameter
1: Sets the stop bits to 1.
1.5: Sets the stop bits to 1.5.
2: Sets the stop bits to 2.
Description
Use the stopbits command to set the stop bits of the user interface.
Use the undo stopbits command to revert to the default stop bits.
Use these two commands in the AUX user interface only.
By default, the stop bits is 1.
Currently, the stopbits cannot be 1.5 on an S3610&S5510 series Ethernet switch.
Example
# Set the stop bits to 2.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface aux 0
[Sysname-ui-aux0] stopbits 2
1.1.25 telnet
Syntax
telnet [ vpn-instance vpn-name ] remote-system [ port-number ] [ source { ip ip-address | interface interface-type interface-number } ]
View
User view
Parameter
vpn-name: VPN instance name, a string of 1 to 31 characters.
remote-system: IP address or host name of the remote system. The host name is a string of 1 to 20 characters, which can be specified using the ip host command.
port-number: TCP port number assigned to Telnet service on the remote system, in the range 0 to 65535.
ip-address: Source IP address of the packets sent by the Telnet client.
interface-type interface-number: Type and number of the interface through which the Telnet client sends packets.
Description
Use the telnet command to Telnet to another switch from the current switch to manage the former remotely. You can terminate a Telnet connection by pressing <Ctrl + K>.
Related command: display tcp status.
Example
# Telnet to the switch with the host name of Sysname2 and IP address of 129.102.0.1 from the current switch (with the host name of Sysname1).
<Sysname1> telnet 129.102.0.1
Trying 129.102.0.1 ...
Press CTRL+K to abort
Connected to 129.102.0.1 ...
**************************************************************************
* Copyright(c) 2004-2007 Hangzhou H3C Tech. Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
********************************************************************** *
<Sysname2>
1.1.26 telnet ipv6
Syntax
telnet ipv6 remote-system [ -i interface-type interface-number ] [ port-number ]
View
User view
Parameter
remote-system: IPv6 address or host name of the remote system. An IPv6 address can be up to 46 characters; a host name is a string of 1 to 20 characters.
-i interface-type interface-number: Specifies the outbound interface by interface type and interface number. The outbound interface is required when the destination address is a local link address.
port-number: TCP port number assigned to Telnet service on the remote system, in the range 0 to 65535 and defaults to 23.
Description
Use the telnet ipv6 command to Telnet to a device from the current device to perform remote management operation. You can terminate a Telnet session by pressing <Ctrl + K>.
Example
# Telnet to the device with IPv6 address 3001::1.
<Sysname> telnet ipv6 3001::1
Trying 3001::1 ...
Press CTRL+K to abort
Connected to 3001::1 ...
**************************************************************************
* Copyright (c) 2004-2007 Hangzhou H3C Tech. Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
**************************************************************************
<Sysname>
1.1.27 telnet client source
Syntax
telnet client source { ip ip-address | interface interface-type interface-number }
undo telnet client source
View
System view
Parameter
None
Description
Use the telnet client source command to specify the source address or source interface for the current device for it to log into another device as a Telnet client.
Use the undo telnet client source command to remove the source address or source interface configured.
By default, the source address/source interface is not specified.
Example
# Specify the source address for the device to log into another device as a Telnet client.
<Sysname> system-view
[Sysname] telnet client source ip 129.102.0.2
# Remove the source address configured.
[Sysname] undo telnet client source
1.1.28 telnet server enable
Syntax
telnet server enable
undo telnet server enable
View
System view
Parameter
None
Description
Use the telnet server enable command to make the switch to operate as a Telnet server.
Use the undo telnet server enable command to disable the switch from operating as a Telnet server.
By default, a switch does not operate as a Telnet server.
Example
# Make the switch to operate as a Telent server.
<Sysname> system-view
[Sysname] telnet server enable
% Start Telnet server
# Disable the switch from operating as a Telnet server.
[Sysname] undo telnet server enable
% Close Telnet server
1.1.29 terminal type
Syntax
terminal type { ansi | vt100 }
undo terminal type
View
User interface view
Parameter
ansi: Specifies the terminal display type to ANSI.
vt100: Specifies the terminal display type to VT100.
Description
Use the terminal type command to configure the type of terminal display .
Use the undo terminal type command to restore the default.
Currently, the system support two types of terminal display : ANSI and VT100.
By default, the terminal display type is ANSI. The device must use the same display type as the terminal. If the terminal uses VT 100, the device should also use VT 100.
Example
# Set the terminal display type to VTY 100.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface vty 0
[Sysname-ui-vty0] terminal type vt100
1.1.30 user-interface
Syntax
user-interface [ type ] first-number [ last-number ]
View
System view
Parameter
type: User interface type.
first-number: User interface index, which identifies the first user interface to be configured.
last-number: User interface index, which identifies the last user interface to be configured.
Description
Use the user-interface command to enter one or more user interface views to perform configuration.
Example
# Enter VTY 0 user interface view.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface vty 0
[Sysname-ui-vty0]
1.1.31 user privilege level
Syntax
user privilege level level
undo user privilege level
View
User interface view
Parameter
level: Command level ranging from 0 to 3.
Description
Use the user privilege level command to configure the command level available to the users logging into the user interface.
Use the undo user privilege level command to revert to the default command level.
By default, the commands of level 3 are available to the users logging into the AUX user interface. The commands of level 0 are available to the users logging into VTY user interfaces.
Example
# Configure that commands of level 0 are available to the users logging into VTY 0.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface vty 0
[Sysname-ui-vty0] user privilege level 0
# You can verify the above configuration by Telneting to VTY 0 and displaying the available commands, as listed in the following.
User view commands:
cluster Run cluster command
language-mode Specify the language environment
ping Ping function
quit Exit from current command view
super Set the current user priority level
telnet Establish one TELNET connection
tracert Trace route function
undo Undo a command or set to its default status
Chapter 2 Commands for Controlling Login Users
2.1 Commands for Controlling Login Users
2.1.1 acl
Syntax
acl [ ipv6 ] acl-number { inbound | outbound }
undo acl [ ipv6 ] { inbound | outbound }
View
User interface view
Parameter
acl-number: ACL number ranging from 2,000 to 4,999. where:
l 2000 to 2999 for basic IPv4 ACLs
l 3000 to 3999 for advanced IPv4 ACLs
l 4000 to 4999 for Layer 2 ACLs
ipv6 acl-number: IPv6 ACL number ranging from 2,000 to 3,999.
inbound: Filters the users Telneting to the current switch.
outbound: Filters the users Telneting to other switches from the current switch.
Description
Use the acl command to apply an ACL to filter Telnet users.
Use the undo acl command to disable the switch from filtering Telnet users using the ACL.
Note that if you use Layer 2 ACL rules, you can only choose the inbound keyword in the command here.
Example
# Apply ACL 2000 to filter users Telneting to the current switch (assuming that ACL 2,000 already exists.)
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface vty 0 4
[Sysname-ui-vty0-4] acl 2000 inbound
2.1.2 free web-users
Syntax
free web-users { all | user-id userid | user-name username }
View
User view
Parameter
userid: Web user ID.
username: User name of the Web user. This argument can contain 1 to 80 characters.
all: Specifies all Web users.
Description
Use the free web-users command to disconnect a specified Web user or all Web users by force.
Example
# Disconnect all Web users by force.
<Sysname> free web-users all
2.1.3 ip http acl
Syntax
ip http acl acl-number
undo ip http acl
View
System view
Parameter
acl-number: ACL number ranging from 2,000 to 2,999.
Description
Use the ip http acl command to apply an ACL to filter Web users.
Use the undo ip http acl command to disable the switch from filtering Web users using the ACL.
Example
# Apply ACL 2000 to filter Web users (assuming that ACL 2,000 already exists.)
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] ip http acl 2000
2.1.4 snmp-agent community
Syntax
snmp-agent community { read | write } community-name [ mib-view view-name | acl acl-number ]*
undo snmp-agent community community-name
View
System view
Parameter
read: Specifies that the community has read-only permission in the specified view.
write: Specifies that the community has read/write permission in the specified view.
community-name: Community name, a string of 1 to 32 characters.
mib-view: Sets the name of the MIB view accessible to the community.
view-name: MIB view name, a string of 1 to 32 characters.
acl acl-number: Specifies the ACL number. The acl-number argument ranges from 2,000 to 2,999.
Description
Use the snmp-agent community command to set a community name and to enable users to access the switch through SNMP. You can also optionally use this command to apply an ACL to filter network management users.
Use the undo snmp-agent community command to cancel community-related configuration for the specified community.
By default, SNMPv1 and SNMPv2c access a switch by community names.
Example
# Set the community name to “h3c”, enable users to access the switch in the name of the community (with read-only permission), and apply ACL 2,000 to filter network management users (assuming that ACL 2000 already exists.)
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] snmp-agent community read h3c acl 2000
2.1.5 snmp-agent group
Syntax
snmp-agent group { v1 | v2c } group-name [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ]
undo snmp-agent group { v1 | v2c } group-name
snmp-agent group v3 group-name [ authentication | privacy ] [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ]
undo snmp-agent group v3 group-name [ authentication | privacy ]
View
System view
Parameter
v1: Specifies to adopt v1 security scheme.
v2c: Specifies to adopt v2c security scheme.
v3: Specifies to adopt v3 security scheme.
group-name: Group name, a string of 1 to 32 characters.
authentication: Specifies to authenticate SNMP data without encrypting the data.
privacy: Authenticates and encrypts packets.
read-view: Sets a read-only view.
read-view: Name of the view to be set to read-only, a string of 1 to 32 characters.
write-view: Sets a readable & writable view.
write-view: Name of the view to be set to readable & writable, a string of 1 to 32 characters.
notify-view: Sets a notifying view.
notify-view: Name of the view to be set to a notifying view, a string of 1 to 32 characters.
acl acl-number: Specifies an ACL. The acl-number argument ranges from 2,000 to 2,999.
Description
Use the snmp-agent group command to configure a SNMP group. You can also optionally use this command to apply an ACL to filter network management users.
Use the undo snmp-agent group command to remove a specified SNMP group.
Example
# Create a SNMP group named “h3c” and apply ACL 2001 to filter network management users (assuming that ACL 2001 already exists).
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] snmp-agent group v1 h3c acl 2001
2.1.6 snmp-agent usm-user
Syntax
snmp-agent usm-user { v1 | v2c } user-name group-name [ acl acl-number ]
undo snmp-agent usm-user { v1 | v2c } user-name group-name
snmp-agent usm-user v3 user-name group-name [ authentication-mode { md5 | sha } auth-password [ privacy-mode { des56 | aes128 } priv-password ] ] [ acl acl-number ]
undo snmp-agent usm-user v3 user-name group-name { local | engineid engineid-string }
View
System view
Parameter
v1: Specifies to adopt v1 security scheme.
v2c: Specifies to adopt v2c security scheme.
v3: Specifies to adopt v3 security scheme.
user-name: User name, a string of 1 to 32 characters.
group-name: Group name the user corresponds to, a string of 1 to 32 characters.
authentication-mode: Specifies to authenticate users.
md5: Specifies the authentication protocol to be HMAC-MD5-96.
sha: Specifies the authentication protocol to be HMAC-SHA-96.
auth-password: Authentication password. This argument can be of 1 to 64 characters.
privacy: Specifies to encrypt data.
des56: Specifies the privacy protocol to be Data Encryption Standard (DES for short).
aes128: Specifies the privacy protocol to be Advanced Encryption Standard (AES for short).
priv-password: Encrypting password, a string of 1 to 64 characters.
acl acl-number: Specifies the ACL number. The acl-number argument ranges from 2,000 to 2,999.
local: Specifies the user to be a local user entity.
engineid: Specifies the ID of the engine associated with the user.
engineid-string: Engine ID string, 10 to 64 even number of hexadecimal numbers. Odd number of hexadecimal numbers, all-zero, or all-F hexadecimal numbers are all regarded as invalid parameters.
Description
Use the snmp-agent usm-user command to add a user to a specified SNMP group. You can also optionally use this command to apply an ACL to filter network management users.
Use the undo snmp-agent usm-user command to remove a user from the corresponding SNMP group. The operation also frees the user from the corresponding ACL-related configuration.
Example
# Add the user named “h3c” to the SNMP group named “h3cgroup”, specifying to authenticate the user, specifying the authentication protocol to be HMAC-MD5-96, the authentication password to be “abc”, and applying ACL 2002 to filter network management users (assuming that ACL 2002 already exists).
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] snmp-agent usm-user v3 h3c h3cgroup authentication-mode md5 abc acl 2002
