Table of Contents

Chapter 1 User Interface Configuration. 1-1

1.1 User Interface Overview. 1-1

1.1.1 Brief Introduction. 1-1

1.1.2 User Interface Numbering. 1-2

1.2 Configuring User Interface. 1-2

1.3 Configuring Asynchronous Serial Interface Attributes. 1-3

1.4 Configuring Terminal Attributes. 1-4

1.5 Configuring Modem Attributes. 1-5

1.6 Configuring the auto-execute Command. 1-5

1.7 Configuring User Privilege Level 1-6

1.8 Configuring Access Restriction on VTY User Interface(s) 1-7

1.9 Configuring Supported Protocols on VTY User Interface(s) 1-7

1.10 Configuring Authentication Mode at Login. 1-8

1.11 Sending Messages to the Specified User Interface(s) 1-10

1.12 Releasing the Connection Established on the User Interface(s) 1-10

1.13 Displaying and Maintaining User Interface(s) 1-11

Chapter 2 Management Ethernet Port Configuration. 2-1

2.1 Management Ethernet Port Overview. 2-1

2.2 Management Ethernet Port Configuration. 2-1

 

Chapter 1  User Interface Configuration

When configuring user interface, go to these sections for information you are interested in:

l           User Interface Overview

l           Configuring User Interface

l           Configuring Asynchronous Serial Interface Attributes

l           Configuring Terminal Attributes

l           Configuring Modem Attributes

l           Configuring the auto-execute Command

l           Configuring User Privilege Level

l           Configuring Access Restriction on VTY User Interface(s)

l           Configuring Supported Protocols on VTY User Interface(s)

l           Configuring Authentication Mode at Login

l           Sending Messages to the Specified User Interface(s)

l           Releasing the Connection Established on the User Interface(s)

l           Displaying and Maintaining User Interface(s)

1.1  User Interface Overview

1.1.1  Brief Introduction

User interface view is a feature that allows you to manage asynchronous serial interfaces that work in flow mode. By operating under user interface view, you can centralize the management of various configurations.

At present, the system supports the following three configuration modes:

l           Local configuration via the Console port

l           Local/Remote configuration via the AUX port (Auxiliary port)

l           Local/Remote configuration through Telnet or SSH

The three modes correspond to four types of user interfaces. They are:

l           Console port: A view which you log in from the console port. Console port is a line device port. The device has only one console port, with the port type as EIA/TIA-232 DCE.

l           AUX port: A view which you log in from the AUX port. AUX port is also a line device port. The device has only one AUX port of EIA/TIA-232 DTE type. This port is usually used for dialup access via modem.

l           VTY (Virtual Type Terminal): A view which you log in through VTY. VTY port is a logical terminal line used when you access the device by means of Telnet or SSH. Currently, each device supports up to five VTY users to access simultaneously.

1.1.2  User Interface Numbering

User interfaces can be numbered in two ways: absolute numbering and relative numbering.

I. Absolute numbering

Absolute numbering allows you to uniquely specify a user interface or a group of user interfaces. The numbering system starts from number 0 (representing the Console port), and followed by 1 (representing the AUX port), then 2 to represent VTY 0, and so on.

 

 

II. Relative numbering

Relative numbering numbers a user interface in the form of “user interface type + number”. In this way, it can specify a user interface or a group of user interfaces of a specific type. This form of number is valid only when used under that type of user interface. It makes no sense when used under other types of user interfaces. The rules of relative numbering are as follows:

l           CON is numbered CON 0.

l           AUX is numbered AUX 0.

l           VTYs are numbered from 0 in ascending order, with a step of 1.

1.2  Configuring User Interface

Complete these tasks to configure user interface:

Task	Remarks
Configuring Asynchronous Serial Interface Attributes	Optional
Configuring Terminal Attributes	Optional
Configuring Modem Attributes	Optional
Configuring the auto-execute Command	Optional
Configuring User Privilege Level	Optional
Configuring Access Restriction on VTY User Interface(s)	Optional
Configuring Supported Protocols on VTY User Interface(s)	Optional
Configuring Authentication Mode at Login	Optional
Sending Messages to the Specified User Interface(s)	Optional
Releasing the Connection Established on the User Interface(s)	Optional

 

1.3  Configuring Asynchronous Serial Interface Attributes

Follow these steps to configure asynchronous attributes of a serial interface:

To do…	Use the command…	Remarks
Enter system view	system-view	––
Enter user interface view	user-interface { first-num1 [ last-num1 ] | { aux | console | vty } first-num2 [ last-num2 ] }	––
Configure transmission speed	speed speed-value	Optional 9600 bps by default
Configure flow control mode	flow-control { none | software | hardware }	Optional none by default
Set parity bits	parity { none | even | odd | mark | space }	Optional none by default
Set stop bits	stopbits { 1.5 | 1 | 2 }	Optional 1 by default Currently, stop bits 1.5 cannot be configured.
Set data bits	databits { 5 | 6 | 7 | 8 }	Optional 8 by default Currently, data bits 5 and 6 cannot be configured.

 

 

1.4  Configuring Terminal Attributes

To do…	Use the command…	Remarks
Enter system view	system-view	––
Enter user interface view	user-interface { first-num1 [ last-num1 ] | { aux | console | vty } first-num2 [ last-num2 ] }	––
Start the terminal service	shell	Optional The terminal service is enabled on all user interfaces by default.
Set the idle-timeout disconnection function for terminal users	idle-timeout minutes [ seconds ]	Optional 10 minutes by default.
Set the screen-length of the terminal screen	screen-length screen-length	Optional The screen displays 24 lines of data by default.
Set the display type of a terminal	terminal type { ansi | vt100 }	Optional ANSI by default.
Set the number of the history commands that can be stored in the history buffer	history-command max-size size-value	Optional The history buffer can store 10 commands by default.
Return to user view	return	––
Lock user interface, preventing unauthorized users from using this interface	lock	Optional Disabled by default.

 

 

1.5  Configuring Modem Attributes

In the event of dial-in through a modem into an asynchronous interface, you can manage and configure the modem-concerned parameters in user interface view.

Follow these steps to configure the modem attributes:

To do…	Use the command…	Remarks
Enter system view	system-view	––
Enter user interface view	user-interface { first-num1 [ last-num1 ] | { aux | vty } first-num2 [ last-num2 ] }	––
Set the interval for a user from hookoff to dial-up when dial-in connection is established	modem timer answer time	Optional 30 seconds by default
Enable auto answer for the modem	modem auto-answer	Optional Manual answer by default
Enable the modem to dial in, dial out or both	modem { both | call-in | call-out }	Optional Disabled by default

 

 

1.6  Configuring the auto-execute Command

With the auto-execute command command enabled, the system automatically executes the configured command when you log in. After the command is completed or after the tasks triggered by the command are completed, the connection breaks automatically.

This command is normally used to configure the Telnet command to enable you to connect to the specified host automatically.

Follow these steps to configure auto-execute command:

To do…	Use the command…	Remarks
Enter system view	system-view	––
Enter user interface view	user-interface { first-num1 [ last-num1 ] | { aux | vty } first-num2 [ last-num2 ] }	––
Configure the command to be automatically executed	auto-execute command command	Required No command is set to be automatically executed by default.

 

The auto-execute command command is supported on all types of user interfaces except the Console port and the AUX port functioning as the console port.

 

 

1.7  Configuring User Privilege Level

You can restrict a user to use only a subset of all the system commands through settings on two aspects: user interface level and user level.

l           If username and password are needed in the configured authentication mode, the user privilege level is defined by the user level. For SSH users, when they use RSA public key authentication, their privilege level is defined by the level configured on the user interface.

l           If no authentication is adopted or the password authentication is adopted, the user privilege level is defined by the user interface level used when login.

l           If the setting of user interface level is inconsistent with that of the user level, the user level applies. For example, if user1 can use level 3 commands, and the user interface VTY0 can use level 2 commands, then user1 can use commands of level 3 or a lower level when logging onto the system through VTY0.

Setting of the user level: Use the local-user command in system view to create a user and enter local user view, in which use the level command to specify the user level. For the detailed description of the local-user and level commands, refer to AAA RADIUS HWTACACS Configuration Commands in Security Volume.

Follow these steps to configure the user privilege level under a user interface:

To do…	Use the command…	Remarks
Enter system view	system-view	––
Enter user interface view	user-interface { first-num1 [ last-num1 ] | { aux | console | vty } first-num2 [ last-num2 ] }	––
Configure user’s privilege level under the current user interface	user privilege level level	Optional By default, users logging in from Console port have a privilege level of 3; users logging in from other user interfaces have a privilege level of 0.

 

1.8  Configuring Access Restriction on VTY User Interface(s)

You can configure access restriction on the VTY user interface through referencing an ACL. For details regarding ACL, refer to ACL Configuration in QoS ACL Volume.

Follow these steps to configure access restriction on VTY user interfaces:

To do…		Use the command…	Remarks
Enter system view		system-view	––
Enter VTY user interface view		user-interface { first-num1 [ last-num1 ] | vty first-num2 [ last-num2 ] }	––
Configure the access restriction on the VTY user interface	By referencing basic/advanced ACL	acl [ ipv6 ] acl-number { inbound | outbound }	Use either command No restriction is set by default.
	By referencing Layer 2 ACL	acl acl-number inbound

 

1.9  Configuring Supported Protocols on VTY User Interface(s)

Currently, only the VTY user interface allows configuration on the supported protocols.

Follow these steps to configure supported protocols on the active VTY user interface:

To do…	Use the command…	Remarks
Enter system view	system-view	––
Enter VTY user interface view	user-interface { first-num1 [ last-num1 ] | vty first-num2 [ last-num2 ] }	––
Configure the supported protocol(s) on the active user interface	protocol inbound { all | ssh | telnet }	Optional Both Telnet and SSH are supported by default.

 

 

1.10  Configuring Authentication Mode at Login

With the configuration of user interface authentication mode, you can decide whether to authenticate users when they log on through the specified user interface, thus enhancing the security of the device. The supported authentication modes on the device are none, password, and scheme.

l           If you specify the authentication mode as none, then no username and password are needed when users log on through the specified user interface, which may be insecure.

l           If you specify the authentication mode as password, then password authentication is needed when users log on through the specified user interface. Input of empty or wrong password may result in login failure. Before terminating the redirected Telnet connection, set the password of the specified user interface.

l           If you specify the authentication mode as scheme, then username and password authentication is needed when users log on through the specified user interface. Input of empty or wrong password may result in login failure. Before terminating the redirected Telnet connection, set the username and password.

Follow these steps to configure authentication mode at login as none:

To do…	Use the command…	Remarks
Enter system view	system-view	––
Enter user interface view	user-interface { first-num1 [ last-num1 ] | { aux | console | vty } first-num2 [ last-num2 ] }	––
Set authentication mode at login to none	authentication-mode none	Required By default, the authentication mode is password for VTY and AUX user interfaces and is none for Console interface.

 

Follow these steps to configure authentication mode at login as password:

To do…	Use the command…	Remarks
Enter system view	system-view	––
Enter user interface view	user-interface { first-num1 [ last-num1 ] | { aux | console | vty } first-num2 [ last-num2 ] }	––
Set authentication mode at login to password	authentication-mode password	Required By default, the authentication mode is password for VTY and AUX user interfaces and is none for Console interface.
Set local authentication password	set authentication password { cipher | simple } password	Required No local authentication password is set by default.

 

Follow these steps to configure authentication mode at login as scheme:

To do…	Use the command…	Remarks
Enter system view	system-view	––
Enter user interface view	user-interface { first-num1 [ last-num1 ] | { aux | console | vty } first-num2 [ last-num2 ] }	––
Set authentication mode at login to scheme	authentication-mode scheme [ command-authorization ]	Required By default, the authentication mode is password for VTY and AUX user interfaces and is none for Console interface.
Set authentication username and enter local user view	local-user user-name	Required No local user is set on the device by default.
Set authentication password	password { cipher | simple } password	Required

 

 

1.11  Sending Messages to the Specified User Interface(s)

To do…	Use the command…	Remarks
Send messages to the specified user interface(s)	send { all | num1 | { aux | console | vty } num2 }	Required

 

1.12  Releasing the Connection Established on the User Interface(s)

To do…	Use the command…	Remarks
Release the connection established on the specified user interface(s)	free user-interface { num1 | { aux | console | vty } num2 }	Required

 

 

1.13  Displaying and Maintaining User Interface(s)

To do…	Use the command…	Remarks
Display the information on the use of the user interface(s)	display users [ all ]	Available in any view
Display the information about the specified or all user interface(s)	display user-interface [ num1 | { aux | console | vty } num2 ] [ summary ]	Available in any view
Display the history commands that the current user has configured	display history-command	Available in any view

 

Chapter 2  Management Ethernet Port Configuration

When configuring management Ethernet port, go to these sections for information you are interested in:

l           Management Ethernet Port Overview

l           Management Ethernet Port Configuration

2.1  Management Ethernet Port Overview

Each SRPU on an S9500 series switch provides a 10/100Base-TX management Ethernet port (M-Ethernet) which has the functions listed below:

l           Connected with a PC, the port implements downloading and debugging of system programs.

l           Connected with a remote network management workstation, the port implements remote system management.

2.2  Management Ethernet Port Configuration

You can perform the following operations in management Ethernet port view:

l           Configure the IP address for an interface

l           Bring up/shut down an interface

l           Set the description for an interface

l           Display the current system information

l           Test network connectivity (ping, tracert)

For detailed information, refer to Ethernet Interface Configuration in Access Volume and System Maintaining and Debugging Configuration in System Volume.