02-Login Commands
Chapters Download (102.07 KB)
Table of Contents
1 Commands for Logging into an Ethernet Switch
Commands for Logging into an Ethernet Switch
2 Commands for Controlling Login Users
Commands for Controlling Login Users
Syntax
authentication-mode { none | password | scheme [ command-authorization ] }
View
User interface view
Default Level
3: Manage level
Parameters
none: Does not authenticate users.
password: Authenticates users using the local password.
scheme: Authenticates users locally or remotely using usernames and passwords.
command-authorization: Performs command authorization on TACACS authentication server.
Description
Use the authentication-mode command to specify the authentication mode.
l If you specify the password keyword to authenticate users using the local password, remember to set the local password using the set authentication password { cipher | simple } password command.
l If you specify the scheme keyword to authenticate users locally or remotely using usernames and passwords, the actual authentication mode depends on other related configuration. Refer to the AAA-RADIUS-HWTACACS module of this manual for more.
l If this command is executed with the command-authorization keywords specified, authorization is performed on the TACACS server whenever you attempt to execute a command, and the command can be executed only when you pass the authorization. Normally, a TACACS server contains a list of the commands available to different users.
After you specify to perform local password authentication, when a user logs in through the Console port, a user can log into the switch even if the password is not configured on the switch. But for a VTY user interface, a password is needed for a user to log into the switch through it under the same condition.
By default, users logging in through the Console port are not authenticated.
For VTY user interface, if you want to set the login authentication mode to none or password, you must first verify that the SSH protocol is not supported by the user interface. Otherwise, your configuration will fail. Refer to protocol inbound.
Examples
# Configure to authenticate users using the local password.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface aux 0
[Sysname-ui-aux0] authentication-mode password
Syntax
auto-execute command text
undo auto-execute command
View
User interface view
Default Level
3: Manage level
Parameters
text: Command to be executed automatically.
Description
Use the auto-execute command command to set the command that is executed automatically after a user logs in.
Use the undo auto-execute command command to disable the specified command from being automatically executed.
Use these two commands in the VTY user interface only.
Normally, the telnet command is specified to be executed automatically to enable the user to Telnet to a specific network device automatically.
By default, no command is automatically executed.
l The auto-execute command command may cause you unable to perform common configuration in the user interface, so use it with caution.
l Before executing the auto-execute command command and save your configuration, make sure you can log into the switch in other modes and cancel the configuration.
Examples
# Configure the telnet 10.110.100.1 command to be executed automatically after users log into VTY 0.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface vty 0
[Sysname-ui-vty0] auto-execute command telnet 10.110.100.1
% This action will lead to configuration failure through ui-vty0. Are you sure?[Y/N]y
After the above configuration, when a user logs onto the device through VTY 0, the device automatically executes the configured command and logs off the current user.
Syntax
databits { 5 | 6 | 7 | 8 }
undo databits
View
AUX interface view
Default Level
2: System level
Parameters
5: Five data bits.
6: Six data bits.
7: Seven data bits.
8: Eight data bits.
Description
Use the databits command to set the databits for the user interface.
Use the undo databits command to revert to the default data bits.
The default data bits is 8.
H3C S5820X&S5800 Series Ethernet Switches only support data bits 7 and 8. To establish the connection again, you need to modify the configuration of the termination emulation utility running on your PC accordingly.
Examples
# Set the data bits to 7.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface aux 0
[Sysname-ui-aux0] databits 7
Syntax
display user-interface [ num1 | { aux | vty } num2 ] [ summary ]
View
Any view
Default Level
1: Monitor level
Parameters
num1: Absolute number of a user interface. The value range is 0 to 20.
num2: Relative number of a user interface. The value range is:
l AUX: 0 to 9;
l VTY: 0 to 4.
summary: Displays summary about user interfaces.
Description
Use the display user-interface command to view information about the specified or all user interfaces.
When the summary keyword is absent, the command will display the type of the user interface, the absolute or relative number, the speed, the user privilege level, the authentication mode and the physical location.
When the summary keyword is present, the command will display all the number and type of user interfaces under use and without use.
Examples
# Display the information about user interface 1.
<Sysname> display user-interface 1
Idx Type Tx/Rx Modem Privi Auth Int
F 1 AUX 0 9600 - 3 N -
+ : Current user-interface is active.
F : Current user-interface is active and work in async mode.
Idx : Absolute index of user-interface.
Type : Type and relative index of user-interface.
Privi: The privilege of user-interface.
Auth : The authentication mode of user-interface.
Int : The physical location of UIs.
A : Authenticate use AAA.
L : Authentication use local database.
N : Current UI need not authentication.
P : Authenticate use current UI's password.
Table 1-1 Descriptions on the fields of the display user-interface command
|
Filed |
Description |
|
+ |
The information displayed is about the current user interface. |
|
F |
The information displayed is about the current user interface. And the current user interface operates in asynchronous mode. |
|
Idx |
The absolute index of the user interface |
|
Type |
User interface type and the relative index |
|
Tx/Rx |
Transmission speed of the user interface |
|
Modem |
Indicates whether or not a modem is used. |
|
Privi |
The available command level |
|
Auth |
The authentication mode |
|
Int |
The physical position of the user interface |
Syntax
free user-interface { num1 | { aux | vty } num2 }
View
User view
Default Level
3: Manage level
Parametersnum1: Absolute number of a user interface. The value range is 0 to 20.
num2: Relative number of a user interface. The value range is:
l AUX: 0 to 9;
l VTY: 0 to 4.
summary: Displays summary about user interfaces.
Description
Use the free user-interface command to clear a specified user interface. If you execute this command, the corresponding user interface will be disconnected.
Note that the current user interface can not be cleared.
Examples
# Log into user interface 0 and clear user interface 1.
<Sysname> free user-interface 1
Are you sure to free user-interface vty0
[Y/N]y
[OK]
After you execute this command, user interface 1 will be disconnected. The user in it must log in again to connect to the switch.
Syntax
history-command max-size value
undo history-command max-size
View
User interface view
Default Level
2: System level
Parameters
value: Size of the history command buffer. This argument ranges from 0 to 256 and defaults to 10. That is, the history command buffer can store 10 commands by default.
Description
Use the history-command max-size command to set the size of the history command buffer.
Use the undo history-command max-size command to revert to the default history command buffer size.
Examples
# Set the size of the history command buffer to 20 to enable it to store up to 20 commands.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface aux 0
[Sysname-ui-aux0] history-command max-size 20
idle-timeout minutes [ seconds ]
undo idle-timeout
View
User interface view
Default Level
2: System level
Parameters
minutes: Number of minutes. This argument ranges from 0 to 35,791.
seconds: Number of seconds. This argument ranges from 0 to 59.
Description
Use the idle-timeout command to set the timeout time. The connection to a user interface is terminated if no operation is performed in the user interface within the specified period.
Use the undo idle-timeout command to revert to the default timeout time.
You can use the idle-timeout 0 command to disable the timeout function.
The default timeout time is 10 minutes.
Examples
# Set the timeout time of AUX 0 to 1 minute.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface aux 0
[Sysname-ui-aux0] idle-timeout 1 0
Syntax
lock
View
User view
Default Level
3: Manage level
Parameters
None
Description
Use the lock command to lock the current user interface to prevent unauthorized users from operating the user interface.
With the execution of this command, the system prompts to enter and confirm the password (up to 16 characters), and then locks the user interface.
To cancel the lock, press the Enter key and enter the correct password.
By default, the system will not lock the current user interface automatically.
Examples
# Lock the current user interface.
<Sysname> lock
Please input password<1 to 16> to lock current user terminal interface:
Password:
Again:
locked !
# Cancel the lock.
Password:
Again:
<Sysname>
Syntax
parity { even | mark | none | odd | space }
undo parity
View
AUX interface view
Default Level
2: System level
Parameters
even: Performs even checks.
mark: Performs mark checks.
none: Does not check.
odd: Performs odd checks.
space: Performs space checks.
Description
Use the parity command to set the check mode of the user interface.
Use the undo parity command to revert to the default check mode.
No check is performed by default.
H3C S5820X&S5800 series Ethernet switches support the even, none, and odd check modes only. To establish the connection again, you need to modify the configuration of the termination emulation utility running on your PC accordingly.
Examples
# Set to perform mark checks.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface aux 0
[Sysname-ui-aux0] parity mark
Syntax
protocol inbound { all | ssh | telnet }
View
VTY interface view
Default Level
3: Manage level
Parameters
all: Supports both Telnet protocol and SSH protocol.
ssh: Supports SSH protocol.
telnet: Supports Telnet protocol.
Description
Use the protocol inbound command to configure the user interface to support specified protocols.
Both Telnet and SSH protocols are supported by default.
Related command: user-interface vty.
If you want to configure the user interface to support SSH, to ensure a successful login, you must first configure the authentication mode to scheme on the user interface. If you set the authentication mode to password or none, the protocol inbound ssh command will fail. Refer to authentication-mode.
Examples
# Configure VTY 0 to support only SSH protocol.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface vty 0
[Sysname-ui-vty0] protocol inbound ssh
Syntax
screen-length screen-length
undo screen-length
View
User interface view
Default Level
2: System level
Parameters
screen-length: Number of lines the screen can contain. This argument ranges from 0 to 512 and defaults to 24.
Description
Use the screen-length command to set the number of lines the terminal screen can contain.
Use the undo screen-length command to revert to the default number of lines.
You can use the screen-length 0 command to disable the function to display information in pages.
Examples
# Set the number of lines the terminal screen can contain to 20.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface aux 0
[Sysname-ui-aux0] screen-length 20
Syntax
send { all | number | type number }
View
User view
Default Level
1: Monitor level
Parameters
all: Specifies to send messages to all user interfaces.
type: User interface type.
number: Absolute user interface index or relative user interface index.
l Relative user interface index: If you provide the type argument, the number argument indicates the user interface index of the type. When the type is AUX, number is 0 to 9; when the type is VTY, number ranges from 0 to 4.
l Absolute user interface index: If you do not provide the type argument, the number argument indicates the absolute user interface index, and ranges from 0 to 20.
Description
Use the send command to send messages to a specified user interface or all user interfaces.
Examples
# Send messages to all user interfaces.
<Sysname> send all
Enter message, end with CTRL+Z or Enter; abort with CTRL+C:
hello^Z
Send message? [Y/N]y
<Sysname>
***
***
***Message from vty0 to vty0
***
hello
<Sysname>
Syntax
set authentication password { cipher | simple } password
undo set authentication password
View
User interface view
Default Level
3: Manage level
Parameters
cipher: Specifies to display the local password in encrypted text when you display the current configuration.
simple: Specifies to display the local password in plain text when you display the current configuration.
password: Password. The password must be in plain text if you specify the simple keyword in the set authentication password command. If you specify the cipher keyword, the password can be in either encrypted text or plain text. Whether the password is in encrypted text or plain text depends on the password string entered. Strings containing up to 16 characters (such as 123) are regarded as plain text passwords and are converted to the corresponding 24-character encrypted password (such as !TP<\*EMUHL,408`W7TH!Q!!). A encrypted password must contain 24 characters and must be in ciphered text (such as !TP<\*EMUHL,408`W7TH!Q!!).
Description
Use the set authentication password command to set the local password.
Use the undo set authentication password command to remove the local password.
Note that only plain text passwords are expected when users are authenticated.
By default, Telnet users need to provide their passwords to log in. If no password is set, the “Login password has not been set !” message appears on the terminal when users log in.
Examples
# Set the local password of VTY 0 to “123”.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface vty 0
[Sysname-ui-vty0] set authentication password simple 123
Syntax
shell
undo shell
View
User interface view
Default Level
3: Manage level
Parameters
None
Description
Use the shell command to make terminal services available for the user interface.
Use the undo shell command to make terminal services unavailable to the user interface.
By default, terminal services are available in all user interfaces.
Note the following when using the undo shell command:
l This command is available in all user interfaces except the AUX user interface, because the AUX port (also the Console) is exclusively used for configuring the switch.
l This command is unavailable in the current user interface.
l This command prompts for confirmation when being executed in any valid user interface.
Examples
# Log into user interface 0 and make terminal services unavailable in VTY 0 through VTY 4.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface vty 0 4
[Sysname-ui-vty0-4] undo shell
% Disable ui-vty0-4 , are you sure ? [Y/N]y
Syntax
speed speed-value
undo speed
View
AUX interface view
Default Level
2: System level
Parameters
speed-value: Transmission speed (in bps). This argument can be 300, 600, 1200, 2400, 4800, 9600, 19,200, 38,400, 57,600, 115,200 and defaults to 9,600.
Description
Use the speed command to set the transmission speed of the user interface.
Use the undo speed command to revert to the default transmission speed.
After you use the speed command to configure the transmission speed of the AUX user interface, you must change the corresponding configuration of the terminal emulation program running on the PC, to keep the configuration consistent with that on the switch.
Examples
# Set the transmission speed of the AUX user interface to 9600 bps.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface aux 0
[Sysname-ui-aux0] speed 9600
Syntax
stopbits { 1 | 1.5 | 2 }
undo stopbits
View
AUX interface view
Default Level
2: System level
Parameters
1: Sets the stop bits to 1.
1.5: Sets the stop bits to 1.5.
2: Sets the stop bits to 2.
Description
Use the stopbits command to set the stop bits of the user interface.
Use the undo stopbits command to revert to the default stop bits.
By default, the stop bits is 1.
l The S5820X&S5800 series do not support communication with a terminal emulation program with stopbits set to 1.5.
l Changing the stop bits value of the switch to a value different from that of the terminal emulation utility does not affect the communication between them.
Examples
# Set the stop bits to 2.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface aux 0
[Sysname-ui-aux0] stopbits 2
Syntax
telnet [ vpn-instance vpn-instance-name ] remote-host [ service-port ] [ source { interface interface-type interface-number | ip ip-address } ]
View
User view
Default Level
0: Visit level
Parameters
vpn-instance vpn-instance-name: Specifies a VPN instance. vpn-instance-name is the name of a VPN instance, a string of 1 to 31 characters, case sensitive. Support for this parameter depends on the device model.
remote-host: IPv4 address or host name of a remote system, a string of 1 to 20 characters, case insensitive.
service-port: TCP port number for the remote system to provide Telnet services. It ranges from 0 to 65535 and defaults to 23.
Source: Specifies the source interface or source IPv4 address of Telnet packets.
interface interface-type interface-number: Specifies the source interface. The source IPv4 address of the Telnet packets sent is the IPv4 address of the specified interface. interface-type interface-number represents the interface type and number.
ip ip-address: Specifies the source IPv4 address of Telnet packets.
Description
Use the telnet command to telnet a remote host to remotely manage the host. You can press Ctrl+K or use the quit command to stop the current Telnet login.
Note that:
l The source IPv4 address or source interface specified by this command is applicable to the current Telnet connection only.
l If you use both the telnet command and the telnet client source command to specify the source IPv4 address or source interface, the source IPv4 address or interface specified by the telnet command takes effect.
Examples
# Telnet the remote host with the IP address 1.1.1.2, specifying the source IP address of Telnet packets as 1.1.1.1.
<Sysname> telnet 1.1.1.2 source ip 1.1.1.1
Syntax
user-interface { number1 | { aux | vty } number2 }
View
System view
Default Level
2: System level
Parameters
number1: Absolute user interface index: If you do not provide the type argument, the number argument indicates the absolute user interface index, and ranges from 0 to 20.
number2: Relative user interface index: If you provide the type argument, the number argument indicates the user interface index of the type. When the type is AUX, number2 is 0 to 9; when the type is VTY, number2 ranges from 0 to 4.
Description
Use the user-interface command to enter a single or multiple user interface views.
l In a single user interface view, the configuration takes effect in the user view only.
l In multiple user interface views, the configuration takes effect in these user views.
Examples
# Enter VTY 0 user interface view.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface vty 0
[Sysname-ui-vty0]
Syntax
user privilege level level
undo user privilege level
View
User interface view
Default Level
3: Manage level
Parameters
level: Command level ranging from 0 to 3.
Description
Use the user privilege level command to configure the command level available to the users logging into the user interface.
Use the undo user privilege level command to revert to the default command level.
By default, the commands of level 3 are available to the users logging into the AUX user interface. The commands of level 0 are available to the users logging into VTY user interfaces.
Commands fall into four command levels: visit, monitor, system, and manage, which are described as follows:
l Visit level: Commands of this level are used to diagnose network and change the language mode of user interface, such as the ping, tracert. The Telnet command is also of this level. Commands of this level cannot be saved in configuration files.
l Monitor level: Commands of this level are used to maintain the system, to debug service problems, and so on. The display and debugging command are of monitor level. Commands of this level cannot be saved in configuration files.
l System level: Commands of this level are used to configure services. Commands concerning routing and network layers are of system level. You can utilize network services by using these commands.
l Manage level: Commands of this level are for the operation of the entire system and the system supporting modules. Services are supported by these commands. Commands concerning file system, file transfer protocol (FTP), trivial file transfer protocol (TFTP), downloading using XModem, user management, and level setting are of administration level.
Examples
# Configure that commands of level 0 are available to the users logging into VTY 0.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface vty 0
[Sysname-ui-vty0] user privilege level 0
# You can verify the above configuration by Telnetting to VTY 0 and displaying the available commands, as listed in the following.
User view commands:
cluster Run cluster command
display Display current system information
ping Ping function
quit Exit from current command view
ssh2 Establish a secure shell client connection
super Set the current user priority level
telnet Establish one TELNET connection
tracert Trace route function
Syntax
acl acl-number { inbound | outbound }
undo acl { inbound | outbound }
View
User interface view
Default Level
2: System level
Parameters
acl-number: ACL number ranging from 2000 to 4999, where:
l 2000 to 2999 for basic IPv4 ACLs
l 3000 to 3999 for advanced IPv4 ACLs
l 4000 to 4999 for Layer 2 ACLs
inbound: Filters the users Telnetting to the current switch.
outbound: Filters the users Telnetting to other switches from the current switch.
Description
Use the acl command to apply an ACL to filter Telnet users.
Use the undo acl command to disable the switch from filtering Telnet users using the ACL.
Note that if you use Layer 2 ACL rules, you can only choose the inbound keyword in the command here.
Examples
# Apply ACL 2000 to filter users Telnetting to the current switch (assuming that ACL 2,000 already exists.)
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface vty 0 4
[Sysname-ui-vty0-4] acl 2000 inbound
