- Table of Contents
-
- H3C S3100 Series Ethernet Switches command Manual-Release 21XX Series(V1.06)
- 00-1Cover
- 01-CLI Commands
- 02-Login Commands
- 03-Configuration File Management Commands
- 04-VLAN Commands
- 05-Management VLAN Commands
- 06-IP Address-IP Performance Commands
- 07-Voice VLAN Commands
- 08-GVRP Commands
- 09-Port Basic Configuration Commands
- 10-Link Aggregation Commands
- 11-Port Isolation Commands
- 12-Port Security-Port Binding Commands
- 13-DLDP Commands
- 14-MAC Address Table Management Commands
- 15-MSTP Commands
- 16-Multicast Commands
- 17-802.1x-System Guard Commands
- 18-AAA Commands
- 19-MAC Address Authentication Commands
- 20-ARP Commands
- 21-DHCP Commands
- 22-ACL Commands
- 23-QoS-QoS Profile Commands
- 24-Mirroring Commands
- 25-Stack-Cluster Commands
- 26-PoE-PoE Profile Commands
- 27-SNMP-RMON Commands
- 28-NTP Commands
- 29-SSH Commands
- 30-File System Management Commands
- 31-FTP-SFTP-TFTP Commands
- 32-Information Center Commands
- 33-System Maintenance and Debugging Commands
- 34-VLAN-VPN Commands
- 35-HWPing Commands
- 36-IPv6 Management Commands
- 37-DNS Commands
- 38-Smart Link-Monitor Link Commands
- 39-Appendix
- Related Documents
-
Title | Size | Download |
---|---|---|
02-Login Commands | 148.11 KB |
Login Commands
authentication-mode
Syntax
authentication-mode { password | scheme [ command-authorization ] | none }
View
User interface view
Parameters
none: Specifies not to authenticate users.
password: Authenticates users using the local password.
scheme: Authenticates users locally or remotely using usernames and passwords.
command-authorization: Performs command authorization on TACACS authentication server.
Description
Use the authentication-mode command to specify the authentication mode.
l If you specify the password keyword to authenticate users using the local password, remember to set the local password using the set authentication password command. Otherwise, AUX users can log in to the switch successfully without password, but VTY users will fail the login. VTY users must enter the correct authentication password to log in to the switch.
l If you specify the scheme keyword to authenticate users locally or remotely using usernames and passwords, the actual authentication mode, that is, local or remote, depends on other related AAA scheme configuration of the domain.
l If this command is executed with the command-authorization keyword specified, authorization is performed on the TACACS server whenever you attempt to execute a command, and the command can be executed only when you pass the authorization. Normally, a TACACS server contains a list of the commands available to different users.
By default, the authentication mode is none for AUX users and password for VTY users.
For a VTY user interface, to specify the none keyword or password keyword for login users, make sure that SSH is not enabled in the user interface. Otherwise, the configuration fails. Refer to the protocol inbound command for related configuration.
To improve security and prevent attacks to the unused Sockets, TCP 23 and TCP 22, ports for Telnet and SSH services respectively, will be enabled or disabled after corresponding configurations.
l If the authentication mode is none, TCP 23 will be enabled, and TCP 22 will be disabled.
l If the authentication mode is password, and the corresponding password has been set, TCP 23 will be enabled, and TCP 22 will be disabled.
l If the authentication mode is scheme, there are three scenarios: when the supported protocol is specified as telnet, TCP 23 will be enabled; when the supported protocol is specified as SSH, TCP 22 will be enabled; when the supported protocol is specified as all, both the TCP 23 and TCP 22 port will be enabled.
Examples
l Example of the password authentication mode configuration
# Configure to authenticate users using the local password on the console port, and set the authentication password to aabbcc in plain text.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface aux 0
[Sysname-ui-aux0] authentication-mode password
[Sysname-ui-aux0] set authentication password simple aabbcc
After the configuration, when a user logs in to the switch through the console port, the user must enter the correct password.
l Example of the scheme authentication mode configuration
# Configure the authentication mode as scheme for VTY users logging in through Telnet.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface vty 0
[Sysname-ui-vty0] authentication-mode scheme
[Sysname-ui-vty0] quit
# Specify domain system as the default domain, and set the scheme authentication mode to local for the domain.
[Sysname] domain default enable system
[Sysname] domain system
[Sysname-isp-system] scheme local
[Sysname-ui-vty0] quit
# Configure the local authentication username and password.
[Sysname] local-user guest
[Sysname-luser-guest] password simple 123456
[Sysname-luser-guest] service-type telnet level 2
After the configuration, when a user logs in to the switch through VTY0, the user must enter the configured username and password.
auto-execute command
Syntax
auto-execute command text
undo auto-execute command
View
VTY user interface view
Parameters
text: Command to be executed automatically.
Description
Use the auto-execute command command to set the command that is executed automatically after a user logs in.
Use the undo auto-execute command command to disable the specified command from being automatically executed.
By default, no command is configured to be executed automatically after a user logs in.
Normally, the telnet command is specified to be executed automatically to enable the user to Telnet to a specific network device automatically.
l The auto-execute command command may cause you unable to perform common configuration in the user interface, so use it with caution.
l Before executing the auto-execute command command and save your configuration, make sure you can log in to the switch in other modes and cancel the configuration.
Examples
# Configure the telnet 10.110.100.1 command to be executed automatically after users log in to VTY 0.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface vty 0
[Sysname-ui-vty0] auto-execute command telnet 10.110.100.1
% This action will lead to configuration failure through ui-vty0. Are you sure?[
Y/N]y
After the above configuration, when a user logs onto the device through VTY 0, the device automatically executes the configured command and logs off the current user.
copyright-info enable
Syntax
copyright-info enable
undo copyright-info enable
View
System view
Parameters
None
Description
Use the copyright-info enable command to enable copyright information displaying.
Use the undo copyright-info enable command to disable copyright information displaying.
By default, copyright information displaying is enabled. That is, the copyright information is displayed after a user logs into a switch successfully.
Note that these two commands apply to users logging in through the console port and by means of Telnet.
Examples
# Disable copyright information displaying.
**************************************************************************
* Copyright (c) 2004-2008 Hangzhou H3C Tech. Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
**************************************************************************
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] undo copyright-info enable
# After the above configuration, no copyright information is displayed after a user logs in, as shown below.
<Sysname>
databits
Syntax
databits { 7 | 8 }
undo databits
View
AUX user interface view
Parameters
7: Sets the databits to 7.
8: Sets the databits to 8.
Description
Use the databits command to set the databits for the user interface.
Use the undo databits command to revert to the default databits.
The default databits is 8.
Examples
# Set the databits to 7.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface aux 0
[Sysname-ui-aux0] databits 7
display user-interface
Syntax
display user-interface [ type number | number ] [ summary ]
View
Any view
Parameters
type: User interface type, which can be AUX (for AUX user interface) and VTY (for VTY user interface).
number: User interface index. A user interface index can be relative or absolute.
l In relative user interface number scheme, the type argument is required. In this case, AUX user interfaces are numbered from AUX0 through AUX7; VTY user interfaces are numbered from VTY0 through VTY4.
l In absolute user interface number scheme, the type argument is not required. In this case, user interfaces are numbered from 0 to 12.
summary: Displays the summary information about a user interface.
Description
Use the display user-interface command to display the information about a specified user interface or all user interfaces. If the summary keyword is not specified, this command displays user interface type, absolute/relative user interface index, transmission speed, available command level, authentication mode, and physical position. If the summary keyword is specified, this command displays the number and type of the user interfaces, including those that are in use and those that are not in use.
Examples
# Display the information about user interface 0.
<Sysname> display user-interface 0
Idx Type Tx/Rx Modem Privi Auth Int Super
F 0 AUX 0 9600 - 3 N - S
+ : Current user-interface is active.
F : Current user-interface is active and work in async mode.
Idx : Absolute index of user-interface.
Type : Type and relative index of user-interface.
Privi: The privilege of user-interface.
Auth : The authentication mode of user-interface.
Int : The physical location of UIs.
Super: The Super authentication mode of UIs.
A : Authentication use AAA.
N : Current UI need not authentication.
P : Authentication use current UI's password.
S : Authentication use super password.
Table 1-1 Descriptions on the fields of the display user-interface command
Filed |
Description |
+ |
The user interface is in use. |
F |
The user interface operates in asynchronous mode. |
Idx |
The absolute index of the user interface |
Type |
User interface type and the relative index |
Tx/Rx |
Transmission speed of the user interface |
Modem |
Indicates whether or not a modem is used. |
Privi |
Available command level |
Auth |
Authentication mode |
Int |
Physical position of the user interface |
Super |
The authentication mode used for a user to switch from the current lower user level to a higher level, including S, A, SA and AS. S: Super password authentication A: HWTACACS authentication SA: Super password authentication is preferred, with HWTACACS authentication being a backup AS: HWTACACS authentication is preferred, with super password authentication being a backup For details about the four authentication modes, refer to the CLI part of the manual. |
A |
The current user authentication mode is scheme. |
N |
The current user authentication mode is none. |
P |
The current user authentication mode is password. |
S |
Super password authentication |
# Display the summary information about the user interface.
<Sysname> display user-interface summary
User interface type : [AUX]
0:UXXX XXXX
User interface type : [VTY]
8:UUUU X
5 character mode users. (U)
8 UI never used. (X)
5 total UI in use
Table 1-2 Description on the fields of the display user-interface summary command
Field |
Description |
User interface type |
User interface type: AUX or VTY |
0:UXXX XXXX/8:UUUU X |
0 and 8 represent the least absolute number for AUX user interfaces and VTY user interfaces. “U” and “X” indicate the usage state of an interface: U indicates that the corresponding user interface is used; X indicates that the corresponding user interface is idle. The total number of Us and Xs is the total number of user interfaces that are available. |
character mode users. (U) |
The number of current users, that is, the number of Us |
UI never used. (X) |
The number of user interfaces not being used currently, that is, the number of Xs |
total UI in use. |
The total number of user interfaces being used currently, that is, the total number of users currently logging in to the switch successfully |
display users
Syntax
display users [ all ]
View
Any view
Parameters
all: Displays the user information about all user interfaces.
Description
Use the display users command to display the user information about user interfaces.
If you do not specify the all keyword, only the user information about the current user interface is displayed.
Examples
# Display the user information about the current user interface.
<Sysname> display users
UI Delay Type Ipaddress Username Userlevel
+ 8 VTY 0 00:00:00 TEL 192.168.0.208 3
+ : Current operation user.
F : Current operation user work in async mode.
Table 1-3 Descriptions on the fields of the display users command
Field |
Description |
UI |
The numbers in the left sub-column are the absolute user interface indexes, and those in the right sub-column are the relative user interface indexes. |
Delay |
The period (in seconds) the user interface idles for. |
Type |
User type |
Ipaddress |
The IP address from which the user logs in. |
Username |
The login name of the user that logs into the user interface. |
Userlevel |
The level of the commands available to the users logging in to the user interface |
F |
The information is about the current user interface, and the current user interface operates in asynchronous mode. |
+ |
The user interface is in use. |
display web users
Syntax
display web users
View
Any view
Parameters
None
Description
Use the display web users command to display the information about the current on-line Web users.
Examples
# Display the information about the current on-line Web users.
<Sysname> display web users
ID Name Language Level Login Time Last Req. Time
00800003 admin English Management 06:16:32 06:18:35
Table 1-4 Description on the fields of the display web users command
Field |
Description |
ID |
ID of a Web user |
Name |
Name of a Web user |
Language |
Language a Web user uses |
Level |
Level of a Web user |
Login Time |
Time when a Web user logs in |
Last Req. Time |
Time when the latest request is made |
free user-interface
Syntax
free user-interface [ type ] number
View
User view
Parameters
type: User interface type, which can be AUX (for AUX user interface) and VTY (for VTY user interface).
number: User interface index. A user interface index can be relative or absolute.
l In relative user interface index scheme, the type argument is required. In this case, AUX user interfaces are numbered from AUX0 through AUX7; VTY user interfaces are numbered from VTY0 through VTY4.
l In absolute user interface index scheme, the type argument is not required. In this case, user interfaces are numbered from 0 to 12.
Description
Use the free user-interface command to free a user interface. That is, this command tears down the connection between a user and a user interface.
Note that the current user interface cannot be freed.
Examples
# Release user interface VTY 1.
<Sysname> free user-interface vty 1
Are you sure you want to free user-interface vty1 [Y/N]? y
[OK]
After you perform the above operation, the user connection on user interface VTY1 is torn down. The user in it must log in again to connect to the switch.
header
Syntax
header [ incoming | legal | login | shell ] text
undo header { incoming | legal | login | shell }
View
System view
Parameters
incoming: Sets the login banner for users that log in through modems. If you specify to authenticate login users, the banner appears after a user passes the authentication. (The session does not appear in this case.)
legal: Sets the authorization banner, which is displayed when a user enters user view.
login: Sets the login banner. The banner set by this keyword is valid only when users are authenticated before they log in to the switch and appears while the switch prompts for user name and password. If a user logs in to the switch through Web, the banner text configured will be displayed on the banner page.
shell: Sets the session banner, which appears after a session is established. If you specify to authenticate login users, the banner appears after a user passes the authentication.
text: Banner to be displayed. If no keyword is specified, this argument is the login banner. You can provide this argument in two ways. One is to enter the banner in the same line as the command (A command line can accept up to 254 characters.) The other is to enter the banner in multiple lines (you can start a new line by pressing Enter,) where you can enter a banner that can contain up to 2000 characters (including the invisible characters such as carriage return). Note that the first character is the beginning character and the end character of the banner. After entering the end character, you can press Enter to exit the interaction.
Description
Use the header command to set the banners that are displayed when a user logs into a switch. The login banner is displayed on the terminal when the connection is established. And the session banner is displayed on the terminal if a user successfully logs in.
Use the undo header command to disable displaying a specific banner or all banners.
By default, no banner is configured.
Note the following:
l If you specify any one of the four keywords without providing the text argument, the specified keyword will be regarded as the login information.
l The banner configured with the header incoming command is displayed after a modem user logs in successfully or after a modem user passes the authentication when authentication is required. In the latter case, the shell banner is not displayed.
l The banner configured with the header legal command is displayed when you enter the user interface. If password authentication is enabled or an authentication scheme is specified, this banner is displayed before login authentication.
l With password authentication enabled or an authentication scheme specified, the banner configured with the header login command is displayed after the banner configured with the header legal command and before login authentication.
l The banner configured with the header shell command is displayed after a non-modem user session is established.
Examples
# Configure banners.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] header login %Welcome to login!%
[Sysname] header shell %
Input banner text, and quit with the character '%'.
Welcome to shell!%
[Sysname] header incoming %
Input banner text, and quit with the character '%'.
Welcome to incoming!%
[Sysname] header legal %
Input banner text, and quit with the character '%'.
Welcome to legal!%
l The character % is the starting/ending character of text in this example. Entering % after the displayed text quits the header command.
l As the starting and ending character, % is not a part of a banner.
# Test the configuration remotely using Telnet. (only when login authentication is configured can the login banner be displayed).
**************************************************************************
* Copyright (c) 2004-2008 Hangzhou H3C Tech. Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
**************************************************************************
Welcome to legal!
Press Y or ENTER to continue, N to exit.
Welcome to login!
Login authentication
Password:
Welcome to shell!
<Sysname>
history-command max-size
Syntax
history-command max-size value
undo history-command max-size
View
User interface view
Parameters
value: Size of the history command buffer, ranging from 0 to 256 (in terms of commands).
Description
Use the history-command max-size command to set the size of the history command buffer.
Use the undo history-command max-size command to revert to the default history command buffer size.
By default, the history command buffer can contain up to ten commands.
Related commands: display history-command.
Examples
# Set the size of the history command buffer of AUX 0 to 20 to enable it to store up to 20 commands.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface aux 0
[Sysname-ui-aux0] history-command max-size 20
idle-timeout
idle-timeout minutes [ seconds ]
undo idle-timeout
View
User interface view
Parameters
minutes: Number of minutes. This argument ranges from 0 to 35,791.
seconds: Number of seconds. This argument ranges from 0 to 59.
Description
Use the idle-timeout command to set the timeout time. The connection to a user interface is terminated if no operation is performed in the user interface within the timeout time.
Use the undo idle-timeout command to revert to the default timeout time.
You can use the idle-timeout 0 command to disable the timeout function.
The default timeout time is 10 minutes.
Examples
# Set the timeout time of AUX 0 to 1 minute.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface aux 0
[Sysname-ui-aux0] idle-timeout 1
ip http shutdown
Syntax
ip http shutdown
undo ip http shutdown
View
Parameters
None
Description
Use the ip http shutdown command to shut down the WEB Server.
Use the undo ip http shutdown command to launch the WEB Server.
By default, the WEB Server is launched.
To improve security and prevent attacks to the unused Sockets, TCP 80 port for HTTP service will be enabled or disabled after corresponding configurations.
l TCP 80 port is enabled only after you use the undo ip http shutdown command to enable the Web server.
l If you use the ip http shutdown command to disabled the Web server, TCP 80 port is disabled.
After the Web file is upgraded, you need to use the boot web-package command to specify a new Web file or specify a new Web file from the boot menu after reboot for the Web server to operate properly. Refer to the File System Management part in this manual for information about the boot web-package command.
Examples
# Shut down the WEB Server.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] ip http shutdown
# Launch the WEB Server.
[Sysname] undo ip http shutdown
lock
Syntax
lock
View
User view
Parameters
None
Description
Use the lock command to lock the current user interface to prevent unauthorized operations in the user interface.
After you execute this command, the system prompts you for the password and prompts you to confirm the password. The user interface is locked only when the password entered is correct.
To unlock a user interface, press Enter and then enter the password as prompted.
Note that if you set a password containing more than 16 characters, the system matches only the first 16 characters of the password entered for unlocking the user interface. That is, the system unlocks the user interface as long as the first 16 characters of the password entered are correct.
By default, the current user interface is not locked.
Examples
# Lock the current user interface.
<Sysname> lock
Press Enter, enter a password, and then confirm it as prompted. (The password entered is not displayed).
Password:
Again:
locked !
In this case, the user interface is locked. To operate the user interface again, you need to press Enter and provide the password as prompted.
Password:
<Sysname>
parity
Syntax
parity { even | none | odd | }
undo parity
View
AUX user interface view
Parameters
even: Performs even checks.
none: Does not check.
odd: Performs odd checks.
Description
Use the parity command to set the check mode of the user interface.
Use the undo parity command to revert to the default check mode.
By default, no check is performed.
Examples
# Set to perform even checks.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface aux 0
[Sysname-ui-aux0] parity even
protocol inbound
Syntax
protocol inbound { all | ssh | telnet }
View
VTY user interface view
Parameters
all: Supports both Telnet protocol and SSH protocol.
ssh: Supports SSH protocol.
telnet: Supports Telnet protocol.
Description
Use the protocol inbound command to specify the protocols supported by the user interface.
Both Telnet protocol and SSH protocol are supported by default.
Related commands: user-interface vty.
To improve security and prevent attacks to the unused Sockets, TCP 23 and TCP 22 (ports for Telnet and SSH services respectively) will be enabled or disabled after corresponding configurations.
l If the authentication mode is none, TCP 23 will be enabled, and TCP 22 will be disabled.
l If the authentication mode is password, and the corresponding password has been set, TCP 23 will be enabled, and TCP 22 will be disabled.
l If the authentication mode is scheme, there are three scenarios: when the supported protocol is specified as telnet, TCP 23 will be enabled; when the supported protocol is specified as ssh, TCP 22 will be enabled; when the supported protocol is specified as all, both the TCP 23 and TCP 22 port will be enabled.
To configure a user interface to support SSH, you need to set the authentication mode to scheme for users to log in successfully. If the authentication mode is set to password or none for login users, the protocol inbound ssh command will fail. Refer to the authentication-mode command for the related configuration.
Examples
# Configure that only SSH protocol is supported in VTY 0.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface vty 0
[Sysname-ui-vty0] protocol inbound ssh
screen-length
Syntax
screen-length screen-length
undo screen-length
View
User interface view
Parameters
screen-length: Number of lines the screen can contain. This argument ranges from 0 to 512.
Description
Use the screen-length command to set the number of lines the terminal screen can contain.
Use the undo screen-length command to revert to the default number of lines.
By default, the terminal screen can contain up to 24 lines.
You can use the screen-length 0 command to disable the function to display information in pages.
Examples
# Set the number of lines the terminal screen can contain to 20.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface aux 0
[Sysname-ui-aux0] screen-length 20
send
Syntax
send { all | number | type number }
View
User view
Parameters
all: Sends messages to all user interfaces.
type: User interface type, which can be AUX (for AUX user interface) and VTY (for VTY user interface).
number: User interface index. A user interface index can be relative or absolute.
l In relative user interface index scheme, the type argument is required. In this case, AUX user interfaces are numbered from AUX0 through AUX7; VTY user interfaces are numbered from VTY0 through VTY4.
l In absolute user interface index scheme, the type argument is not required. In this case, user interfaces are numbered from 0 to 12.
Description
Use the send command to send messages to a user interface or all the user interfaces.
Examples
# Send “hello” to all user interfaces.
<Sysname> send all
Enter message, end with CTRL+Z or Enter; abort with CTRL+C:
hello^Z
Send message? [Y/N]y
The current user interface will receive the following information:
<Sysname>
***
***
***Message from vty1 to vty1
***
hello
service-type
Syntax
service-type { ftp | lan-access | { ssh | telnet | terminal }* [ level level ] }
undo service-type { ftp | lan-access | { ssh | telnet | terminal }* }
View
Local user view
Parameters
ftp: Specifies the users to be of FTP type.
lan-access: Specifies the users to be of LAN-access type, which normally means Ethernet users, such as 802.1x users.
ssh: Specifies the users to be of SSH type.
telnet: Specifies the users to be of Telnet type.
terminal: Makes terminal services available to users logging in through the console port.
level level: Specifies the user level for Telnet users, Terminal users, or SSH users. The level argument ranges from 0 to 3 and defaults to 0.
Description
Use the service-type command to specify the login type and the corresponding available command level.
Use the undo service-type command to cancel login type configuration.
Commands fall into four command levels: visit, monitor, system, and manage, which are described as follows:
l Visit level: Commands at this level are used to diagnose network and change the language mode of user interface, such as the ping, tracert, and language-mode command. The telnet command is also at this level. Commands at this level cannot be saved in configuration files.
l Monitor level: Commands at this level are used to maintain the system, to debug service problems, and so on. The display and debugging commands are at monitor level. Commands at this level cannot be saved in configuration files.
l System level: Commands at this level are used to configure services. Commands concerning routing and network layers are at system level. You can utilize network services by using these commands.
l Manage level: Commands at this level are for the operation of the entire system and the system supporting modules. Services are supported by these commands. Commands concerning file system, file transfer protocol (FTP), trivial file transfer protocol (TFTP), downloading using XModem, user management, and level setting are at administration level.
Refer to CLI for detailed introduction to the command level.
Examples
# Configure commands at level 0 are available to the users logging in using the user name of zbr.
System View: return to User View with Ctrl+Z.
[Sysname] local-user zbr
[Sysname-luser-zbr] service-type telnet level 0
# To verify the above configuration, you can quit the system, log in again using the user name of zbr, and then list the available commands, as listed in the following.
<Sysname> ?
User view commands:
cluster Run cluster command
display Display current system information
nslookup Query Internet name servers
ping Ping function
quit Exit from current command view
super Set the current user priority level
telnet Establish one TELNET connection
tracert Trace route function
undo Cancel current setting
set authentication password
Syntax
set authentication password { cipher | simple } password
undo set authentication password
View
User interface view
Parameters
cipher: Specifies to save the local password in cipher text.
simple: Specifies to save the local password in plain text.
password: Password to be set. The password must be in plain text if you specify the simple keyword in the set authentication password command. If you specify the cipher keyword, the password can be in either cipher text or plain text, as described in the following.
l When you enter the password in plain text containing no more than 16 characters (such as 123), the system converts the password to the corresponding 24-character encrypted password.
l When you enter the password in cipher text containing 24 characters, make sure you are aware of the corresponding password in plaintext. For example, the plain text “123456” corresponds to the cipher text “OUM!K%F<+$[Q=^Q`MAF4<1!!”.
Description
Use the set authentication password command to set the local password.
Use the undo set authentication password command to remove the local password.
Note that only plain text passwords are expected when users are authenticated.
By default, password authentication is performed when a user logs in through a modem or Telnet. If no password is set, the user cannot establish a connection with the switch.
Examples
# Set the local password of VTY 0 to “123”.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface vty 0
[Sysname-ui-vty0] set authentication password simple 123
shell
Syntax
shell
undo shell
View
User interface view
Parameters
None
Description
Use the shell command to enable terminal services.
Use the undo shell command to disable terminal services.
By default, terminal services are disabled in all user interfaces.
Note the following when using the undo shell command:
l Terminal services cannot be disabled in AUX user interfaces.
l This command is unavailable in the current user interface.
l The execution of this command requires user confirmation.
Examples
# Disable terminal services in VTY 0 through VTY 4 (assuming that you log in through an AUX user interface).
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface vty 0 4
[Sysname-ui-vty0-4] undo shell
% Disable ui-vty0-4 , are you sure ? [Y/N]y
speed
Syntax
speed speed-value
undo speed
View
AUX user interface view
Parameters
speed-value: Transmission speed (in bps). This argument can be 300, 600, 1200, 2400, 4800, 9600, 19,200, 38,400, 57,600, and 115,200.
Description
Use the speed command to set the transmission speed of the user interface.
Use the undo speed command to revert to the default transmission speed.
By default, the transmission speed is 9,600 bps.
Examples
# Set the transmission speed of the user interface AUX 0 to 115,200 bps.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface aux 0
[Sysname-ui-aux0] speed 115200
stopbits
Syntax
stopbits { 1 | 1.5 | 2 }
undo stopbits
View
AUX user interface view
Parameters
1: Sets the stopbits to 1.
1.5: Sets the stopbits to 1.5.
2: Sets the stopbits to 2.
Description
Use the stopbits command to set the stopbits of the user interface.
Use the undo stopbits command to revert to the default stopbits.
Execute these two commands in AUX user interface view only.
By default, the stopbits is 1.
l The S3100 series do not support communication with a terminal emulation program with stopbits set to 1.5.
l Changing the stop bits value of the switch to a value different from that of the terminal emulation utility does not affect the communication between them.
Examples
# Set the stop bits to 2.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface aux 0
[Sysname-ui-aux0] stopbits 2
telnet
Syntax
telnet { hostname | ip-address } [ service-port ] [ source-interface interface-type interface-number | source-ip ip-address ]
View
User view
Parameters
hostname: Host name of the remote device, a string of 1 to 20 characters.
ip-address: IPv4 address of the remote device.
service-port: Number of the TCP port through which the remote device provides Telnet service. This argument ranges from 0 to 65535, and defaults to 23.
source-interface interface-type interface-number: Specifies the type and number of the source interface.
source-ip ip-address: Specifies the source IP address.
Description
Use the telnet command to Telnet to another device from the current switch to manage the former remotely. You can terminate a Telnet connection by pressing Ctrl+K or by executing the quit command.
Examples
# Telnet from Ethernet switch Switch A to Switch B whose IP address is 129.102.0.1.
<SwitchA> telnet 129.102.0.1
Trying 129.102.0.1 ...
Press CTRL+K to abort
Connected to 129.102.0.1 ...
**************************************************************************
* Copyright(c) 2004-2008 Hangzhou H3C Tech. Co., Ltd. All rights reserved. *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
**************************************************************************
<SwitchB>
telnet ipv6
Syntax
telnet ipv6 remote-system [ -i interface-type interface-number ] [ port-number ]
View
User view
Parameters
remote-system: IPv6 address or host name of the remote system. An IPv6 address can be up to 46 characters; a host name is a string of 1 to 20 characters.
-i interface-type interface-number: Specifies the outbound interface by interface type and interface number. The outbound interface is required when the destination address is a local link address.
port-number: TCP port number assigned to Telnet service on the remote system, in the range 0 to 65535 and defaults to 23.
Description
Use the telnet ipv6 command to Telnet to a device from the current device to perform remote management operation. You can terminate a Telnet session by pressing Ctrl+K.
Example
# Telnet to the device with IPv6 address 3001::1.
<Sysname> telnet ipv6 3001::1
Trying 3001::1 ...
Press CTRL+K to abort
Connected to 3001::1 ...
**************************************************************************
* Copyright (c) 2004-2008 Hangzhou H3C Tech. Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
**************************************************************************
<Sysname>
user-interface
Syntax
user-interface [ type ] first-number [ last-number ]
View
System view
Parameters
type: User interface type, which can be AUX (for AUX user interface) and VTY (for VTY user interface).
first-number: User interface index identifying the first user interface to be configured. A user interface index can be relative or absolute.
l In relative user interface index scheme, the type argument is required. In this case, AUX user interfaces are numbered from AUX0 through AUX7; VTY user interfaces are numbered from VTY0 through VTY4.
l In absolute user interface index scheme, the type argument is not required. In this case, user interfaces are numbered from 0 to 12.
last-number: User interface number identifying the last user interface to be configured. The value of this argument must be larger than that of the first-number argument.
Description
Use the user-interface command to enter one or more user interface views to perform configuration.
Examples
# Enter VTY0 user interface.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface vty 0
[Sysname-ui-vty0]
user privilege level
Syntax
user privilege level level
undo user privilege level
View
User interface view
Parameters
level: Command level ranging from 0 to 3.
Description
Use the user privilege level command to configure the command level available to the users logging in to the user interface.
Use the undo user privilege level command to revert to the default command level.
By default, the commands at level 3 are available to the users logging in to the AUX user interface. The commands at level 0 are available to the users logging in to VTY user interfaces.
Commands fall into four command levels: visit, monitor, system, and manage, which are described as follows:
l Visit level: Commands at this level are used to diagnose network, such as the ping, tracert, and telnet command. Commands at this level cannot be saved in configuration files.
l Monitor level: Commands at this level are used to maintain the system, to debug service problems, and so on. The display and debugging commands are at monitor level. Commands at this level cannot be saved in configuration files.
l System level: Commands at this level are used to configure services. Commands concerning routing and network layers are at system level. You can utilize network services by using these commands.
l Manage level: Commands at this level are for the operation of the entire system and the system supporting modules. Services are supported by these commands. Commands concerning file system, file transfer protocol (FTP), trivial file transfer protocol (TFTP), downloading using XModem, user management, and level setting are at administration level.
Refer to CLI Configuration for information about command level.
Examples
# Configure that commands at level 1 are available to the users logging in to VTY 0.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface vty 0
[Sysname-ui-vty0] user privilege level 1
# You can verify the above configuration by Telnetting to VTY 0 and displaying the available commands, as listed in the following.
User view commands:
cluster Run cluster command
debugging Enable system debugging functions
display Display current system information
msdp-tracert MSDP trace route to source RP
mtracert Trace route to multicast source
nslookup Query Internet name servers
ping Ping function
quit Exit from current command view
reset Reset operation
send Send information to other user terminal interfaces
super Set the current user priority level
telnet Establish one TELNET connection
terminal Set the terminal line characteristics
tracert Trace route function
undo Cancel current setting
2 Commands for User Control
Commands for Controlling Logging in Users
acl
Syntax
acl acl-number { inbound | outbound }
undo acl { inbound | outbound }
View
User interface view
Parameters
acl-number: ACL number. This argument can identify different types of ACLs, as listed below.
l 2000 to 2999, for basic ACLs
l 3000 to 3999, for advanced ACLs
inbound: Applies the ACL for the users Telnetting to the local switch from the current user interface.
outbound: Applies the ACL for the users Telnetting to other devices from the current user interface.
Description
Use the acl command to apply an ACL for Telnet users.
Use the undo acl command to cancel the configuration.
By default, no ACL is applied.
Examples
# Apply ACL 2000 (a basic ACL) for the users Telnetting to the current switch (assuming that ACL 2000 already exists.)
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface vty 0 4
[Sysname-ui-vty0-4] acl 2000 inbound
free web-users
Syntax
free web-users { all | user-id user-id | user-name user-name }
View
User view
Parameters
all: Specifies all Web users.
user-id: Web user ID, an eight-digit hexadecimal number.
user-name: User name of the Web user. This argument can contain 1 to 80 characters.
Description
Use the free web-users command to disconnect a specified Web user or all Web users by force.
Examples
# Disconnect all Web users by force.
<Sysname> free web-users all
ip http acl
Syntax
ip http acl acl-number
undo ip http acl
View
System view
Parameters
acl-number: ACL number ranging from 2000 to 2999.
Description
Use the ip http acl command to apply an ACL to filter Web users.
Use the undo ip http acl command to disable the switch from filtering Web users using the ACL.
By default, the switch does not use the ACL to filter Web users.
Examples
# Apply ACL 2000 to filter Web users (assuming that ACL 2000 already exists.)
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] ip http acl 2000
snmp-agent community
Syntax
snmp-agent community { read | write } community-name [ acl acl-number | mib-view view-name ]*
undo snmp-agent community community-name
View
System view
Parameters
read: Specifies that the community has read-only permission in the specified view.
write: Specifies that the community has read/write permission in the specified view.
community-name: Community name, a string of 1 to 32 characters.
acl acl-number: Specifies an ACL number for the community. The acl-number argument ranges from 2000 to 2999.
mib-view view-name: Sets the name of the MIB view accessible to the community. The view-name argument is a string of 1 to 32 characters.
Description
Use the snmp-agent community command to set a community name and to enable users to access the switch through SNMP. You can also optionally use this command to apply an ACL to perform access control for network management users.
Use the undo snmp-agent community command to cancel community-related configuration for the specified community.
By default, SNMPv1 and SNMPv2c access a switch by community names.
Examples
# Set the community name to h123, enable users to access the switch in the name of the community (with read-only permission). Apply ACL 2000 for network management users (assuming that ACL 2000 already exists.)
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] snmp-agent community read h123 acl 2000
snmp-agent group
Syntax
In SNMPv1 and SNMPv2c:
snmp-agent group { v1 | v2c } group-name [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ]
undo snmp-agent group { v1 | v2c } group-name
In SNMPv3:
snmp-agent group v3 group-name [ authentication | privacy ] [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ]
undo snmp-agent group v3 group-name [ authentication | privacy ]
View
System view
Parameters
v1: SNMPv1.
v2c: SNMPv2c.
v3: SNMPv3.
group-name: Group name. This argument can be of 1 to 32 characters.
authentication: Specifies to authenticate SNMP data without encrypting the data.
privacy: Authenticates and encrypts packets.
read-view: Name of the view to be set to read-only. This argument can be of 1 to 32 characters.
write-view: Name of the view to be set to readable & writable. This argument can be of 1 to 32 characters.
notify-view: Name of the view to be set to a notifying view. This argument can be of 1 to 32 characters.
acl acl-number: Specifies an ACL. The acl-number argument ranges from 2,000 to 2,999.
Description
Use the snmp-agent group command to create an SNMP group. You can also optionally use this command to apply an ACL to filter network management users.
Use the undo snmp-agent group command to remove a specified SNMP group.
By default, the SNMP group configured through the snmp-agent group v3 command is not authenticated or encrypted.
Examples
# Create an SNMP group named h123 and apply ACL 2001 for network management users (assuming that basic ACL 2001 already exists).
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] snmp-agent group v1 h123 acl 2001
snmp-agent usm-user
Syntax
For SNMPv1 and SNMPv2c:
snmp-agent usm-user { v1 | v2c } user-name group-name [ acl acl-number ]
undo snmp-agent usm-user { v1 | v2c } user-name group-name
For SNMPv3:
snmp-agent usm-user v3 user-name group-name [ [ cipher ] authentication-mode { md5 | sha } auth-password [ privacy-mode { aes128 | des56 } priv-password ] ] [ acl acl-number ]
undo snmp-agent usm-user v3 user-name group-name { engineid engineid-string | local }
View
System view
Parameters
v1: SNMPv1.
v2c: SNMPv2c.
v3: SNMPv3.
user-name: User name, a string of 1 to 32 characters.
group-name: Name of the group to which the user corresponds. This argument is a string of 1 to 32 characters.
cipher: Specifies the authentication or encryption password to be in ciphertext.
authentication-mode: Requires authentication. If this keyword is not provided, neither authentication nor encryption is performed.
md5: Adopts HMAC-MD5 algorithm.
sha: Adopts HMAC-SHA algorithm.
auth-password: Authentication password, a string of 1 to 64 characters in plain text, a 32-bit hexadecimal number in cipher text if MD5 algorithm is used, and a 40-bit hexadecimal number in cipher text if SHA algorithm is used.
privacy: Encrypts packets.
des56: Specifies data encryption standard (DES) for encrypting.
aes128: Specifies advanced encryption standard (AES) for encrypting.
priv-password: Encryption password, a string of 1 to 64 characters in plain text, a 32-bit hexadecimal number in cipher text if MD5 algorithm is used, and a 40-bit hexadecimal number in cipher text if SHA algorithm is used.
acl-number: Basic ACL number, ranging from 2000 to 2999.
local: Specifies local entity users.
engineid-string: Engine ID associated with the user, a string of even number of hexadecimal numbers and comprising of 10 to 64 hexadecimal digits.
Description
Use the snmp-agent usm-user command to add a user to an SNMP group. You can also optionally use this command to apply an ACL for network management users.
Use the undo snmp-agent usm-user command to remove an SNMP user from the corresponding SNMP group and to remove the ACL configuration on the user.
Examples
# Add a user named aaa to an SNMP group named group1, specify to require authentication, specify the authentication protocol as HMAC-MD5-96 and authentication password as 123, and apply ACL 2002 to filter network management users (assuming that ACL 2002 already exists).
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] snmp-agent usm-user v3 aaa group1 authentication-mode md5 123 acl 2002