Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 02-Login Management Commands | 223.51 KB |
acl (user interface view)
Syntax
To use a basic or advanced ACL:
acl [ ipv6 ] acl-number { inbound | outbound }
undo acl [ ipv6 ] acl-number { inbound | outbound }
To use an Ethernet frame header ACL:
acl acl-number inbound
undo acl acl-number inbound
View
VTY user interface view
Default level
2: System level
Parameters
ipv6: When this keyword is present, the command supports IPv6; otherwise, it supports IPv4.
acl-number: Number of access control list (ACL), which ranges from 2000 to 4999:
· 2000 to 2999 for a basic ACL.
· 3000 to 3999 for an advanced ACL.
· 4000 to 4999 for an Ethernet frame header ACL.
inbound: Restricts Telnet or SSH connections established in the inbound direction through the VTY user interface. If the received packets for establishing a Telnet or SSH connection are permitted by an ACL rule, the connection is allowed to be established. When the switch functions as a Telnet server or SSH server, this keyword is used to control access of Telnet clients or SSH clients.
outbound: Restricts Telnet connections established in the outbound direction through the VTY user interface. If the packets sent for establishing a Telnet connection are permitted by an ACL rule, the connection is allowed to be established. When the device functions as a Telnet client, this keyword is used to define Telnet servers accessible to the client.
Description
Use the acl command to reference ACLs to control access to the VTY user interface.
Use the undo acl command to cancel the ACL application. For more information about ACL, see ACL and QoS Command Reference.
By default, access to the VTY user interface is not restricted.
If no ACL is referenced in VTY user interface view, the VTY user interface has no access control over establishing a Telnet or SSH connection.
If an ACL is referenced in VTY user interface view, the connection is permitted to be established only when packets for establishing a Telnet or SSH connection match a permit statement in the ACL.
The system regards the basic/advanced ACL with the inbound keyword, the basic/advanced ACL with the outbound keyword, and Ethernet frame header ACL as three different types of ACLs, which can coexist in one VTY user interface. The match order is basic/advanced ACL with the inbound keyword or outbound keyword, Ethernet frame header ACL. At most one ACL of each type can be referenced in the same VTY user interface, and the last configured one takes effect.
Examples
# Allow only the user with the IP address of 192.168.1.26 to access the device through Telnet or SSH.
<Sysname> system-view
[Sysname] acl number 2001
[Sysname-acl-basic-2001] rule permit source 192.168.1.26 0
[Sysname-acl-basic-2001] quit
[Sysname] user-interface vty 0
[Sysname-ui-vty0] acl 2001 inbound
After your configuration, user A (with IP address 192.168.1.26) can telnet to the device while user B (with IP address 192.168.1.60) cannot telnet to the device. Upon a connection failure, a message appears, saying "%connection closed by remote host!"
# Allow the device to only telnet to the Telnet server with IP address 192.168.1.41.
<Sysname> system-view
[Sysname] acl number 3001
[Sysname-acl-adv-3001] rule permit tcp destination 192.168.1.41 0
[Sysname-acl-adv-3001] quit
[Sysname] user-interface vty 0 4
[Sysname-ui-vty0-4] acl 3001 outbound
[Sysname-ui-vty0-4] return
<Sysname>
After your configuration, if you telnet to 192.168.1.46, your operation fails.
<Sysname> telnet 192.168.1.46
%Can't access the host from this terminal!
But you can telnet to 192.168.1.41.
<Sysname> telnet 192.168.1.41
Trying 192.168.1.41 ...
Press CTRL+K to abort
Connected to 192.168.1.41 ...
activation-key
Syntax
activation-key character
undo activation-key
View
User interface view
Default level
3: Manage level
Parameters
character: Shortcut key for starting a terminal session, a single character (or its corresponding ASCII code value that ranges from 0 to 127) or a string of 1 to 3 characters. However, only the first character functions as the shortcut key. For example, if you enter an ASCII code value of 97, the system uses its corresponding character a as the shortcut key. If you enter string b@c, the system uses the first character b as the shortcut key.
Description
Use the activation-key command to define a shortcut key for starting a terminal session.
Use the undo activation-key command to restore the default.
By default, pressing the Enter key starts a terminal session. However, if a new shortcut key is defined by the activation-key command, the Enter key no longer functions. To display the shortcut key you have defined, use the display current-configuration | include activation-key command.
|
|
NOTE: The activation-key command is not supported by the VTY user interface. |
Examples
# Configure character s as the shortcut key for starting a terminal session on the console port.
<Sysname> system-view
[Sysname] user-interface console 0
[Sysname-ui-console0] activation-key s
To verify the configuration:
[Sysname-ui-console0] return
<Sysname> quit
******************************************************************************
* Copyright (c) 2004-2010 Hangzhou H3C Tech. Co., Ltd. All rights reserved. *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
User interface con0 is available.
Please press ENTER.
<Sysname>
%Mar 2 18:40:27:981 2005 Sysname SHELL/5/LOGIN: Console login from con0
auto-execute command
Syntax
auto-execute command command
undo auto-execute command
View
User interface view
Default level
3: Manage level
Parameters
command: Specifies a command to be automatically executed.
Description
Use the auto-execute command command to specify a command to be automatically executed when a user logs in to the current user interface.
Use the undo auto-execute command command to remove the configuration.
By default, command auto-execution is disabled.
The console port does not support the auto-execute command command.
The system automatically executes the specified command when a user logs in to the user interface, and terminates the user connection after the command completes. If the command triggers another task, the system does not terminate the user connection until that task completes.
Typically, you use can use the auto-execute command telnet command in user interface view to enable a user to automatically telnet to the specified host when the user logs in to the device. After the user terminates the connection with the host, the user’s connection with the device is automatically terminated.
|
|
CAUTION: The auto-execute command command may disable you from configuring the system through the user interface to which the command is applied. Therefore, before configuring the command and saving the configuration (by using the save command), make sure that you can access the switch by other VTY, console, or AUX interfaces to remove the configuration in case a problem occurs. |
Examples
# Configure the device to automatically telnet to 192.168.1.41 after a user logs in to interface VTY 0.
<Sysname> system-view
[Sysname] user-interface vty 0
[Sysname -ui-vty0] auto-execute command display telnet 192.168.1.41
% This action will lead to configuration failure through ui-vty0. Are you sure?
[Y/N]:y
[Sysname-ui-vty0]
To verify the configuration:
Telnet to 192.168.1.40. The device automatically telnets to 192.168.1.41. The following output is displayed:
C:\> telnet 192.168.1.40
******************************************************************************
* Copyright (c) 2004-2010 Hangzhou H3C Tech. Co., Ltd. All rights reserved. *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
<Sysname>
Trying 192.168.1.41 ...
Press CTRL+K to abort
Connected to 192.168.1.41 ...
******************************************************************************
* Copyright (c) 2004-2010 Hangzhou H3C Tech. Co., Ltd. All rights reserved. *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
<Sysname.41>
This operation is the same as directly logging in to the device at 192.168.1.41. If the telnet connection to 192.168.1.41 is broken down, the telnet connection to 192.168.1.40 breaks down at the same time.
authentication-mode
Syntax
authentication-mode { none | password | scheme }
undo authentication-mode
View
User interface view
Default level
3: Manage level
Parameters
none: Performs no authentication.
password: Performs local password authentication.
scheme: Performs AAA authentication. For more information about AAA, see Security Configuration Guide.
Description
Use the authentication-mode command to set the authentication mode when users log in to the user interface.
Use the undo authentication-mode command to restore the default.
By default, the authentication mode is password for VTY and AUX user interfaces, and is none for the console user interface.
Related commands: set authentication password.
Examples
# Specify that no authentication is needed when users log in to the device through VTY 0. (This mode is insecure.)
<Sysname> system-view
[Sysname] user-interface vty 0
[Sysname-ui-vty0] authentication-mode none
# Set to use password authentication when users log in to the device through VTY 0, and set the authentication password to 321.
<Sysname> system-view
[Sysname] user-interface vty 0
[Sysname-ui-vty0] authentication-mode password
[Sysname-ui-vty0] set authentication password cipher 321
# Set to authenticate users by username and password when the users log in to the device through VTY 0. Set the username to 123 and the password to 321.
<Sysname> system-view
[Sysname] user-interface vty 0
[Sysname-ui-vty0] authentication-mode scheme
[Sysname-ui-vty0] quit
[Sysname] local-user 123
[Sysname-luser-123] password cipher 321
[Sysname-luser-123] service-type telnet
[Sysname-luser-123] authorization-attribute level 3
command accounting
Syntax
command accounting
undo command accounting
View
User interface view
Default level
3: Manage level
Parameters
None
Description
Use the command accounting command to enable command accounting.
Use the undo command accounting command to restore the default.
By default, command accounting is disabled. The accounting server does not record the commands that users have executed.
When command accounting is enabled and command authorization is not, every executed command is recorded on the HWTACACS server.
When both command accounting and command authorization are enabled, only the authorized and executed commands are recorded on the HWTACACS server.
Examples
# Enable command accounting on VTY 0. Then the HWTACACS server records the commands executed by users that have logged in through VTY 0.
<Sysname> system-view
[Sysname] user-interface vty 0
[Sysname-ui-vty0] command accounting
command authorization
Syntax
command authorization
undo command authorization
View
User interface view
Default level
3: Manage level
Parameters
None
Description
Use the command authorization command to enable command authorization.
Use the undo command authorization command to restore the default.
By default, command authorization is disabled. Logged-in users can execute commands without authorization.
With command authorization enabled, users logging in from the current user interface can perform only commands authorized by the server.
Examples
# Enable command accounting for VTY 0 so that users logging in from VTY 0 can perform only the commands authorized by the HWTACACS server.
<Sysname> system-view
[Sysname] user-interface vty 0
[Sysname-ui-vty0] command authorization
databits
Syntax
databits { 5 | 6 | 7 | 8 }
undo databits
View
User interface view
Default level
2: System level
Parameters
5: Sets 5 data bits for each character.
6: Sets 6 data bits for each character.
7: Sets 7 data bits for each character.
8: Sets 8 data bits for each character.
Description
Use the databits command to set data bits for each character.
Use the undo databits command to restore the default.
By default, 8 data bits are set for each character.
|
|
NOTE: · The command is only applicable to asynchronous serial interfaces (including AUX and console ports). · The device does not support data bits 5 and 6. · The data bits settings must be identical for the user interfaces of the connecting ports on the redirection device and the terminal device for communication. |
Examples
# Specify 5 data bits for each character.
<Sysname> system-view
[Sysname] user-interface aux 0
[Sysname-ui-aux0] databits 5
display ip http
Syntax
display ip http [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Description
Use the display ip http command to display HTTP information.
Examples
# Display information about HTTP..
<Sysname> display ip http
HTTP port: 80
WLAN ACL: 100
Basic ACL: 2222
Current connection: 0
Operation status: Running
Output description
|
Field |
Description |
|
HTTP port |
Port number used by the HTTP service. |
|
WLAN ACL |
WLAN ACL associated with the HTTP service (whether this field is displayed depends on the device model). |
|
Basic ACL |
Basic ACL number associated with the HTTP service. |
|
Current connection |
Number of current connections. |
|
Operation status |
Operation status: · Running—The HTTP service is enabled. Stopped—The HTTP service is disabled. |
display telnet client configuration
Syntax
display telnet client configuration [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Description
Use the display telnet client configuration command to display the related configuration information when the device serves as the Telnet client.
At present, the command displays the source IPv4 address or source interface information of the Telnet client.
Related commands: telnet client source.
Examples
# Display the related configuration information when the device serves as the Telnet client.
<Sysname> display telnet client configuration
The source IP address is 1.1.1.1.
The output shows that the device serves as the Telnet client and it sends the Telnet packets with the source IPv4 address 1.1.1.1.
display user-interface
Syntax
display user-interface [ num1 | { aux | console | vty } num2 ] [ summary ] [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
num1: Absolute number of a user interface.
aux: Specifies an AUX user interface.
console: Specifies a console user interface.
vty: Specifies a VTY user interface.
num2: Relative number of a user interface, 0 or 1 for an AUX or console user interface and 0 to 15 for a VTY user interface.
summary: Displays summary about user interfaces.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Description
Use the display user-interface command to display information about the specified or all user interfaces.
If the summary keyword is not included, the command displays the type of the user interface, the absolute or relative number, the transmission rate, the user privilege level, the authentication mode, and the access port.
If the summary keyword is included, the command displays all user interface numbers and types.
Examples
# Display information about user interface 0.
<Sysname> display user-interface 0
Idx Type Tx/Rx Modem Privi Auth Int
+ 0 CON 0 9600 - 3 N -
+ : Current user-interface is active.
F : Current user-interface is active and work in async mode.
Idx : Absolute index of user-interface.
Type : Type and relative index of user-interface.
Privi: The privilege of user-interface.
Auth : The authentication mode of user-interface.
Int : The physical location of UIs.
A : Authentication use AAA.
L : Authentication use local database.
N : Current UI need not authentication.
P : Authentication use current UI's password.
Table 2 Output description
|
Field |
Description |
|
+ |
The current user interface is active. |
|
F |
The current user interface is active and works in asynchronous mode. |
|
Idx |
The absolute number of the user interface. |
|
Type |
Type and relative number of the user interface. |
|
Tx/Rx |
Transmission rate of the user interface. |
|
Modem |
Whether the modem is allowed to dial in (in), dial out (out), or both (inout). By default, the character - is displayed to indicate that this function is disabled. |
|
Privi |
Indicates the command level of a user under that user interface. |
|
Auth |
Authentication mode for users logging in from the interface, which can be A, P, L, and N. |
|
Int |
The physical port that corresponds to the user interface. |
|
A |
AAA authentication. |
|
L |
Local authentication (not supported at present). |
|
N |
No authentication. |
|
P |
Password authentication. |
# Display summary about all user interfaces.
<Sysname> display user-interface summary
User interface type : [CON]
0:UX
User interface type : [AUX]
2:XX
User interface type : [VTY]
9:UXXX X
2 character mode users. (U)
7 UI never used. (X)
2 total UI in use
Table 3 Output description
|
Field |
Description |
|
User interface type |
Type of user interface (CON/AUX/VTY). |
|
0:UX |
0 represents the absolute number of the user interface. X means this user interface is not used; U means this user interface is in use. For example, 9:UXXX X shows that the absolute number of the first user interface is 9, and the user interface is in use. User interfaces 10, 11, 12, and 13 are not in use. |
|
character mode users. (U) |
Number of users, that is, the total number of character U. |
|
UI never used. (X) |
Number of user interfaces not used, that is, the total number of character X. |
|
total UI in use |
Total number of user interfaces in use. |
display users
Syntax
display users [ all ] [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
all: Displays information about all user interfaces that the device supports.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Description
Use the display users command to display information about the user interfaces that are being used.
Use the display users all command to display information about all user interfaces supported by the device.
Examples
# Display information about the user interfaces that are being used.
<Sysname> display users
The user application information of the user interface(s):
Idx UI Delay Type Userlevel
+ 9 VTY 0 00:00:00 TEL 3
10 VTY 1 00:02:34 TEL 3
Following are more details.
VTY 0 :
Location: 192.168.1.54
VTY 1 :
Location: 192.168.1.58
+ : Current operation user.
F : Current operation user work in async mode.
The output shows that two users have logged in to the device. The one with IP address 192.168.1.54 uses VTY 0, and the other with IP address 192.168.1.58 uses VTY 1.
Table 4 Output description
|
Field |
Description |
|
Idx |
Absolute number of the user interface. |
|
UI |
Relative number of the user interface. The first column, for example, VTY, represents user interface type, and the second column, for example, 0, represents the relative number of the user interface. |
|
Delay |
Time elapsed since the user's last input, in the format of hh:mm:ss. |
|
Type |
User type, such as Telnet or SSH. |
|
Userlevel |
User level: 0 for visit, 1 for monitor, 2 for system, and 3 for manage. |
|
+ |
Current user. |
|
Location |
IP address of the user. |
|
F |
The current user works in asynchronous mode. |
display web users
Syntax
display web users [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Description
Use the display web users command to display information about the web users.
Examples
# Display information about the web users.
<Sysname> display web users
UserID Name Language Level State LinkCount LoginTime LastTime
ab890000 admin Chinese Management Enable 0 14:13:46 14:14:18
Table 5 Output description
|
Field |
Description |
|
UserID |
Web user ID |
|
Name |
Web username |
|
Language |
Language used in web login |
|
Level |
Web user level |
|
State |
Web user status |
|
LinkCount |
Number of tasks running for the web user |
|
LoginTime |
Login time |
|
LastTime |
Last time when the web user accessed the device |
escape-key
Syntax
escape-key { default | character }
undo escape-key
View
User interface view
Default level
3: Manage level
Parameters
character: Specifies the shortcut key for aborting a task, a single character (or its corresponding ASCII code value in the range of 0 to 127) or a string of 1 to 3 characters. Only the first character of a string functions as the shortcut key. For example, if you enter an ASCII code value 113, the system uses its corresponding character q as the shortcut key. If you enter the string q@c, the system uses the first character q as the shortcut key.
default: Restores the default escape key sequence Ctrl+C.
Description
Use the escape-key command to define a shortcut key for aborting a task.
Use the undo escape-key command to disable the shortcut key for aborting tasks.
By default, a task is terminated by using Ctrl+C.
After defining a new shortcut key by using the escape-key command, the new shortcut key functions to terminate a task. To display the shortcut key you have defined, use the display current-configuration command.
If you set the character argument in a user interface of a device, when you use the user interface to log in to the device and then telnet to another device, the character argument can only be used as a control character to terminate a task, rather than as a common character. For example, if you specify character as e in VTY 0 user interface of Device A, when you log in to Device A by using VTY 0 on a PC (Hyper Terminal), you can enter e as a common character on the PC, and you can also use e to terminate the task running on Device A. If you telnet to Device B from Device A, however, you can only use e to terminate the task running on Device B, rather than as a common character. A good practice is to configure character as a key sequence.
Examples
# Define key a as the shortcut key for aborting a task.
<Sysname> system-view
[Sysname] user-interface console 0
[Sysname-ui-console0] escape-key a
# Verify the configuration:
1. Use the ping command to check the reachability of the device with the IP address of 192.168.1.49 and use the -c argument to specify the number of ICMP echo packets to be sent as 20.
<Sysname> ping -c 20 192.168.1.49
PING 192.168.1.49: 56 data bytes, press a to break
Reply from 192.168.1.49: bytes=56 Sequence=1 ttl=255 time=3 ms
Reply from 192.168.1.49: bytes=56 Sequence=2 ttl=255 time=3 ms
2. Enter a. The task terminates immediately and the system returns to system view.
--- 192.168.1.49 ping statistics ---
2 packet(s) transmitted
2 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/3/3 ms
<Sysname>
flow-control
Syntax
flow-control { hardware | none | software }
undo flow-control
View
User interface view
Default level
2: System level
Parameters
hardware: Performs hardware flow control.
none: Performs no flow control.
software: Performs software flow control.
Description
Use the flow-control command to configure flow control mode.
Use the undo flow-control command to restore the default.
By default, no flow control is performed.
A flow control mode takes effect on both inbound and outbound directions. In inbound flow control, the local device listens to the remote device for flow control information while in the outbound flow control, the local device sends flow control information to the remote device.
Two ends must be configured with the same flow control mode.
|
|
NOTE: · The device does support hardware and software flow control. · The command is only applicable to asynchronous serial interfaces (including AUX and console ports). |
Examples
# Configure software flow control in the inbound and outbound directions for port console 0.
<Sysname> system-view
[Sysname] user-interface console 0
[Sysname-ui-console0] flow-control software
free user-interface
Syntax
free user-interface { num1 | { aux | console | vty } num2 }
View
User view
Default level
3: Manage level
Parameters
num1: Absolute number of a user interface.
aux: Specifies an AUX user interface.
console: Specifies a console user interface.
vty: Specifies a VTY user interface.
num2: Relative number of a user interface, 0 or 1 for an AUX or console user interface and 0 to 15 for a VTY user interface..
Description
Use the free user-interface command to release the connection established on the specified user interface.
This command cannot release the connection that you are using.
Examples
# Release the connection to user interface VTY 1.
1. Display which user interfaces are being used on the switch.
<Sysname> display users
The user application information of the user interface(s):
Idx UI Delay Type Userlevel
+ 82 VTY 0 00:00:00 TEL 3
83 VTY 1 00:00:03 TEL 3
Following are more details.
VTY 0 :
Location: 192.168.1.26
VTY 1 :
Location: 192.168.1.20
+ : Current operation user.
F : Current operation user work in async mode.
2. To prevent the user on VTY 1 from operating the switch, release the connection to VTY 1.
<Sysname> free user-interface vty 1
Are you sure to free user-interface vty1? [Y/N]:y
free web-users
Syntax
free web-users { all | user-id user-id | user-name user-name }
View
User view
Default level
2: System level
Parameters
all: Specifies all web users.
user-id: Web user ID, which is a hexadecimal number of eight digits.
user-name: Web user name, which is a string of 1 to 80 characters.
Description
Use the free web-users command to log out web users.
Related commands: display web users.
Examples
# Log out all web users.
<Sysname> free web-users all
history-command max-size
Syntax
history-command max-size size-value
undo history-command max-size
View
User interface view
Default level
2: System level
Parameters
size-value: Specifies the number of history commands that the buffer can store. The value ranges from 0 to 256.
Description
Use the history-command max-size command to set the size of history command buffer of the current user interface.
Use the undo history-command max-size command to restore the default.
By default, the buffer saves 10 history commands.
The history command buffer saves validated history commands individually per user interface and buffers for different user interfaces do not affect each other. To display the commands that are stored in the history buffer, use the display history-command command. To view the recently executed commands, press the upper arrow key or lower arrow key. For more information about the display history-command command, see the chapter “CLI configuration commands.”
After you terminate the current session, the system automatically removes the commands saved in the related history buffer.
Examples
# Set the buffer to store 20 history commands at most.
<Sysname> system-view
[Sysname] user-interface console 0
[Sysname-ui-console0] history-command max-size 20
idle-timeout
Syntax
idle-timeout minutes [ seconds ]
undo idle-timeout
View
User interface view
Default level
2: System level
Parameters
minutes: Specifies timeout time in minutes, which ranges from 0 to 35791, and defaults to 10 minutes.
seconds: Specifies timeout time in seconds, which ranges from 0 to 59, and defaults to 0 seconds.
Description
Use the idle-timeout command to set the idle-timeout timer. When it expires, user sessions are terminated.
Use the undo idle-timeout command to restore the default.
The default idle-timeout is 10 minutes.
|
|
NOTE: · The system automatically terminates the user’s connection if there is no information interaction between the device and the user in timeout time. · Setting idle-timeout to zero disables the timer. In this case, connections are maintained unless you terminate them. |
Examples
# Set the idle-timeout timer to 1 minute and 30 seconds.
<Sysname> system-view
[Sysname] user-interface console 0
[Sysname-ui-console0] idle-timeout 1 30
ip alias
Syntax
ip alias ip-address port-number
undo ip alias ip-address
View
System view
Default level
2: System level
Parameters
ip-address: IP address associated to the telnet redirection listening port. The IP address cannot be an interface’s address on the switch, but can be in the same subnet as an interface’s address.
port-number: Telnet redirection listening port, which ranges from 2000 to 50000.
Description
Use the ip alias command to associate a telnet redirection listening port to an IP address.
Use the undo ip alias command to restore the default.
By default, a telnet redirection listening port is not associated to any IP address.
For example, a user is connected to device A, and device A is connected to device B through its serial port. If the redirect enable and redirect listen-port port-number commands are configured on device A, the user can log in to device B by telnetting to the IP address of device A and the specified port number. If you associate device A’s IP address to the specified port number with the ip alias ip-address port-number command, the user can log in to device B by only telnetting to the IP address of device A.
Examples
# Associate the telnet redirection listening port 2000 to the IP address 1.1.1.1.
<Sysname> system-view
[Sysname] ip alias 1.1.1.1 2000
ip http acl
Syntax
ip http acl acl-number
undo ip http acl
View
System view
Default level
2: System level
Parameters
acl-number: ACL number. A basic IPv4 ACL ranges from 2000 to 2999. The value range depends on your device model.
Description
Use the ip http acl command to associate the HTTP service with an ACL.
Use the undo ip http acl command to remove the association.
By default, the HTTP service is not associated with any ACL.
After the HTTP service is associated with an ACL, only the clients permitted by the ACL can access the device through HTTP.
Related commands: display ip http; acl number (ACL and QoS Command Reference).
Examples
# Associate the HTTP service with ACL 2001 to only allow the clients within the 10.10.0.0/16 network to access the device through HTTP.
<Sysname> system-view
[Sysname] acl number 2001
[Sysname-acl-basic-2001] rule permit source 10.10.0.0 0.0.255.255
[Sysname-acl-basic-2001] quit
[Sysname] ip http acl 2001
ip http enable
Syntax
ip http enable
undo ip http enable
View
System view
Default level
2: System level
Parameters
None
Description
Use the ip http enable command to enable the HTTP service.
Use the undo ip http enable command to disable the HTTP service.
By default, the HTTP service is enabled.
The device can act as the HTTP server that can be accessed only after the HTTP service is enabled.
Related commands: display ip http.
Examples
# Enable the HTTP service.
<Sysname> system-view
[Sysname] ip http enable
# Disable the HTTP service.
<Sysname> system-view
[Sysname] undo ip http enable
ip http port
Syntax
ip http port port-number
undo ip http port
View
System view
Default level
3: Manage level
Parameters
port-number: Port number of the HTTP service, which ranges from 1 to 65535.
Description
Use the ip http port command to configure the port number of the HTTP service.
Use the undo ip http port command to restore the default.
By default, the port number of the HTTP service is 80.
Verify that the port number is not used by another service, because this command does not check for conflicts with configured port numbers.
Related commands: display ip http.
Examples
# Configure the port number of the HTTP service as 8080.
<Sysname> system-view
[Sysname] ip http port 8080
lock
Syntax
lock
View
User view
Default level
3: Manage level
Parameters
None
Description
Use the lock command to lock the user interface by password protection. This method prevents unauthorized users from using the user interface.
When entering the lock command, you are asked to enter a password (up to 16 characters) and then confirm it by entering the password again. To successfully set the password, enter the same passwords. After locking the user interface, next time you enter this user interface, you must press Enter and enter the correct password.
By default, this function is disabled.
Examples
# Lock the current user interface.
<Sysname> lock
Please input password<1 to 16> to lock current user terminal interface:
Password:
Again:
locked !
Password:
parity
Syntax
parity { even | mark | none | odd | space }
undo parity
View
User interface view
Default level
2: System level
Parameters
even: Performs an even parity check.
mark: Performs a mark parity check.
none: Performs no parity check.
odd: Performs an odd parity check.
space: Performs a space parity check.
Description
Use the parity command to set a parity check method.
Use the undo parity command to restore the default.
By default, no parity check is performed.
|
|
NOTE: · The command is only applicable to asynchronous serial interfaces (including AUX and console ports). · The parity check settings must be identical for the user interfaces of the connecting ports on the redirection device and the target terminal device for communication. |
Examples
# Configure the AUX port to perform odd parity check.
<Sysname> system-view
[Sysname] user-interface aux 0
[Sysname-ui-aux0] parity odd
protocol inbound
Syntax
protocol inbound { all | ssh | telnet }
undo protocol inbound
View
VTY interface view
Default level
3: Manage level
Parameters
all: Supports both Telnet and SSH.
ssh: Supports SSH only.
telnet: Supports Telnet only.
Description
Use the protocol inbound command to enable the current user interface to support either Telnet or SSH, or both of them.
Use the undo protocol inbound command to restore the default.
By default, all the three protocols are supported.
The configuration takes effect next time you log in.
|
|
CAUTION: · Before configuring a user interface to support SSH, set the authentication mode to scheme for users logging in through the user interface; otherwise, the protocol inbound ssh command fails. For more information, see authentication-mode. · By default, the authentication mode of the Telnet protocol is password. |
Examples
# Enable the VTYs 0 through 4 to support SSH only.
<Sysname> system-view
[Sysname] user-interface vty 0 4
[Sysname-ui-vty0-4] authentication-mode scheme
[Sysname-ui-vty0-4] protocol inbound ssh
screen-length
Syntax
screen-length screen-length
undo screen-length
View
User interface view
Default level
2: System level
Parameters
screen-length: Number of lines on a screen, which ranges from 0 to 512. The value of 0 disables pausing between screens of output.
Description
Use the screen-length command to set the maximum number of lines on a screen.
Use the undo screen-length command to restore the default.
By default, a screen displays 24 lines at most.
When screen output pauses, press the Space key to display the next screen. Not all display terminals support this command setting. For example, assume that you set screen-length to 40, but the terminal screen can display 24 lines at most. When you press Space, the device sends 40 lines to the terminal display, but the next screen displays only lines 18 through 40. To view the first 17 lines, you must press Page Up or Page Down.
To disable pausing between screens of output for the current session, use the screen-length disable command.
Examples
# Set the user interface of console port 0 to display up to 30 lines on a screen.
<Sysname> system-view
[Sysname] user-interface console 0
[Sysname-ui-console0] screen-length 30
send
Syntax
send { all | num1 | { aux | console | vty } num2 }
View
User view
Default level
1: Monitor level
Parameters
all: Sends messages to all user interfaces.
num1: Absolute number of a user interface.
aux: Sends messages to an AUX user interface.
console: Sends messages to a console user interface.
vty: Sends messages to a VTY user interface.
num2: Relative number of a user interface, 0 or 1 for an AUX or console user interface and 0 to 15 for a VTY user interface.
Description
Use the send command to send messages to the specified user interfaces.
To end message input, press Ctrl+Z. To cancel message input and exit to user view, press Ctrl+C.
Examples
# Send message hello abc to the console user interface.
<Sysname> send console 0
Enter message, end with CTRL+Z or Enter; abort with CTRL+C:
hello abc^Z
Send message? [Y/N]:y
<Sysname>
***
***
***Message from con0 to con0
***
hello abc
<Sysname>
# A user logging in through VTY 0 wants to restart the device. To inform the other users to take corresponding actions (for example, save the current configuration), the system sends the message “Note please, I will reboot the system!”.
· Configuration on VTY 0
<Sysname> send vty 1
Enter message, end with CTRL+Z or Enter; abort with CTRL+C:
Note please, I will reboot the system!^Z
Send message? [Y/N]:y
<Sysname>
· If a user is trying to log in through VTY 1, the message appears. (VTY 1 received the message from VTY 0 when the interface GigabitEthernet command is being entered.)
[Sysname] interface Giga
***
***
***Message from vty0 to vty1
***
Note please, I will reboot the system!
set authentication password
Syntax
set authentication password { cipher | simple } password
undo set authentication password
View
User interface view
Default level
3: Manage level
Parameters
cipher: Cipher text password.
simple: Plain text password.
password: Case-sensitive string. If the password format is simple, the password argument must be in plain text, and the configuration file saves the password in plain text. If the format is cipher, password can be either in cipher text or in plain text, and the configuration file always saves the password in cipher text. A plain text password can be a string of no more than 16 characters, 1234567 for example. A cipher text password or the encrypted version of the plain text password comprises 24 characters, such as _(TT8F]Y\5SQ=^Q`MAF4<1!!.
Description
Use the set authentication password command to set a local authentication password.
Use the undo set authentication password command to remove the local authentication password.
By default, no local authentication password is set.
No matter whether the password format is plain text or cipher text, you must enter the password in plain text at authentication.
A plain text password easily gets cracked. Use a cipher text password for security.
Related commands: authentication-mode.
Examples
# Set the local authentication password for user interface console 0 to hello.
<Sysname> system-view
[Sysname] user-interface console 0
[Sysname-ui-console0] authentication-mode password
[Sysname-ui-console0] set authentication password cipher hello
Next time you enter the system, the password is required.
shell
Syntax
shell
undo shell
View
User interface view
Default level
3: Manage level
Parameters
None
Description
Use the shell command to enable terminal services on the user interface.
Use the undo shell command to disable terminal services.
You cannot disable the terminal services on the user interface where you are logged in.
The undo shell command is not supported by the console port.
By default, terminal services are enabled on all user interfaces.
Examples
# Disable terminal services on VTYs 0 through 4, which means you cannot log in to the switch from VTYs 0 through 4.
<Sysname> system-view
[Sysname] user-interface vty 0 4
[Sysname-ui-vty0-4] undo shell
% Disable ui-vty0-4 , are you sure? [Y/N]:y
[Sysname-ui-vty0-4]
The following message appears when a terminal tries to telnet to the device:
The connection was closed by the remote host!
speed (user interface view)
Syntax
speed speed-value
undo speed
View
User interface view
Default level
2: System level
Parameters
speed-value: Transmission rate in bps.
Description
Use the speed command to set the transmission rate on the user interface.
Use the undo speed command to restore the default transmission rate.
By default, the transmission rate is 9600 bps.
|
|
NOTE: · The command is only applicable to asynchronous serial interfaces (including AUX and console ports). · The transmission rate settings must be identical for the user interfaces of the connecting ports on the redirection device and the target terminal device for communication. |
Examples
# Set the transmission rate on the user interface AUX 0 to 19200 bps.
<Sysname> system-view
[Sysname] user-interface aux 0
[Sysname-ui-aux0] speed 19200
stopbits
Syntax
stopbits { 1 | 1.5 | 2 }
undo stopbits
View
User interface view
Default level
2: System level
Parameters
1: One stop bit.
1.5: One and a half stop bits.
2: Two stop bits.
Description
Use the stopbits command to set the number of stop bits transmitted per byte.
Use the undo stopbits command to restore the default.
By default, the stop bit is one.
|
|
NOTE: · The command is only applicable to asynchronous serial interfaces (including AUX and console ports). · The device does not support stop bits 1.5. · The stop bits settings must be the identical for the user interfaces of the connecting ports on the redirection device and the target device for communication. |
Examples
# Set the stop bits on the user interface AUX 0 to 1.
<Sysname> system-view
[Sysname] user-interface aux 0
[Sysname-ui-aux0] stopbits 1
telnet
Syntax
telnet remote-host [ service-port ] [ vpn-instance vpn-instance-name ] [ source { interface interface-type interface-number | ip ip-address } ]
View
User view
Default level
0: Visit level
Parameters
remote-host: IPv4 address or host name of the remote host. The host name is a case-insensitive string of 1 to 20 characters.
service-port: TCP port number for the remote Telnet server. It ranges from 0 to 65535 and defaults to 23.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN that the remote system belongs to, where vpn-instance-name is a case-sensitive string of 1 to 31 characters. If the remote system is on the public network, do not specify this option.
source: Specifies the source interface or source IPv4 address of Telnet packets.
interface interface-type interface-number: Specifies the source interface. The source IPv4 address of the Telnet packets sent is the IPv4 address of the specified source interface. interface-type interface-number represents the interface type and number.
ip ip-address: Specifies the source IPv4 address of Telnet packets.
Description
Use the telnet command to telnet to a remote host. To stop the current Telnet login, press Ctrl+K or use the quit command.
Multiple concurrent login users are supported, and the maximum number is 16.
The source IPv4 address or source interface specified by this command is applicable to the current Telnet connection only.
Examples
# Telnet to the remote host with the IP address 1.1.1.2, and specify the source IP address of Telnet packets as 1.1.1.1.
<Sysname> telnet 1.1.1.2 source ip 1.1.1.1
telnet client source
Syntax
telnet client source { interface interface-type interface-number | ip ip-address }
undo telnet client source
View
System view
Default level
2: System level
Parameters
interface interface-type interface-number: Specifies the source interface. The source IPv4 address of the Telnet packets sent is the IPv4 address of the specified interface. interface-type interface-number represents the interface type and number.
ip ip-address: Specifies the source IPv4 address of Telnet packets.
Description
Use the telnet client source command to specify the source IPv4 address or source interface for sending Telnet packets when the device serves as the Telnet client.
Use the undo telnet client source command to remove the configuration.
By default, no source IPv4 address or source interface is specified for Telnet packets, and the system uses the IPv4 address of the interface determined by the matched route as the source IPv4 address of Telnet packets.
· The source IPv4 address or source interface specified by this command is applicable to all Telnet connections.
· If you use both this command and the telnet command to specify the source IPv4 address or source interface, the source IPv4 address or interface specified by the telnet command takes effect.
Related commands: display telnet client configuration.
telnet ipv6
Syntax
telnet ipv6 remote-host [ -i interface-type interface-number ] [ port-number ] [ vpn-instance vpn-instance-name ]
View
User view
Default level
0: Visit level
Parameters
remote-host: IP address or host name of the remote host. The host name is a case-insensitive string of 1 to 46 characters.
-i interface-type interface-number: Specifies the outbound interface for sending Telnet packets, where interface-type interface-number represents the interface type and number. You need to provide the -i interface-type interface-number argument if the destination address is a link-local address.
port-number: TCP port number of the remote Telnet server. It ranges from 0 to 65535 and defaults to 23.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN that the remote system belongs to, where vpn-instance-name is a case-sensitive string of 1 to 31 characters. If the remote system is on the public network, do not specify this option.
Description
Use the telnet ipv6 command to telnet to a remote IPv6 host. To stop the current Telnet login, press Ctrl+K or use the quit command.
Examples
# Telnet the remote host with the IPv6 address 2000::1.
<Sysname> telnet ipv6 2000::1
telnet server enable
Syntax
telnet server enable
undo telnet server enable
View
System view
Default level
3: Manage level
Parameters
None
Description
Use the telnet server enable command to enable the Telnet server.
Use the undo telnet server enable command to disable the Telnet server.
The Telnet server is disabled by default.
Examples
# Enable the Telnet server.
<Sysname> system-view
[Sysname] telnet server enable
terminal type
Syntax
terminal type { ansi | vt100 }
undo terminal type
View
User interface view
Default level
2: System level
Parameters
ansi: Specifies the terminal display type as ANSI.
vt100: Specifies the terminal display type as VT100.
Description
Use the terminal type command to configure the type of terminal display under the current user interface.
Use the undo terminal type command to restore the default.
By default, the terminal display type is ANSI.
The device supports two types of terminal display: ANSI and VT100. It is recommended to set the display type of both the device and the client to VT100. If types of terminal displays are different for the device and the client (for example, hyper terminal or Telnet terminal) or both are set to ANSI, when the total number of characters of the currently edited command line exceeds 80, anomalies such as cursor corruption or abnormal display of the terminal display may occur on the client. .
Examples
# Set the terminal display type to VT100.
<Sysname> system-view
[Sysname] user-interface vty 0
[Sysname-ui-vty0] terminal type vt100
user privilege level
Syntax
user privilege level level
undo user privilege level
View
User interface view
Default level
3: Manage level
Parameters
level: Specifies a command level, which ranges from 0 to 3.
|
|
NOTE: Command level is divided into four levels of visit, monitor, system, and manage, represented by the number 0, 1, 2 and 3 respectively. The administrator can change the command level of a user when necessary. |
Description
Use the user privilege level command to configure the command level for login users on the current user interface.
Use the undo user privilege level command to restore the default.
By default, the default command level is 3 for the console and AUX user interfaces and 0 for the other user interfaces.
Examples
# Set the command level for the user logging in from VTY 0 to 0.
<Sysname> system-view
[Sysname] user-interface vty 0
[Sysname-ui-vty0] user privilege level 0
After you telnet the device from VTY 0, the terminal only displays commands of level 0 in the help information:
<Sysname> ?
User view commands:
display Display current system information
ping Ping function
quit Exit from current command view
ssh2 Establish a secure shell client connection
super Set the current user priority level
telnet Establish one TELNET connection
tracert Trace route function
user-interface
Syntax
user-interface { first-num1 [ last-num1 ] | { aux | console | vty } first-num2 [ last-num2 ] }
View
System view
Default level
2: System level
Parameters
first-num1: Absolute number of the first user interface.
last-num1: Absolute number of the last user interface. The value typically starts from 0 and cannot be smaller than the first-num1.
aux: Specifies an AUX user interface.
console: Specifies a console user interface.
vty: Specifies a VTY user interface.
first-num2: Relative number of the first user interface, 0 or 1 for an AUX or console user interface and 0 to 15 for a VTY user interface..
last-num2: Relative number of the last user interface. For VTY user interfaces, the value ranges from (first-num2+1) to 15.
Description
Use the user-interface command to enter a single or multiple user interface views.
In a single user interface view, the configuration takes effect in the user view only.
In multiple user interface views, the configuration takes effect in these user views.
Examples
# Enter console user interface view.
<Sysname> system-view
[Sysname] user-interface console 0
[Sysname-ui-console0]
# Enter the user interface view of VTY 0 to 4.
<Sysname> system-view
[Sysname] user-interface vty 0 4
[Sysname-ui-vty0-4]
web captcha
Syntax
web captcha verification-code
undo web captcha
View
User view
Default level
3: Manage level
Parameters
verification-code: Fixed verification code for web login, a case-sensitive 4-character string.
Description
Use the web captcha command to specify a fixed verification code for web login.
Use the undo web captcha command to restore the default.
By default, a web user must enter the verification code indicated on the login page to log in.
After you configure a fixed verification code for web login, a web user can use the code for login, without caring about the verification code displayed on the login page. This feature is intended for test environments where a script is usually used for web function tests. Eliminating the requirement for entering the verification code every time, this feature helps improve the test efficiency.
For web access security, do not use this feature in production environments.
This command is not saved to the configuration file and cannot survive a reboot.
Examples
# Specify a fixed verification code for web login
<Sysname> web captcha test
