Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 02-Login management commands | 219.29 KB |
acl (user interface view)
Use acl to reference ACLs to control access to the VTY user interface.
Use undo acl to cancel the ACL application.
Syntax
To use a basic or advanced ACL:
acl acl-number { inbound | outbound }
undo acl acl-number { inbound | outbound }
To use an Ethernet frame header ACL:
acl acl-number inbound
undo acl acl-number inbound
Default
Access to the VTY user interface is not restricted.
Views
VTY user interface view
Default command level
2: System level
Parameters
acl-number: Specifies the number of the ACL:
· Basic ACL—2000 to 2999
· Advanced ACL—3000 to 3999
· Ethernet frame header ACL—4000 to 4999
inbound: Restricts Telnet or SSH connections established in the inbound direction through the VTY user interface. If the received packets for establishing a Telnet or SSH connection are permitted by an ACL rule, the connection is allowed to be established. When the device functions as a Telnet server or SSH server, use this keyword to control access of Telnet clients or SSH clients.
outbound: Restricts Telnet connections established in the outbound direction through the VTY user interface. If the packets sent for establishing a Telnet connection are permitted by an ACL rule, the connection is allowed to be established. When the device functions as a Telnet client, use this keyword to define Telnet servers accessible to the client.
Usage guidelines
If no ACL is referenced in VTY user interface view, the VTY user interface has no access control over establishing a Telnet or SSH connection.
If an ACL is referenced in VTY user interface view, the connection is permitted to be established only when packets for establishing a Telnet or SSH connection match a permit statement in the ACL.
The system regards the basic/advanced ACL with the inbound keyword and the basic/advanced ACL with the outbound keyword as different types of ACLs, which can coexist in one VTY user interface. The match order is basic/advanced ACL, Ethernet frame header ACL. At most one ACL of each type can be referenced in the same VTY user interface, and the last configured one takes effect.
For more information about ACL, see ACL and QoS Command Reference.
Examples
# Allow only the user with the IP address of 192.168.1.26 to access the device through Telnet or SSH.
<Sysname> system-view
[Sysname] acl number 2001
[Sysname-acl-basic-2001] rule permit source 192.168.1.26 0
[Sysname-acl-basic-2001] quit
[Sysname] user-interface vty 0
[Sysname-ui-vty0] acl 2001 inbound
After the configuration, user A (with the IP address 192.168.1.26) can Telnet to the device, but user B (with the IP address 192.168.1.60) cannot. Upon a connection failure, a message appears: "%connection closed by remote host!"
# Allow the device to only Telnet to the Telnet server with IP address 192.168.1.41.
<Sysname> system-view
[Sysname] acl number 3001
[Sysname-acl-adv-3001] rule permit tcp destination 192.168.1.41 0
[Sysname-acl-adv-3001] quit
[Sysname] user-interface vty 0 15
[Sysname-ui-vty0-15] acl 3001 outbound
[Sysname-ui-vty0-15] return
<Sysname>
After your configuration, if you Telnet to 192.168.1.46, your operation fails.
<Sysname> telnet 192.168.1.46
%Can't access the host from this terminal!
But you can Telnet to 192.168.1.41.
<Sysname> telnet 192.168.1.41
Trying 192.168.1.41 ...
Press CTRL+K to abort
Connected to 192.168.1.41 ...
activation-key
Use activation-key to define a shortcut key for starting a terminal session.
Use undo activation-key to restore the default.
Syntax
activation-key character
undo activation-key
Default
Pressing the Enter key starts a terminal session.
Views
AUX user interface view
Default command level
3: Manage level
Parameters
character: Specifies the shortcut key for starting a terminal session. The shortcut key can be a single character or an ASCII code in the range of 0 to 127. If you specify a number that is greater than 127 or a non-numeric string of one to three characters, only the first character is used as the shortcut key. For example, if you enter activation-key 987, the shortcut key is 9. If you enter activation-key abc, the shortcut key is a.
Usage guidelines
To display the defined shortcut key, use the display current-configuration command. This command displays the ASCII code of the shortcut key.
Examples
# Configure character s as the shortcut key for starting a terminal session on the AUX user interface.
<Sysname> system-view
[Sysname] user-interface aux 0
[Sysname-ui-aux0] activation-key s
To verify the configuration:
1. Exit to the user view.
[Sysname-ui-aux0] return
<Sysname> quit
2. Log in to the AUX user interface again.
The following message appears.
******************************************************************************
* Copyright (c) 2004-2013 Hangzhou H3C Tech. Co., Ltd. All rights reserved. *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
User interface aux0 is available.
Please press ENTER.
3. Press Enter.
At this moment, pressing Enter does not start a session.
4. Enter s.
A terminal session is started.
<Sysname>
%Mar 2 18:40:27:981 2013 Sysname SHELL/5/LOGIN: Console login from aux0
auto-execute command
|
|
CAUTION: After configuring this command for a user interface, you might be unable to access the CLI through the user interface. Make sure you can access the CLI through a different user interface before you configure this command and save the configuration. |
Use auto-execute command to specify a command to be automatically executed when a user logs in to the current user interface.
Use undo auto-execute command to remove the configuration.
Syntax
auto-execute command command
undo auto-execute command
Default
Command auto-execution is disabled.
Views
User interface view
Default command level
3: Manage level
Parameters
command: Specifies the command to be automatically executed.
Usage guidelines
This command is not supported on AUX interfaces.
The system automatically executes the specified command when a user logs in to the user interface, and tears down the user connection after the command is executed. If the command triggers another task, the system does not tear down the user connection until the task is completed.
The command auto-execute function is typically used for redirecting a Telnet user to a specific host. After executing the specified command and performing the incurred task, the system automatically disconnect the Telnet session.
Examples
# Configure the device to automatically Telnet to 192.168.1.41 after a user logs in to interface VTY 0.
<Sysname> system-view
<Sysname> system-view
[Sysname] user-interface vty 0
[Sysname -ui-vty0] auto-execute command telnet 192.168.1.41
% This action will lead to configuration failure through ui-vty0. Are you sure?
[Y/N]:y
[Sysname-ui-vty0]
# Telnet to 192.168.1.40 to verify the configuration.
The device automatically Telnets to 192.168.1.41. The following output is displayed:
C:\> telnet 192.168.1.40
******************************************************************************
* Copyright (c) 2004-2013 Hangzhou H3C Tech. Co., Ltd. All rights reserved. *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
<Sysname>
Trying 192.168.1.41 ...
Press CTRL+K to abort
Connected to 192.168.1.41 ...
******************************************************************************
* Copyright (c) 2004-2013 Hangzhou H3C Tech. Co., Ltd. All rights reserved. *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
<Sysname>
This operation is the same as directly logging in to the device at 192.168.1.41. If the Telnet connection to 192.168.1.41 is broken down, the Telnet connection to 192.168.1.40 breaks down at the same time.
authentication-mode
Use authentication-mode to set the authentication mode for the user interface.
Use undo authentication-mode to restore the default.
Syntax
authentication-mode { none | password | scheme }
undo authentication-mode
Default
The authentication mode is password for VTY user interfaces, and none for AUX user interfaces.
Views
User interface view
Default command level
3: Manage level
Parameters
none: Performs no authentication.
password: Performs local password authentication.
scheme: Performs AAA authentication. For more information about AAA, see Security Configuration Guide.
Usage guidelines
For scheme authentication mode, if local authentication is used and password control is enabled, a user must change the password after the first login (unless the user uses SSH for the first login). If NTP synchronization is also configured, H3C recommends that you wait for 10 minutes before changing the password to make sure the NTP synchronization is finished before the password is created.
Examples
# Specify that no authentication is needed for VTY 0. (This mode is insecure.)
<Sysname> system-view
[Sysname] user-interface vty 0
[Sysname-ui-vty0] authentication-mode none
# Use password authentication when users log in to the device through VTY 0, and set the authentication password to 321.
<Sysname> system-view
[Sysname] user-interface vty 0
[Sysname-ui-vty0] authentication-mode password
[Sysname-ui-vty0] set authentication password simple 321
# Authenticate users by username and password for VTY 0. Set the username to 123 and the password to 321.
<Sysname> system-view
[Sysname] user-interface vty 0
[Sysname-ui-vty0] authentication-mode scheme
[Sysname-ui-vty0] quit
[Sysname] local-user 123
[Sysname-luser-123] password simple 321
[Sysname-luser-123] service-type telnet
[Sysname-luser-123] authorization-attribute level 3
Related commands
set authentication password
command accounting
Use command accounting to enable command accounting.
Use undo command accounting to restore the default.
Syntax
command accounting
undo command accounting
Default
Command accounting is disabled, and the accounting server does not record executed commands.
Views
User interface view
Default command level
3: Manage level
Usage guidelines
When command accounting is enabled and command authorization is not, every executed command is recorded on the HWTACACS server.
When both command accounting and command authorization are enabled, only the authorized and executed commands are recorded on the HWTACACS server.
Examples
# Enable command accounting on VTY 0.
<Sysname> system-view
[Sysname] user-interface vty 0
[Sysname-ui-vty0] command accounting
command authorization
Use command authorization to enable command authorization.
Use undo command authorization to restore the default.
Syntax
command authorization
undo command authorization
Default
Command authorization is disabled. Logged-in users can execute commands without authorization.
Views
User interface view
Default command level
3: Manage level
Usage guidelines
With command authorization enabled, users can execute only commands authorized by the server.
Examples
# Enable command accounting for VTY 0 so users logging in from VTY 0 can execute only the commands authorized by the HWTACACS server.
<Sysname> system-view
[Sysname] user-interface vty 0
[Sysname-ui-vty0] command authorization
databits
Use databits to set the number of data bits for each character.
Use undo databits to restore the default.
Syntax
databits { 7 | 8 }
undo databits
Default
Eight data bits are used for each character.
Views
User interface view
Default command level
2: System level
Parameters
7: Uses seven data bits for each character.
8: Uses eight data bits for each character.
Usage guidelines
The command is applicable only to the AUX user interface.
The data bits setting must be the same for the user interfaces of the connecting ports on the device and the terminal device for communication.
Examples
# Use seven data bits for each character.
<Sysname> system-view
[Sysname] user-interface aux 0
[Sysname-ui-aux0] databits 7
display ip http
Use display ip http to display HTTP information.
Syntax
display ip http [ | { begin | exclude | include } regular-expression ]
Views
Any view
Default command level
1: Monitor level
Parameters
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Examples
# Display information about HTTP.
<Sysname> display ip http
HTTP port: 80
Basic ACL: 2222
Current connection: 0
Operation status: Running
Table 1 Command output
|
Field |
Description |
|
HTTP port |
Port number used by the HTTP service. |
|
Basic ACL |
Basic ACL number associated with the HTTP service. |
|
Current connection |
Number of current connections. |
|
Operation status |
Operation status: · Running—The HTTP service is enabled. Stopped—The HTTP service is disabled. |
display ip https
Use display ip https to display information about HTTPS.
Syntax
display ip https [ | { begin | exclude | include } regular-expression ]
Views
Any view
Default command level
1: Monitor level
Parameters
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Examples
# Display information about HTTPS.
<Sysname> display ip https
HTTPS port: 443
SSL server policy: test
Certificate access-control-policy:
Basic ACL: 2222
Current connection: 0
Operation status: Running
Table 2 Command output
|
Field |
Description |
|
HTTPS port |
Port number used by the HTTPS service. |
|
SSL server policy |
SSL server policy associated with the HTTPS service. |
|
Certificate access-control-policy |
Certificate attribute access control policy associated with the HTTPS service. |
|
Basic ACL |
Basic ACL number associated with the HTTPS service. |
|
Current connection |
Number of current connections. |
|
Operation status |
Operation status: · Running—The HTTPS service is enabled. · Stopped—The HTTPS service is disabled. |
display telnet client configuration
Use display telnet client configuration to display the configuration of the device when it serves as a Telnet client.
Syntax
display telnet client configuration [ | { begin | exclude | include } regular-expression ]
Views
Any view
Default command level
1: Monitor level
Parameters
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Examples
# Display the configuration of the device when it serves as a Telnet client.
<Sysname> display telnet client configuration
The source IP address is 1.1.1.1.
The output shows that when the device serves as a client, the source IPv4 address for sending Telnet packets is 1.1.1.1.
display user-interface
Use display user-interface to display information about the specified or all user interfaces.
Syntax
display user-interface [ num1 | { aux | vty } num2 ] [ summary ] [ | { begin | exclude | include } regular-expression ]
Views
Any view
Default command level
1: Monitor level
Parameters
num1: Specifies the absolute number of a user interface, in the range of 0 to 44.
aux: Specifies the AUX user interface.
vty: Specifies the VTY user interface.
num2: Specifies the relative number of a user interface, in the range of 0 to 9 for an AUX user interface and 0 to 15 for a VTY user interface.
summary: Displays summary about user interfaces.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Usage guidelines
If the summary keyword is not included, the command displays the type of the user interface, the absolute or relative number, the transmission rate, the user privilege level, the authentication mode, and the access port.
If the summary keyword is included, the command displays all user interface numbers and types.
Examples
# Display information about user interface 0.
<Sysname> display user-interface 0
<Sysname>display user-interface 3
Idx Type Tx/Rx Modem Privi Auth Int
F 3 AUX 0 9600 - 3 N -
+ : Current user-interface is active.
F : Current user-interface is active and work in async mode.
Idx : Absolute index of user-interface.
Type : Type and relative index of user-interface.
Privi: The privilege of user-interface.
Auth : The authentication mode of user-interface.
Int : The physical location of UIs.
A : Authentication use AAA.
L : Authentication use local database.
N : Current UI need not authentication.
P : Authentication use current UI's password.
Table 3 Command output
|
Field |
Description |
|
+ |
The current user interface is active. |
|
F |
The current user interface is active and operates in asynchronous mode. |
|
Idx |
Absolute number of the user interface. |
|
Type |
Type and relative number of the user interface. |
|
Tx/Rx |
Transmission/Receive rate of the user interface. |
|
Modem |
Whether the modem is allowed to dial in (in), dial out (out), or both (inout). If this function is disabled, a hyphen (-) is displayed. |
|
Privi |
Command level of a user under that user interface. |
|
Auth |
Authentication mode for the users: · A—Scheme authentication mode. · L—Local authentication mode (not supported). · N—None authentication mode. · P—Password authentication mode. |
|
Int |
Physical port that corresponds to the user interface. For AUX and VTY user interfaces, a hyphen (-) is displayed. |
# Display summary about all user interfaces.
<Sysname> display user-interface summary
<H3C>dis user-interface summary
User interface type : [TTY]
0:XXX
User interface type : [AUX]
3:XXXX XXXX XX
User interface type : [VTY]
29:UUUU XXXX XXXX XXXX
4 character mode users. (U)
25 UI never used. (X)
4 total UI in use
Table 4 Command output
|
Field |
Description |
|
User interface type |
Type of the user interface, AUX or VTY. Type of the user interface, AUX, VTY, or TTY. The device does not support TTY user interfaces. |
|
0:X |
0 represents the absolute number of the user interface. If the user interface is not used, an X is displayed. If the user interface is in use, a U is displayed. |
|
character mode users. (U) |
Number of users, or the total number of character U. |
|
UI never used. (X) |
Number of user interfaces not used, or the total number of character X. |
|
total UI in use |
Total number of user interfaces in use. |
display users
Use display users to display information about the user interfaces being used.
Syntax
display users [ all ] [ | { begin | exclude | include } regular-expression ]
Views
Any view
Default command level
1: Monitor level
Parameters
all: Displays information about all user interfaces the device supports.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Usage guidelines
Use the display users all command to display information about all user interfaces supported by the device.
Examples
# Display information about the user interfaces being used.
<Sysname> display users
The user application information of the user interface(s):
Idx UI Delay Type Userlevel
29 VTY 0 05:51:43 TEL 3
+ 30 VTY 1 00:00:00 TEL 3
Following are more details.
VTY 0 :
Location: 192.168.0.54
VTY 1 :
Location: 192.168.0.58
+ : Current operation user.
F : Current operation user work in async mode.
The output shows that two users have logged in to the device. The one with IP address 192.168.1.54 uses VTY 0, and the other with IP address 192.168.1.58 uses VTY 1.
Table 5 Command output
|
Field |
Description |
|
Idx |
Absolute number of the user interface. |
|
UI |
Relative number of the user interface. For example, with VTY, the first column represents user interface type, and the second column represents the relative number of the user interface. |
|
Delay |
Time elapsed after the user's last input, in the format hh:mm:ss. |
|
Type |
User type, such as Telnet or SSH. |
|
Userlevel |
User level, 0 for visit, 1 for monitor, 2 for system, or 3 for manage. |
|
+ |
Current user. |
|
Location |
IP address of the user. |
|
F |
The current user is operating in asynchronous mode. |
display web users
Use display web users to display information about the Web users.
Syntax
display web users [ | { begin | exclude | include } regular-expression ]
Views
Any view
Default command level
1: Monitor level
Parameters
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Examples
# Display information about the Web users.
<Sysname> display web users
UserID Name Language Level State LinkCount LoginTime LastTime
ab890000 admin Chinese Management Enable 0 14:13:46 14:14:18
Table 6 Command output
|
Field |
Description |
|
UserID |
Web user ID. |
|
Name |
Web username. |
|
Language |
Language used in Web login. |
|
Level |
Web user level. |
|
State |
Web user status. |
|
LinkCount |
Number of tasks running for the Web user. |
|
LoginTime |
Login time. |
|
LastTime |
Last time when the Web user accessed the device. |
escape-key
Use escape-key to define a shortcut key for terminating a task.
Use undo escape-key to disable the shortcut key for terminating tasks.
Syntax
escape-key { default | character }
undo escape-key
Default
Pressing Ctrl+C terminates a task.
Views
User interface view
Default command level
3: Manage level
Parameters
character: Specifies the shortcut key for terminating a task. The shortcut key can be a single character or an ASCII code in the range of 0 to 127. If you specify a number that is greater than 127 or a non-numeric string of one to three characters, only the first character is used as the shortcut key. For example, if you enter activation-key 987, the shortcut key is 9. If you enter activation-key abc, the shortcut key is a.
default: Restores the default escape key sequence Ctrl+C.
Usage guidelines
To display the defined shortcut key, use the display current-configuration command. This command displays the ASCII code of the shortcut key.
If you set the character argument in a user interface of a device, when you use the user interface to log in to the device and then Telnet to another device, the character argument can only be used as a control character to terminate a task, rather than a common character. For example, if you specify character e in VTY 0 user interface of Device A, when you log in to Device A through VTY 0 from a PC (HyperTerminal), you can enter e as a common character on the PC, and you can also use e to terminate the task running on Device A. If you Telnet to Device B from Device A, you can only use e to terminate the task running on Device B, rather than use e as a common character. It is a good practice to specify a key sequence.
Examples
# Define key a as the shortcut key for terminating a task.
<Sysname> system-view
[Sysname] user-interface aux 0
[Sysname-ui-aux0] escape-key a
To verify the configuration:
1. Ping the IP address of 192.168.1.49 and use the -c keyword to specify the number of ICMP echo packets to be sent as 20.
<Sysname> ping -c 20 192.168.1.49
PING 192.168.1.49: 56 data bytes, press a to break
Reply from 192.168.1.49: bytes=56 Sequence=1 ttl=255 time=3 ms
Reply from 192.168.1.49: bytes=56 Sequence=2 ttl=255 time=3 ms
2. # Enter a.
The task terminates immediately and the system returns to system view.
--- 192.168.1.49 ping statistics ---
2 packet(s) transmitted
2 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/3/3 ms
<Sysname>
flow-control
Use flow-control to configure the flow control mode.
Use undo flow-control to restore the default.
Syntax
flow-control { hardware | none | software }
undo flow-control
Default
The flow control mode is none, and no flow control is performed.
Views
AUX user interface view
Default command level
2: System level
Parameters
hardware: Performs hardware flow control.
none: Disables flow control.
software: Performs software flow control.
Usage guidelines
The device supports only the none mode.
A flow control mode takes effect on both the inbound and outbound directions. In inbound flow control, the local device listens to the remote device for flow control information. In the outbound flow control, the local device sends flow control information to the remote device.
To communicate, the two ends must be configured with the same flow control mode.
Examples
# Configure the flow control mode as none for user interface AUX 0.
<Sysname> system-view
[Sysname] user-interface aux 0
[Sysname-ui-aux0] flow-control none
free user-interface
Use free user-interface to release the connections established on a user interface.
Syntax
free user-interface { num1 | { aux | vty } num2 }
Views
User view
Default command level
3: Manage level
Parameters
num1: Specifies the absolute number of a user interface, in the range of 0 to 44.
aux: Specifies the AUX user interface.
vty: Specifies the VTY user interface.
num2: Specifies the relative number of a user interface, in the range of 0 to 9 for an AUX user interface and 0 to 15 for a VTY user interface.
Usage guidelines
This command cannot release the connection you are using.
Examples
# Display the connection established on user interface VTY 1:
1. Display which users are operating the device.
<Sysname> display users
The user application information of the user interface(s):
Idx UI Delay Type Userlevel
29 VTY 0 05:56:53 TEL 3
+ 30 VTY 1 00:00:00 TEL 3
31 VTY 2 00:43:04 TEL 3
32 VTY 3 05:49:26 TEL 3
Following are more details.
VTY 0 :
Location: 192.168.0.5
VTY 1 :
Location: 192.168.0.202
VTY 2 :
Location: 192.168.0.5
VTY 3 :
Location: 192.168.0.108
+ : Current operation user.
F : Current operation user work in async mode.
2. If the operations of the user using VTY 1 affect the operations of the administrator, log out the user.
<Sysname> free user-interface vty 1
Are you sure to free user-interface vty1? [Y/N]:y
free web-users
Use free web-users to log out Web users.
Syntax
free web-users { all | user-id user-id | user-name user-name }
Views
User view
Default command level
2: System level
Parameters
all: Specifies all Web users.
user-id: Specifies a Web user ID, a hexadecimal number of eight digits.
user-name: Specifies a Web username, a string of 1 to 80 characters.
Examples
# Log out all Web users.
<Sysname> free web-users all
Related commands
display web users
history-command max-size
Use history-command max-size to set the size of the command history buffer for the user interface.
Use undo history-command max-size to restore the default.
Syntax
history-command max-size size-value
undo history-command max-size
Default
The buffer of a user interface saves 10 history commands at most.
Views
User interface view
Default command level
2: System level
Parameters
size-value: Specifies the maximum number of history commands the buffer can store. The value ranges from 0 to 256.
Usage guidelines
The command history buffer saves executed history commands per user interface and buffers for different user interfaces do not affect each other. To display the commands stored in the history buffer for the current user interface, use the display history-command command. To view the recently executed commands, press the up and down arrow keys.
When a user terminates the session, the system automatically removes the commands saved in the history buffer.
Examples
# Set the buffer to store a maximum of 20 history commands.
<Sysname> system-view
[Sysname] user-interface aux 0
[Sysname-ui-aux0] history-command max-size 20
idle-timeout
Use idle-timeout to set the idle-timeout timer.
Use undo idle-timeout to restore the default.
Syntax
idle-timeout minutes [ seconds ]
undo idle-timeout
Default
The idle-timeout is 10 minutes.
Views
User interface view
Default command level
2: System level
Parameters
minutes: Specifies the number of minutes for the idle-timeout time, in the range of 0 to 35791. The default is 10 minutes.
seconds: Specifies the number of seconds for the idle-timeout time, in the range of 0 to 59. The default is 0 seconds.
Usage guidelines
The system automatically terminates the user's connections if there is no information interaction between the device and the users within the idle timeout time.
Setting idle-timeout to zero disables the timer. In this case, connections are maintained unless you terminate them.
Examples
# Set the idle-timeout timer to 1 minute and 30 seconds.
<Sysname> system-view
[Sysname] user-interface aux 0
[Sysname-ui-aux0] idle-timeout 1 30
ip http acl
Use ip http acl to associate the HTTP service with an ACL.
Use undo ip http acl to remove the association.
Syntax
ip http acl acl-number
undo ip http acl acl-number
Default
The HTTP service is not associated with any ACL.
Views
System view
Default command level
2: System level
Parameters
acl-number: Specifies an ACL number in the range of 2000 to 2999.
Usage guidelines
After the HTTP service is associated with an ACL, only clients permitted by the ACL can access the device through HTTP.
The HTTP service can be associated with only one basic ACL. If you execute the ip http acl command multiple times, the most recent configuration takes effect.
Examples
# Associate the HTTP service with ACL 2001 to only allow the clients within the 10.10.0.0/16 network to access the device through HTTP.
<Sysname> system-view
[Sysname] acl number 2001
[Sysname-acl-basic-2001] rule permit source 10.10.0.0 0.0.255.255
[Sysname-acl-basic-2001] quit
[Sysname] ip http acl 2001
· display ip http
· acl number (ACL and QoS Command Reference)
ip http enable
Use ip http enable to enable the HTTP service.
Use undo ip http enable to disable the HTTP service.
Syntax
ip http enable
undo ip http enable
Default
The HTTP service is enabled.
Views
System view
Default command level
2: System level
Usage guidelines
The default setting of this command varies with devices.
The device can act as the HTTP server that can be accessed only after the HTTP service is enabled.
Examples
# Enable the HTTP service.
<Sysname> system-view
[Sysname] ip http enable
# Disable the HTTP service.
<Sysname> system-view
[Sysname] undo ip http enable
Related commands
display ip http
ip http dscp
Use ip http dscp to set the DSCP value for IPv4 to use for outgoing HTTP packets.
Use undo ip http dscp to restore the default.
Syntax
ip http dscp dscp-value
undo ip http dscp
Default
IPv4 uses the DSCP value 16 for outgoing HTTP packets.
Views
System view
Default command level
2: System level
Parameters
dscp-value: Specifies a DSCP value in the range of 0 to 63.
Examples
# Set the DSCP value for IPv4 to use for outgoing HTTP packets to 30.
<Sysname> system-view
[Sysname] ip http dscp 30
ip http port
Use ip http port to configure the port number of the HTTP service.
Use undo ip http port to restore the default.
Syntax
ip http port port-number
undo ip http port
Default
The port number of the HTTP service is 80.
Views
System view
Default command level
3: Manage level
Parameters
port-number: Specifies the port number of the HTTP service, in the range of 1 to 65535.
Usage guidelines
Verify that the port number is not used by another service, because this command does not examine for conflicts with configured port numbers.
Examples
# Configure the port number of the HTTP service as 8080.
<Sysname> system-view
[Sysname] ip http port 8080
Related commands
display ip http
ip https acl
Use ip https acl to associate the HTTPS service with an ACL.
Use undo ip https acl to remove the association.
Syntax
ip https acl acl-number
undo ip https acl acl-number
Default
The HTTPS service is not associated with any ACL.
Views
System view
Default command level
3: Manage level
Parameters
acl-number: Specifies an ACL number in the range of 2000 to 2999.
Usage guidelines
After the HTTPS service is associated with an ACL, only the clients permitted by the ACL can access the device.
The HTTPS service can be associated with only one basic ACL. If you execute the ip https acl command multiple times, the most recent configuration takes effect.
Examples
# Associate the HTTPS service with ACL 2001 to only allow the clients within the 10.10.0.0/16 network segment to access the HTTPS server through HTTP.
<Sysname> system-view
[Sysname] acl number 2001
[Sysname-acl-basic-2001] rule permit source 10.10.0.0 0.0.255.255
[Sysname-acl-basic-2001] quit
[Sysname] ip https acl 2001
· display ip https
· acl number (ACL and QoS Command Reference)
ip https certificate access-control-policy
Use ip https certificate access-control-policy to associate the HTTPS service with a certificate attribute access control policy.
Use undo ip https certificate access-control-policy to remove the association.
Syntax
ip https certificate access-control-policy policy-name
undo ip https certificate access-control-policy
Default
The HTTPS service is not associated with any certificate attribute access control policy.
Views
System view
Default command level
3: Manage level
Parameters
policy-name: Specifies the name of the certificate attribute access control policy, a string of 1 to 16 characters.
Usage guidelines
Association of the HTTPS service with a certificate attribute access control policy can control the access rights of clients.
Examples
# Associate the HTTPS server to certificate attribute access control policy myacl.
<Sysname> system-view
[Sysname] ip https certificate access-control-policy myacl
· display ip https
· pki certificate access-control-policy (Security Command Reference)
ip https enable
Use ip https enable to enable the HTTPS service.
Use undo ip https enable to disable the HTTPS service.
Syntax
ip https enable
undo ip https enable
Default
The HTTPS service is disabled.
Views
System view
Default command level
3: Manage level
Usage guidelines
The device can act as the HTTP server that can be accessed only after the HTTP service is enabled.
Enabling the HTTPS service triggers an SSL handshake negotiation process:
· If the local certificate of the device exists, the SSL negotiation succeeds, and the HTTPS service can be started.
· If no local certificate exists, the SSL negotiation triggers a certificate application process that often fails because it times out. If that happens, execute the ip https enable command multiple times to start the HTTPS service.
Examples
# Enable the HTTPS service.
<Sysname> system-view
[Sysname] ip https enable
ip https port
Use ip https port to configure the port number of the HTTPS service.
Use undo ip https port to restore the default.
Syntax
ip https port port-number
undo ip https port
Default
The port number of the HTTPS service is 443.
Views
System view
Default command level
3: Manage level
Parameters
port-number: Specifies the port number of the HTTPS service, in the range of 1 to 65535.
Usage guidelines
Verify that the port number is not used by another service, because this command does not examine for conflicts with configured port numbers.
Examples
# Configure the port number of the HTTPS service as 6000.
<Sysname> system-view
[Sysname] ip https port 6000
Related commands
display ip https
ip https ssl-server-policy
Use ip https ssl-server-policy to associate the HTTPS service with an SSL server-end policy.
Use undo ip https ssl-server-policy to remove the association.
Syntax
ip https ssl-server-policy policy-name
undo ip https ssl-server-policy
Default
The HTTPS service is not associated with any SSL server-end policy, and the device uses a self-signed certificate for authentication (a self-signed certificate is generated and signed by the device itself, rather than the CA).
Views
System view
Default command level
3: Manage level
Parameters
policy-name: Specifies the name of an SSL server policy, a string of 1 to 16 characters.
Usage guidelines
The HTTPS service can be enabled only after this command is configured successfully.
With the HTTPS service enabled, you cannot modify the associated SSL server-end policy or remove the association between the HTTPS service and the SSL server-end policy after the HTTPS service is enabled.
Examples
# Associate the HTTPS service with SSL server-end policy myssl.
<Sysname> system-view
[Sysname] ip https ssl-server-policy myssl
Related commands
· display ip https
· ssl server-policy (Security Command Reference)
lock
Use lock to lock the current user interface.
Syntax
lock
Default
This function is disabled.
Views
User view
Default command level
3: Manage level
Usage guidelines
When you must leave the device for a while, use this command to lock the current user interface to prevent unauthorized access.
After you enter this command, you are asked to enter a password (up to 16 characters) and confirm it by entering the password again. To unlock the user interface, press Enter and enter the correct password.
Examples
# Lock the current user interface.
<Sysname> lock
Please input password<1 to 16> to lock current user terminal interface:
Password:
Again:
locked !
Password:
<Sysname>
parity
Use parity to set a parity check method.
Use undo parity to restore the default.
Syntax
parity { even | none | odd }
undo parity
Default
No parity check is performed.
Views
AUX user interface view
Default command level
2: System level
Parameters
even: Performs an even parity check.
none: Performs no parity check.
odd: Performs an odd parity check.
Usage guidelines
The parity check setting must be the same for the user interfaces of the connecting ports on the device and the target terminal device for communication.
Examples
# Configure AUX user interface 0 to perform an odd parity check.
<Sysname> system-view
[Sysname] user-interface aux 0
[Sysname-ui-aux0] parity odd
protocol inbound
Use protocol inbound to enable the current user interface to support Telnet, SSH, or both of them. The configuration takes effect the next time you log in.
Use undo protocol inbound to restore the default.
Syntax
protocol inbound { all | ssh | telnet }
undo protocol inbound
Default
Both SSH and Telnet are supported.
Views
VTY interface view
Default command level
3: Manage level
Parameters
all: Supports both Telnet and SSH.
ssh: Supports only SSH.
telnet: Supports only Telnet.
Usage guidelines
Before configuring a user interface to support SSH, set the authentication mode to scheme for the user interface; otherwise, the protocol inbound ssh command fails. For more information, see authentication-mode.
Examples
# Enable the VTYs 0 through 4 to support only SSH.
<Sysname> system-view
[Sysname] user-interface vty 0 4
[Sysname-ui-vty0-4] authentication-mode scheme
[Sysname-ui-vty0-4] protocol inbound ssh
screen-length
Use screen-length to set the maximum number of lines to be displayed on a screen.
Use undo screen-length to restore the default.
Syntax
screen-length screen-length
undo screen-length
Default
A screen displays 24 lines at most.
Views
User interface view
Default command level
2: System level
Parameters
screen-length: Specifies the maximum number of lines to be displayed on a screen, in the range of 0 to 512. The value of 0 disables pausing between screens of output.
Usage guidelines
When screen output pauses, press the Space key to display the next screen. Not all terminals support this setting. For example, assume you set screen-length to 40, but the terminal can display 24 lines in one screen at most. When you press Space, the device sends 40 lines to the terminal, but the screen displays only lines 18 through 40. To view the first 17 lines, press the page up or page down key.
To disable pausing between screens of output for the current session, use the screen-length disable command.
Examples
# Set the screen length of AUX user interface 0 to 30 lines.
<Sysname> system-view
[Sysname] user-interface aux 0
[Sysname-ui-aux0] screen-length 30
Related commands
screen-length disable
send
Use send to send messages to user interfaces.
Syntax
send { all | num1 | { aux | vty } num2 }
Views
User view
Default command level
1: Monitor level
Parameters
all: Specifies all user interfaces.
num1: Specifies the absolute number of a user interface, in the range of 0 to 44.
aux: Specifies an AUX user interface.
vty: Specifies a VTY user interface.
num2: Specifies the relative number of a user interface, in the range of 0 to 9 for an AUX user interface and 0 to 15 for a VTY user interface.
Usage guidelines
After you issue the command, enter the message to be sent at the prompt. To end message input, press Ctrl+Z. To cancel message input and return to user view, press Ctrl+C.
Examples
# Send message hello abc to AUX user interface 0.
<Sysname> send aux 0
Enter message, end with CTRL+Z or Enter; abort with CTRL+C:
hello abc^Z
Send message? [Y/N]:y
<Sysname>
***
***
***Message from aux0 to aux0
***
hello abc
<Sysname>
# Before you restart the device, follow these steps to inform users accessing the device through other user interfaces:
1. Display information about all users.
<Sysname> display users
The user application information of the user interface(s):
Idx UI Delay Type Userlevel
29 VTY 0 06:07:50 TEL 3
+ 30 VTY 1 00:00:00 TEL 3
31 VTY 2 00:54:02 TEL 3
32 VTY 3 06:00:24 TEL 3
Following are more details.
VTY 0 :
Location: 192.168.0.5
VTY 1 :
Location: 192.168.0.202
VTY 2 :
Location: 192.168.0.5
VTY 3 :
Location: 192.168.0.108
+ : Current operation user.
F : Current operation user work in async mode.
// The output shows that you are using VTY 0 and another user is using VTY 1.
2. Send a notification to the user of VTY 1.
<Sysname> send vty 1
Enter message, end with CTRL+Z or Enter; abort with CTRL+C:
Your attention please. I will reboot the system in 3 minutes!^Z
Send message? [Y/N]:y
// The message is sent to VTY 1 and displayed on VTY 1. (Suppose the user of VTY 1 is entering the interface gigabitethernet command.)
[Sysname] interface gigabitethernet
***
***
***Message from vty0 to vty1
***
Your attention please. I will reboot the system in 3 minutes!
set authentication password
Use set authentication password to set a password.
Use undo set authentication password to remove the password.
Syntax
set authentication password [ hash ] { cipher | simple } password
undo set authentication password
Default
No password is set.
Views
User interface view
Default command level
3: Manage level
Parameters
hash: Uses a hash algorithm to encrypt the password.
cipher: Sets a ciphertext password.
simple: Sets a plaintext password.
password: Specifies the password string. This argument is case sensitive. If simple is specified, it must be a string of 1 to 16 characters. If you specify the hash keyword, the ciphertext password can be a string of 1 to 110 characters. If you do not specify the hash keyword, the ciphertext password can be a string of 1 to 53 characters..
Usage guidelines
For secrecy, the password is saved in cipher text, even if configured in plain text.
Examples
# Set the password for user interface AUX 0 to hello.
<Sysname> system-view
[Sysname] user-interface aux 0
[Sysname-ui-aux0] authentication-mode password
[Sysname-ui-aux0] set authentication password simple hello
Related commands
authentication-mode
shell
Use shell to enable the terminal service for user interfaces.
Use undo shell to disable the terminal service for user interfaces.
Syntax
shell
undo shell
Default
Terminal service is enabled on all user interfaces.
Views
User interface view
Default command level
3: Manage level
Usage guidelines
The AUX user interface does not support the undo shell command.
You cannot disable the terminal service on the user interface you are using.
Examples
# Disable the terminal service for VTYs 0 through 15, so no user can log in to the device through VTYs 0 through 15.
<Sysname> system-view
[Sysname] user-interface vty 0 15
[Sysname-ui-vty0-15] undo shell
% Disable ui-vty0-15 , are you sure? [Y/N]:y
[Sysname-ui-vty0-15]
The following message appears when a user tries to Telnet to the device:
The connection was closed by the remote host!
speed (user interface view)
Use speed to set the transmission rate on the user interface.
Use undo speed to restore the default transmission rate.
Syntax
speed speed-value
undo speed
Default
The transmission rate is 9600 bps.
Views
AUX user interface view
Default command level
2: System level
Parameters
speed-value: Specifies a transmission rate in bps. The transmission rates available with asynchronous serial interfaces include: 300 bps, 600 bps, 1200 bps, 2400 bps, 4800 bps, 9600 bps, 19200 bps, 38400 bps, 57600 bps, and 115200 bps. The transmission rate varies with devices and configuration environment.
Usage guidelines
The transmission rate setting must be identical for the user interfaces of the connecting ports on the device and the target terminal device for communication.
Examples
# Set the transmission rate on the user interface AUX 0 to 19200 bps.
<Sysname> system-view
[Sysname] user-interface aux 0
[Sysname-ui-aux0] speed 19200
stopbits
Use stopbits to set the number of stop bits transmitted per byte.
Use undo stopbits to restore the default.
Syntax
stopbits { 1 | 1.5 | 2 }
undo stopbits
Default
The stop bit is one.
Views
AUX user interface view
Default command level
2: System level
Parameters
1: Uses one stop bit.
1.5: Uses one and a half stop bits.
2: Uses two stop bits.
Usage guidelines
The stop bits setting must be the identical for the user interfaces of the connecting ports on the device and the target device for communication.
Examples
# Set the stop bits on the user interface AUX 0 to 1.5.
<Sysname> system-view
[Sysname] user-interface aux 0
[Sysname-ui-aux0] stopbits 1.5
Related commands
stopbit-error intolerance
telnet
Use telnet to Telnet to a remote host.
Syntax
telnet remote-host [ service-port ] [ source { interface interface-type interface-number | ip ip-address } ]
Views
User view
Default command level
0: Visit level
Parameters
remote-host: Specifies the IPv4 address or host name of the remote host, a case-insensitive string of 1 to 20 characters.
service-port: Specifies the TCP port number of the Telnet service on the remote host. It ranges from 0 to 65535, with a default of 23.
source: Specifies a source interface or source IPv4 address for outgoing Telnet packets.
interface interface-type interface-number: Specifies a source interface for outgoing Telnet packets. The primary IP address of this interface will be used as the source IPv4 address for outgoing Telnet packets.
ip ip-address: Specifies a source IPv4 address for outgoing Telnet packets.
Usage guidelines
To terminate your Telnet connection, press Ctrl+K or enter quit.
The source IPv4 address or source interface specified with this command only applies to the current Telnet connection.
Examples
# Telnet to the remote host 1.1.1.2, specifying the source IP address for outgoing Telnet packets as 1.1.1.1.
<Sysname> telnet 1.1.1.2 source ip 1.1.1.1
telnet client dscp
Use telnet client dscp to set the DSCP value for IPv4 to use for outgoing Telnet packets on a Telnet client.
Use undo telnet client dscp to restore the default.
Syntax
telnet client dscp dscp-value
undo telnet client dscp
Default
IPv4 uses the DSCP value 16 for outgoing Telnet packets on a Telnet client.
Views
System view
Default command level
2: System level
Parameters
dscp-value: Specifies a DSCP value in the range of 0 to 63.
Examples
# Set the DSCP value for IPv4 to use for outgoing Telnet packets to 30 on a Telnet client.
<Sysname> system-view
[Sysname] telnet client dscp 30
telnet client source
Use telnet client source to specify a source IPv4 address or source interface for outgoing Telnet packets when the device serves as a Telnet client.
Use undo telnet client source to restore the default.
Syntax
telnet client source { interface interface-type interface-number | ip ip-address }
undo telnet client source
Default
No source IPv4 address or source interface is specified for outgoing Telnet packets. The IP address of the outbound interface is used as the source IPv4 address.
Views
System view
Default command level
2: System level
Parameters
interface interface-type interface-number: Specifies a source interface for outgoing Telnet packets. The primary IP address of this interface will be used as the source IPv4 address for outgoing Telnet packets.
ip ip-address: Specifies a source IPv4 address for outgoing Telnet packets.
Usage guidelines
The setting by this command applies to all Telnet connections.
If you use both this command and the telnet command to specify the source IPv4 address or source interface, the setting specified with the telnet command takes effect.
Examples
# Specify the source IPv4 address for outgoing Telnet packets when the device serves as a Telnet client as 1.1.1.1.
<Sysname> system-view
[Sysname] telnet client source ip 1.1.1.1
Related commands
display telnet client configuration
telnet server dscp
Use telnet server dscp to set the DSCP value for IPv4 to use for outgoing Telnet packets on a Telnet server.
Use undo telnet server dscp to restore the default.
Syntax
telnet server dscp dscp-value
undo telnet server dscp
Default
IPv4 uses the DSCP value 48 for outgoing Telnet packets on a Telnet server.
Views
System view
Default command level
2: System level
Parameters
dscp-value: Specifies a DSCP value in the range of 0 to 63.
Examples
# Set the DSCP value for IPv4 to use for outgoing Telnet packets to 30 on a Telnet server.
<Sysname> system-view
[Sysname] telnet server dscp 30
telnet server enable
Use telnet server enable to enable the Telnet server.
Use undo telnet server enable to disable the Telnet server.
Syntax
telnet server enable
undo telnet server enable
Default
The Telnet server is enabled.
Views
System view
Default command level
3: Manage level
Examples
# Enable the Telnet server.
<Sysname> system-view
[Sysname] telnet server enable
terminal type
Use terminal type to configure the type of terminal display of the current user interface.
Use undo terminal type to restore the default.
Syntax
terminal type { ansi | vt100 }
undo terminal type
Default
The terminal display type is ANSI.
Views
User interface view
Default command level
2: System level
Parameters
ansi: Specifies the terminal display type as ANSI.
vt100: Specifies the terminal display type as VT100.
Usage guidelines
The device supports two terminal display types: ANSI and VT100. H3C recommends setting the display type to VT100 for both the device and the client. If the device and the client use different display types or both are using the ANSI display type, when the total number of characters for a command line exceeds 80, the screen display on the terminal might be abnormal. For example, the cursor might be displayed at a wrong place.
Examples
# Set the terminal display type to VT100.
<Sysname> system-view
[Sysname] user-interface vty 0
[Sysname-ui-vty0] terminal type vt100
user privilege level
Use user privilege level to configure the user privilege level. Users logging into the user interface are assigned a user privilege level.
Use undo user privilege level to restore the default.
Syntax
user privilege level level
undo user privilege level
Default
The command level is 3 for the AUX user interface and 0 for other user interfaces.
Views
User interface view
Default command level
3: Manage level
Parameters
level: Specifies a user privilege level in the range of 0 to 3.
Usage guidelines
User privilege levels include visit, monitor, system, and manage, represented by the number 0, 1, 2 and 3 respectively. You can change the user privilege level when necessary.
Examples
# Set the command level for users logging in through VTY 0 to 0.
<Sysname> system-view
[Sysname] user-interface vty 0
[Sysname-ui-vty0] user privilege level 0
After you Telnet to the device through VTY 0, the terminal only displays commands of level 0 in the help information:
<Sysname> ?
User view commands:
archive Specify archive settings
backup Backup next startup-configuration file to TFTP server
boot-loader Set boot loader
bootrom Update/read/backup/restore bootrom
brand Set Original Equipment Manufacturer (BRAND) information
cd Change current directory
cfd Connectivity fault detection (IEEE 802.1ag)
clock Specify the system clock
cluster Run cluster command
copy Copy from one file to another
debugging Enable system debugging functions
delete Delete a file
dir List files on a file system
display Display current system information
fixdisk Recover lost chains in storage device
format Format the device
free Clear user terminal interface
ftp Open FTP connection
graceful-restart Graceful restart
lock Lock current user terminal interface
logfile Specify log file configuration
mcms Specify multi-core multi-system configuration information
---- More ----
user-interface
Use user-interface to enter user interface view.
Syntax
user-interface { first-num1 [ last-num1 ] | { aux | vty } first-num2 [ last-num2 ] }
Views
System view
Default command level
2: System level
Parameters
first-num1: Specifies the absolute number of the first user interface, in the range of 0 to 44.
last-num1: Specifies the absolute number of the last user interface, in the range of 1 to 33. This value cannot be smaller than the first-num1.
aux: Specifies the AUX user interface.
vty: Specifies the VTY user interface.
first-num2: Specifies the relative number of the first user interface, in the range of 0 to 9 for an AUX user interface and 0 to 15 for a VTY user interface.
last-num2: Specifies the relative number of the last user interface, in the range of 1 to 15 for a VTY user interface. For an AUX user interface, do not specify this argument or set it to 1. This value cannot be smaller than first-num 2.
Usage guidelines
If you specify a single user interface, the configuration you perform only applies to the user interface.
If you specify multiple user interfaces, the configuration you perform applies to all those user interfaces.
Examples
# Enter the AUX user interface view.
<Sysname> system-view
[Sysname] user-interface aux 0
[Sysname-ui-aux0]
# Enter the user interface views of VTYs 0 to 4.
<Sysname> system-view
[Sysname] user-interface vty 0 4
[Sysname-ui-vty0-4]
web captcha
Use web captcha to specify a fixed verification code for Web login.
Use undo web captcha to restore the default.
Syntax
web captcha verification-code
undo web captcha
Default
A Web user must enter the verification code indicated on the login page to log in.
Views
User view
Default command level
3: Manage level
Parameters
verification-code: Specifies the fixed verification code for Web login, a case-sensitive four-character string.
Usage guidelines
If you configure the web captcha command multiple times, the most recent configuration takes effect.
After you configure a fixed verification code for Web login, a Web user can use the code for login, without caring about the verification code displayed on the login page. This feature is intended for test environments where a script is usually used for Web function tests. Eliminating the requirement for entering the verification code every time, this feature helps improve the test efficiency.
For Web access security, do not use this feature in production environments.
This command is not saved to the configuration file and cannot survive a reboot.
Examples
# Specify a fixed verification code for Web login.
<Sysname> web captcha test
web https-authorization mode
Use web https-authorization mode to specify the authentication mode for users trying to log in to the device through HTTPS.
Use undo web https-authorization mode to restore the default.
Syntax
web https-authorization mode { auto | manual }
undo web https-authorization mode
Default
A user must enter correct username and password to log in through HTTPS.
Views
System view
Default command level
2: System level
Parameters
auto: Uses the PKI certificates of HTTPS users to automatically authenticate them.
manual: Provides a login page for HTTPS users to enter the correct username and password.
Usage guidelines
When the auto mode is enabled:
· If the PKI certificate of the user is correct and not expired, the CN field in the certificate is used as the username to perform AAA authentication. If the authentication succeeds, the user automatically enters the Web interface of the device.
· If the PKI certificate of the user is correct and not expired, but the AAA authentication fails, the device shows the Web login page. The user can log in to the device after entering correct username and password.
· When the PKI certificate of the user is incorrect or expired, the HTTPS connection is terminated.
Examples
# Specify the auto authentication mode for users trying to log in to the device through HTTPS.
<Sysname> system-view
[Sysname] web https-authorization mode auto
web idle-timeout
Use web idle-timeout to set the Web user connection timeout time.
Use undo web idle-timeout to restore the default.
Syntax
web idle-timeout minutes
undo web idle-timeout
Default
The Web user connection timeout time is 10 minutes.
Views
System view
Default command level
2: System level
Parameters
minutes: Specifies the timeout time in minutes, in the range of 1 to 999.
Examples
# Set the Web user connection timeout time to 20 minutes.
<System> system-view
[System] web idle-timeout 20
web logbuffer size
Use web logbuffer size to set the size of the buffer for Web login logging.
Use undo web logbuffer size to restore the default.
Syntax
web logbuffer size pieces
undo web logbuffer size
Default
The buffer can store up to 512 logs.
Views
System view
Default command level
2: System level
Parameters
pieces: Specifies the size of the buffer for Web login logging, in the number of log messages. The value range is 0 to 1024. The default is 512.
Examples
# Set the size of the buffer for Web login logging to 800.
<System> system-view
[System] web logbuffer size 800
