inbound: Restricts Telnet connections established in the inbound direction through the VTY user interface. If the received packets for establishing a Telnet connection are permitted by an ACL rule, the connection is allowed to be established. When the device functions as a Telnet server, this keyword is used to control access of Telnet clients.

outbound: Restricts Telnet connections established in the outbound direction through the VTY user interface. If the packets sent for establishing a Telnet connection are permitted by an ACL rule, the connection is allowed to be established. When the device functions as a Telnet client, this keyword is used to define Telnet servers accessible to the client.

Description

Use the acl command to reference ACLs to control access to the VTY user interface.

Use the undo acl command to cancel the ACL application. For more information about ACL, see the ACL and QoS Command Reference.

By default, access to the VTY user interface is not restricted.

· If no ACL is referenced in VTY user interface view, the VTY user interface has no access control over establishing a Telnet or SSH connection.

· If an ACL is referenced in VTY user interface view, the connection is permitted to be established only when packets for establishing a Telnet connection match a permit statement in the ACL.

The system regards the basic/advanced ACL with the inbound keyword, the basic/advanced ACL with the outbound keyword, and Ethernet frame header ACL as different types of ACLs, which can coexist in one VTY user interface. The match order is basic/advanced ACL, Ethernet frame header ACL. At most one ACL of each type can be referenced in the same VTY user interface, and the last configured one takes effect.

Examples

# Allow only the user with the IP address of 192.168.1.26 to access the device through Telnet.

<Sysname> system-view

[Sysname] acl number 2001

[Sysname-acl-basic-2001] rule permit source 192.168.1.26 0

[Sysname-acl-basic-2001] quit

[Sysname] user-interface vty 0

[Sysname-ui-vty0] acl 2001 inbound

After your configuration, user A (with IP address 192.168.1.26) can telnet to the device while user B (with IP address 192.168.1.60) cannot telnet to the device. Upon a connection failure, a message appears, saying "%connection closed by remote host!"

# Allow the device to only telnet to the Telnet server with IP address 192.168.1.41.

<Sysname> system-view

[Sysname] acl number 3001

[Sysname-acl-adv-3001] rule permit tcp destination 192.168.1.41 0

[Sysname-acl-adv-3001] quit

[Sysname] user-interface vty 0 4

[Sysname-ui-vty0-4] acl 3001 outbound

[Sysname-ui-vty0-4] return

After your configuration, if you telnet to 192.168.1.46, your operation fails.

<Sysname> telnet 192.168.1.46

%Can't access the host from this terminal!

But you can telnet to 192.168.1.41.

<Sysname> telnet 192.168.1.41

Trying 192.168.1.41 ...

Press CTRL+K to abort

Connected to 192.168.1.41 ...

activation-key

Syntax

activation-key character

undo activation-key

View

User interface view

Default level

3: Manage level

Parameters

character: Shortcut key for starting a terminal session, a single character (or its corresponding ASCII code value that ranges from 0 to 127) or a string of 1 to 3 characters. However, only the first character functions as the shortcut key. For example, if you input an ASCII code value of 97, the system uses its corresponding character a as the shortcut key. If you input string b@c, the system uses the first character b as the shortcut key.

Description

Use the activation-key command to define a shortcut key for starting a terminal session.

Use the undo activation-key command to restore the default.

By default, pressing the Enter key starts a terminal session. However, if a new shortcut key is defined with the activation-key command, the Enter key no longer functions. To display the shortcut key you have defined, use the display current-configuration command.

NOTE:

The activation-key command is not supported by the VTY user interface.

Examples

# Configure character s as the shortcut key for starting a terminal session on the AUX port.

<Sysname> system-view

[Sysname] user-interface aux 0

[Sysname-ui-aux0] activation-key s

To verify the configuration:

· Exit the terminal session on the AUX port.

[Sysname-ui-aux0] return

<Sysname> quit

· Log in to the AUX port again. The following message appears.

******************************************************************************

* Without the owner's prior written consent, *

* no decompiling or reverse-engineering shall be allowed. *

******************************************************************************

User interface aux0 is available.

Please press ENTER.

· At this moment, pressing Enter does not start a session. To start the terminal session, enter s instead.

%Mar 2 18:40:27:981 2005 Sysname SHELL/5/LOGIN: Console login from aux0

auto-execute command

Syntax

auto-execute command command

undo auto-execute command

View

User interface view

Default level

3: Manage level

Parameters

command: Specifies a command to be automatically executed.

Description

Use the auto-execute command command to specify a command to be automatically executed when a user logs in to the current user interface.

Use the undo auto-execute command command to remove the configuration.

By default, command auto-execution is disabled.

The auto-execute command command is not supported by the AUX user interface.

The system automatically executes the specified command when a user logs in to the user interface, and tears down the user connection after the command is executed. If the command triggers another task, the system does not tear down the user connection until the task is completed.

Typically, you can use the auto-execute command telnet command in user interface view to enable a user to automatically telnet to the specified host when the user logs in to the device.

CAUTION:

The auto-execute command command may disable you from configuring the system through the user interface to which the command is applied. Before configuring the command and saving the configuration (by using the save command), make sure that you can access the device through VTY or AUX interfaces to remove the configuration when a problem occurs.

Examples

# Configure the device to automatically telnet to 192.168.1.41 after a user logs in to user interface VTY 0.

<Sysname> system-view

[Sysname] user-interface vty 0

[Sysname -ui-vty0] auto-execute command telnet 192.168.1.41

% This action will lead to configuration failure through ui-vty0. Are you sure?

[Y/N]:y

[Sysname-ui-vty0]

To verify the configuration:

Telnet to 192.168.1.40. The device automatically telnets to 192.168.1.41. The following output is displayed:

C:\> telnet 192.168.1.40

******************************************************************************

* Without the owner's prior written consent, *

* no decompiling or reverse-engineering shall be allowed. *

******************************************************************************

Trying 192.168.1.41 ...

Press CTRL+K to abort

Connected to 192.168.1.41 ...

******************************************************************************

* Without the owner's prior written consent, *

* no decompiling or reverse-engineering shall be allowed. *

******************************************************************************

<Sysname.41>

This operation is the same as directly logging in to the device at 192.168.1.41. If the telnet connection to 192.168.1.41 is broken down, the telnet connection to 192.168.1.40 breaks down at the same time.

authentication-mode

Syntax

authentication-mode { none | password | scheme }

undo authentication-mode

View

User interface view

Default level

3: Manage level

Parameters

none: Performs no authentication.

password: Performs local password authentication.

scheme: Performs AAA authentication. For more information about AAA, see the Security Configuration Guide.

Description

Use the authentication-mode command to set the authentication mode for the user interface.

Use the undo authentication-mode command to restore the default.

By default, the authentication mode for VTY user interfaces is password, and for the AUX user interface is none.

Related commands: set authentication password.

Examples

# Specify that no authentication is needed for VTY 0. (This mode is insecure.)

<Sysname> system-view

[Sysname] user-interface vty 0

[Sysname-ui-vty0] authentication-mode none

# Use password authentication when users log in to the device through VTY 0, and set the authentication password to 321.

<Sysname> system-view

[Sysname] user-interface vty 0

[Sysname-ui-vty0] authentication-mode password

[Sysname-ui-vty0] set authentication password cipher 321

# Authenticate users by username and password for VTY 0. Set the username to 123 and the password to 321.

<Sysname> system-view

[Sysname] user-interface vty 0

[Sysname-ui-vty0] authentication-mode scheme

[Sysname-ui-vty0] quit

[Sysname] local-user 123

[Sysname-luser-123] password cipher 321

[Sysname-luser-123] service-type telnet

[Sysname-luser-123] authorization-attribute level 3

command accounting

Syntax

command accounting

undo command accounting

View

User interface view

Default level

3: Manage level

Parameters

None

Description

Use the command accounting command to enable command accounting.

Use the undo command accounting command to restore the default.

By default, command accounting is disabled. The accounting server does not record the commands that users have executed.

When command accounting is enabled and command authorization is not, every executed command is recorded on the HWTACACS server.

When both command accounting and command authorization are enabled, only the authorized and executed commands are recorded on the HWTACACS server.

Examples

# Enable command accounting on VTY 0. Then the HWTACACS server records the commands executed by users that have logged in through VTY 0.

<Sysname> system-view

[Sysname] user-interface vty 0

[Sysname-ui-vty0] command accounting

command authorization

Syntax

command authorization

undo command authorization

View

User interface view

Default level

3: Manage level

Parameters

None

Description

Use the command authorization command to enable command authorization.

Use the undo command authorization command to restore the default.

By default, command authorization is disabled. Logged-in users can execute commands without authorization.

With command authorization enabled, users can perform only commands authorized by the server.

Examples

# Enable command accounting for VTY 0 so that users logging in from VTY 0 can perform only the commands authorized by the HWTACACS server.

<Sysname> system-view

[Sysname] user-interface vty 0

[Sysname-ui-vty0] command authorization

databits

Syntax

databits { 5 | 6 | 7 | 8 }

undo databits

View

User interface view

Default level

2: System level

Parameters

5: Sets 5 data bits for each character.

6: Sets 6 data bits for each character.

7: Sets 7 data bits for each character.

8: Sets 8 data bits for each character.

Description

Use the databits command to set data bits for each character.

Use the undo databits command to restore the default.

By default, 8 data bits are set for each character.

For the switching engine, the data bits must be set to 8.

NOTE:

· The command is only applicable to the AUX port.

· The data bits setting must be the same for the user interfaces of the connecting ports on the device and the terminal device for communication.

Examples

# Specify 8 data bits for each character.

<Sysname> system-view

[Sysname] user-interface aux 0

[Sysname-ui-aux0] databits 8

display ip http

Syntax

display ip http [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

|: Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, which is a case sensitive string of 1 to 256 characters.

Description

Use the display ip http command to display HTTP information.

Examples

# Display information about HTTP..

<Sysname> display ip http

HTTP port: 80

Basic ACL: 2222

Current connection: 0

Operation status: Running

Table 1 Output description

Field	Description
HTTP port	Port number used by the HTTP service
Basic ACL	Basic ACL number associated with the HTTP service
Current connection	Number of current connections
Operation status	Operation status, which takes the following values: · Running—The HTTP service is enabled. · Stopped—The HTTP service is disabled.

display ip https

Syntax

display ip https [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

|: Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, which is a case sensitive string of 1 to 256 characters.

Description

Use the display ip https command to display information about HTTPS.

Examples

# Display information about HTTPS.

<Sysname> display ip https

HTTPS port: 443

SSL server policy: test

Certificate access-control-policy:

Basic ACL: 2222

Operation status: Running

Table 2 Output description

Field	Description
HTTPS port	Port number used by the HTTPS service
SSL server policy	The SSL server policy associated with the HTTPS service
Certificate access-control-policy	The certificate attribute access control policy associated with the HTTPS service
Basic ACL	The basic ACL number associated with the HTTPS service
Operation status	Operation status, which takes the following values: · Running—The HTTPS service is enabled. · Stopped—The HTTPS service is disabled.

display telnet client configuration

Syntax

display telnet client configuration [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

|: Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, which is a case sensitive string of 1 to 256 characters.

Description

Use the display telnet client configuration command to display the configuration of the device when it serves as a telnet client.

Examples

# Display the configuration of the device when it serves as a telnet client.

<Sysname> display telnet client configuration

The source IP address is 1.1.1.1.

The output shows that when the device serves as a client, the source IPv4 address for sending telnet packets is 1.1.1.1.

display user-interface

Syntax

display user-interface [ aux | vty ] first-number [ last-number ] [ summary ] [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

aux: Specifies the AUX user interface.

vty: Specifies the VTY user interface.

first-number: Relative or absolute number of a user interface.

· If the aux or vty keyword is specified, first-number represents the relative number of the specified user interface. It takes the value of 0 for the AUX user interface, and ranges from 0 to 15 for the VTY user interface.

· If the aux or vty keyword is not specified, first-number represents the absolute number of a user interface. It ranges from 0 to 32.

last-number: The last user interface to be configured, which must be greater than first-number.

summary: Displays summary about user interfaces.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, which is a case sensitive string of 1 to 256 characters.

Description

Use the display user-interface command to display information about the specified or all user interfaces.

If the summary keyword is not included, the command displays the type of the user interface, the absolute or relative number, the transmission rate, the user privilege level, the authentication mode, and the access port.

If the summary keyword is included, the command displays all user interface numbers and types.

Examples

# Display information about user interface 0.

<Sysname> display user-interface 0

Idx Type Tx/Rx Modem Privi Auth Int

+ 0 AUX 0 9600 - 3 N -

+ : Current user-interface is active.

F : Current user-interface is active and work in async mode.

Idx : Absolute index of user-interface.

Type : Type and relative index of user-interface.

Privi: The privilege of user-interface.

Auth : The authentication mode of user-interface.

Int : The physical location of UIs.

A : Authentication use AAA.

L : Authentication use local database.

N : Current UI need not authentication.

P : Authentication use current UI's password.

Table 3 Output description

Field	Description
+	The current user interface is active.
F	The current user interface is active and works in asynchronous mode.
Idx	Absolute number of the user interface.
Type	Type and relative number of the user interface.
Tx/Rx	Transmission/Receive rate of the user interface
Modem	Whether the modem is allowed to dial in (in), dial out (out), or both (inout) By default, the character - is displayed to indicate that this function is disabled.
Privi	Indicates the command level of a user under that user interface
Auth	Authentication mode for the users, which can be A, P, L, and N.
Int	The physical port that corresponds to the user interface.
A	AAA authentication
L	Local authentication (not supported)
N	No authentication
P	Password authentication

# Display summary about all user interfaces.

<Sysname> display user-interface summary

User interface type : [AUX]

0:X

User interface type : [VTY]

1:UXXX XXXX XXXX XXXX

1 character mode users. (U)

16 UI never used. (X)

1 total UI in use

Table 4 Output description

Field	Description
User interface type	Type of user interface (AUX/VTY)
0:X	0 represents the absolute number of the user interface. X means this user interface is not used; U means this user interface is in use.
character mode users. (U)	Number of users, or, the total number of character U.
UI never used. (X)	Number of user interfaces not used, or, the total number of character X.
total UI in use	Total number of user interfaces in use

display users

Syntax

display users [ all ] [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

all: Displays information about all user interfaces that the device supports.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, which is a case sensitive string of 1 to 256 characters.

Description

Use the display users command to display information about the user interfaces that are being used.

Use the display users all command to display information about all user interfaces supported by the device.

Examples

# Display information about the user interfaces that are being used.

<Sysname> display users

The user application information of the user interface(s):

Idx UI Delay Type Userlevel

0 AUX 0 00:02:29 3

+ 1 VTY 0 00:00:00 TEL 3

2 VTY 1 00:00:00 TEL 3

Following are more details.

VTY 0 :

Location: 192.168.0.5

VTY 1 :

Location: 192.168.0.18

+ : Current operation user.

F : Current operation user work in async mode.

The output shows that two users have logged in to the device. The one with IP address 192.168.0.5 uses VTY 0, and the other with IP address 192.168.0.18 uses VTY 1.

Table 5 Output description

Field	Description
Idx	Absolute number of the user interface
UI	Relative number of the user interface. For example, with VTY, the first column represents user interface type, and the second column represents the relative number of the user interface.
Delay	Time elapsed since the user's last input, in the format of hh:mm:ss.
Type	User type, such as Telnet
Userlevel	User level: 0 for visit, 1 for monitor, 2 for system, and 3 for manage.
+	Current user
Location	IP address of the user
F	The current user works in asynchronous mode

display web users

Syntax

display web users [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

|: Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, which is a case sensitive string of 1 to 256 characters.

Description

Use the display web users command to display information about the web users.

Examples

# Display information about the web users.

<Sysname> display web users

UserID Name Language Level State LinkCount LoginTime LastTime

ab890000 admin Chinese Management Enable 0 14:13:46 14:14:18

Table 6 Output description

Field	Description
UserID	Web user ID
Name	Web username
Language	Language used in web login
Level	Web user level
State	Web user status
LinkCount	Number of tasks running for the web user
LoginTime	Login time
LastTime	Last time when the web user accessed the device

escape-key

Syntax

escape-key { default | character }

undo escape-key

View

User interface view

Default level

3: Manage level

Parameters

character: Specifies the shortcut key for terminating a task, a single character (or its corresponding ASCII code value in the range 0 to 127) or a string of 1 to 3 characters. Only the first character of a string functions as the shortcut key. For example, if you enter an ASCII code value of 113, the system uses its corresponding character q as the shortcut key. If you enter the string q@c, the system uses the first character q as the shortcut key.

default: Restores the default escape key combination of Ctrl+C.

Description

Use the escape-key command to define a shortcut key for terminating a task.

Use the undo escape-key command to disable the shortcut key for terminating tasks.

By default, a task is terminated by pressing Ctrl+C.

After you define a new shortcut key by using the escape-key command, the new shortcut key is used to terminate a task. To display the shortcut key you have defined, use the display current-configuration command.

If you set the character argument in a user interface of a device, when you use the user interface to log in to the device and then telnet to another device, the character argument can be used as a control character to terminate a task rather than used as a common character. For example, if you specify character e in VTY 0 user interface of Device A, when you log in to Device A by using VTY 0 from a PC (Hyper Terminal), you can input e as a common character on the PC, and you can also use e to terminate the task running on Device A. If you telnet to Device B from Device A, you can only use e to terminate the task running on Device B, rather than use e as a common character, so specify character as a key combination.

Examples

# Define key a as the shortcut key for terminating a task.

<Sysname> system-view

[Sysname] user-interface aux 0

[Sysname-ui-aux0] escape-key a

To verify the configuration:

# Ping the IP address of 192.168.1.49 and use the -c keyword to specify the number of ICMP echo packets to be sent as 20.

<Sysname> ping -c 20 192.168.1.49

PING 192.168.1.49: 56 data bytes, press a to break

Reply from 192.168.1.49: bytes=56 Sequence=1 ttl=255 time=3 ms

Reply from 192.168.1.49: bytes=56 Sequence=2 ttl=255 time=3 ms

# Enter a. The task terminates immediately and the system returns to system view.

--- 192.168.1.49 ping statistics ---

2 packet(s) transmitted

2 packet(s) received

0.00% packet loss

round-trip min/avg/max = 3/3/3 ms

free user-interface

Syntax

free user-interface [ aux | vty ] first-number [ last-number ]

View

User view

Default level

3: Manage level

Parameters

aux: Specifies the AUX user interface.

vty: Specifies the VTY user interface.

first-number: Relative or absolute number of a user interface.

· If the aux or vty keyword is not specified, first-number represents the absolute number of a user interface. It ranges from 0 to 32.

last-number: The last user interface to be configured, which must be greater than first-number.

Description

Use the free user-interface command to release the connection(s) established on the specified user interface.

This command cannot release the connection that you are using.

Examples

# Display the connection established on user interface VTY 1.

· Display the users that are operating the device.

<Sysname> display users

The user application information of the user interface(s):

Idx UI Delay Type Userlevel

+ 1 VTY 0 00:00:00 TEL 3

2 VTY 1 00:07:22 TEL 3

3 VTY 2 00:03:00 TEL 3

Following are more details.

VTY 0 :

Location: 192.168.0.5

VTY 1 :

Location: 192.168.0.18

VTY 2 :

Location: 192.168.0.2

+ : Current operation user.

F : Current operation user work in async mode.

· If the operations of the user using VTY 1 affect the operations of the administrator, log out the user.

<Sysname> free user-interface vty 1

Are you sure to free user-interface vty1? [Y/N]:y

free web-users

Syntax

free web-users { all | user-id user-id | user-name user-name }

View

User view

Default level

2: System level

Parameters

all: Specifies all web users.

user-id: Web user ID, which is a hexadecimal number of eight digits.

user-name: Web user name, which is a string of 1 to 80 characters.

Description

Use the free web-users command to log out web users.

Related commands: display web users.

Examples

# Log out all web users.

<Sysname> free web-users all

history-command max-size

Syntax

history-command max-size size-value

undo history-command max-size

View

User interface view

Default level

2: System level

Parameters

size-value: Specifies the maximum number of history commands that the buffer can store. The value ranges from 0 to 256.

Description

Use the history-command max-size command to set the size of the history command buffer of the current user interface.

Use the undo history-command max-size command to restore the default.

By default, the buffer saves 10 history commands.

The history command buffer saves executed history commands per user interface and buffers for different user interfaces do not affect each other. To display the commands that are stored in the history buffer, use the display history-command command. To view the recently executed commands, press the upper arrow or lower arrow key. For more information about the display history-command command, see the Fundamentals Command Reference.

After you terminate the current session, the system automatically removes the commands saved in the corresponding history buffer.

Examples

# Set the buffer to store 20 history commands at most.

<Sysname> system-view

[Sysname] user-interface aux 0

[Sysname-ui-aux0] history-command max-size 20

idle-timeout

Syntax

idle-timeout minutes [ seconds ]

undo idle-timeout

View

User interface view

Default level

2: System level

Parameters

minutes: Specifies the timeout time in minutes, which ranges from 0 to 35791, and defaults to 10 minutes.

seconds: Specifies timeout time in seconds, which ranges from 0 to 59, and defaults to 0 seconds.

Description

Use the idle-timeout command to set the idle-timeout timer.

Use the undo idle-timeout command to restore the default.

The default idle-timeout is 10 minutes.

NOTE:

· The system automatically terminates the user’s connection(s) if there is no information interaction between the device and the users within the idle timeout time.

· Setting idle-timeout to zero disables the timer. In this case, connections are maintained unless you terminate them.

Examples

# Set the idle-timeout timer to 1 minute and 30 seconds.

<Sysname> system-view

[Sysname] user-interface aux 0

[Sysname-ui-aux0] idle-timeout 1 30

ip http acl

Syntax

ip http acl acl-number

undo ip http acl

View

System view

Default level

2: System level

Parameters

acl-number: ACL number, which ranges from 2000 to 2999.

Description

Use the ip http acl command to associate the HTTP service with an ACL.

Use the undo ip http acl command to remove the association.

By default, the HTTP service is not associated with any ACL.

After the HTTP service is associated with an ACL, only the clients permitted by the ACL can access the device through HTTP.

Related commands: display ip http (in Logging in to the device commands in the Fundamentals Command Reference) and acl number in ACL configuration commands in the ACL and QoS Command Reference.

Examples

# Associate the HTTP service with ACL 2001 to only allow the clients within the 10.10.0.0/16 network to access the device through HTTP.

<Sysname> system-view

[Sysname] acl number 2001

[Sysname-acl-basic-2001] rule permit source 10.10.0.0 0.0.255.255

[Sysname-acl-basic-2001] quit

[Sysname] ip http acl 2001

ip http enable

Syntax

ip http enable

undo ip http enable

View

System view

Default level

2: System level

Parameters

None

Description

Use the ip http enable command to enable the HTTP service.

Use the undo ip http enable command to disable the HTTP service.

The device can act as the HTTP server that can be accessed only after the HTTP service is enabled.

Related commands: display ip http.

Examples

# Enable the HTTP service.

<Sysname> system-view

[Sysname] ip http enable

# Disable the HTTP service.

<Sysname> system-view

[Sysname] undo ip http enable

ip http port

Syntax

ip http port port-number

undo ip http port

View

System view

Default level

3: Manage level

Parameters

port-number: Port number of the HTTP service, which ranges from 1 to 65535.

Description

Use the ip http port command to configure the port number of the HTTP service.

Use the undo ip http port command to restore the default.

By default, the port number of the HTTP service is 80.

Verify that the port number is not used by another service, because this command does not check for conflicts with configured port numbers.

Related commands: display ip http.

Examples

# Configure the port number of the HTTP service as 8080.

<Sysname> system-view

[Sysname] ip http port 8080

ip https acl

Syntax

ip https acl acl-number

undo ip https acl

View

System view

Default level

3: Manage level

Parameters

acl-number: ACL number, which ranges from 2000 to 2999.

Description

Use the ip https acl command to associate the HTTPS service with an ACL.

Use the undo ip https acl command to remove the association.

By default, the HTTPS service is not associated with any ACL.

After the HTTPS service is associated with an ACL, only the clients permitted by the ACL can access the device.

Related commands: display ip https (in Logging in to the device commands in the Fundamentals Command Reference) and acl number (in ACL configuration commands in the ACL and QoS Command Reference).

Examples

# Associate the HTTPS service with ACL 2001 to only allow the clients within the 10.10.0.0/16 network segment to access the HTTPS server through HTTP.

<Sysname> system-view

[Sysname] acl number 2001

[Sysname-acl-basic-2001] rule permit source 10.10.0.0 0.0.255.255

[Sysname-acl-basic-2001] quit

[Sysname] ip https acl 2001

ip https certificate access-control-policy

Syntax

ip https certificate access-control-policy policy-name

undo ip https certificate access-control-policy

View

System view

Default level

3: Manage level

Parameters

policy-name: Name of the certificate attribute access control policy, a string of 1 to 16 characters.

Description

Use the ip https certificate access-control-policy command to associate the HTTPS service with a certificate attribute access control policy.

Use the undo ip https certificate access-control-policy command to remove the association.

By default, the HTTPS service is not associated with any certificate attribute access control policy.

Association of the HTTPS service with a certificate attribute access control policy can control the access rights of clients.

Related commands: display ip https (in Logging in to the device commands in the Fundamentals Command Reference) and pki certificate access-control-policy (in PKI configuration commands in the Security Command Reference).

Examples

# Associate the HTTPS server to certificate attribute access control policy myacl.

<Sysname> system-view

[Sysname] ip https certificate access-control-policy myacl

ip https enable

Syntax

ip https enable

undo ip https enable

View

System view

Default level

3: Manage level

Parameters

None

Description

Use the ip https enable command to enable the HTTPS service.

Use the undo ip https enable command to disable the HTTPS service.

By default, the HTTPS service is disabled.

The device can act as the HTTP server that can be accessed only after the HTTP service is enabled.

Enabling the HTTPS service triggers an SSL handshake negotiation process.

· If the local certificate of the device exists, the SSL negotiation succeeds, and the HTTPS service can be started.

· If no local certificate exists, the SSL negotiation triggers a certificate application process that often fails because it times out. If that happens, execute the ip https enable command multiple times to start the HTTPS service.

Related commands: display ip https.

Examples

# Enable the HTTPS service.

<Sysname> system-view

[Sysname] ip https enable

ip https port

Syntax

ip https port port-number

undo ip https port

View

System view

Default level

3: Manage level

Parameters

port-number: Port number of the HTTPS service, which ranges from 1 to 65535.

Description

Use the ip https port command to configure the port number of the HTTPS service.

Use the undo ip https port command to restore the default.

By default, the port number of the HTTPS service is 443.

Verify that the port number is not used by another service, because this command does not check for conflicts with configured port numbers.

Related commands: display ip https.

Examples

# Configure the port number of the HTTPS service as 6000.

<Sysname> system-view

[Sysname] ip https port 6000

ip https ssl-server-policy

Syntax

ip https ssl-server-policy policy-name

undo ip https ssl-server-policy

View

System view

Default level

3: Manage level

Parameters

policy-name: Name of an SSL server policy, which is a string of 1 to 16 characters.

Description

Use the ip https ssl-server-policy command to associate the HTTPS service with an SSL server-end policy.

Use the undo ip https ssl-server-policy to remove the association.

By default, the HTTPS service is not associated with any SSL server-end policy.

The HTTPS service can be enabled only after this command is configured successfully.

With the HTTPS service enabled, you cannot modify the associated SSL server-end policy or remove the association between the HTTPS service and the SSL server-end policy after the HTTPS service is enabled.

Related commands: display ip https (in Logging in to the device commands in the Fundamentals Command Reference) and ssl server-policy (in SSL configuration commands in the Security Command Reference).

Examples

# Associate the HTTPS service with SSL server-end policy myssl.

<Sysname> system-view

[Sysname] ip https ssl-server-policy myssl

lock

Syntax

lock

View

User view

Default level

3: Manage level

Parameters

None

Description

Use the lock command to lock the user interface. This method prevents unauthorized users from using the user interface.

When entering the lock command, you are asked to input a password (up to 16 characters) and then confirm it by inputting the password again. After locking the user interface, you must press Enter and input the correct password next time you enter this user interface.

By default, this function is disabled.

Examples

# Lock the current user interface.

<Sysname> lock

Please input password<1 to 16> to lock current user terminal interface:

Password:

Again:

locked !

Password:

parity

Syntax

parity { even | mark | none | odd | space }

undo parity

View

User interface view

Default level

2: System level

Parameters

even: Performs an even parity check.

mark: Performs a mark parity check.

none: Performs no parity check.

odd: Performs an odd parity check.

space: Performs a space parity check.

Description

Use the parity command to set a parity check method.

Use the undo parity command to restore the default.

By default, no parity check is performed.

NOTE:

The wireless switch supports only even, none, and odd parity check methods. You must make the corresponding configuration of the terminal running on the PC the same as the configuration on the switch.

Examples

# Configure the AUX port to perform odd parity check.

<Sysname> system-view

[Sysname] user-interface aux 0

[Sysname-ui-aux0] parity odd

protocol inbound

Syntax

protocol inbound { all | ssh | telnet }

undo protocol inbound

View

VTY interface view

Default level

3: Manage level

Parameters

all: Supports both protocols: Telnet and SSH.

ssh: Supports SSH only.

telnet: Supports Telnet only.

Description

Use the protocol inbound command to enable the current user interface to support either Telnet, SSH, or both. The configuration takes effect next time you log in.

Use the undo protocol inbound command to restore the default.

By default, all the three protocols are supported.

NOTE:

· Before configuring a user interface to support SSH, set the authentication mode to scheme for the user interface; otherwise, the protocol inbound ssh command fails. For more information, see authentication-mode.

· By default, the authentication mode of the Telnet protocol is password.

Examples

# Enable the VTYs 0 through 4 to support SSH only.

<Sysname> system-view

[Sysname] user-interface vty 0 4

[Sysname-ui-vty0-4] authentication-mode scheme

[Sysname-ui-vty0-4] protocol inbound ssh

screen-length

Syntax

screen-length screen-length

undo screen-length

View

User interface view

Default level

2: System level

Parameters

screen-length: Number of lines to be displayed on a screen, which ranges from 0 to 512. The value of 0 disables pausing between screens of output.

Description

Use the screen-length command to set the number of lines to be displayed on a screen.

Use the undo screen-length command to restore the default.

By default, a screen displays 24 lines.

When screen output pauses, press the Space key to display the next screen. Not all terminals support this command setting. For example, assume that you set screen-length to 40, but the terminal can display 24 lines in one screen at most. When you press Space, the device sends 40 lines to the terminal, but the next screen displays only lines 18 through 40. To view the first 17 lines, you must press the page up or page down key.

To disable multiple-screen output of the current user interface, use the screen-length disable command. For more information about the screen-length disable command, see the chapter “CLI commands.”

Examples

# Set the next screen of the user interface of AUX port 0 to display 30 lines.

<Sysname> system-view

[Sysname] user-interface aux 0

[Sysname-ui-aux0] screen-length 30

send

Syntax

send { all | [ aux | vty ] first-number [ last-number ] }

View

User view

Default level

1: Monitor level

Parameters

all: Sends messages to all user interfaces.

aux: Specifies the AUX user interface.

vty: Specifies the VTY user interface.

first-number: Relative or absolute number of a user interface.

· If the aux or vty keyword is not specified, first-number represents the absolute number of a user interface. It ranges from 0 to 32.

last-number: The last user interface to be configured, which must be greater than first-number.

Description

Use the send command to send messages to the specified user interfaces.

To end message input, press Ctrl+Z. To cancel message input and return to user view, press Ctrl+C.

Examples

# Send message hello abc to the user interface of AUX 0.

<Sysname> send aux 0

Enter message, end with CTRL+Z or Enter; abort with CTRL+C:

hello abc^Z

Send message? [Y/N]:y

***

***Message from aux0 to aux0

***

hello abc

set authentication password

Syntax

set authentication password { cipher | simple } password

undo set authentication password

View

User interface view

Default level

3: Manage level

Parameters

cipher: Cipher text password.

simple: Plain text password.

password: A case sensitive string. If the password format is simple, the password argument must be in plain text, and the configuration file saves the password in plain text. If the format is cipher, password can be either in cipher text or in plain text, and the configuration file always saves the password in cipher text. A plain text password can be a string of no more than 16 characters, 1234567 for example. A cipher text password or the encrypted version of the plain text password comprises 24 characters, such as _(TT8F]Y\5SQ=^Q`MAF4<1!!.

Description

Use the set authentication password command to set an authentication password.

Use the undo set authentication password command to remove the local authentication password.

By default, no local authentication password is set.

No matter whether the password format is plain text or cipher text, you must type the password in plain text during authentication.

A plain text password easily gets cracked. Therefore, a cipher text password is recommended.

Related commands: authentication-mode.

Examples

# Set the local authentication password for the user interface of AUX 0 to hello.

<Sysname> system-view

[Sysname] user-interface aux 0

[Sysname-ui-aux0] authentication-mode password

[Sysname-ui-aux0] set authentication password cipher hello

Next time you enter the system, the password is required.

shell

Syntax

shell

undo shell

View

User interface view

Default level

3: Manage level

Parameters

None

Description

Use the shell command to enable terminal services on the current user interface.

Use the undo shell command to disable terminal services on the current user interface.

· The AUX user interface does not support the undo shell command.

· You cannot disable the terminal services on the user interface through which you are logged in.

By default, terminal services are enabled on all user interfaces.

Examples

# Disable terminal services on VTYs 0 through 4, which means you cannot log in to the device through VTYs 0 through 4.

<Sysname> system-view

[Sysname] user-interface vty 0 4

[Sysname-ui-vty0-4] undo shell

% Disable ui-vty0-4 , are you sure? [Y/N]:y

[Sysname-ui-vty0-4]

The following message appears when a terminal tries to telnet to the device:

The connection was closed by the remote host!

speed (user interface view)

Syntax

speed speed-value

undo speed

View

User interface view

Default level

2: System level

Parameters

speed-value: Transmission rate in bps.

The transmission rates available with asynchronous serial interfaces include:

· 300 bps

· 600 bps

· 1200 bps

· 2400 bps

· 4800 bps

· 9600 bps

· 19200 bps

· 38400 bps

· 57600 bps

· 115200 bps

The transmission rate varies with devices and configuration environment.

Description

Use the speed command to set the transmission rate on the user interface.

Use the undo speed command to restore the default transmission rate.

By default, the transmission rate is 9600 bps.

NOTE:

· The command is only applicable to AUX port.

· The transmission rate setting must be identical for the user interfaces of the connecting ports on the device and the target terminal device for communication.

Examples

# Set the transmission rate on the user interface AUX 0 to 19200 bps.

<Sysname> system-view

[Sysname] user-interface aux 0

[Sysname-ui-aux0] speed 19200

stopbits

Syntax

stopbits { 1 | 1.5 | 2 }

undo stopbits

View

User interface view

Default level

2: System level

Parameters

1: One stop bit.

1.5: One and a half stop bits.

2: Two stop bits.

Description

Use the stopbits command to set the number of stop bits transmitted per byte.

Use the undo stopbits command to restore the default.

By default, the stop bit is one.

Related commands: stopbit-error intolerance.

NOTE:

· The command is only applicable to AUX port.

· The stop bits setting must be the identical for the user interfaces of the connecting ports on the device and the target device for communication.

Examples

# Set the stop bits on the user interface AUX 0 to 1.5.

<Sysname> system-view

[Sysname] user-interface aux 0

[Sysname-ui-aux0] stopbits 1.5

telnet

Syntax

telnet remote-host [ service-port ] [ source { interface interface-type interface-number | ip ip-address } ]

View

User view

Default level

0: Visit level

Parameters

remote-host: IPv4 address or host name of a remote host, which is a case insensitive string of 1 to 20 characters.

service-port: TCP port number of the Telnet service on the remote host. It ranges from 0 to 65535 and defaults to 23.

source: Specifies the source interface or source IPv4 address of Telnet packets.

interface interface-type interface-number: Specifies the source interface. The source IPv4 address of the Telnet packets sent is the IPv4 address of the specified interface. interface-type interface-number represents the interface type and number.

ip ip-address: Specifies the source IPv4 address of Telnet packets.

Description

Use the telnet command to telnet to a remote host.

To terminate the current Telnet connection, press Ctrl+K or use the quit command.

The source IPv4 address or source interface specified by this command is applicable to the current Telnet connection only.

Examples

# Telnet to the remote host 1.1.1.2, specifying the source IP address of Telnet packets as 1.1.1.1.

<Sysname> telnet 1.1.1.2 source ip 1.1.1.1

telnet client source

Syntax

telnet client source { interface interface-type interface-number | ip ip-address }

undo telnet client source

View

System view

Default level

2: System level

Parameters

ip ip-address: Specifies the source IPv4 address of Telnet packets.

Description

Use the telnet client source command to specify the source IPv4 address or source interface for sending telnet packets when the device serves as a telnet client.

Use the undo telnet client source command to remove the source IPv4 address or source interface for sending telnet packets.

By default, no source IPv4 address or source interface for sending telnet packets is specified. The source IPv4 address is selected by routing.

The source IPv4 address or source interface specified by this command is applicable all Telnet connections.

If you use both this command and the telnet command to specify the source IPv4 address or source interface, the source IPv4 address or interface specified by the telnet command takes effect.

Related commands: display telnet client configuration.

Examples

# Specify the source IPv4 address for sending telnet packets when the device serves as a telnet client as 1.1.1.1.

<Sysname> system-view

[Sysname] telnet client source ip 1.1.1.1

telnet ipv6

Syntax

telnet ipv6 remote-host [ -i interface-type interface-number ] [ port-number ]

View

User view

Default level

0: Visit level

Parameters

remote-host: IP address or host name of a remote host, which is a case insensitive string of 1 to 46 characters.

-i interface-type interface-number: Specifies the outbound interface for sending Telnet packets, where interface-type interface-number represents the interface type and number. If the destination address is a link-local address, provide the –i interface-type interface-number argument.

port-number: TCP port number for the remote host to provide the Telnet service. It ranges from 0 to 65535 and defaults to 23.

Description

Use the telnet ipv6 command to telnet to a remote host in an IPv6 network. To terminate the current Telnet connection, press Ctrl+K or use the quit command.

Examples

# Telnet to the remote host with the IPv6 address 5000::1.

<Sysname> telnet ipv6 5000::1

telnet server enable

Syntax

telnet server enable

undo telnet server enable

View

System view

Default level

3: Manage level

Parameters

None

Description

Use the telnet server enable command to enable the Telnet server.

Use the undo telnet server enable command to disable the Telnet server.

The Telnet server is enabled by default.

Examples

# Enable the Telnet server.

<Sysname> system-view

[Sysname] telnet server enable

terminal type

Syntax

terminal type { ansi | vt100 }

undo terminal type

View

User interface view

Default level

2: System level

Parameters

ansi: Specifies the terminal display type as ANSI.

vt100: Specifies the terminal display type as VT100.

Description

Use the terminal type command to configure the type of terminal display of the current user interface.

Use the undo terminal type command to restore the default.

By default, the terminal display type is ANSI.

The device supports two types of terminal display: ANSI and VT100. H3C recommends you to set the display type of both the device and the client to VT100. If the device and the client use different display types (for example, hyper terminal or Telnet terminal) or both are set to ANSI, when the total number of characters of the currently edited command line exceeds 80, an anomaly such as cursor corruption or abnormal display of the terminal display may occur on the client.

Examples

# Set the terminal display type to VT100.

<Sysname> system-view

[Sysname] user-interface vty 0

[Sysname-ui-vty0] terminal type vt100

user privilege level

Syntax

user privilege level level

undo user privilege level

View

User interface view

Default level

3: Manage level

Parameters

level: Specifies a user privilege level, which ranges from 0 to 3.

NOTE:

User privilege levels include visit, monitor, system, and manage, represented by the number 0, 1, 2 and 3 respectively. The administrator can change the user privilege level when necessary.

Description

Use the user privilege level command to configure the user privilege level. Users logging into the user interface are assigned a user privilege level.

Use the undo user privilege level command to restore the default.

By default, the default command level is 3 for the AUX user interface and 0 for other user interfaces.

Examples

# Set the command level for users logging in through VTY 0 to 0.

<Sysname> system-view

[Sysname] user-interface vty 0

[Sysname-ui-vty0] user privilege level 0

After you telnet to the device through VTY 0, the terminal only displays commands of level 0 in the help information:

<Sysname> ?

User view commands:

cluster Run cluster command

display Display current system information

ping Ping function

quit Exit from current command view

rsh Establish one RSH connection

ssh2 Establish a secure shell client connection

super Set the current user priority level

telnet Establish one TELNET connection

tracert Trace route function

user-interface

Syntax

user-interface [ aux | vty ] first-number [ last-number ]

View

System view

Default level

2: System level

Parameters

aux: Specifies the AUX user interface.

vty: Specifies the VTY user interface.

first-number: Relative or absolute number of a user interface.

· If the aux or vty keyword is not specified, first-number represents the absolute number of a user interface. It ranges from 0 to 32.

last-number: The last user interface to be configured, which must be greater than first-number.

Description

Use the user-interface command to enter a single or multiple user interface views.

In a single user interface view, the configuration takes effect in the user view only.

In multiple user interface views, the configuration takes effect in these user views.

Examples

# Enter the AUX user interface view.

<Sysname> system-view

[Sysname] user-interface aux 0

[Sysname-ui-aux0]

# Enter the user interface views of VTYs 0 to 4.

<Sysname> system-view

[Sysname] user-interface vty 0 4

[Sysname-ui-vty0-4]

01-Fundamentals Command Reference

ip http enable

ip https enable

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

News & Events

Contact Us