02-Fundamentals Command Reference

HomeSupportReference GuidesCommand ReferencesH3C Access Controllers Command References(R5447P04)-6W10002-Fundamentals Command Reference
03-Login management commands
Title Size Download
03-Login management commands 366.52 KB

Login management commands

Some login management commands are available in both user line view and user line class view. For these commands, the device uses the following rules to determine the settings to be activated:

·     A setting in user line view applies only to the user line. A setting in user line class view applies to all user lines of the class.

·     A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.

·     A setting in user line class view takes effect on login sessions that are established after the setting is configured.

activation-key

Use activation-key to set the terminal session activation key. Pressing this shortcut key starts a terminal session.

Use undo activation-key to restore the default.

Syntax

activation-key key-string

undo activation-key

Default

The terminal session activation key is Enter.

Views

User line view

User line class view

Predefined user roles

network-admin

Parameters

key-string: Specifies a shortcut key. It can be a character (case sensitive), or an ASCII code value in the range of 0 to 127. For example, if you configure activation-key 1, the shortcut key is Ctrl+A. If you configure activation-key a, the shortcut key is a. For information about ASCII code values of individual characters, see the standard ASCII code chart. For information about ASCII code values of combined keys that use the Ctrl key, see Table 1.

Usage guidelines

This command is not supported in VTY line view or VTY line class view.

This command takes effect immediately.

This command is available in both user line view and user line class view. A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.

You can use only the specified terminal session activation key to start a terminal session. To display the current terminal session activation key, use the display current-configuration | include activation-key command.

Table 1 ASCII code values for combined keys that use the Ctrl key

Combined key

ASCII code value

Ctrl+A

1

Ctrl+B

2

Ctrl+C

3

Ctrl+D

4

Ctrl+E

5

Ctrl+F

6

Ctrl+G

7

Ctrl+H

8

Ctrl+I

9

Ctrl+J

10

Ctrl+K

11

Ctrl+L

12

Ctrl+M

13

Ctrl+N

14

Ctrl+O

15

Ctrl+P

16

Ctrl+Q

17

Ctrl+R

18

Ctrl+S

19

Ctrl+T

20

Ctrl+U

21

Ctrl+V

22

Ctrl+W

23

Ctrl+X

24

Ctrl+Y

25

Ctrl+Z

26

Examples

# Configure character s as the terminal session activation key for console line 0.

<Sysname> system-view

[Sysname] line console 0

[Sysname-line-console0] activation-key s

To verify the configuration:

1.     Exit the console session.

[Sysname-line-console0] return

<Sysname> quit

2.     Log in again through the console line.

The following message appears:

Press ENTER to get started.

3.     Press Enter.

Pressing Enter does not start a session.

4.     Press s.

A terminal session is started.

<Sysname>

authentication-mode

Use authentication-mode to set the authentication mode for a user line.

Use undo authentication-mode to restore the default.

Syntax

authentication-mode { none | password | scheme }

undo authentication-mode

Default

The authentication mode is none for console login.

The authentication mode is password for the VTY line.

Views

User line view

User line class view

Predefined user roles

network-admin

Parameters

none: Disables authentication.

password: Performs local password authentication.

scheme: Performs AAA authentication. For more information about AAA, see User Access and Authentication Configuration Guide.

Usage guidelines

CAUTION

CAUTION:

·     When authentication is disabled, users can login without authentication. For security purpose, disable authentication with caution.

·     When you enable password authentication, you must also configure an authentication password for the line or line class. If no authentication password is configured, you cannot log in to the device through the line or line class at the next time.

·     When you enable scheme authentication, make sure an authentication user account is available. If no authentication user account is available, you cannot log in to the device through the line or line class at the next time.

 

Only users assigned the network-admin, or level-15 user role can execute this command. Other users cannot execute this command, even if they are granted the right to execute this command.

In VTY line view, this command is associated with the protocol inbound command.

·     If the settings of the two commands in VTY line view are both the default settings, the settings for the commands in VTY line class view take effect.

·     If the settings of the two commands in VTY line view are both non-default settings, the non-default settings in VTY line view take effect.

·     If only one command has a non-default setting in VTY line view, the other command uses the default setting, regardless of the setting in VTY line class view.

An authentication mode change does not take effect on the current session. It takes effect on subsequent login sessions.

Examples

# Enable the none authentication mode for VTY line 0.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] authentication-mode none

# Enable password authentication for VTY line 0 and set the password to hello12345.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] authentication-mode password

[Sysname-line-vty0] set authentication password simple hello12345

# Enable scheme authentication for VTY line 0. Configure local user 123 and set the password to hello12345. Assign the Telnet service and the user role network-admin to the user.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] authentication-mode scheme

[Sysname-line-vty0] quit

[Sysname] local-user 123

[Sysname-luser-manage-123] password simple hello12345

[Sysname-luser-manage-123] service-type telnet

[Sysname-luser-manage-123] authorization-attribute user-role network-admin

Related commands

set authentication password

auto-execute command

Use auto-execute command to specify the command to be automatically executed for a login user.

Use undo auto-execute command to restore the default.

Syntax

auto-execute command command

undo auto-execute command

Default

No command is specified to be automatically executed for a login user.

Views

User line view

User line class view

Predefined user roles

network-admin

Parameters

command: Specifies the command to be automatically executed.

Usage guidelines

CAUTION

CAUTION:

After configuring this command for a user line, you might be unable to access the CLI through the user line. Make sure you can access the CLI through a different user line before you configure this command and save the configuration.

The device will automatically execute the specified command when a user logs in through the user line, and close the user connection after the command is executed.

This command is not supported in console line view or console line class view.

This command is available in both user line view and user line class view. A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.

A configuration change made by this command does not take effect on the current session. It takes effect on subsequent login sessions.

Examples

# Configure the device to automatically execute the telnet 192.168.1.41 command when a user logs in through VTY line 0.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] auto-execute command telnet 192.168.1.41

This action will lead to configuration failure through line-vty0. Are you sure?

[Y/N]:y

[Sysname-line-vty0]

# To verify the configuration, Telnet to the device (192.168.1.40).

The device automatically Telnets to 192.168.1.41. The following output is displayed on the configuration terminal:

C:\> telnet 192.168.1.40

******************************************************************************

* Copyright (c) 2004-2020 New H3C Technologies Co., Ltd. All rights reserved.*

* Without the owner's prior written consent,                                 *

* no decompiling or reverse-engineering shall be allowed.                    *

******************************************************************************

 

<Sysname>

Trying 192.168.1.41 ...

Press CTRL+K to abort

Connected to 192.168.1.41 ...

******************************************************************************

* Copyright (c) 2004-2020 New H3C Technologies Co., Ltd. All rights reserved.*

* Without the owner's prior written consent,                                 *

* no decompiling or reverse-engineering shall be allowed.                    *

******************************************************************************

<Sysname.41>

This operation is the same as directly logging in to the device at 192.168.1.41 through Telnet. When you close the Telnet connection to 192.168.1.41, the Telnet connection to 192.168.1.40 is closed at the same time.

command accounting

Use command accounting to enable command accounting.

Use undo command accounting to disable command accounting.

Syntax

command accounting

undo command accounting

Default

Command accounting is disabled. The accounting server does not record executed commands.

Views

User line view

User line class view

Predefined user roles

network-admin

Usage guidelines

When command accounting is enabled but command authorization is not, every executed command is recorded on the HWTACACS server. When both command accounting and command authorization are enabled, only authorized commands that are executed are recorded on the HWTACACS server.

Invalid commands are not recorded.

A configuration change made by this command does not take effect on the current session. It takes effect on subsequent login sessions.

After you use the command accounting command in user line class view, you cannot use the undo command accounting command in any user line views in the class.

Examples

# Enable command accounting for VTY line 0.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] command accounting

Related commands

accounting command (User Access and Authentication Command Reference)

command authorization

command authorization

Use command authorization to enable command authorization.

Use undo command authorization to disable command authorization.

Syntax

command authorization

undo command authorization

Default

Command authorization is disabled. Logged-in users can execute commands without authorization.

Views

User line view

User line class view

Predefined user roles

network-admin

Usage guidelines

When command authorization is enabled, a user can only use commands that are permitted by both the AAA scheme and user role.

A configuration change made by this command does not take effect on the current session. It takes effect on subsequent login sessions.

If you configure the command authorization command in user line class view, command authorization is enabled for all user lines in the class. You cannot configure the undo command authorization command in the view of a user line in the class.

Examples

# Enable command authorization for VTY line 0.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] command authorization

Related commands

authorization command (User Access and Authentication Command Reference)

command accounting

databits

Use databits to specify the number of data bits for a character.

Use undo databits to restore the default.

Syntax

databits { | 7 | 8 }

undo databits

Default

Eight data bits are used for a character.

Views

User line view

Predefined user roles

network-admin

Parameters

7: Uses seven data bits for a character.

8: Uses eight data bits for a character.

Usage guidelines

This command is not supported in VTY line class view.

This setting must be the same as the setting on the configuration terminal.

Examples

# Configure console 0 to use seven data bits for a character.

<Sysname> system-view

[Sysname] line console 0

[Sysname-line-console0] databits 7

display ip http

Use display ip http to display HTTP service configuration and status information.

Syntax

display ip http

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display HTTP service configuration and status information.

<Sysname> display ip http

HTTP port: 80

ACL: 2222(basic)

Operation status: Enabled

Table 2 Command output

Field

Description

HTTP port

HTTP service port number.

ACL

ACL used to control HTTP access. If no ACL is used, this field displays 0.

·     basic—Basic ACL.

·     advanced—Advanced ACL.

·     layer 2—Layer 2 ACL.

Operation status

Whether the HTTP service is enabled.

Related commands

ip http acl

ip http enable

ip http port

display ip https

Use display ip https to display HTTPS service configuration and status information.

Syntax

display ip https

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display HTTPS service configuration and status information.

<Sysname> display ip https

HTTPS port: 443

SSL server policy: test

Certificate access-control-policy: Not configured

ACL: 3333(advanced)

Operation status: Enabled

Table 3 Command output

Field

Description

HTTPS port

HTTPS service port number.

SSL server policy

SSL server policy applied to the HTTPS service. If no SSL server policy is applied, this field displays Not configured.

Certificate access-control-policy

Certificate-based access control policy used to control client access rights. If no certificate-based access control policy is used, this field displays Not configured.

ACL

ACL used to control HTTPS access. If no ACL is used, this field displays 0.

·     basic—Basic ACL.

·     advanced—Advanced ACL.

·     layer 2—Layer 2 ACL.

Operation status

Whether the HTTPS service is enabled.

Related commands

ip https acl

ip https enable

ip https port

ip https certificate access-control-policy

ip https ssl-server-policy

display line

Use display line to display user line information.

Syntax

display line [ number1 | { console | vty } number2 ] [ summary ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

number1: Specifies the absolute number of a user line.

The following compatibility matrixes show the value ranges for the absolute user line number:

Hardware series

Model

Product code

Value range

WX1800H series

WX1804H-PWR

EWP-WX1804H-PWR-CN

0 to 32

WX2500H series

WX2508H-PWR-LTE

WX2510H-PWR

WX2510H-F-PWR

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

0 to 32

MAK series

MAK204

MAK206

EWP-MAK204

EWP-MAK206

0 to 32

WX3000H series

WX3010H

WX3010H-X-PWR

WX3010H-L-PWR

WX3024H

WX3024H-L-PWR

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

0 to 32

WX3500H series

WX3508H

WX3508H

WX3510H

WX3510H

WX3520H

WX3520H-F

WX3540H

WX3540H

EWP-WX3508H

EWP-WX3508H-F

EWP-WX3510H

EWP-WX3510H-F

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

EWP-WX3540H-F

0 to 33

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

0 to 33

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

0 to 33

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0: 0 to 35

EWPXM1WCME0: 0 to 35

LSQM1WCMX20: 0 to 39

LSUM1WCMX20RT: 0 to 39

LSQM1WCMX40: 0 to 39

LSUM1WCMX40RT: 0 to 39

EWPXM2WCMD0F: 0 to 39

EWPXM1MAC0F: 0 to 39

Hardware series

Model

Product code

Value range

WX1800H series

WX1804H-PWR

WX1810H-PWR

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

0 to 32

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

0 to 33

WX5800H series

WX5860H

EWP-WX5860H-GL

0 to 33

console: Specifies the console line.

vty: Specifies the VTY line.

number2: Specifies the relative number of a user line.

The following compatibility matrixes show the value ranges for the relative user line number:

Hardware series

Model

Product code

Value range

WX1800H series

WX1804H-PWR

EWP-WX1804H-PWR-CN

Console line: 0

VTY lines: 0 to 31

WX2500H series

WX2508H-PWR-LTE

WX2510H-PWR

WX2510H-F-PWR

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

Console line: 0

VTY lines: 0 to 31

MAK series

MAK204

MAK206

EWP-MAK204

EWP-MAK206

Console line: 0

VTY lines: 0 to 31

WX3000H series

WX3010H

WX3010H-X-PWR

WX3010H-L-PWR

WX3024H

WX3024H-L-PWR

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

Console line: 0

VTY lines: 0 to 31

WX3500H series

WX3508H

WX3508H

WX3510H

WX3510H

WX3520H

WX3520H-F

WX3540H

WX3540H

EWP-WX3508H

EWP-WX3508H-F

EWP-WX3510H

EWP-WX3510H-F

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

EWP-WX3540H-F

Console line: 0 and 1

VTY lines: 0 to 31

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

Console line: 0 and 1

VTY lines: 0 to 31

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

Console line: 0 and 1

VTY lines: 0 to 31

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

Console line: 0

VTY lines: 0 to 31

Hardware series

Model

Product code

Value range

WX1800H series

WX1804H-PWR

WX1810H-PWR

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

Console line: 0

VTY lines: 0 to 31

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

Console line: 0 and 1

VTY lines: 0 to 31

WX5800H series

WX5860H

EWP-WX5860H-GL

Console line: 0 and 1

VTY lines: 0 to 31

summary: Displays summary information about user lines. If you do not specify this keyword, the command displays detailed information.

Examples

# Display information about line 0.

<Sysname> display line 0

  Idx  Type     Tx/Rx      Modem Auth  Int        Location

+ 0    CON 0    9600       -     N     -           1/0

 

  +    : Line is active.

  F    : Line is active and in async mode.

  Idx  : Absolute index of line.

  Type : Type and relative index of line.

  Auth : Login authentication mode.

  Int  : Physical port of the line.

  A    : Authentication use AAA.

  N    : No authentication is required.

  P    : Password authentication.

Table 4 Command output

Field

Description

Modem

Whether the modem allows calling in or out. By default, this attribute is not configured and this field displays a hyphen (-).

This field is not supported in the current software version.

Int

Physical port for the line. If there is no physical port for the line or the port is a console port, this field displays a hyphen (-).

Location

(In standalone mode.) Physical position of the line.

Location

(In IRF mode.) Physical position of the line, in the form of slot number/CPU number.

A

The authentication mode is scheme.

N

The authentication mode is none.

P

The authentication mode is password.

# Display summary information about all user lines.

<Sysname> display line summary

  Line type : [CON]                                                            

           0:XX                                                                

  Line type : [VTY]                                                            

           2:UUUX XXXX XXXX XXXX                                               

          18:XXXX XXXX XXXX XXXX                                               

                                                                               

   3 lines used.      (U)                                                       

  31 lines not used.  (X)

Table 5 Command output

Fields

Description

Line type

Type of the user line:

·     CON—Console line.

·     VTY—VTY line.

number:status

number: Absolute number of the first user line in the user line class.

status: User line status. X is for unused and U is for used.

display telnet client

Use display telnet client to display the packet source setting for the Telnet client.

Syntax

display telnet client

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

This command displays the source IPv4 address or source interface specified for the Telnet client to use in outgoing Telnet packets, depending on the telnet client source command.

Examples

# Display the packet source setting for the Telnet client.

<Sysname> display telnet client

 The source IP address is 1.1.1.1.

Related commands

telnet client source

display user-interface

Use display user-interface to display user line information.

Syntax

display user-interface [ number1 | { console | vty } number2 ] [ summary ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

number1: Specifies the absolute number of a user line.

The following compatibility matrixes show the value ranges for the absolute user line number:

Hardware series

Model

Product code

Value range

WX1800H series

WX1804H-PWR

EWP-WX1804H-PWR-CN

0 to 32

WX2500H series

WX2508H-PWR-LTE

WX2510H-PWR

WX2510H-F-PWR

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

0 to 32

MAK series

MAK204

MAK206

EWP-MAK204

EWP-MAK206

0 to 32

WX3000H series

WX3010H

WX3010H-X-PWR

WX3010H-L-PWR

WX3024H

WX3024H-L-PWR

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

0 to 32

WX3500H series

WX3508H

WX3508H

WX3510H

WX3510H

WX3520H

WX3520H-F

WX3540H

WX3540H

EWP-WX3508H

EWP-WX3508H-F

EWP-WX3510H

EWP-WX3510H-F

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

EWP-WX3540H-F

0 to 33

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

0 to 33

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

0 to 33

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0: 0 to 35

EWPXM1WCME0: 0 to 35

LSQM1WCMX20: 0 to 39

LSUM1WCMX20RT: 0 to 39

LSQM1WCMX40: 0 to 39

LSUM1WCMX40RT: 0 to 39

EWPXM2WCMD0F: 0 to 39

EWPXM1MAC0F: 0 to 39

Hardware series

Model

Product code

Value range

WX1800H series

WX1804H-PWR

WX1810H-PWR

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

0 to 32

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

0 to 33

WX5800H series

WX5860H

EWP-WX5860H-GL

0 to 33

console: Specifies the console line.

vty: Specifies the VTY line.

number2: Specifies the relative number of a user line.

The following compatibility matrixes show the value ranges for the relative user line number:

Hardware series

Model

Product code

Value range

WX1800H series

WX1804H-PWR

EWP-WX1804H-PWR-CN

Console line: 0

VTY lines: 0 to 31

WX2500H series

WX2508H-PWR-LTE

WX2510H-PWR

WX2510H-F-PWR

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

Console line: 0

VTY lines: 0 to 31

MAK series

MAK204

MAK206

EWP-MAK204

EWP-MAK206

Console line: 0

VTY lines: 0 to 31

WX3000H series

WX3010H

WX3010H-X-PWR

WX3010H-L-PWR

WX3024H

WX3024H-L-PWR

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

Console line: 0

VTY lines: 0 to 31

WX3500H series

WX3508H

WX3508H

WX3510H

WX3510H

WX3520H

WX3520H-F

WX3540H

WX3540H

EWP-WX3508H

EWP-WX3508H-F

EWP-WX3510H

EWP-WX3510H-F

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

EWP-WX3540H-F

Console line: 0 and 1

VTY lines: 0 to 31

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

Console line: 0 and 1

VTY lines: 0 to 31

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

Console line: 0 and 1

VTY lines: 0 to 31

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

Console line: 0

VTY lines: 0 to 31

Hardware series

Model

Product code

Value range

WX1800H series

WX1804H-PWR

WX1810H-PWR

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

Console line: 0

VTY lines: 0 to 31

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

Console line: 0 and 1

VTY lines: 0 to 31

WX5800H series

WX5860H

EWP-WX5860H-GL

Console line: 0 and 1

VTY lines: 0 to 31

summary: Displays summary information about user lines. If you do not specify this keyword, the detailed information is displayed.

Usage guidelines

This command is an older version reserved for backward compatibility purposes. It has the same functionality and output as the display line command. As a best practice, use the display line command.

Examples

# Display information about line 0.

<Sysname> display user-interface 0

  Idx  Type     Tx/Rx      Modem Auth  Int        Location

+ 0    CON 0    9600       -     N     -          1/0

 

  +    : Line is active.

  F    : Line is active and in async mode.

  Idx  : Absolute index of line.

  Type : Type and relative index of line.

  Auth : Login authentication mode.

  Int  : Physical port of the line.

  A    : Authentication use AAA.

  N    : No authentication is required.

  P    : Password authentication.

Table 6 Command output

Field

Description

Modem

Whether the modem allows calling in or out. By default, this attribute is not configured and this field displays a hyphen (-).

This field is not supported in the current software version.

Int

Physical port for the line. If there is no physical port for the line or the port is a console port, this field displays a hyphen (-).

Location

(In standalone mode.)  Physical position of the line.

Location

(In IRF mode.) Physical position of the line, in the form of slot number/CPU number.

A

The authentication mode is scheme.

N

The authentication mode is none.

P

The authentication mode is password.

# Display summary information about all user lines.

<Sysname> display user-interface summary

  Line type : [CON]

           0:XX

  Line type : [VTY]

           2:UUUX XXXX XXXX XXXX

          18:XXXX XXXX XXXX XXXX

 

   3 lines used.      (U)

  31 lines not used.  (X)

Table 7 Command output

Fields

Description

Line type

Type of the user line:

·     CON—Console line.

·     VTY—VTY line.

number:status

number: Absolute number of the first user line in the user line class.

status: User line status. X is for unused and U is for used.

display users

Use display users to display online CLI users.

Syntax

display users [ all ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Displays all user lines supported by the device.

Examples

# Display online user information.

<Sysname> display users

  Idx  Line     Idle       Time              Pid     Type                      

+ 10   VTY 0    00:00:00   Jan 01 00:33:10   484     TEL                       

  12   VTY 2    00:06:22   Jan 01 00:33:22   495     TEL                       

                                                                                

Following are more details.                                                    

VTY 0   :                                                                      

        Location: 192.168.1.107                                                

VTY 2   :                                                                      

        Location: 192.168.1.134                                                

 +    : Current operation user.                                                

 F    : Current operation user works in async mode.

Table 8 Command output

Field

Description

Idx

Absolute number of the user line.

Line

Type and relative number of the user line.

Idle

Time elapsed after the user's most recent input, in the hh:mm:ss format.

Time

Login time of the user.

Pid

Process ID of the user session.

Type

User type:

·     TEL—Telnet user.

·     SSH—SSH user.

For a user who logged in through the console port, this field does not display anything.

+

User line you are using.

Location

IP address of the user.

display web menu

Use display web menu to display Web interface navigation tree information.

Syntax

display web menu [ chinese ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

chinese: Displays information about the Chinese Web interface navigation tree. If you do not specify this keyword, the command displays information about the English Web interface navigation tree.

Usage guidelines

This command displays all options on the Web interface navigation tree.

Examples

# Display Web interface navigation tree information.

<Sysname> display web menu

  .

  |--m_system: ID = m_system

  |    |--m_dashboard: ID = m_dashboard

  |    |--Network Configuration: ID = m_controller

  |    |    |--Mobility Domain: ID = m_mobilitydomain

  |    |    |    `--Roam: ID = m_roamoutstation

  |    |    |--Network Interfaces: ID = m_networkinterfaces

  |    |    |    |--m_interface: ID = m_interface

  |    |    |    |--m_lagg: ID = m_lagg

  |    |    |    `--m_stormconstrain: ID = m_stormconstrain

  |    |    |--VLAN: ID = m_vlan

  |    |    |    |--m_vlan: ID = m_vlan

  |    |    |    |--m_mac: ID = m_mac

  |    |    |    `--m_stp: ID = m_stp

  |    |    |--Network Routing: ID = m_networkrouting

  |    |    |    |--m_routingtable: ID = m_routingtable

  |    |    |    |--m_staticrouting: ID = m_staticrouting

  |    |    |    |--m_rip: ID = m_rip

  |    |    |    `--m_pbr: ID = m_pbr

  |    |    |--Network Services: ID = m_networkservices

  |    |    |    |--IP Services: ID = m_ipservices

  |    |    |    |    |--m_ip: ID = m_ip

  |    |    |    |    `--m_ipv6: ID = m_ipv6

  |    |    |    |--DHCP/DNS: ID = m_dhcpdns

  |    |    |    |    |--m_dhcp: ID = m_dhcp

  |    |    |    |    |--m_dhcpsnooping: ID = m_dhcpsnooping

  |    |    |    |    |--m_dns: ID = m_dns

  |    |    |    |    |--m_ddns: ID = m_ddns

  |    |    |    |    `--m_ipv6dns: ID = m_ipv6dns

  |    |    |    |--Multicast: ID = m_multicast

  |    |    |    |    |--m_igmpsnooping: ID = m_igmpsnooping

  |    |    |    |    `--m_mldsnooping: ID = m_mldsnooping

  |    |    |    |--ARP: ID = m_arp

  |    |    |    |    `--m_arp: ID = m_arp

  |    |    |    `--ND: ID = m_nd

  |    |    |         `--m_nd: ID = m_nd

  |    |    `--Management Protocols: ID = m_managementprotocols

  |    |         |--m_http: ID = m_http

  |    |         |--m_ftp: ID = m_ftp

  |    |         |--m_telnet: ID = m_telnet

  |    |         |--m_ntp: ID = m_ntp

  |    |         |--m_lldp: ID = m_lldp

  |    |         `--m_logsettings: ID = m_logsettings

  |    |--Network Security: ID = m_networksecurity

  |    |    |--Packet Filter: ID = m_packetfilter

  |    |    |    `--m_packetfilter: ID = m_packetfilter

  |    |    |--QoS: ID = m_trafficpolicy

  |    |    |    |--m_mqc: ID = m_mqc

  |    |    |    |--m_priority: ID = m_priority

  |    |    |    `--m_linerate: ID = m_linerate

  |    |    |--Access Control: ID = m_accesscontrol

  |    |    |    `--m_8021x: ID = m_8021x

  |    |    |--Authentication: ID = m_authentication

  |    |    |    |--m_ispdomain: ID = m_ispdomain

  |    |    |    `--m_radius: ID = m_radius

  |    |    `--User Management: ID = m_usermanagement

  |    |         `--m_localuser: ID = m_localuser

  |    |--System: ID = m_system

  |    |    |--Event Logs: ID = m_syslogtop

  |    |    |    `--Event Logs: ID = m_syslog

  |    |    |--Resource: ID = m_resource

  |    |    |    |--IPv4 ACL: ID = m_ipv4acl

  |    |    |    |--IPv6 ACL: ID = m_ipv6acl

  |    |    |    |--m_macacl: ID = m_macacl

  |    |    |    |--m_useracl: ID = m_useracl

  |    |    |    `--m_timerange: ID = m_timerange

  |    |    |--Administrators: ID = m_administrator

  |    |    |    `--m_admin: ID = m_admin

  |    |    `--Management: ID = m_management

  |    |         |--m_devicesettings: ID = m_devicesettings

  |    |         |--m_config: ID = m_config

  |    |         |--m_upgrade: ID = m_upgrade

  |    |         |--m_reboot: ID = m_reboot

  |    |         `--m_about: ID = m_about

  |    `--Tools: ID = m_tools

  |         |--Port Mirroring: ID = m_portmirroring

  |         |    `--m_portmirror: ID = m_portmirror

  |         `--Debug: ID = m_debug

  |              `--m_diagnostic: ID = m_diagnostic

  |--m_global: ID = m_global

  |    |--m_dashboard: ID = m_dashboard

  |    |--Quick Start: ID = m_quickaction

  |    |    |--Add New AP: ID = m_addaptop

  |    |    |    `--Add New AP: ID = m_addap

  |    |    `--Add New SSID: ID = m_addssidtop

  |    |         `--Add New SSID: ID = m_addssid

  |    |--Monitoring: ID = m_monitoring

  |    |    |--Wireless Networks: ID = m_monwirelessnetworks

  |    |    |    `--Wireless Services: ID = m_monssid

  |    |    |--Access Points: ID = m_monaccesspoints

  |    |    |    |--APs: ID = m_monaps

  |    |    |    `--AP Groups: ID = m_monapgroups

  |    |    |--Clients: ID = m_monclients

  |    |    |    `--Clients: ID = m_monclients

  |    |    |--Wireless Security: ID = m_wipssecurity

  |    |    |    `--WIPS: ID = m_wipsdashboard

  |    |    |--RF Monitoring: ID = m_rfmonitoring

  |    |    |    |--RF Optimization: ID = m_monrfoptimization

  |    |    |    `--Spectrum Analysis: ID = m_monitoringspectrumanalysis

  |    |    `--Application Monitoring: ID = m_appmonitoring

  |    |         `--Bonjour: ID = m_monbonjour

  |    |--Wireless Configuration: ID = m_wsconfig

  |    |    |--Wireless Networks: ID = m_wirelessnetworks

  |    |    |    `--Wireless Networks: ID = m_servicetemplate

  |    |    |--AP Management: ID = m_apmanage

  |    |    |    |--AP Groups: ID = m_apgroups

  |    |    |    |--Access Points: ID = m_accesspoints

  |    |    |    |--AP Global Settings: ID = m_apsettings

  |    |    |    |--AP Provision: ID = m_approvision

  |    |    |    `--AP Group Provision: ID = m_apgroupprovision

  |    |    |--Wireless QoS: ID = m_wlanqos

  |    |    |    |--Client Rate Limit: ID = m_clientratelimit

  |    |    |    |--Bandwidth Guarantee: ID = m_bandwidthguarantee

  |    |    |    `--Wi-Fi Multimedia: ID = m_wifimultimedia

  |    |    |--Wireless Security: ID = m_wirelesssecurity

  |    |    |    |--WIPS: ID = m_wips

  |    |    |    `--Filter: ID = m_wuac

  |    |    |--Radio Resource: ID = m_radiomanage

  |    |    |    |--Radio Management: ID = m_radio

  |    |    |    |--RF Optimization: ID = m_rfoptimization

  |    |    |    |--Spectrum Analysis: ID = m_spectrumanalysis

  |    |    |    |--Load Balancing: ID = m_loadbalancing

  |    |    |    `--Band Navigation: ID = m_bandnavigation

  |    |    `--Applications: ID = m_applications

  |    |         |--Mesh Services: ID = m_meshservices

  |    |         |--Location Aware: ID = m_locationaware

  |    |         `--Bonjour: ID = m_bonjour

  |    |--Network Security: ID = m_networksecurity

  |    |    |--Packet Filter: ID = m_packetfilter

  |    |    |    `--m_packetfilter: ID = m_packetfilter

  |    |    |--QoS: ID = m_trafficpolicy

  |    |    |    |--m_mqc: ID = m_mqc

  |    |    |    |--m_priority: ID = m_priority

  |    |    |    `--m_linerate: ID = m_linerate

  |    |    |--Access Control: ID = m_accesscontrol

  |    |    |    `--m_8021x: ID = m_8021x

  |    |    |--Authentication: ID = m_authentication

  |    |    |    |--m_ispdomain: ID = m_ispdomain

  |    |    |    `--m_radius: ID = m_radius

  |    |    |--BYOD: ID = m_byod

  |    |    |    |--BYOD DB: ID = m_byod

  |    |    |    `--BYOD Authorization: ID = m_byodauth

  |    |    |--User Management: ID = m_usermanage

  |    |    |    `--m_localuser: ID = m_localuser

  |    |    `--Guest Management: ID = m_guestmanage

  |    |         |--Guest User: ID = m_guestlist

  |    |         |--Import Guest: ID = m_importguest

  |    |         |--Generate Guest Account: ID = m_generateguest

  |    |         |--Approve Guest: ID = m_approveguest

  |    |         `--Guest Configuration: ID = m_guestsyscfg

  |    |--Tools: ID = m_tools

  |    |    |--Wireless Capture: ID = m_wirelesscapture

  |    |    |    `--Wireless Capture: ID = m_wirelesscapture

  |    |    |--RF Ping: ID = m_rfping

  |    |    |    `--RF Ping: ID = m_rfping

  |    |    `--Debug: ID = m_debug

  |    |         `--m_diagnostic: ID = m_diagnostic

  |    `--Reporting: ID = m_reporting

  |         |--Client Statistics: ID = m_clientreports

  |         |    |--AC Frame: ID = m_acframe

  |         |    |--AC Bytes: ID = m_acbyte

  |         |    |--Total Frame: ID = m_totalframe

  |         |    `--Total Bytes: ID = m_totalbyte

  |         |--AP Statistics: ID = m_apreports

  |         |    `--AP Statistics: ID = m_apreports

  |         `--Wireless Service Statistics: ID = m_wsreport

  |              `--Wireless Service Statistics: ID = m_wsreport

  `--m_apnode: ID = m_apnode

       `--Wireless Configuration: ID = m_wsconfig

            |--AP Management: ID = m_apmanage

            |    `--Access Points: ID = m_accesspoints

            |--Applications: ID = m_applications

            |    `--Location Aware: ID = m_locationaware

            `--Radio Resource: ID = m_radiomanage

                 |--Radio Management: ID = m_radio

                 `--RF Optimization: ID = m_rfoptimization

display web users

Use display web users to display online Web users.

Syntax

display web users

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display online Web users.

<Sysname> display web users

UserID          Name            Type   Language JobCount LoginTime LastOperation

AB2039483271293 Administrator   HTTP   Chinese     3     12:00:23  14:10:05

F09382BA2014AC8 user            HTTPS  English     1     13:05:00  14:11:00

Table 9 Command output

Field

Description

UserID

ID used to uniquely identify the online Web user.

JobCount

Number of connections established by the user.

escape-key

Use escape-key to set the escape key.

Use undo escape-key to disable the escape key.

Syntax

escape-key { key-string | default }

undo escape-key

Default

The escape key is Ctrl+C.

Views

User line view

User line class view

Predefined user roles

network-admin

Parameters

key-string: Specifies a shortcut key. It can be a character (case sensitive, except for d and D), or an ASCII code value in the range of 0 to 127. For example, if you configure escape-key 1, the shortcut key is Ctrl+A. If you configure escape-key a, the shortcut key is a. If you specify the character d or D for this argument, the actual shortcut key is Ctrl+C. To use d or D as the shortcut key, you must specify the ASCII code value of the character for this argument. For information about ASCII code values of individual characters, see the standard ASCII code chart. For information about ASCII code values of combined keys that use the Ctrl key, see Table 1.

default: Restores the default escape key Ctrl+C.

Usage guidelines

You can press the escape key to abort a command that is being executed, for example, a ping or tracert command. Whether a command can be aborted by Ctrl+C by default depends on the software implementation of the command. For more information, see the usage guidelines for the command.

As a best practice, use a key sequence as the escape key. If you define a single character as the escape key, pressing the key while a command is being executed stops the command. If no command is being executed, pressing the key enters the character as a common character. If you Telnet from the device to a remote device, pressing the key enters the character as a common character on the remote device. The key acts as the escape key on the remote device only when the following conditions are met:

·     You define the same character as the escape key on the remote device.

·     You press the key while a command is being executed on the remote device.

The undo escape-key command disables the current escape key. After you execute this undo command, no escape key is available.

This command is available in both user line view and user line class view. A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.

The setting in user line view takes effect immediately on the current session. The setting in user line class view takes effect on login sessions that are established after the setting is configured.

To display the current escape key, use the display current-configuration | include escape-key command.

Examples

# Configure character a as the escape key for VTY line 0.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] escape-key a

To verify the configuration:

1.     Ping IP address 192.168.1.49, specifying the -c keyword to set the number of ICMP echo request packets to 20.

<Sysname> ping -c 20 192.168.1.49

  PING 192.168.1.49: 56  data bytes, press a to break

    Reply from 192.168.1.49: bytes=56 Sequence=1 ttl=255 time=3 ms

    Reply from 192.168.1.49: bytes=56 Sequence=2 ttl=255 time=3 ms

2.     Press a.

The system aborts the command and returns to user view.

  --- 192.168.1.49 ping statistics ---

    2 packet(s) transmitted

    2 packet(s) received

    0.00% packet loss

    round-trip min/avg/max = 3/3/3 ms

<Sysname>

flow-control

Use flow-control to configure the flow control mode.

Use undo flow-control to restore the default.

Syntax

flow-control { hardware | none | software }

undo flow-control

Default

Flow control is disabled.

Views

User line view

Predefined user roles

network-admin

Parameters

hardware: Performs hardware flow control.

none: Disables flow control.

software: Performs software flow control.

Usage guidelines

This command is not supported in VTY line view.

The device supports flow control in both the inbound and outbound directions.

·     For flow control in the inbound direction, the local device listens to flow control information from the remote device.

·     For flow control in the outbound direction, the local device sends flow control information to the remote device.

The flow control setting takes effect in both directions.

To communicate, two devices must operate in the same flow control mode.

Examples

# Configure software flow control in the inbound and outbound directions for console line 0.

<Sysname> system-view

[Sysname] line console 0

[Sysname-line-console0] flow-control software

free line

Use free line to release a user line.

Syntax

free line { number1 | { console | vty } number2 }

Views

User view

Predefined user roles

network-admin

Parameters

number1: Specifies the absolute number of a user line.

The following compatibility matrixes show the value ranges for the absolute user line number:

Hardware series

Model

Product code

Value range

WX1800H series

WX1804H-PWR

EWP-WX1804H-PWR-CN

0 to 32

WX2500H series

WX2508H-PWR-LTE

WX2510H-PWR

WX2510H-F-PWR

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

0 to 32

MAK series

MAK204

MAK206

EWP-MAK204

EWP-MAK206

0 to 32

WX3000H series

WX3010H

WX3010H-X-PWR

WX3010H-L-PWR

WX3024H

WX3024H-L-PWR

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

0 to 32

WX3500H series

WX3508H

WX3508H

WX3510H

WX3510H

WX3520H

WX3520H-F

WX3540H

WX3540H

EWP-WX3508H

EWP-WX3508H-F

EWP-WX3510H

EWP-WX3510H-F

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

EWP-WX3540H-F

0 to 33

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

0 to 33

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

0 to 33

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0: 0 to 35

EWPXM1WCME0: 0 to 35

LSQM1WCMX20: 0 to 39

LSUM1WCMX20RT: 0 to 39

LSQM1WCMX40: 0 to 39

LSUM1WCMX40RT: 0 to 39

EWPXM2WCMD0F: 0 to 39

EWPXM1MAC0F: 0 to 39

Hardware series

Model

Product code

Value range

WX1800H series

WX1804H-PWR

WX1810H-PWR

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

0 to 32

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

0 to 33

WX5800H series

WX5860H

EWP-WX5860H-GL

0 to 33

console: Specifies the console line.

vty: Specifies the VTY line.

number2: Specifies the relative number of a user line.

The following compatibility matrixes show the value ranges for the relative user line number:

Hardware series

Model

Product code

Value range

WX1800H series

WX1804H-PWR

EWP-WX1804H-PWR-CN

Console line: 0

VTY lines: 0 to 31

WX2500H series

WX2508H-PWR-LTE

WX2510H-PWR

WX2510H-F-PWR

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

Console line: 0

VTY lines: 0 to 31

MAK series

MAK204

MAK206

EWP-MAK204

EWP-MAK206

Console line: 0

VTY lines: 0 to 31

WX3000H series

WX3010H

WX3010H-X-PWR

WX3010H-L-PWR

WX3024H

WX3024H-L-PWR

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

Console line: 0

VTY lines: 0 to 31

WX3500H series

WX3508H

WX3508H

WX3510H

WX3510H

WX3520H

WX3520H-F

WX3540H

WX3540H

EWP-WX3508H

EWP-WX3508H-F

EWP-WX3510H

EWP-WX3510H-F

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

EWP-WX3540H-F

Console line: 0 and 1

VTY lines: 0 to 31

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

Console line: 0 and 1

VTY lines: 0 to 31

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

Console line: 0 and 1

VTY lines: 0 to 31

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

Console line: 0

VTY lines: 0 to 31

Hardware series

Model

Product code

Value range

WX1800H series

WX1804H-PWR

WX1810H-PWR

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

Console line: 0

VTY lines: 0 to 31

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

Console line: 0 and 1

VTY lines: 0 to 31

WX5800H series

WX5860H

EWP-WX5860H-GL

Console line: 0 and 1

VTY lines: 0 to 31

Usage guidelines

This command does not release the line you are using.

Examples

# Release VTY line 1.

<Sysname> free line vty 1

Are you sure to free line vty1? [Y/N]:y

 [OK]

free user-interface

Use free user-interface to release a user line.

Syntax

free user-interface { number1 | { console | vty } number2 }

Views

User view

Predefined user roles

network-admin

Parameters

number1: Specifies the absolute number of a user line.

The following compatibility matrixes show the value ranges for the absolute user line number:

Hardware series

Model

Product code

Value range

WX1800H series

WX1804H-PWR

EWP-WX1804H-PWR-CN

0 to 32

WX2500H series

WX2508H-PWR-LTE

WX2510H-PWR

WX2510H-F-PWR

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

0 to 32

MAK series

MAK204

MAK206

EWP-MAK204

EWP-MAK206

0 to 32

WX3000H series

WX3010H

WX3010H-X-PWR

WX3010H-L-PWR

WX3024H

WX3024H-L-PWR

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

0 to 32

WX3500H series

WX3508H

WX3508H

WX3510H

WX3510H

WX3520H

WX3520H-F

WX3540H

WX3540H

EWP-WX3508H

EWP-WX3508H-F

EWP-WX3510H

EWP-WX3510H-F

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

EWP-WX3540H-F

0 to 33

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

0 to 33

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

0 to 33

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0: 0 to 35

EWPXM1WCME0: 0 to 35

LSQM1WCMX20: 0 to 39

LSUM1WCMX20RT: 0 to 39

LSQM1WCMX40: 0 to 39

LSUM1WCMX40RT: 0 to 39

EWPXM2WCMD0F: 0 to 39

EWPXM1MAC0F: 0 to 39

Hardware series

Model

Product code

Value range

WX1800H series

WX1804H-PWR

WX1810H-PWR

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

0 to 32

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

0 to 33

WX5800H series

WX5860H

EWP-WX5860H-GL

0 to 33

console: Specifies the console line.

vty: Specifies the VTY line.

number2: Specifies the relative number of a user line.

The following compatibility matrixes show the value ranges for the relative user line number:

Hardware series

Model

Product code

Value range

WX1800H series

WX1804H-PWR

EWP-WX1804H-PWR-CN

Console line: 0

VTY lines: 0 to 31

WX2500H series

WX2508H-PWR-LTE

WX2510H-PWR

WX2510H-F-PWR

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

Console line: 0

VTY lines: 0 to 31

MAK series

MAK204

MAK206

EWP-MAK204

EWP-MAK206

Console line: 0

VTY lines: 0 to 31

WX3000H series

WX3010H

WX3010H-X-PWR

WX3010H-L-PWR

WX3024H

WX3024H-L-PWR

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

Console line: 0

VTY lines: 0 to 31

WX3500H series

WX3508H

WX3508H

WX3510H

WX3510H

WX3520H

WX3520H-F

WX3540H

WX3540H

EWP-WX3508H

EWP-WX3508H-F

EWP-WX3510H

EWP-WX3510H-F

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

EWP-WX3540H-F

Console line: 0 and 1

VTY lines: 0 to 31

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

Console line: 0 and 1

VTY lines: 0 to 31

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

Console line: 0 and 1

VTY lines: 0 to 31

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

Console line: 0

VTY lines: 0 to 31

Hardware series

Model

Product code

Value range

WX1800H series

WX1804H-PWR

WX1810H-PWR

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

Console line: 0

VTY lines: 0 to 31

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

Console line: 0 and 1

VTY lines: 0 to 31

WX5800H series

WX5860H

EWP-WX5860H-GL

Console line: 0 and 1

VTY lines: 0 to 31

Usage guidelines

This command does not release the line you are using.

This command is an older version reserved for backward compatibility purposes. It has the same functionality and output as the free line command. As a best practice, use the free line command.

Examples

# Release VTY line 1.

<Sysname> free user-interface vty 1

Are you sure to free line vty1? [Y/N]:y

 [OK]

free web users

Use free web users to log off online Web users.

Syntax

free web users { all | user-id user-id | user-name user-name }

Views

User view

Predefined user roles

network-admin

Parameters

all: Specifies all Web users.

user-id user-id: Specifies a Web user by the ID, a hexadecimal number of 15 digits. The system assigns each Web user a unique ID at login to identify the user.

user-name: Specifies a Web user by the username, a case-sensitive string of 1 to 255 characters.

Examples

# Log off all online Web users.

<Sysname> free web users all

Related commands

display web users

history-command max-size

Use history-command max-size to set the size of the command history buffer for a user line.

Use undo history-command max-size to restore the default.

Syntax

history-command max-size size-value

undo history-command max-size

Default

The command history buffer for a user line stores up to 10 history commands.

Views

User line view

User line class view

Predefined user roles

network-admin

Parameters

size-value: Specifies the maximum number of history commands the buffer can store, in the range of 0 to 256.

Usage guidelines

Each user line uses a separate command history buffer to store commands successfully executed by its user. The buffer size determines how many history commands the buffer can store.

To display history commands in the buffer for your session, press the up or down arrow key, or execute the display history-command command. For more information about the command history buffer, see Fundamentals Configuration Guide.

Terminating a CLI session clears the commands in the command history buffer.

The setting in user line view takes effect immediately on the current session. The setting in user line class view takes effect on login sessions that are established after the setting is configured.

Examples

# Set the command history buffer size to 20 for VTY line 0.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] history-command max-size 20

http method

Use http method to specify the HTTP methods to be added to the reply to an OPTIONS request.

Use undo http method to remove the HTTP methods to be added to the reply to an OPTIONS request.

Syntax

http method { delete | get | head | options | post | put } *

undo http method { delete | get | head | options | post | put } *

Default

No HTTP methods are specified.

Views

System view

Predefined user roles

network-admin

Parameters

delete: Specifies the DELETE method.

get: Specifies the GET method.

head: Specifies the HEAD method.

options: Specifies the OPTIONS method.

post: Specifies the POST method.

put: Specifies the PUT method.

Usage guidelines

An HTTP client sends an OPTIONS request to the device to obtain the HTTP methods supported by the device. The device identifies whether the requested URL resources have a service that has registered for the OPTIONS method.

·     If yes, the service responds to the OPTIONS request.

·     If not, the device identifies whether the options keyword is specified for this command.

¡     If yes, the device uses the settings for this command to generate and return a reply to the OPTIONS request.

¡     If not, the device returns the 405 Method Not Allowed message.

This command does not affect HTTP requests except for OPTIONS requests.

Examples

# Specify GET, HEAD, POST, and OPTIONS methods as the HTTP methods to be added to the reply to an OPTIONS request.

<Sysname> system-view

[Sysname] http method get head post options

idle-timeout

Use idle-timeout to set the CLI connection idle-timeout timer.

Use undo idle-timeout to restore the default.

Syntax

idle-timeout minutes [ seconds ]

undo idle-timeout

Default

The CLI connection idle-timeout timer is 10 minutes.

Views

User line view

User line class view

Predefined user roles

network-admin

Parameters

minutes: Specifies the number of minutes, in the range of 0 to 35791.

seconds: Specifies the number of seconds, in the range of 0 to 59. The default is 0 seconds.

Usage guidelines

The system automatically terminates a user connection if no information interaction occurs on the connection within the idle-timeout interval.

To disable the idle-timeout feature, execute the idle-timeout 0 command.

This command is available in both user line view and user line class view. A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.

The setting in user line view takes effect immediately on the current session. The setting in user line class view takes effect on login sessions that are established after the setting is configured.

Examples

# Set the CLI connection idle-timeout timer to 1 minute and 30 seconds for VTY line 0.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] idle-timeout 1 30

ip http acl

Use ip http acl to apply an ACL to the HTTP service.

Use undo ip http acl to restore the default.

Syntax

ip http acl [ advanced | mac ] { acl-number | name acl-name }

undo ip http acl

Default

No ACL is applied to the HTTP service.

Views

System view

Predefined user roles

network-admin

Parameters

advanced: Specifies an advanced ACL.

mac: Specifies a Layer 2 ACL.

acl-number: Specifies an ACL number in the range of 2000 to 4999.

·     2000 to 2999 for a basic ACL.

·     3000 to 3999 for an advanced ACL.

·     4000 to 4999 for a Layer 2 ACL.

name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter and to avoid confusion, it cannot be all. The specified ACL takes effect only when the ACL exists.

Usage guidelines

If you do not specify the advanced or mac keyword, specify an IPv4 basic ACL.

In an advanced ACL applied to the HTTP service, only the following match criteria take effect:

·     Source and destination IP addresses.

·     Source and destination ports.

·     Transport layer protocol.

In a Layer 2 ACL applied to the HTTP service, only the source MAC address match criterion takes effect.

When no ACL is applied to the HTTP service or the applied ACL does not exist or does not have rules, all clients can access the device through HTTP. To control HTTP access, specify an ACL that exists and has rules so only clients permitted by the ACL can access the device through HTTP.

If you execute this command multiple times, the most recent configuration takes effect.

For more information about ACL, see Security Configuration Guide.

Examples

# Use ACL 2001 to allow only users from 10.10.0.0/16 to access the device through HTTP.

<Sysname> system-view

[Sysname] acl basic 2001

[Sysname-acl-ipv4-basic-2001] rule permit source 10.10.0.0 0.0.255.255

[Sysname-acl-ipv4-basic-2001] quit

[Sysname] ip http acl 2001

Related commands

acl (Security Command Reference)

ip http enable

Use ip http enable to enable the HTTP service.

Use undo ip http enable to disable the HTTP service.

Syntax

ip http enable

undo ip http enable

Default

The HTTP service is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

To allow users to access the device through HTTP, you must enable the HTTP service.

To improve device security, the system automatically enables the HTTPS service when you enable the HTTP service. When the HTTP service is enabled, you cannot disable the HTTPS service.

Examples

# Enable the HTTP service.

<Sysname> system-view

[Sysname] ip http enable

Related commands

ip https enable

ip http port

Use ip http port to specify the HTTP service port number.

Use undo ip http port to restore the default.

Syntax

ip http port port-number

undo ip http port

Default

The HTTP service port number is 80.

Views

System view

Predefined user roles

network-admin

Parameters

port-number: Specifies a port number in the range of 1 to 65535.

Usage guidelines

When the HTTP service is enabled, changing the HTTP service port number re-enables the HTTP service and closes all HTTP connections. To log in again, users must enter the new URL in the Web browser's address bar.

Examples

# Set the HTTP service port number to 80.

<Sysname> system-view

[Sysname] ip http port 80

ip https acl

Use ip https acl to apply an ACL to the HTTPS service.

Use undo ip https acl to restore the default.

Syntax

ip https acl [ advanced | mac ] {acl-number | name acl-name }

undo ip https acl

Default

No ACL is applied to the HTTPS service.

Views

System view

Predefined user roles

network-admin

Parameters

advanced: Specifies an advanced ACL.

mac: Specifies a Layer 2 ACL.

acl-number: Specifies an ACL number in the range of 2000 to 4999.

·     2000 to 2999 for a basic ACL.

·     3000 to 3999 for an advanced ACL.

·     4000 to 4999 for a Layer 2 ACL.

name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter and to avoid confusion, it cannot be all. The specified ACL takes effect only when the ACL exists.

Usage guidelines

If you do not specify the advanced or mac keyword, specify an IPv4 basic ACL.

In an advanced ACL applied to the HTTPS service, only the following match criteria take effect:

·     Source and destination IP addresses.

·     Source and destination ports.

·     Transport layer protocol.

In a Layer 2 ACL applied to the HTTPS service, only the source MAC address match criterion takes effect.

When no ACL is applied to the HTTPS service or the applied ACL does not exist or does not have rules, all clients can access the device through HTTPS. To control HTTPS access, specify an ACL that exists and has rules so only clients permitted by the ACL can access the device through HTTPS.

Because the device always uses HTTPS to transfer Web login requests, the ACL applied to the HTTPS service controls both HTTPS and HTTP logins. To access the device, HTTP clients must be permitted by the following ACLs:

·     ACL applied to the HTTP service.

·     ACL applied to the HTTPS service.

If you execute this command multiple times, the most recent configuration takes effect.

For more information about ACL, see Security Configuration Guide.

Examples

# Use ACL 2001 to allow only users from 10.10.0.0/16 to access the device through HTTPS or HTTP.

<Sysname> system-view

[Sysname] acl basic 2001

[Sysname-acl-ipv4-basic-2001] rule permit source 10.10.0.0 0.0.255.255

[Sysname-acl-ipv4-basic-2001] quit

[Sysname] ip https acl 2001

Related commands

acl (Security Command Reference)

ip https certificate access-control-policy

Use ip https certificate access-control-policy to apply a certificate-based access control policy to control HTTPS access.

Use undo ip https certificate access-control-policy to restore the default.

Syntax

ip https certificate access-control-policy policy-name

undo ip https certificate access-control-policy

Default

No certificate-based access control policy is applied for HTTPS access control.

Views

System view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a certificate-based access control policy by its name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

For more information about the certificate-based access control policy, see PKI configuration in Security Configuration Guide.

Examples

# Use certificate-based access control policy myacl to control HTTPS access.

<Sysname> system-view

[Sysname] ip https certificate access-control-policy myacl

Related commands

pki certificate access-control-policy (Security Command Reference)

ip https enable

Use ip https enable to enable the HTTPS service.

Use undo ip https enable to disable the HTTPS service.

Syntax

ip https enable

undo ip https enable

Default

The HTTPS service is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

To allow users to access the device through HTTPS, you must enable the HTTPS service.

Enabling the HTTPS service triggers the SSL handshake negotiation process.

·     If the device has a local certificate, the SSL handshake negotiation succeeds and the HTTPS service starts up.

·     If the device does not have a local certificate, the certificate application process starts. Because the certificate application process takes a long time, the SSL handshake negotiation might fail and the HTTPS service might not be started. To solve the problem, execute this command again until the HTTPS service is enabled.

Examples

# Enable the HTTPS service.

<Sysname> system-view

[Sysname] ip https enable

Related commands

ip https certificate access-control-policy

ip https ssl-server-policy

ip https port

Use ip https port to specify the HTTPS service port number.

Use undo ip https port to restore the default.

Syntax

ip https port port-number

undo ip https port

Default

The HTTPS service port number is 443.

Views

System view

Predefined user roles

network-admin

Parameters

port-number: Specifies a port number in the range of 1 to 65535.

Usage guidelines

When the HTTPS service is enabled, changing the HTTPS service port number re-enables the HTTPS service and closes all HTTPS and HTTP connections. To log in again, users must enter the new URL in the Web browser's address bar.

Examples

# Set the HTTPS service port number to 8080.

<Sysname> system-view

[Sysname] ip https port 8080

ip https ssl-server-policy

Use ip https ssl-server-policy to apply an SSL server policy to control HTTPS access.

Use undo ip https ssl-server-policy to restore the default.

Syntax

ip https ssl-server-policy policy-name

undo ip https ssl-server-policy

Default

No SSL server policy is applied. The HTTPS service uses a self-signed certificate.

Views

System view

Predefined user roles

network-admin

Parameters

policy-name: Specifies an SSL server policy name, a string of 1 to 31 characters.

Usage guidelines

If the HTTP service and HTTPS service are enabled, changes to the applied SSL server policy do not take effect. For the changes to take effect, you must disable HTTP and HTTPS, and then apply the policy and enable HTTP and HTTPS again.

To restore the default, you must disable HTTP and HTTPS, execute the undo ip https ssl-server-policy command, and then enable HTTP and HTTPS again.

Examples

# Apply SSL server policy myssl to the HTTPS service.

<Sysname> system-view

[Sysname] ip https ssl-server-policy myssl

Related commands

ssl server-policy (Security Command Reference)

line

Use line to enter one or multiple user line views.

Syntax

line { first-number1 [ last-number1 ] | { console | vty } first-number2 [ last-number2 ] }

Views

System view

Predefined user roles

network-admin

Parameters

first-number1: Specifies the absolute number of the first user line.

The following compatibility matrixes show the value ranges for the absolute number of the first user line:

Hardware series

Model

Product code

Value range

WX1800H series

WX1804H-PWR

EWP-WX1804H-PWR-CN

0 to 32

WX2500H series

WX2508H-PWR-LTE

WX2510H-PWR

WX2510H-F-PWR

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

0 to 32

MAK series

MAK204

MAK206

EWP-MAK204

EWP-MAK206

0 to 32

WX3000H series

WX3010H

WX3010H-X-PWR

WX3010H-L-PWR

WX3024H

WX3024H-L-PWR

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

0 to 32

WX3500H series

WX3508H

WX3508H

WX3510H

WX3510H

WX3520H

WX3520H-F

WX3540H

WX3540H

EWP-WX3508H

EWP-WX3508H-F

EWP-WX3510H

EWP-WX3510H-F

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

EWP-WX3540H-F

0 to 33

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

0 to 33

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

0 to 33

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0: 0 to 35

EWPXM1WCME0: 0 to 35

LSQM1WCMX20: 0 to 39

LSUM1WCMX20RT: 0 to 39

LSQM1WCMX40: 0 to 39

LSUM1WCMX40RT: 0 to 39

EWPXM2WCMD0F: 0 to 39

EWPXM1MAC0F: 0 to 39

Hardware series

Model

Product code

Value range

WX1800H series

WX1804H-PWR

WX1810H-PWR

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

0 to 32

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

0 to 33

WX5800H series

WX5860H

EWP-WX5860H-GL

0 to 33

last-number1: Specifies the absolute number of the last user line. This argument has the same maximum value as first-number1. This number must be greater than first-number1.

console: Specifies the console line.

vty: Specifies the VTY line.

first-number2: Specifies the relative number of the first user line.

The following compatibility matrixes show the value ranges for the relative number of the first user line:

Hardware series

Model

Product code

Value range

WX1800H series

WX1804H-PWR

EWP-WX1804H-PWR-CN

Console line: 0

VTY lines: 0 to 31

WX2500H series

WX2508H-PWR-LTE

WX2510H-PWR

WX2510H-F-PWR

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

Console line: 0

VTY lines: 0 to 31

MAK series

MAK204

MAK206

EWP-MAK204

EWP-MAK206

Console line: 0

VTY lines: 0 to 31

WX3000H series

WX3010H

WX3010H-X-PWR

WX3010H-L-PWR

WX3024H

WX3024H-L-PWR

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

Console line: 0

VTY lines: 0 to 31

WX3500H series

WX3508H

WX3508H

WX3510H

WX3510H

WX3520H

WX3520H-F

WX3540H

WX3540H

EWP-WX3508H

EWP-WX3508H-F

EWP-WX3510H

EWP-WX3510H-F

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

EWP-WX3540H-F

Console line: 0 and 1

VTY lines: 0 to 31

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

Console line: 0 and 1

VTY lines: 0 to 31

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

Console line: 0 and 1

VTY lines: 0 to 31

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

Console line: 0

VTY lines: 0 to 31

Hardware series

Model

Product code

Value range

WX1800H series

WX1804H-PWR

WX1810H-PWR

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

Console line: 0

VTY lines: 0 to 31

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

Console line: 0 and 1

VTY lines: 0 to 31

WX5800H series

WX5860H

EWP-WX5860H-GL

Console line: 0 and 1

VTY lines: 0 to 31

last-number2: Specifies the relative number of the last user line. This number must be greater than first-number2.

Examples

# Enter the view of VTY line 0.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0]

# Enter the views of VTY lines 0 to 31.

<Sysname> system-view

[Sysname] line vty 0 31

[Sysname-line-vty0-31]

Related commands

line class

line class

Use line class to enter user line class view.

Syntax

line class { console | vty }

Views

System view

Predefined user roles

network-admin

Parameters

console: Specifies the console line class view.

vty: Specifies the VTY line class view.

Usage guidelines

To configure the same settings for all user lines of a line class, use this command to enter the user line class view.

In user line class view, you can execute the following commands:

·     activation-key

·     authentication-mode

·     auto-execute command

·     command accounting

·     command authorization

·     escape-key

·     history-command max-size

·     idle-timeout

·     protocol inbound

·     screen-length

·     set authentication password

·     shell

·     terminal type

·     user-role

For commands that are available in both user line view and user line class view, the device uses the following rules to determine the settings to use:

·     A setting in user line view applies only to the user line. A setting in user line class view applies to all user lines of the class.

·     A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.

·     A setting in user line class view does not take effect on current online users. It takes effect only for new login users.

Examples

# Set the CLI connection idle-timeout timer to 15 minutes in VTY line class view.

<Sysname> system-view

[Sysname] line class vty

[Sysname-line-class-vty] idle-timeout 15

# In console line class view, configure the character s as the terminal session activation key.

<Sysname> system-view

[Sysname] line class console

[Sysname-line-class-console] activation-key s

[Sysname-line-class-console] quit

# In the view of console line 0, restore the default terminal session activation key.

[Sysname] line console 0

[Sysname-line-console0] undo activation-key

Alternatively, you can use the following command:

[Sysname-line-console0] activation-key 13

To verify the configuration:

1.     Exit the session on console line 0.

[Sysname-line-console0] return

<Sysname> quit

2.     Log in again through the user line.

The following message appears:

Press ENTER to get started.

3.     Press Enter.

Pressing Enter does not start a session.

4.     Enter s.

A terminal session is started.

<Sysname>

Related commands

line

lock

Use lock to lock the current user line and set the password for unlocking the line.

Syntax

lock

Default

The system does not lock any user lines.

Views

User view

Predefined user roles

network-admin

Usage guidelines

This command locks the current user line to prevent unauthorized users from using the line. You must set the password for unlocking the line as prompted. The user line is locked after you enter the password and confirm the password.

To unlock the user line, press Enter and enter the password you set.

Examples

# Lock the current user line and set the password for unlocking the line.

<Sysname> lock

Please input password<1 to 16> to lock current line:

Password:

Again:

 

                   locked !

// The user line is locked. To unlock it, press Enter and enter the password:

Password:

<Sysname>

lock reauthentication

Use lock reauthentication to lock the current user line and enable unlocking authentication.

Syntax

lock reauthentication

Default

The system does not lock any user lines or initiate reauthentication.

Views

Any view

Predefined user roles

network-admin

Usage guidelines

This command locks the current user line. To unlock the user line, you must press Enter and provide the login password to pass reauthentication. If you have changed the login password after login, you must provide the new password. If no login password is set, the system unlocks the user line after you press Enter.

Examples

# Lock the current user line and enable unlocking authentication.

<Sysname> lock reauthentication

 

Please press Enter to unlock the screen.

// The user line is locked. To unlock it, press Enter and enter the login password:

Password:

 

<Sysname>

Related commands

lock-key

lock-key

Use lock-key to set the user line locking key. Pressing this shortcut key locks the current user line and enables unlocking authentication.

Use undo lock-key to restore the default.

Syntax

lock-key key-string

undo lock-key

Default

No user line locking key is set.

Views

User line view

User line class view

Predefined user roles

network-admin

Parameters

key-string: Specifies a shortcut key. It can be a character (case sensitive), or an ASCII code value in the range of 0 to 127. For example, if you configure lock-key 1, the shortcut key is Ctrl+A. If you configure lock-key a, the shortcut key is a. For information about ASCII code values of individual characters, see the standard ASCII code chart. For information about ASCII code values of combined keys that use the Ctrl key, see Table 1.

Usage guidelines

As a best practice, specify a combined key as the user line locking key. If you specify a single character as the key, the character acts only as the user line locking key. You cannot type the character for any commands, keywords, or arguments.

Pressing the user line locking key is equivalent to executing the lock reauthentication command.

This command takes effect immediately.

To display the current user line locking key, use the display current-configuration | include lock-key command.

Examples

# Set the user line locking key to Ctrl+A for VTY line 0.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] lock-key 1

[Sysname-line-vty0] quit

To verify the configuration:

1.     Press Ctrl+A.

[Sysname]

 

Please press Enter to unlock the screen.

2.     Press Enter and enter the login password.

Password:

 

[Sysname]

Related commands

lock reauthentication

parity

Use parity to specify the parity.

Use undo parity to restore the default.

Syntax

parity { even | mark | none | odd | space }

undo parity

Default

The setting is none. No parity is used.

Views

User line view

Predefined user roles

network-admin

Parameters

even: Uses even parity.

mark: Uses mark parity.

none: Uses no parity.

odd: Uses odd parity.

space: Uses space parity.

Usage guidelines

This command is not supported in VTY line view.

The configuration terminal and the device must use the same parity.

Examples

# Configure console line 0 to use odd parity.

<Sysname> system-view

[Sysname] line console 0

[Sysname-line-console0] parity odd

protocol inbound

Use protocol inbound to specify the supported protocols.

Use undo protocol inbound to restore the default.

Syntax

protocol inbound { all| ssh | telnet }

undo protocol inbound

Default

All of the protocols are supported.

Views

VTY line view

VTY line class view

Predefined user roles

network-admin

Parameters

all: Supports both Telnet and SSH.

ssh: Supports SSH only.

telnet: Supports Telnet only.

Usage guidelines

Only users assigned the network-admin, or level-15 user role can execute this command. Other users cannot execute this command, even if they are granted the right to execute this command.

A configuration change in user line view does not take effect on the current session. It takes effect on subsequent login sessions.

Before configuring a user line to support SSH, set the authentication mode to scheme for the user line.

In VTY line view, this command is associated with the authentication-mode command. If you specify a non-default value for one of the two commands, the other command uses the default setting, regardless of the setting in VTY line class view.

·     If the settings of the two commands in VTY line view are both the default settings, the settings for the commands in VTY line class view take effect.

·     If the settings of the two commands in VTY line view are both non-default settings, the non-default settings in VTY line view take effect.

·     If only one command has a non-default setting in VTY line view, the other command uses the default setting, regardless of the setting in VTY line class view.

Examples

# Enable user lines VTY 0 through VTY 4 to support only SSH.

<Sysname> system-view

[Sysname] line vty 0 4

[Sysname-line-vty0-4] authentication-mode scheme

[Sysname-line-vty0-4] protocol inbound ssh

# Enable SSH support and set the authentication mode to scheme in VTY line class view. Enable user lines VTY 0 through VTY 4 to support all protocols and disable authentication for the user lines.

<Sysname> system-view

[Sysname] line class vty

[Sysname-line-class-vty] authentication-mode scheme

[Sysname-line-class-vty] protocol inbound ssh

[Sysname-line-class-vty] line vty 0 4

[Sysname-line-vty0-4] authentication-mode none

To verify the configuration:

1.     Telnet to the device.

<Client> telnet 192.168.1.241

Trying 192.168.1.241 ...

Press CTRL+K to abort

Connected to 192.168.1.241 ...

 

******************************************************************************

* Copyright (c) 2004-2020 New H3C Technologies Co., Ltd. All rights reserved.*

* Without the owner's prior written consent,                                 *

* no decompiling or reverse-engineering shall be allowed.                    *

******************************************************************************

 

<Server>

You are logged in without authentication.

2.     Display online CLI user information.

<Server> display users

  Idx  Line     Idle       Time              Pid     Type

+ 50   VTY 0    00:00:00   Jan 17 15:29:27   189     TEL

 

Following are more details.

VTY 0   :

        Location: 192.168.1.186

 +    : Current operation user.

 F    : Current operation user works in async mode.

The output shows that you are using VTY 0. The configuration in user line view is effective.

Related commands

authentication-mode

restful http enable

Use restful http enable to enable RESTful access over HTTP.

Use undo restful http enable to disable RESTful access over HTTP.

Syntax

restful http enable

undo restful http enable

Default

RESTful access over HTTP is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

For users to access the device through the HTTP-based RESTful API, you must enable RESTful access over HTTP.

Examples

# Enable RESTful access over HTTP.

<Sysname> system-view

[Sysname] restful http enable

restful https enable

Use restful https enable to enable RESTful access over HTTPS.

Use undo restful https enable to disable RESTful access over HTTPS.

Syntax

restful https enable

undo restful https enable

Default

RESTful access over HTTPS is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

For users to access the device through the HTTPS-based RESTful API, you must enable RESTful access over HTTPS.

Examples

# Enable RESTful access over HTTPS.

<Sysname> system-view

[Sysname] restful https enable

screen-length

Use screen-length to set the maximum number of lines of command output to send to the terminal at a time when the screen pausing feature is enabled.

Use undo screen-length to restore the default.

Syntax

screen-length screen-length

undo screen-length

Default

A maximum of 24 lines are sent.

Views

User line view

User line class view

Predefined user roles

network-admin

Parameters

screen-length: Specifies the maximum number of lines to send, in the range of 0 to 512. To send command output without pausing, set the number to 0 or execute the screen-length disable command.

Usage guidelines

The number of lines that can be displayed on the terminal screen is restricted by both this setting and the display specification of the terminal. For example, if this setting is 40, the device sends 40 lines to the terminal at a time. If the terminal display specification is 24 lines, only the last 24 lines are displayed on the terminal screen. To view the previous 16 lines, you must press PgUp.

To continue to display command output after a pause, press the space bar.

By default, pausing between screens of output is enabled.

This command is available in both user line view and user line class view. A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.

The setting in user line view takes effect immediately on the current session. The setting in user line class view takes effect on login sessions that are established after the setting is configured.

Examples

# Set the maximum number of lines to send at a time to 30 for VTY line 0.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] screen-length 30

Related commands

screen-length disable

send

Use send to send messages to online login users.

Syntax

send { all | number1 | { console | vty } number2 }

Views

User view

Predefined user roles

network-admin

Parameters

all: Specifies all user lines.

number1: Specifies the absolute number of a user line.

The following compatibility matrixes show the value ranges for the absolute user line number:

Hardware series

Model

Product code

Value range

WX1800H series

WX1804H-PWR

EWP-WX1804H-PWR-CN

0 to 32

WX2500H series

WX2508H-PWR-LTE

WX2510H-PWR

WX2510H-F-PWR

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

0 to 32

MAK series

MAK204

MAK206

EWP-MAK204

EWP-MAK206

0 to 32

WX3000H series

WX3010H

WX3010H-X-PWR

WX3010H-L-PWR

WX3024H

WX3024H-L-PWR

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

0 to 32

WX3500H series

WX3508H

WX3508H

WX3510H

WX3510H

WX3520H

WX3520H-F

WX3540H

WX3540H

EWP-WX3508H

EWP-WX3508H-F

EWP-WX3510H

EWP-WX3510H-F

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

EWP-WX3540H-F

0 to 33

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

0 to 33

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

0 to 33

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0: 0 to 35

EWPXM1WCME0: 0 to 35

LSQM1WCMX20: 0 to 39

LSUM1WCMX20RT: 0 to 39

LSQM1WCMX40: 0 to 39

LSUM1WCMX40RT: 0 to 39

EWPXM2WCMD0F: 0 to 39

EWPXM1MAC0F: 0 to 39

Hardware series

Model

Product code

Value range

WX1800H series

WX1804H-PWR

WX1810H-PWR

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

0 to 32

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

0 to 33

WX5800H series

WX5860H

EWP-WX5860H-GL

0 to 33

console: Specifies the console line.

vty: Specifies the VTY line.

number2: Specifies the relative number of a user line.

The following compatibility matrixes show the value ranges for the relative user line number:

Hardware series

Model

Product code

Value range

WX1800H series

WX1804H-PWR

EWP-WX1804H-PWR-CN

Console line: 0

VTY lines: 0 to 31

WX2500H series

WX2508H-PWR-LTE

WX2510H-PWR

WX2510H-F-PWR

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

Console line: 0

VTY lines: 0 to 31

MAK series

MAK204

MAK206

EWP-MAK204

EWP-MAK206

Console line: 0

VTY lines: 0 to 31

WX3000H series

WX3010H

WX3010H-X-PWR

WX3010H-L-PWR

WX3024H

WX3024H-L-PWR

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

Console line: 0

VTY lines: 0 to 31

WX3500H series

WX3508H

WX3508H

WX3510H

WX3510H

WX3520H

WX3520H-F

WX3540H

WX3540H

EWP-WX3508H

EWP-WX3508H-F

EWP-WX3510H

EWP-WX3510H-F

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

EWP-WX3540H-F

Console line: 0 and 1

VTY lines: 0 to 31

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

Console line: 0 and 1

VTY lines: 0 to 31

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

Console line: 0 and 1

VTY lines: 0 to 31

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

Console line: 0

VTY lines: 0 to 31

Hardware series

Model

Product code

Value range

WX1800H series

WX1804H-PWR

WX1810H-PWR

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

Console line: 0

VTY lines: 0 to 31

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

Console line: 0 and 1

VTY lines: 0 to 31

WX5800H series

WX5860H

EWP-WX5860H-GL

Console line: 0 and 1

VTY lines: 0 to 31

Usage guidelines

You can use this command to send notifications to online users before performing an operation that might affect other online users, for example, before rebooting the device.

To end a message, press Enter. To abort the send operation, press Ctrl+C.

Examples

# Send a notification to the user on VTY 1.

<Sysname> send vty 1

Input message, end with Enter; abort with CTRL+C:

Your attention, please. I will reboot the system in 3 minutes.

Send message? [Y/N]:y

The message should appear on the user's terminal screen as follows:

[Sysname]

 

***

***

***Message from vty0 to vty1

***

Your attention, please. I will reboot the system in 3 minutes.

set authentication password

Use set authentication password to set the password for local password authentication.

Use undo set authentication password to restore the default.

Syntax

set authentication password { hash | simple } string

undo set authentication password

Default

No password is set for local password authentication.

Views

User line view

User line class view

Predefined user roles

network-admin

Parameters

hash: Specifies a password in hashed form.

simple: Sets a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in hashed form.

string: Specifies the password. Its plaintext form is a case-sensitive string of 4 to 16 characters and must contain a minimum of two character types. Its hashed form is a case-sensitive string of 1 to 110 characters.

Usage guidelines

Only users assigned the network-admin, or level-15 user role can execute this command. Other users cannot execute this command, even if they are granted the right to execute this command.

This command is available in both user line view and user line class view. A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.

A password change does not take effect on the current session. It takes effect on subsequent login sessions.

When a user logs in to the device, the device performs login password complexity check for the user.

·     If a user logs in to the device with the default password, the system forcibly requests the user to change its password to a password that meets the system requirements.

·     If a user logs in to the device with a less complicated password (not the default password), the system prompts the user to change its password. As a best practice to ensure device security, change the password to a password that meets the system requirements.

Examples

# Set the password to hello12345 for local password authentication on VTY line 0.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] authentication-mode password

[Sysname-line-vty0] set authentication password simple hello12345

Related commands

authentication-mode

shell

Use shell to enable the terminal service for user lines.

Use undo shell to disable the terminal service for user lines.

Syntax

shell

undo shell

Default

The terminal service is enabled on all user lines.

Views

User line view

User line class view

Predefined user roles

network-admin

Usage guidelines

The undo shell command is not supported in console line view or console line class view.

You cannot disable the terminal service on the user line you are using.

When the device acts as a Telnet or SSH server, you cannot configure the undo shell command.

If the undo shell command is configured in user line class view, you cannot configure the shell command in the view of a user line in the class.

Examples

# Disable the terminal service for VTY lines VTY 0 through 4 so no user can log in to the device through the user lines.

<Sysname> system-view

[Sysname] line vty 0 4

[Sysname-line-vty0-4] undo shell

Disable ui-vty0-4 , are you sure? [Y/N]:y

[Sysname-line-vty0-4]

speed

Use speed to set the transmission rate (also called the baud rate) on a user line.

Use undo speed to restore the default.

Syntax

speed speed-value

undo speed

Default

The transmission rate is 9600 bps on a user line.

Views

User line view

Predefined user roles

network-admin

Parameters

speed-value: Specifies the transmission rate in bps. Supported transmission rates depend on the network environment. The transmission rates for asynchronous serial interfaces might include:

·     300 bps.

·     600 bps.

·     1200 bps.

·     2400 bps.

·     4800 bps.

·     9600 bps.

·     19200 bps.

·     38400 bps.

·     57600 bps.

·     115200 bps.

Usage guidelines

This command is not supported in VTY line view.

The configuration terminal and the device must be configured with the same transmission rate to communicate.

Examples

# Set the transmission rate to 19200 bps for console line 0.

<Sysname> system-view

[Sysname] line console 0

[Sysname-line-console0] speed 19200

stopbits

Use stopbits to specify the number of stop bits for a character.

Use undo stopbits to restore the default.

Syntax

stopbits { 1 | 1.5 | 2 }

undo stopbits

Default

One stop bit is used.

Views

User line view

Predefined user roles

network-admin

Parameters

1: Uses one stop bit.

1.5: Uses one and a half stop bits. The device does not support using one and a half stop bits. If you specify this keyword, two stop bits are used.

2: Uses two stop bits.

Usage guidelines

This command is not supported in VTY line view.

The configuration terminal and the device must use the same number of stop bits to communicate.

Examples

# Set the number of stop bits to 1 for console line 0.

<Sysname> system-view

[Sysname] line console 0

[Sysname-line-console0] stopbits 1

telnet

Use telnet to Telnet to a host in an IPv4 network.

Syntax

telnet remote-host [ service-port ] [ source { interface interface-type interface-number | ip ip-address } ] [ dscp dscp-value ] [ escape character ]

Views

User view

Predefined user roles

network-admin

Parameters

remote-host: Specifies the IPv4 address or host name of a remote host. A host name can be a case-insensitive string of 1 to 253 characters. Valid characters include letters, digits, hyphens (-), underscores (_), and dots (.).

service-port: Specifies the TCP port number for the Telnet service on the remote host. The value range is 0 to 65535 and the default is 23.

source: Specifies a source IPv4 address or source interface for outgoing Telnet packets. If you do not specify this option, the device uses the primary IPv4 address of the output interface for the route to the server as the source address.

interface interface-type interface-number: Specifies the source interface. The primary IPv4 address of the interface will be used as the source IPv4 address for outgoing Telnet packets.

ip ip-address: Specifies the source IPv4 address for outgoing Telnet packets.

dscp dscp-value: Specifies a DSCP value for outgoing Telnet packets. The value range is 0 to 63. The default is 48.

escape character: Specifies an escape character. You can use the escape character together with a dot (.) as the escape key to terminate the current Telnet connection and return to the upper level connection. The value for the character argument is case sensitive and must be different from the login username. As a best practice, specify a tilde (~) for the character argument.

Usage guidelines

Methods for terminating Telnet connections include:

·     Pressing Ctrl+K—Terminates all Telnet connections. You can use this method in any scenarios unless you configure an escape character. After you configure an escape character, pressing Ctrl+K does not terminate Telnet connections.

·     Executing the quit command—Terminates the current Telnet connection and returns to the upper level connection. This method is not available when the Telnet server reboots or fails.

·     Using the escape key—Terminates the current Telnet connection and returns to the upper level connection. You can use this method in any scenarios.

To use the escape key to terminate the current Telnet connection, enter the escape character and a dot in a new line. If you enter any other characters or perform any other operations (for example, pressing the backspace key) before entering the escape character, the escape character does not take effect.

The source address or interface specified by this command is applied only to the Telnet connection that is being established.

Examples

# Telnet to host 1.1.1.2, using 1.1.1.1 as the source IP address for outgoing Telnet packets.

<Sysname> telnet 1.1.1.2 source ip 1.1.1.1

Related commands

telnet client source

telnet client source

Use telnet client source to specify a source IPv4 address or source interface for the Telnet client to use for outgoing Telnet packets.

Use undo telnet client source to restore the default.

Syntax

telnet client source { interface interface-type interface-number | ip ip-address }

undo telnet client source

Default

No source IPv4 address or source interface is specified. The Telnet client uses the primary IPv4 address of the output interface for the route to the server as the source IPv4 address.

Views

System view

Predefined user roles

network-admin

Parameters

interface interface-type interface-number: Specifies a source interface. The primary IPv4 address of the interface will be used as the source IPv4 address for outgoing Telnet packets.

ip ip-address: Specifies a source IPv4 address.

Usage guidelines

The setting configured by this command applies to all Telnet connections but has a lower precedence than the source setting specified for the telnet command.

Examples

# Set the source IPv4 address to 1.1.1.1 for outgoing Telnet packets.

<Sysname> system-view

[Sysname] telnet client source ip 1.1.1.1

Related commands

display telnet client

telnet ipv6

Use telnet ipv6 to Telnet to a host in an IPv6 network.

Syntax

telnet ipv6 remote-host [ -i interface-type interface-number ] [ port-number ] [ source { interface interface-type interface-number | ipv6 ipv6-address } ] [ dscp dscp-value ] [ escape character ]

Views

User view

Predefined user roles

network-admin

Parameters

remote-host: Specifies the IPv6 address or host name of a remote host. A host name can be a case-insensitive string of 1 to 253 characters. Valid characters include letters, digits, hyphens (-), underscores (_), and dots (.).

-i interface-type interface-number: Specifies the interface for sending Telnet packets. This option is required when the remote host address is a link-local address. When the server address is a global unicast address, you cannot specify this option.

port-number: Specifies the TCP port number for the Telnet service on the remote host. The value range is 0 to 65535 and the default is 23.

source: Specifies a source IPv6 address or source interface for outgoing Telnet packets. If you do not specify this option, the device uses the primary IPv6 address of the output interface for the route to the server as the source address.

interface interface-type interface-number: Specifies the source interface. The primary IPv6 address of the interface will be used as the source IPv6 address for outgoing Telnet packets.

ipv6 ipv6-address: Specifies the source IPv6 address for outgoing Telnet packets.

dscp dscp-value: Specifies a DSCP value for outgoing Telnet packets. The value range is 0 to 63. The default is 48.

escape character: Specifies an escape character. You can use the escape character together with a dot (.) as the escape key to terminate the current Telnet connection and return to the upper level connection. The value for the character argument is case sensitive and must be different from the login username. As a best practice, specify a tilde (~) for the character argument.

Usage guidelines

Methods for terminating Telnet connections include:

·     Pressing Ctrl+K—Terminates all Telnet connections. You can use this method in any scenarios unless you configure an escape character. After you configure an escape character, pressing Ctrl+K does not terminate Telnet connections.

·     Executing the quit command—Terminates the current Telnet connection and returns to the upper level connection. This method is not available when the Telnet server reboots or fails.

·     Using the escape key—Terminates the current Telnet connection and returns to the upper level connection. You can use this method in any scenarios.

To use the escape key to terminate the current Telnet connection, enter the escape character and a dot in a new line. If you enter any other characters or perform any other operations (for example, pressing the backspace key) before entering the escape character, the escape character does not take effect.

Examples

# Telnet to the host at 5000::1.

<Sysname> telnet ipv6 5000::1

# Telnet to the host at 2000::1. Use 1000::1 as the source address for outgoing Telnet packets.

<Sysname> telnet ipv6 2000::1 source ipv6 1000::1

telnet server acl

Use telnet server acl to apply an ACL to filter Telnet logins.

Use undo telnet server acl to restore the default.

Syntax

telnet server acl [ mac ] acl-number

undo telnet server acl

Default

No ACL is used to filter Telnet logins.

Views

System view

Predefined user roles

network-admin

Parameters

mac: Specifies a Layer 2 ACL. To specify an ACL of a different type, do not specify this keyword.

acl-number: Specifies an ACL by its number. If you specify the mac keyword, the value range of this argument is 4000 to 4999. If you do not specify the mac keyword, the value range of this argument is 2000 to 3999.

Usage guidelines

When no ACL is applied to the Telnet service, all users can Telnet to the device. To control Telnet logins, specify an ACL that exists and has rules so only users permitted by the ACL can Telnet to the device. If you specify an ACL that does not exist or does not have rules, no users can Telnet to the device.

For more information about ACL, see Security Configuration Guide.

If you execute this command multiple times, the most recent configuration takes effect.

This command does not take effect on existing Telnet connections.

Examples

# Permit only the user at 1.1.1.1 to Telnet to the device.

<Sysname> system-view

[Sysname] acl basic 2001

[Sysname-acl-ipv4-basic-2001] rule permit source 1.1.1.1 0

[Sysname-acl-ipv4-basic-2001] quit

[Sysname] telnet server acl 2001

telnet server acl-deny-log enable

Use telnet server acl-deny-log enable to enable logging for Telnet login attempts that are denied by the Telnet login control ACL.

Use undo telnet server acl-deny-log enable to disable logging for Telnet login attempts that are denied by the Telnet login control ACL.

Syntax

telnet server acl-deny-log enable

undo telnet server acl-deny-log enable

Default

Logging is disabled for Telnet login attempts that are denied by the Telnet login control ACL.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Only clients permitted by the Telnet login control ACL can Telnet to the device. This logging feature generates log messages for Telnet login attempts that are denied by the Telnet login control ACL.

For information about log message output, see the information center in Network Management and Monitoring Configuration Guide. For information about configuring a Telnet login control ACL, see the telnet server acl or telnet server ipv6 acl command.

Examples

# Enable logging for Telnet login attempts that are denied by the Telnet login control ACL.

<Sysname> system-view

[Sysname] telnet server acl-deny-log enable

Related commands

telnet server acl

telnet server ipv6 acl

telnet server dscp

Use telnet server dscp to specify the DSCP value for IPv4 to use for Telnet packets sent to a Telnet client.

Use undo telnet server dscp to restore the default.

Syntax

telnet server dscp dscp-value

undo telnet server dscp

Default

IPv4 uses the DSCP value 48 for Telnet packets sent to a Telnet client.

Views

System view

Predefined user roles

network-admin

Parameters

dscp-value: Specifies a DSCP value in the range of 0 to 63.

Usage guidelines

The DSCP value is carried in the ToS field of an IPv4 packet to indicate the packet transmission priority.

Examples

# Set the DSCP value for IPv4 to use for outgoing Telnet packets to 30 on a Telnet server.

<Sysname> system-view

[Sysname] telnet server dscp 30

telnet server enable

Use telnet server enable to enable the Telnet server.

Use undo telnet server enable to disable the Telnet server.

Syntax

telnet server enable

undo telnet server enable

Default

The Telnet server is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Users can Telnet to the device only when the Telnet server is enabled.

Examples

# Enable the Telnet server.

<Sysname> system-view

[Sysname] telnet server enable

telnet server ipv6 acl

Use telnet server ipv6 acl to apply an IPv6 ACL to filter IPv6 Telnet logins.

Use undo telnet server ipv6 acl to restore the default.

Syntax

telnet server ipv6 acl { ipv6 | mac } acl-number

undo telnet server ipv6 acl

Default

No IPv6 ACL is used to filter IPv6 Telnet logins.

Views

System view

Predefined user roles

network-admin

Parameters

ipv6: Specifies an IPv6 ACL.

mac: Specifies a Layer 2 ACL. To specify an ACL of a different type, do not specify this keyword.

acl-number: Specifies an ACL by its number. If you specify the ipv6 keyword, the value range of this argument is 2000 to 3999. If you specify the mac keyword, the value range of this argument is 4000 to 4999.

Usage guidelines

When no ACL is applied to the Telnet service, all users can Telnet to the device. To control Telnet logins, specify an ACL that exists and has rules so only users permitted by the ACL can Telnet to the device. If you specify an ACL that does not exist or does not have rules, no users can Telnet to the device.

For more information about ACL, see Security Configuration Guide.

If you execute this command multiple times, the most recent configuration takes effect.

This command does not take effect on existing Telnet connections.

Examples

# Permit only the user at 2000::1 to Telnet to the device.

<Sysname> system-view

[Sysname] acl ipv6 basic 2001

[Sysname-acl6-ipv6-basic-2001] rule permit source 2000::1 128

[Sysname-acl6-ipv6-basic-2001] quit

[Sysname] telnet server ipv6 acl ipv6 2001

telnet server ipv6 dscp

Use telnet server ipv6 dscp to specify the DSCP value for IPv6 to use for Telnet packets sent to a Telnet client.

Use undo telnet server ipv6 dscp to restore the default.

Syntax

telnet server ipv6 dscp dscp-value

undo telnet server ipv6 dscp

Default

IPv6 uses the DSCP value 48 for Telnet packets sent to a Telnet client.

Views

System view

Predefined user roles

network-admin

Parameters

dscp-value: Specifies a DSCP value in the range of 0 to 63.

Usage guidelines

The DSCP value is carried in the Traffic class field of an IPv6 packet to indicate the packet transmission priority.

Examples

# Set the DSCP value for IPv6 to use for outgoing Telnet packets to 30 on a Telnet server.

<Sysname> system-view

[Sysname] telnet server ipv6 dscp 30

telnet server ipv6 port

Use telnet server ipv6 port to specify the IPv6 Telnet service port number.

Use undo telnet server ipv6 port to restore the default.

Syntax

telnet server ipv6 port port-number

undo telnet server ipv6 port

Default

The IPv6 Telnet service port number is 23.

Views

System view

Predefined user roles

network-admin

Parameters

port-number: Specifies a port number. The value can be 23 or in the range of 1025 to 65535.

Usage guidelines

This command terminates all existing Telnet connections to the IPv6 Telnet server. To use the Telnet service, users must reestablish Telnet connections.

Examples

# Set the IPv6 Telnet service port number to 1026.

<Sysname> system-view

[Sysname] telnet server ipv6 port 1026

telnet server port

Use telnet server port to specify the IPv4 Telnet service port number.

Use undo telnet server port to restore the default.

Syntax

telnet server port port-number

undo telnet server port

Default

The IPv4 Telnet service port number is 23.

Views

System view

Predefined user roles

network-admin

Parameters

port-number: Specifies a port number. The value can be 23 or in the range of 1025 to 65535.

Usage guidelines

This command terminates all existing Telnet connections to the IPv4 Telnet server. To use the Telnet service, users must reestablish Telnet connections.

Examples

# Set the IPv4 Telnet service port number to 1025.

<Sysname> system-view

[Sysname] telnet server port 1025

terminal type

Use terminal type to specify the terminal display type.

Use undo terminal type to restore the default.

Syntax

terminal type { ansi | vt100 }

undo terminal type

Default

The terminal display type is ANSI.

Views

User line view

User line class view

Predefined user roles

network-admin

Parameters

ansi: Specifies the ANSI type.

vt100: Specifies the VT100 type.

Usage guidelines

The device supports two terminal display types: ANSI and VT100. As a best practice, specify the VT100 type on both the device and the configuration terminal. If either side uses the ANSI type, a display problem might occur when a command line has more than 80 characters. For example, a cursor positioning error might occur.

This command is available in both user line view and user line class view. A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.

A terminal display type change does not take effect on the current session. It takes effect on subsequent login sessions.

Examples

# Set the terminal display type to VT100.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] terminal type vt100

user-interface

Use user-interface to enter one or multiple user line views.

Syntax

user-interface { first-number1 [ last-number1 ] | { console | vty } first-number2 [ last-number2 ] }

Views

System view

Predefined user roles

network-admin

Parameters

first-number1: Specifies the absolute number of the first user line.

The following compatibility matrixes show the value ranges for the absolute number of the first user line:

Hardware series

Model

Product code

Value range

WX1800H series

WX1804H-PWR

EWP-WX1804H-PWR-CN

0 to 32

WX2500H series

WX2508H-PWR-LTE

WX2510H-PWR

WX2510H-F-PWR

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

0 to 32

MAK series

MAK204

MAK206

EWP-MAK204

EWP-MAK206

0 to 32

WX3000H series

WX3010H

WX3010H-X-PWR

WX3010H-L-PWR

WX3024H

WX3024H-L-PWR

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

0 to 32

WX3500H series

WX3508H

WX3508H

WX3510H

WX3510H

WX3520H

WX3520H-F

WX3540H

WX3540H

EWP-WX3508H

EWP-WX3508H-F

EWP-WX3510H

EWP-WX3510H-F

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

EWP-WX3540H-F

0 to 33

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

0 to 33

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

0 to 33

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0: 0 to 35

EWPXM1WCME0: 0 to 35

LSQM1WCMX20: 0 to 39

LSUM1WCMX20RT: 0 to 39

LSQM1WCMX40: 0 to 39

LSUM1WCMX40RT: 0 to 39

EWPXM2WCMD0F: 0 to 39

EWPXM1MAC0F: 0 to 39

Hardware series

Model

Product code

Value range

WX1800H series

WX1804H-PWR

WX1810H-PWR

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

0 to 32

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

0 to 33

WX5800H series

WX5860H

EWP-WX5860H-GL

0 to 33

last-number1: Specifies the absolute number of the last user line. This argument has the same maximum value as first-number1. This number must be greater than first-number1.

console: Specifies the console line.

vty: Specifies the VTY line.

first-number2: Specifies the relative number of the first user line.

The following compatibility matrixes show the value ranges for the relative number of the first user line:

Hardware series

Model

Product code

Value range

WX1800H series

WX1804H-PWR

EWP-WX1804H-PWR-CN

Console line: 0

VTY lines: 0 to 31

WX2500H series

WX2508H-PWR-LTE

WX2510H-PWR

WX2510H-F-PWR

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

Console line: 0

VTY lines: 0 to 31

MAK series

MAK204

MAK206

EWP-MAK204

EWP-MAK206

Console line: 0

VTY lines: 0 to 31

WX3000H series

WX3010H

WX3010H-X-PWR

WX3010H-L-PWR

WX3024H

WX3024H-L-PWR

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

Console line: 0

VTY lines: 0 to 31

WX3500H series

WX3508H

WX3508H

WX3510H

WX3510H

WX3520H

WX3520H-F

WX3540H

WX3540H

EWP-WX3508H

EWP-WX3508H-F

EWP-WX3510H

EWP-WX3510H-F

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

EWP-WX3540H-F

Console line: 0 and 1

VTY lines: 0 to 31

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

Console line: 0 and 1

VTY lines: 0 to 31

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

Console line: 0 and 1

VTY lines: 0 to 31

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

Console line: 0

VTY lines: 0 to 31

Hardware series

Model

Product code

Value range

WX1800H series

WX1804H-PWR

WX1810H-PWR

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

Console line: 0

VTY lines: 0 to 31

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

Console line: 0 and 1

VTY lines: 0 to 31

WX5800H series

WX5860H

EWP-WX5860H-GL

Console line: 0 and 1

VTY lines: 0 to 31

last-number2: Specifies the relative number of the last user line. This number must be greater than first-number2.

Usage guidelines

This command is an older version reserved for backward compatibility purposes. It has the same functionality and output as the line command. As a best practice, use the line command.

To configure settings for a single user line, use this command to enter the user line view.

To configure the same settings for multiple user lines, use this command to enter multiple user line views.

Examples

# Enter the view of console line 0.

<Sysname> system-view

[Sysname] user-interface console 0

[Sysname-line-console0]

# Enter the views of VTY lines 0 to 4.

<Sysname> system-view

[Sysname] user-interface vty 0 4

[Sysname-line-vty0-4]

Related commands

user-interface class

user-interface class

Use user-interface class to enter user line class view.

Syntax

user-interface class { console | vty }

Views

System view

Predefined user roles

network-admin

Parameters

console: Specifies the console line class view.

vty: Specifies the VTY line class view.

Usage guidelines

This command is an older version reserved for backward compatibility purposes. It has the same functionality and output as the line class command. As a best practice, use the line class command.

To configure the same settings for all user lines of a line class, you can use this command to enter the user line class view.

The following commands are available in user line class view:

·     activation-key

·     authentication-mode

·     auto-execute command

·     command accounting

·     command authorization

·     escape-key

·     history-command max-size

·     idle-timeout

·     protocol inbound

·     screen-length

·     set authentication password

·     shell

·     terminal type

·     user-role

For commands that are available in both user line view and user line class view, the device uses the following rules to determine the settings to use:

·     A setting in user line view applies only to the user line. A setting in user line class view applies to all user lines of the class.

·     A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.

·     A setting in user line class view does not take effect on current online users. It takes effect only for new login users.

Examples

# Set the CLI connection idle-timeout timer to 15 minutes in VTY line class view.

<Sysname> system-view

[Sysname] user-interface class vty

[Sysname-line-class-vty] idle-timeout 15

# In console line class view, configure character s as the terminal session activation key.

<Sysname> system-view

[Sysname] user-interface class console

[Sysname-line-class-console] activation-key s

[Sysname-line-class-console] quit

# In the view of console line 0, restore the default terminal session activation key.

[Sysname] user-interface console 0

[Sysname-line-console0] undo activation-key

Alternatively, you can use the following command:

[Sysname-line-console0] activation-key 13

To verify the configuration:

1.     Exit the session on console line 0.

[Sysname-line-console0] return

<Sysname> quit

2.     Log in again through the console line.

The following message appears:

Press ENTER to get started.

3.     Press Enter.

Pressing Enter does not start a session.

4.     Enter s.

A terminal session is started.

<Sysname>

Related commands

user-interface

user-role

Use user-role to assign a user role to a user line. The device assigns the user role to a user of the line when the user logs in.

Use undo user-role to remove a user role or restore the default.

Syntax

user-role role-name

undo user-role [ role-name ]

Default

A console user is assigned the network-admin user role. Other users are assigned the network-operator user role.

Views

User line view

User line class view

Predefined user roles

network-admin

Parameters

role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters. The user role can be user-defined or predefined. Available predefined user roles include network-admin, network-operator, and level-0 to level-15. The predefined security-audit and guest-manager user roles are not supported in user line view or user line class view. If you do not specify this argument, the undo user-role command restores the default user roles.

Usage guidelines

Only users assigned the network-admin, or level-15 user role can execute this command. Other users cannot execute this command, even if they are granted the right to execute this command.

This command is available in both user line view and user line class view. A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.

A user role change does not take effect on the current session. It takes effect on subsequent login sessions.

You can assign up to 64 user roles to a user line.

For more information about user roles, see RBAC configuration in Fundamentals Configuration Guide.

Examples

# Assign user role network-admin to VTY line 0 to 31.

<Sysname> system-view

[Sysname] line vty 0 31

[Sysname-line-vty0-31] user-role network-admin

web captcha

Use web captcha to specify a fixed verification code for Web login.

Use undo web captcha to restore the default.

Syntax

web captcha verification-code

undo web captcha

Default

No fixed verification code is specified for Web login. A Web user must enter the verification code displayed on the login page.

Views

User view

Predefined user roles

network-admin

Parameters

verification-code: Specifies the fixed verification code, a case-sensitive 4-character string.

Usage guidelines

In test environments where a script is used for Web function tests, you can configure a fixed verification code to improve test efficiency.

For Web access security purposes, do not use this feature in production environments.

If you execute the web captcha command multiple times, the most recent configuration takes effect.

This command is not saved to the configuration file and will not take effect after a reboot.

Examples

# Set the fixed verification code to test for Web login.

<Sysname> web captcha test

web https-authorization mode

Use web https-authorization mode to set the authentication mode for HTTPS login.

Use undo web https-authorization mode to restore the default.

Syntax

web https-authorization mode { auto | manual }

undo web https-authorization mode

Default

Manual authentication mode is used for HTTPS login.

Views

System view

Predefined user roles

network-admin

Parameters

auto: Uses the PKI certificate of an HTTPS client to authenticate the client automatically.

manual: Sends the login page to the HTTPS client, and uses the username and password entered on the page to authenticate the client.

Usage guidelines

In auto authentication mode, the device uses the PKI certificate of an HTTPS client to authenticate the client automatically.

·     If the certificate is valid, the value of the CN field is used as the username for AAA authentication.

¡     If the authentication succeeds, the Web interface appears on the client.

¡     If the authentication fails, the login page appears on the client. The user can log in to the Web interface after entering the correct username and password.

·     If the certificate is invalid (for example, expired), the device closes the HTTPS connection.

Examples

# Set the HTTPS login authentication mode to auto.

<Sysname> system-view

[Sysname] web https-authorization mode auto

web idle-timeout

Use web idle-timeout to set the Web connection idle-timeout timer.

Use undo web idle-timeout to restore the default.

Syntax

web idle-timeout idle-time

undo web idle-timeout

Default

The Web connection idle-timeout timer is 10 minutes.

Views

System view

Predefined user roles

network-admin

Parameters

idle-time: Specifies the Web connection idle-timeout timer in minutes. The value range is 1 to 999.

Usage guidelines

The system automatically terminates a Web user connection if no mouse or keyboard operation occurs within the idle-timeout interval.

This command takes effect immediately on current Web connections.

Examples

# Set the Web connection idle-timeout timer to 100 minutes.

<Sysname> system-view

[Sysname] web idle-timeout 100

webui log enable

Use webui log enable to enable Web operation logging.

Use undo webui log enable to disable Web operation logging.

Syntax

webui log enable

undo webui log enable

Default

Web operation logging is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

When Web operation logging is enabled, the device generates log messages for important Web operations, for example, system time change. The device outputs log messages as indicated by information center settings.

A Web operation log message includes the following information:

·     Module name WEB.

·     Mnemonic prefix WEBOPT_.

·     Web client IP address.

·     Web user's username.

The following is a sample log message:

%Mar 25 14:32:38:802 2013 H3C WEB/6/WEBOPT_SET_TIME: -HostIP=192.168.100.235-User=Admin; Set the system date and time to 2013-05-27T10:00:00.

Examples

# Enable Web operation logging.

<Sysname> system-view

[Sysname] webui log enable

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网