Login
- Table of Contents
-
- 13-Security Command Reference
- 00-Preface
- 01-DAE proxy commands
- 02-Password control commands
- 03-Keychain commands
- 04-Public key management commands
- 05-PKI commands
- 06-IPsec commands
- 07-SSH commands
- 08-SSL commands
- 09-Session management commands
- 10-Object group commands
- 11-Attack detection and prevention commands
- 12-IP-based attack prevention commands
- 13-IP source guard commands
- 14-ARP attack protection commands
- 15-ND attack defense commands
- 16-uRPF commands
- 17-SAVA commands
- 18-Crypto engine commands
- 19-SMA commands
- 20-Trust level commands
- 21-Encryption card user management commands
- 22-SAVNET commands
- 23-MACsec commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 21-Encryption card user management commands | 159.94 KB |
Encryption card user management commands
encryption-card admin-authorization restoration
encryption-card delete operator
encryption-card operator change-password
Encryption card user management commands
display encryption-card state
Use display encryption-card state to display the state of an encryption card.
Syntax
In standalone mode:
display encryption-card state slot slot-number
In IRF mode:
display encryption-card state chassis chassis-number slot slot-number
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies a card by its slot number. (In standalone mode.)
chassis chassis-number slot slot-number Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. (In IRF mode.)
Examples
# Display the state of the encryption card in slot 3.
<Sysname> system-view
[Sysname] display encryption-card state slot 3
State: Factory
Table 1 Command output
|
Field |
Description |
|
State |
Encryption card state: · Factory. · Ready. · Manage. · Work. · Erase. |
encryption-card add user
Use encryption-card add user to add an encryption card user, assign the user role, and set the user password used to log in to the encryption card.
Syntax
In standalone mode:
encryption-card add user role { admin | operator } slot slot-number
In IRF mode:
encryption-card add user role { admin | operator } chassis chassis-number slot slot-number
Default
No encryption card users exist.
Views
System view
Predefined user roles
network-admin
network-operator
Parameters
role: Specifies the role of the user.
· admin: Specify the user as an administrator.
· operator: Specify the user as an operator.
slot slot-number: Specifies a card by its slot number. (In standalone mode.)
chassis chassis-number slot slot-number Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. (In IRF mode.)
Usage guidelines
Before adding a user, plug in a USB key. One disk supports adding one user. After a user is added, unplug the USB key. Then, you can plug in another USB key to add another user.
You must add three administrators for one encryption card.
You must set a user password in interactive mode. A user password is a case-sensitive plaintext string of 6 to 15 characters, and can contain only letters [a-z, A-Z] and digits.
Examples
# Add an administrator for the encryption card in slot 3, and set the login password.
<Sysname> system-view
[Sysname] encryption-card add user role admin slot 3
The USB key is steady. Continue? [Y/N]: y
Enter password:
Confirm password:
Operation succeeded.
encryption-card admin-authorization restoration
Use encryption-card admin-authorization restoration to configure an administrator authorization on data restoration to an encryption card.
Use undo encryption-card admin-authorization restoration to restore the default.
Syntax
In standalone mode:
encryption-card admin-authorization restoration slot slot-number
undo encryption-card admin-authorization restoration slot slot-number
In IRF mode:
encryption-card admin-authorization restoration chassis chassis-number slot slot-number
undo encryption-card admin-authorization restoration chassis chassis-number slot slot-number
Default
An encryption card does not have an administrator authorization on data restoration.
Views
System view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies a card by its slot number. (In standalone mode.)
chassis chassis-number slot slot-number Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. (In IRF mode.)
Usage guidelines
Before restoring data of an old encryption card to another encryption card, plug the old card's administrator USB keys into the new card to configure data restoration authorizations.
For successful data restoration to the target encryption card, it must have the authorization of two administrators.
During an authorization, you must enter the administrator's password in interactive mode. A user password is a case-sensitive plaintext string of 6 to 15 characters, and can contain only letters [a-z, A-Z] and digits.
Examples
# Configure an administrator authorization on data restoration to the encryption card in slot 3.
<Sysname> system-view
[Sysname] encryption-card admin-authorization restoration slot 3
The USB key is steady. Continue? [Y/N]: y
Password:
Operation succeeded.
Related commands
· encryption-card add user
· encryption-card restore info
encryption-card login
Use encryption-card login to configure an administrator or operator to log in to an encryption card.
Syntax
In standalone mode:
encryption-card login user-role { admin | operator } slot slot-number
In IRF mode:
encryption-card login user-role { admin | operator } chassis chassis-number slot slot-number
Views
System view
Predefined user roles
network-admin
network-operator
Parameters
user-role: Specifies the role of the user that logs in to the encryption card.
· admin: Specify the administrator role.
· operator: Specify the operator role.
slot slot-number: Specifies a card by its slot number. (In standalone mode.)
chassis chassis-number slot slot-number Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. (In IRF mode.)
Usage guidelines
An administrator and an operator cannot both log in to the encryption card.
You must enter the user password in interactive mode. A user password is a case-sensitive plaintext string of 6 to 15 characters, and can contain only letters [a-z, A-Z] and digits.
Examples
# Configure the administrator to log in to the encryption card in slot 3.
<Sysname> system-view
[Sysname] encryption-card login user-role admin slot 3
The USB key is steady. Continue? [Y/N]: y
Password:
Operation succeeded.
encryption-card logout
Use encryption-card logout to log out all administrators or operators of an encryption card.
Syntax
In standalone mode:
encryption-card logout user-role { admin | operator } slot slot-number
In IRF mode:
encryption-card logout user-role { admin | operator } chassis chassis-number slot slot-number
Views
System view
Predefined user roles
network-admin
network-operator
Parameters
user-role: Specifies the role of the users to be logged out.
· admin: Specify the administrator role.
· operator: Specify the operator role.
slot slot-number: Specifies a card by its slot number. (In standalone mode.)
chassis chassis-number slot slot-number Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. (In IRF mode.)
Examples
# Log the administrators out of the encryption card in slot 3.
<Sysname> system-view
[Sysname] encryption-card logout user-role admin slot 3
The admin logout operation success!
encryption-card delete operator
Use encryption-card delete operator to delete all operators of an encryption card.
Syntax
In standalone mode:
encryption-card delete operator slot slot-number
In IRF mode:
encryption-card delete operator chassis chassis-number slot slot-number
Views
System view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies a card by its slot number. (In standalone mode.)
chassis chassis-number slot slot-number Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. (In IRF mode.)
Usage guidelines
You can delete all operators of an encryption card only when the encryption card has two login administrators.
Examples
# Delete all operators of the encryption card in slot 3.
<Sysname> system-view
[Sysname] encryption-card delete operator slot 3
encryption-card operator change-password
Use encryption-card operator change-password to change the password of an operator for an encryption card.
Syntax
In standalone mode:
encryption-card operator change-password slot slot-number
In IRF mode:
encryption-card operator change-password chassis chassis-number slot slot-number
Views
System view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies a card by its slot number. (In standalone mode.)
chassis chassis-number slot slot-number Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. (In IRF mode.)
Usage guidelines
An operator can change its login password only when the encryption card has two login administrators.
You must change the user password in interactive mode. A user password is a case-sensitive plaintext string of 6 to 15 characters, and can contain only letters [a-z, A-Z] and digits.
Examples
# Change the login password of the operator for the encryption card in slot 3.
<Sysname> system-view
[Sysname] encryption-card operator change-password slot 3
The USB key is steady. Continue? [Y/N]: y
Old password:
New password:
Confirm:
Operation succeeded.
encryption-card delete info
Use encryption-card delete info to clear operator information and key information on an encryption card.
Syntax
In standalone mode:
encryption-card delete info slot slot-number
In IRF mode:
encryption-card delete info chassis chassis-number slot slot-number
Views
System view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies a card by its slot number. (In standalone mode.)
chassis chassis-number slot slot-number Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. (In IRF mode.)
Usage guidelines
You can execute this command for an encryption card only when the encryption card has two login administrators.
Examples
# Clear operator information and key information on the encryption card in slot 3.
<Sysname> system-view
[Sysname] encryption-card delete info slot 3
encryption-card backup info
Use encryption-card backup info to back up all information on an encryption card to the USB key.
Syntax
In standalone mode:
encryption-card backup info slot slot-number
In IRF mode:
encryption-card backup info chassis chassis-number slot slot-number
Views
System view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies a card by its slot number. (In standalone mode.)
chassis chassis-number slot slot-number Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. (In IRF mode.)
Usage guidelines
Before you back up the information on an encryption card, plug a new USB key into the card.
You can execute this command for an encryption card only when the encryption card has two login administrators.
You must enter the user password in interactive mode. A user password is a case-sensitive plaintext string of 6 to 15 characters, and can contain only letters [a-z, A-Z] and digits.
Examples
# Back up all information on the encryption card in slot 3.
<Sysname> system-view
[Sysname] encryption-card backup info slot 3
The USB key is steady. Continue? [Y/N]:y
Enter password:
Confirm:
Operation succeeded.
encryption-card restore info
Use encryption-card restore info to restore the backup data on a USB key to an encryption card.
Syntax
In standalone mode:
encryption-card restore info slot slot-number
In IRF mode:
encryption-card restore info chassis chassis-number slot slot-number
Views
System view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies a card by its slot number. (In standalone mode.)
chassis chassis-number slot slot-number Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. (In IRF mode.)
Usage guidelines
You can execute this command only for an encryption card in factory or erase state.
Examples
# Restore the backup data on a USB key to the encryption card in slot 3.
<Sysname> system-view
[Sysname] encryption-card restore info slot 3
The USB key is steady. Continue? [Y/N]: y
Password:
Operation succeeded.
Related commands
encryption-card admin-authorization restoration
