Login
- Table of Contents
-
- 01-Fundamentals Command Reference
- 00-Preface
- 01-CLI commands
- 02-RBAC commands
- 03-Login management commands
- 04-FTP and TFTP commands
- 05-File system management commands
- 06-Configuration file management commands
- 07-Software upgrade commands
- 08-Automatic configuration commands
- 09-Target configuration management commands
- 10-ISSU commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 03-Login management commands | 359.14 KB |
Login management commands
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.
Some login management commands are available in both user line view and user line class view. For these commands, the device uses the following rules to determine the settings to be activated:
· A setting in user line view applies only to the user line. A setting in user line class view applies to all user lines of the class.
· A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.
· A setting in user line class view takes effect on login sessions that are established after the setting is configured.
activation-key
Use activation-key to set the terminal session activation key. Pressing this shortcut key starts a terminal session.
Use undo activation-key to restore the default.
Syntax
activation-key key-string
undo activation-key
Default
The terminal session activation key is Enter.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
key-string: Specifies a shortcut key. It can be a character (case sensitive), or an ASCII code value in the range of 0 to 127. For example, if you execute activation-key 1, the shortcut key is Ctrl+A. If you execute activation-key a, the shortcut key is a. For information about ASCII code values of individual characters, see the standard ASCII code chart. For information about ASCII code values of combined keys that use the Ctrl key, see Table 1.
Usage guidelines
This command is not supported in VTY line view or VTY line class view.
This command takes effect immediately.
This command is available in both user line view and user line class view. A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.
You can use only the specified terminal session activation key to start a terminal session. To display the current terminal session activation key, use the display current-configuration | include activation-key command.
Table 1 ASCII code values for combined keys that use the Ctrl key
|
Combined key |
ASCII code value |
|
Ctrl+A |
1 |
|
Ctrl+B |
2 |
|
Ctrl+C |
3 |
|
Ctrl+D |
4 |
|
Ctrl+E |
5 |
|
Ctrl+F |
6 |
|
Ctrl+G |
7 |
|
Ctrl+H |
8 |
|
Ctrl+I |
9 |
|
Ctrl+J |
10 |
|
Ctrl+K |
11 |
|
Ctrl+L |
12 |
|
Ctrl+M |
13 |
|
Ctrl+N |
14 |
|
Ctrl+O |
15 |
|
Ctrl+P |
16 |
|
Ctrl+Q |
17 |
|
Ctrl+R |
18 |
|
Ctrl+S |
19 |
|
Ctrl+T |
20 |
|
Ctrl+U |
21 |
|
Ctrl+V |
22 |
|
Ctrl+W |
23 |
|
Ctrl+X |
24 |
|
Ctrl+Y |
25 |
|
Ctrl+Z |
26 |
|
CTRL+ [ |
27 |
|
CTRL+\ |
28 |
|
CTRL+] |
29 |
|
CTRL+^ |
30 |
|
CTRL+_ |
31 |
Examples
# Configure character s as the terminal session activation key for console line 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] activation-key s
To verify the configuration:
1. Exit the console session.
[Sysname-line-console0] return
<Sysname> quit
2. Log in again through the console line.
The following message appears:
Press ENTER to get started.
3. Press Enter.
Pressing Enter does not start a session.
4. Press s.
A terminal session is started.
<Sysname>
authentication-mode
Use authentication-mode to set the authentication mode for a user line.
Use undo authentication-mode to restore the default.
Syntax
In non-FIPS mode:
authentication-mode { none | password | scheme }
undo authentication-mode
In FIPS mode:
authentication-mode scheme
undo authentication-mode
Default
In non-FIPS mode:
The authentication mode is none for console login.
The authentication mode is password for the VTY line.
In FIPS mode:
The authentication mode is scheme.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
none: Disables authentication.
password: Performs local password authentication.
scheme: Performs AAA authentication. For more information about AAA, see User Access and Authentication Configuration Guide.
Usage guidelines
|
|
CAUTION: · When authentication is disabled, users can login without authentication. For security purpose, disable authentication with caution. · When you enable password authentication, you must also configure an authentication password for the line or line class. If no authentication password is configured, you cannot log in to the device through the line or line class at the next time. · When you enable scheme authentication, make sure an authentication user account is available. If no authentication user account is available, you cannot log in to the device through the line or line class at the next time. |
Only users assigned the network-admin, or level-15 user role can execute this command. Other users cannot execute this command, even if they are granted the right to execute this command.
In VTY line view, this command is associated with the protocol inbound command.
· If the settings of the two commands in VTY line view are both the default settings, the settings for the commands in VTY line class view take effect.
· If the settings of the two commands in VTY line view are both non-default settings, the non-default settings in VTY line view take effect.
· If only one command has a non-default setting in VTY line view, the other command uses the default setting, regardless of the setting in VTY line class view.
An authentication mode change does not take effect on the current session. It takes effect on subsequent login sessions.
Examples
# Enable the none authentication mode for VTY line 0.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] authentication-mode none
# Enable password authentication for VTY line 0 and set the password to hello12345.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] authentication-mode password
[Sysname-line-vty0] set authentication password simple hello12345
# Enable scheme authentication for VTY line 0. Configure the local user test and set the password to hello12345. Assign the Telnet service and the user role network-admin to the user.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] authentication-mode scheme
[Sysname-line-vty0] quit
[Sysname] local-user test
[Sysname-luser-manage-test] password simple hello12345
[Sysname-luser-manage-test] service-type telnet
[Sysname-luser-manage-test] authorization-attribute user-role network-admin
Related commands
set authentication password
auto-execute command
Use auto-execute command to specify the command to be automatically executed for a login user.
Use undo auto-execute command to restore the default.
Syntax
auto-execute command command
undo auto-execute command
Default
No command is specified to be automatically executed for a login user.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
command: Specifies the command to be automatically executed.
Usage guidelines
|
|
CAUTION: After using this command for a user line, you might be unable to access the CLI through the user line. Make sure you can access the CLI through a different user line before you execute this command and save the configuration. |
The device will automatically execute the specified command when a user logs in through the user line, and close the user connection after the command is executed.
This command is not supported in console line view or console line class view.
This command is available in both user line view and user line class view. A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.
A configuration change made by this command does not take effect on the current session. It takes effect on subsequent login sessions.
Examples
# Configure the device to automatically execute the telnet 192.168.1.41 command when a user logs in through VTY line 0.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] auto-execute command telnet 192.168.1.41
This action will lead to configuration failure through line-vty0. Are you sure?
[Y/N]:y
[Sysname-line-vty0]
# To verify the configuration, Telnet to the device (192.168.1.40).
The device automatically Telnets to 192.168.1.41. The following output is displayed on the configuration terminal:
C:\> telnet 192.168.1.40
******************************************************************************
* Copyright (c) 2004-2020 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
Trying 192.168.1.41 ...
Press CTRL+K to abort
Connected to 192.168.1.41 ...
******************************************************************************
* Copyright (c) 2004-2020 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
<Sysname.41>
This operation is the same as directly logging in to the device at 192.168.1.41 through Telnet. When you close the Telnet connection to 192.168.1.41, the Telnet connection to 192.168.1.40 is closed at the same time.
character-encoding
Use character-encoding to specify character encodings.
Use undo character-encoding to restore the default.
Syntax
character-encoding system { gb18030 | utf-8 } cli-terminal { gb18030 | utf-8 } snmp { gb18030 | utf-8 }
undo character-encoding
Default
No character encoding is specified.
Views
System view
Predefined user roles
network-admin
Parameters
system: Specifies a character encoding globally for the system. For the login terminal to correctly display Chinese character, make sure the login terminal and the system use the same character encoding.
cli-terminal: Specifies a default encoding for CLI terminals.
snmp: Specifies a character encoding for SNMP clients.
gb18030: Specifies the GB18030 encoding.
utf-8: Specifies the UTF-8 encoding.
Usage guidelines
GB18030 and UTF-8 are two common character encodings. They both support Chinese and English, but the encoding length of Chinese characters is different. If the parameters to configure contain Chinese characters, make sure the login terminal and the device use the same character encoding. Otherwise, the configuration containing Chinese characters on the device might fail to be parsed correctly, or even fail to take effect.
Before using character-encoding, you can use display character-encoding to obtain current character encodings on the system and the login terminal.
The settings on CLI terminals and SNMP clients take effect immediately and do not require a device reboot.
For a new character encoding to take effect on the system, reboot the device. Use the following restrictions and guidelines as needed:
· Before rebooting the device, use display | original-encoding to predict whether the configuration in the next start-up configuration file can be parsed correctly in the new character encoding. If a setting displays incorrectly, the setting cannot be parsed, and the new character encoding will cause the setting to fail to be restored after the reboot. To resolve this issue, you can configure another character encoding or use character-encoding again after the reboot.
· A new character encoding does not affect the character encodings that have already specified for the configuration files and log files. The new encoding will not automatically convert the configuration files and log files. You can use display | original-encoding to manually convert the files and save the converted files to a new configuration file.
· Before rebooting the device, you can use undo character-encoding to cancel the change to the system character encoding.
Examples
# Specify UTF-8 encoding for the system, and GB18030 encoding for CLI and SNMP.
<Sysname> system-view
[Sysname] character-encoding system utf-8 cli-terminal gb18030 snmp gb18030
The system-level character encoding change might cause configuration restoration failure after a device reboot. Continue? [Y/N]:y
Please convert and save the running configuration to the next-startup configuration file.For the system-level character encoding change to take effect, you must reboot the device.
Related commands
display | original-encoding
display character-encoding
terminal character-encoding
character-encoding check
Use character-encoding check to enable character encoding check.
Use undo character-encoding check to disable character encoding check.
Syntax
character-encoding check
undo character-encoding check
Default
Character encoding check is enabled.
Views
User view
Predefined user roles
network-admin
Usage guidelines
This feature examines input characters for compliance with the configured character encoding. If the characters do not comply with the character encoding, the characters are blocked and an error message is returned.
If this feature is disabled, the device does not examine any input characters for compliance with the configured character encoding, or block any characters. If the input characters do not comply with the character encoding, the configuration will not take effect. As a best practice, enable this feature.
Examples
# Enable character encoding check.
<Sysname> character-encoding check
Related commands
display character-encoding
command accounting
Use command accounting to enable command accounting.
Use undo command accounting to disable command accounting.
Syntax
command accounting
undo command accounting
Default
Command accounting is disabled. The accounting server does not record executed commands.
Views
User line view
User line class view
Predefined user roles
network-admin
Usage guidelines
When command accounting is enabled but command authorization is not, every executed command is recorded on the HWTACACS server. When both command accounting and command authorization are enabled, only authorized commands that are executed are recorded on the HWTACACS server.
Invalid commands are not recorded.
A configuration change made by this command does not take effect on the current session. It takes effect on subsequent login sessions.
After you execute the command accounting command in user line class view, you cannot execute the undo command accounting command in any user line views in the class.
Examples
# Enable command accounting for VTY line 0.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] command accounting
Related commands
accounting command (User Access and Authentication Command Reference)
command authorization
command authorization
Use command authorization to enable command authorization.
Use undo command authorization to disable command authorization.
Syntax
command authorization
undo command authorization
Default
Command authorization is disabled. Logged-in users can execute commands without authorization.
Views
User line view
User line class view
Predefined user roles
network-admin
Usage guidelines
When command authorization is enabled, a user can only use commands that are permitted by both the AAA scheme and user role.
To have command authorization take effect, you must set the authentication mode for device login to scheme. If the authentication mode is none or password, command authorization will not take effect after you execute the command authorization command.
A configuration change made by this command does not take effect on the current session. It takes effect on subsequent login sessions.
If you execute the command authorization command in user line class view, command authorization is enabled for all user lines in the class. You cannot execute the undo command authorization command in the view of a user line in the class.
Examples
# Enable command authorization for VTY line 0.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] command authorization
Related commands
authorization command (User Access and Authentication Command Reference)
command accounting
databits
Use databits to specify the number of data bits for a character.
Use undo databits to restore the default.
Syntax
databits { 5 | 6 | 7 | 8 }
undo databits
Default
Eight data bits are used for a character.
Views
User line view
Predefined user roles
network-admin
Parameters
5: Uses five data bits for a character.
6: Uses six data bits for a character.
7: Uses seven data bits for a character.
8: Uses eight data bits for a character.
Usage guidelines
This command is not supported in VTY line class view.
Only modem dial-in supports keywords 5 and 6.
This setting must be the same as the setting on the configuration terminal.
Examples
# Configure console line 0 to use seven data bits for a character.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] databits 7
display | original-encoding
Use display | original-encoding to convert the output from a command from the original encoding to the specified encoding.
Syntax
display command | original-encoding { gb18030 | utf-8 }
Default
The original encoding is the system encoding.
Views
Any view
Predefined user roles
network-admin
Parameters
gb18030: Specifies the GB18030 encoding.
utf-8: Specifies the UTF-8 encoding.
Usage guidelines
When you execute only the display command command, the device displays the output from the specified command in the system encoding. The display command | original-encoding { gb18030 | utf-8 } command enables the device to convert the output from the specified command to the specified encoding.
This feature is mainly used to identify whether the current configuration or command output can be correctly parsed in a new character encoding. If the matching information cannot be correctly parsed, perform one of following operations:
· Modify the command lines that cannot be correctly parsed, and then reboot the device.
· Reboot the device for the new character encoding to take effect, and then modify the command lines that cannot be correctly parsed.
Examples
# Convert the current configuration from the original encoding to the UTF-8 encoding.
<Sysname> display current-configuration | include sysname | origin-encoding utf-8
sysname 中文
Related commands
display character-encoding
terminal character-encoding
display character-encoding
Use display character-encoding to display the character encoding information on the device or login terminal.
Syntax
display character-encoding [ terminal ]
Views
Any view
Predefined user roles
network-admin
Parameters
terminal: Displays the character encoding used on the login terminal. If you do not specify this keyword, this command displays the character encoding used on the device.
Usage guidelines
For the user's login terminal to correctly display Chinese characters in the messages received from the device, the device and the terminal must use the same character encoding.
Use the display character-encoding terminal command to identify the character encoding used on the login terminal. The device will send test characters in both UTF-8 and GB18030 encodings to the login terminal. The test characters will be displayed as 中文 for the character encoding used on the login terminal.
Examples
# Display the current character encoding information on the device.
<Sysname> display character-encoding
Current system character encoding: NULL
Next system character encoding: UTF-8
Default terminal character encoding: UTF-8
SNMP character encoding: UTF-8
Encoding check: Enable
# Display the current character encoding information on the login terminal.
<Sysname>display character-encoding terminal
Character encoding Test characters
UTF-8 涓枃
GB18030 中文
Current terminal character encoding: GB18030
Table 2 Command output
|
Field |
Description |
|
Current system character encoding |
Current character encoding used by the system. Options include UTF-8, GB18030, and NULL. The NULL option indicates that no system character encoding is configured. |
|
Next system character encoding |
System character encoding that will take effect after device reboot. Options include UTF-8, GB18030, and NULL. The NULL option indicates that no system character encoding is configured. |
|
Default terminal character encoding |
Character encoding used on CLI terminals. Options include UTF-8 and GB18030. |
|
SNMP character encoding |
Character encoding used by SNMP clients. Options include UTF-8 and GB18030. |
|
Encoding check |
Enablement status of encoding check. Options include Enable and Disable. |
|
Character encoding |
Character encoding used by the device to send test strings to the login terminal. Options include UTF-8 and GB18030. |
|
Test characters |
Parsing result of the test characters. The test characters will be displayed as 中文 for the character encoding used on the login terminal. |
|
Current terminal character encoding |
Character encoding currently used on the current terminal. Options include UTF-8 and GB18030. |
Related commands
character-encoding
terminal character-encoding
display line
Use display line to display user line information.
Syntax
display line [ number1 | { console | vty } number2 ] [ summary ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
number1: Specifies the absolute number of a user line. The value range is 0 to 73.
console: Specifies the console line.
vty: Specifies the VTY line.
number2: Specifies the relative number of a user line. The value range is 0 to 9 for console lines and 0 to 63 for VTY lines.
summary: Displays summary information about user lines. If you do not specify this keyword, the command displays detailed information.
Examples
# Display information about line 0.
<Sysname> display line 0
Idx Type Tx/Rx Modem Auth Int Location
0 CON 0 9600 - N - 0/0
+ : Line is active.
F : Line is active and in async mode.
Idx : Absolute index of line.
Type : Type and relative index of line.
Auth : Login authentication mode.
Int : Physical port of the line.
A : Authentication use AAA.
N : No authentication is required.
P : Password authentication.
Table 3 Command output
|
Field |
Description |
|
Modem |
Whether the modem allows calling in or out. By default, this attribute is not configured and this field displays a hyphen (-). |
|
Int |
Physical port for the line. If there is no physical port for the line or the port is a console port, this field displays a hyphen (-). |
|
Location |
Physical position of the line, in the form of slot number/CPU number. |
# Display summary information about all user lines.
<Sysname> display line summary
Line type : [CON]
0:XXXX XXXX XX
Line type : [VTY]
10:UUUU UUUU UUUU UUUU
26:UUUU XXXX XXXX XXXX
42:XXXX XXXX XXXX XXXX
58:XXXX XXXX XXXX XXXX
20 lines used. (U)
54 lines not used. (X)
Table 4 Command output
|
Fields |
Description |
|
Type of the user line: · CON—Console line. · VTY—VTY line. |
|
|
number:status |
number: Absolute number of the first user line in the user line class. status: User line status. X is for unused and U is for used. |
display telnet client
Use display telnet client to display the packet source setting for the Telnet client.
Syntax
display telnet client
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
This command displays the source IPv4 address or source interface specified for the Telnet client to use in outgoing Telnet packets, depending on the telnet client source command.
Examples
# Display the packet source setting for the Telnet client.
<Sysname> display telnet client
The source IP address is 1.1.1.1.
Related commands
telnet client source
display user-interface
Use display user-interface to display user line information.
Syntax
display user-interface [ number1 | { console | vty } number2 ] [ summary ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
number1: Specifies the absolute number of a user line. The value range is 0 to 73.
console: Specifies the console line.
vty: Specifies the VTY line.
number2: Specifies the relative number of a user line. The value range is 0 to 9 for console lines and 0 to 63 for VTY lines.
summary: Displays summary information about user lines. If you do not specify this keyword, the detailed information is displayed.
Usage guidelines
This command is an older version reserved for backward compatibility purposes. It has the same functionality and output as the display line command. As a best practice, use the display line command.
Examples
# Display information about line 0.
<Sysname> display user-interface 0
Idx Type Tx/Rx Modem Auth Int Location
0 CON 0 9600 - N - 0/0
+ : Line is active.
F : Line is active and in async mode.
Idx : Absolute index of line.
Type : Type and relative index of line.
Auth : Login authentication mode.
Int : Physical port of the line.
A : Authentication use AAA.
N : No authentication is required.
P : Password authentication.
Table 5 Command output
|
Field |
Description |
|
Modem |
Whether the modem allows calling in or out. By default, this attribute is not configured and this field displays a hyphen (-). |
|
Int |
Physical port for the line. If there is no physical port for the line or the port is a console port, this field displays a hyphen (-). |
|
Location |
Physical position of the line, in the form of slot number/CPU number. |
# Display summary information about all user lines.
<Sysname> display user-interface summary
Line type : [CON]
0:XXXX XXXX XX
Line type : [VTY]
10:UUUU UUUU UUUU UUUU
26:UUUU XXXX XXXX XXXX
42:XXXX XXXX XXXX XXXX
58:XXXX XXXX XXXX XXXX
20 lines used. (U)
54 lines not used. (X)
Table 6 Command output
|
Fields |
Description |
|
Line type |
Type of the user line: · CON—Console line. · VTY—VTY line. |
|
number:status |
number: Absolute number of the first user line in the user line class. status: User line status. X is for unused and U is for used. |
display users
Use display users to display online CLI users.
Syntax
display users [ all ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Displays all user lines supported by the device.
Examples
# Display online user information.
<Sysname> display users
Idx Line Idle Time Pid Type
+ 10 VTY 0 00:00:00 Jan 01 00:33:10 484 TEL
12 VTY 2 00:06:22 Jan 01 00:33:22 495 TEL
Following are more details.
VTY 0 :
User role list: network-admin network-operator
Location: 192.168.1.107
VTY 2 :
User role list: level-0 network-admin network-operator
Location: 192.168.1.134
+ : Current operation user.
F : Current operation user works in async mode.
Table 7 Command output
|
Field |
Description |
|
Idx |
Absolute number of the user line. |
|
Line |
Type and relative number of the user line. |
|
Idle |
Time elapsed after the user's most recent input, in the hh:mm:ss format. |
|
Time |
Login time of the user. |
|
Pid |
Process ID of the user session. |
|
Type |
User type: · TEL—Telnet user. · SSH—SSH user. For a user who logged in through the console port, this field does not display anything. |
|
+ |
User line you are using. |
|
User role list |
User roles assigned to the user. The user has logged in to the device by using a user line. |
|
Location |
IP address of the user. |
escape-key
Use escape-key to set the escape key.
Use undo escape-key to disable the escape key.
Syntax
escape-key { key-string | default }
undo escape-key
Default
The escape key is Ctrl+C.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
key-string: Specifies a shortcut key. It can be a character (case sensitive, except for d and D), or an ASCII code value in the range of 0 to 127. For example, if you execute escape-key 1, the shortcut key is Ctrl+A. If you execute escape-key a, the shortcut key is a. If you specify the character d or D for this argument, the actual shortcut key is Ctrl+C. To use d or D as the shortcut key, you must specify the ASCII code value of the character for this argument. For information about ASCII code values of individual characters, see the standard ASCII code chart. For information about ASCII code values of combined keys that use the Ctrl key, see Table 1.
default: Restores the default escape key Ctrl+C.
Usage guidelines
You can press the escape key to abort a command that is being executed, for example, a ping or tracert command. Whether a command can be aborted by Ctrl+C by default depends on the software implementation of the command. For more information, see the usage guidelines for the command.
As a best practice, use a key sequence as the escape key. If you define a single character as the escape key, pressing the key while a command is being executed stops the command. If no command is being executed, pressing the key enters the character as a common character. If you Telnet from the device to a remote device, pressing the key enters the character as a common character on the remote device. The key acts as the escape key on the remote device only when the following conditions are met:
· You define the same character as the escape key on the remote device.
· You press the key while a command is being executed on the remote device.
The undo escape-key command disables the current escape key. After you execute this undo command, no escape key is available.
This command is available in both user line view and user line class view. A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.
The setting in user line view takes effect immediately on the current session. The setting in user line class view takes effect on login sessions that are established after the setting is configured.
To display the current escape key, use the display current-configuration | include escape-key command.
Examples
# Configure character a as the escape key for VTY line 0.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] escape-key a
To verify the configuration:
1. Ping IP address 192.168.1.49, specifying the -c keyword to set the number of ICMP echo request packets to 20.
<Sysname> ping -c 20 192.168.1.49
Ping 192.168.1.49 (192.168.1.49): 56 data bytes, press 'a' to break
56 bytes from 192.168.1.49: icmp_seq=0 ttl=255 time=1.000 ms
56 bytes from 192.168.1.49: icmp_seq=1 ttl=255 time=0.000 ms
2. Press a.
The system aborts the command and returns to user view.
--- Ping statistics for 192.168.1.49 ---
20 packet(s) transmitted, 20 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.000/0.200/1.000/0.400 ms
<Sysname>
flow-control
Use flow-control to configure the flow control mode.
Use undo flow-control to restore the default.
Syntax
flow-control { hardware | none | software }
undo flow-control
Default
Flow control is disabled.
Views
User line view
Predefined user roles
network-admin
Parameters
hardware: Performs hardware flow control.
none: Disables flow control.
software: Performs software flow control.
Usage guidelines
This command is not supported in VTY line view.
The device supports flow control in both the inbound and outbound directions.
· For flow control in the inbound direction, the local device listens to flow control information from the remote device.
· For flow control in the outbound direction, the local device sends flow control information to the remote device.
The flow control setting takes effect in both directions.
To communicate, two devices must operate in the same flow control mode.
Examples
# Configure software flow control in the inbound and outbound directions for console line 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] flow-control software
free line
Use free line to release a user line.
Syntax
free line { number1 | { console | vty } number2 }
Views
User view
Predefined user roles
network-admin
Parameters
number1: Specifies the absolute number of a user line. The value range is 0 to 73.
console: Specifies the console line.
vty: Specifies the VTY line.
number2: Specifies the relative number of a user line. The value range is 0 to 9 for console lines and 0 to 63 for VTY lines.
Usage guidelines
This command does not release the line you are using.
Examples
# Release VTY line 1.
<Sysname> free line vty 1
Are you sure to free line vty1? [Y/N]:y
[OK]
free user-interface
Use free user-interface to release a user line.
Syntax
free user-interface { number1 | { console | vty } number2 }
Views
User view
Predefined user roles
network-admin
Parameters
number1: Specifies the absolute number of a user line. The value range is 0 to 73.
console: Specifies the console line.
vty: Specifies the VTY line.
number2: Specifies the relative number of a user line. The value range is 0 to 9 for console lines and 0 to 63 for VTY lines.
Usage guidelines
This command does not release the line you are using.
This command is an older version reserved for backward compatibility purposes. It has the same functionality and output as the free line command. As a best practice, use the free line command.
Examples
# Release VTY line 1.
<Sysname> free user-interface vty 1
Are you sure to free line vty1? [Y/N]:y
[OK]
history-command max-size
Use history-command max-size to set the size of the command history buffer for a user line.
Use undo history-command max-size to restore the default.
Syntax
history-command max-size size-value
undo history-command max-size
Default
The command history buffer for a user line stores up to 10 history commands.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
size-value: Specifies the maximum number of history commands the buffer can store, in the range of 0 to 256.
Usage guidelines
Each user line uses a separate command history buffer to store commands successfully executed by its user. The buffer size determines how many history commands the buffer can store.
To display history commands in the buffer for your session, press the up or down arrow key, or execute the display history-command command. For more information about the command history buffer, see CLI introduction in Fundamentals Configuration Guide.
Terminating a CLI session clears the commands in the command history buffer.
The setting in user line view takes effect immediately on the current session. The setting in user line class view takes effect on login sessions that are established after the setting is configured.
Examples
# Set the command history buffer size to 20 for VTY line 0.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] history-command max-size 20
idle-timeout
Use idle-timeout to set the CLI connection idle-timeout timer.
Use undo idle-timeout to restore the default.
Syntax
idle-timeout minutes [ seconds ]
undo idle-timeout
Default
The CLI connection idle-timeout timer is 10 minutes.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
minutes: Specifies the number of minutes, in the range of 0 to 35791.
seconds: Specifies the number of seconds, in the range of 0 to 59. The default is 0 seconds.
Usage guidelines
The system automatically terminates a user connection if no information interaction occurs on the connection within the idle-timeout interval.
To disable the idle-timeout feature, execute the idle-timeout 0 command.
This command is available in both user line view and user line class view. A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.
The setting in user line view takes effect immediately on the current session. The setting in user line class view takes effect on login sessions that are established after the setting is configured.
Examples
# Set the CLI connection idle-timeout timer to 1 minute and 30 seconds for VTY line 0.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] idle-timeout 1 30
line
Use line to enter one or multiple user line views.
Syntax
line { first-number1 [ last-number1 ] | { console | vty } first-number2 [ last-number2 ] }
Views
System view
Predefined user roles
network-admin
Parameters
first-number1: Specifies the absolute number of the first user line. The value range is 0 to 73.
last-number1: Specifies the absolute number of the last user line. The value range is 1 to 73. This number must be greater than first-number1.
console: Specifies the console line.
vty: Specifies the VTY line.
first-number2: Specifies the relative number of the first user line. The value range is 0 to 9 for console lines and 0 to 63 for VTY lines.
last-number2: Specifies the relative number of the last user line. The value range is 1 to 9 for console lines and 1 to 63 for VTY lines. This number must be greater than first-number2.
Examples
# Enter the view of VTY line 0.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0]
# Enter the views of VTY lines 0 to 63.
<Sysname> system-view
[Sysname] line vty 0 63
[Sysname-line-vty0-63]
Related commands
line class
line class
Use line class to enter user line class view.
Syntax
line class { console | vty }
Views
System view
Predefined user roles
network-admin
Parameters
console: Specifies the console line class view.
vty: Specifies the VTY line class view.
Usage guidelines
To configure the same settings for all user lines of a line class, use this command to enter the user line class view.
In user line class view, you can execute the following commands:
· activation-key
· auto-execute command
· authentication-mode
· command accounting
· command authorization
· escape-key
· history-command max-size
· idle-timeout
· protocol inbound
· screen-length
· set authentication password
· shell
· terminal type
· user-role
For commands that are available in both user line view and user line class view, the device uses the following rules to determine the settings to use:
· A setting in user line view applies only to the user line. A setting in user line class view applies to all user lines of the class.
· A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.
· A setting in user line class view does not take effect on current online users. It takes effect only on new login users.
Examples
# Set the CLI connection idle-timeout timer to 15 minutes in VTY line class view.
<Sysname> system-view
[Sysname] line class vty
[Sysname-line-class-vty] idle-timeout 15
# In console line class view, configure the character s as the terminal session activation key.
<Sysname> system-view
[Sysname] line class console
[Sysname-line-class-console] activation-key s
[Sysname-line-class-console] quit
# In the view of console line 0, restore the default terminal session activation key.
[Sysname] line console 0
[Sysname-line-console0] undo activation-key
Alternatively, you can use the following command:
[Sysname-line-console0] activation-key 13
To verify the configuration:
1. Exit the session on console line 0.
[Sysname-line-console0] return
<Sysname> quit
2. Log in again through the user line.
The following message appears:
Press ENTER to get started.
3. Press Enter.
Pressing Enter does not start a session.
4. Enter s.
A terminal session is started.
<Sysname>
Related commands
line
lock
Use lock to lock the current user line and set the password for unlocking the line.
Syntax
lock
Default
The system does not lock any user lines.
Views
User view
Predefined user roles
network-admin
Usage guidelines
This command is not supported in FIPS mode.
This command locks the current user line to prevent unauthorized users from using the line. You must set the password for unlocking the line as prompted. The user line is locked after you enter the password and confirm the password.
To unlock the user line, press Enter and enter the password you set.
Examples
# Lock the current user line and set the password for unlocking the line.
<Sysname> lock
Please input password<1 to 16> to lock current line:
Password:
Again:
locked !
// The user line is locked. To unlock it, press Enter and enter the password:
Password:
<Sysname>
lock reauthentication
Use lock reauthentication to lock the current user line and enable unlocking authentication.
Syntax
lock reauthentication
Default
The system does not lock any user lines or initiate reauthentication.
Views
Any view
Predefined user roles
network-admin
Usage guidelines
This command locks the current user line. To unlock the user line, you must press Enter and provide the login password to pass reauthentication. If you have changed the login password after login, you must provide the new password. If no login password is set, the system unlocks the user line after you press Enter.
Examples
# Lock the current user line and enable unlocking authentication.
<Sysname> lock reauthentication
Please press Enter to unlock the screen.
// The user line is locked. To unlock it, press Enter and enter the login password:
Password:
<Sysname>
Related commands
lock-key
lock-key
Use lock-key to set the user line locking key. Pressing this shortcut key locks the current user line and enables unlocking authentication.
Use undo lock-key to restore the default.
Syntax
lock-key key-string
undo lock-key
Default
No user line locking key is set.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
key-string: Specifies a shortcut key. It can be a character (case sensitive), or an ASCII code value in the range of 0 to 127. For example, if you execute lock-key 1, the shortcut key is Ctrl+A. If you execute lock-key a, the shortcut key is a. For information about ASCII code values of individual characters, see the standard ASCII code chart. For information about ASCII code values of combined keys that use the Ctrl key, see Table 1.
Usage guidelines
As a best practice, specify a combined key as the user line locking key. If you specify a single character as the key, the character acts only as the user line locking key. You cannot type the character for any commands, keywords, or arguments.
Pressing the user line locking key is equivalent to executing the lock reauthentication command.
This command takes effect immediately.
To display the current user line locking key, use the display current-configuration | include lock-key command.
Examples
# Set the user line locking key to Ctrl+A for VTY line 0.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] lock-key 1
[Sysname-line-vty0] quit
To verify the configuration:
5. Press Ctrl+A.
[Sysname]
Please press Enter to unlock the screen.
6. Press Enter and enter the login password.
Password:
[Sysname]
Related commands
lock reauthentication
parity
Use parity to specify the parity.
Use undo parity to restore the default.
Syntax
parity { even | mark | none | odd | space }
undo parity
Default
The setting is none. No parity is used.
Views
User line view
Predefined user roles
network-admin
Parameters
even: Uses even parity.
mark: Uses mark parity.
none: Uses no parity.
odd: Uses odd parity.
space: Uses space parity.
Usage guidelines
This command is not supported in VTY line view.
The configuration terminal and the device must use the same parity.
Examples
# Configure console line 0 to use odd parity.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] parity odd
protocol inbound
Use protocol inbound to specify the supported protocols.
Use undo protocol inbound to restore the default.
Syntax
In non-FIPS mode:
protocol inbound { all | pad| ssh | telnet }
undo protocol inbound
In FIPS mode:
protocol inbound ssh
undo protocol inbound
Default
In non-FIPS mode, all protocols are supported.
In FIPS mode, SSH is supported.
Views
VTY line view
VTY line class view
Predefined user roles
network-admin
Parameters
all: Supports all protocols, including SSH, PAD, and Telnet.
pad: Supports PAD only.
ssh: Supports SSH only.
telnet: Supports Telnet only.
Usage guidelines
Only users assigned the network-admin, or level-15 user role can execute this command. Other users cannot execute this command, even if they are granted the right to execute this command.
A configuration change in user line view does not take effect on the current session. It takes effect on subsequent login sessions.
Before configuring a user line to support SSH, set the authentication mode to scheme for the user line.
In VTY line view, this command is associated with the authentication-mode command. If you specify a non-default value for one of the two commands, the other command uses the default setting, regardless of the setting in VTY line class view.
· If the settings of the two commands in VTY line view are both the default settings, the settings for the commands in VTY line class view take effect.
· If the settings of the two commands in VTY line view are both non-default settings, the non-default settings in VTY line view take effect.
· If only one command has a non-default setting in VTY line view, the other command uses the default setting, regardless of the setting in VTY line class view.
Examples
# Enable user lines VTY 0 through VTY 4 to support only SSH.
<Sysname> system-view
[Sysname] line vty 0 4
[Sysname-line-vty0-4] authentication-mode scheme
[Sysname-line-vty0-4] protocol inbound ssh
# Enable SSH support and set the authentication mode to scheme in VTY line class view. Enable user lines VTY 0 through VTY 4 to support all protocols and disable authentication for the user lines.
<Sysname> system-view
[Sysname] line class vty
[Sysname-line-class-vty] authentication-mode scheme
[Sysname-line-class-vty] protocol inbound ssh
[Sysname-line-class-vty] line vty 0 4
[Sysname-line-vty0-4] authentication-mode none
To verify the configuration:
1. Telnet to the device.
<Client> telnet 192.168.1.241
Trying 192.168.1.241 ...
Press CTRL+K to abort
Connected to 192.168.1.241 ...
******************************************************************************
* Copyright (c) 2004-2020 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
<Server>
You are logged in without authentication.
2. Display online CLI user information.
<Server> display users
Idx Line Idle Time Pid Type
+ 50 VTY 0 00:00:00 Jan 17 15:29:27 189 TEL
Following are more details.
VTY 0 :
Location: 192.168.1.186
+ : Current operation user.
F : Current operation user works in async mode.
The output shows that you are using VTY 0. The configuration in user line view is effective.
Related commands
authentication-mode
screen-length
Use screen-length to set the maximum number of lines of command output to send to the terminal at a time when the screen pausing feature is enabled.
Use undo screen-length to restore the default.
Syntax
screen-length screen-length
undo screen-length
Default
A maximum of 24 lines are sent.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
screen-length: Specifies the maximum number of lines to send, in the range of 0 to 512. To send command output without pausing, set the number to 0 or execute the screen-length disable command.
Usage guidelines
The number of lines that can be displayed on the terminal screen is restricted by both this setting and the display specification of the terminal. For example, if this setting is 40, the device sends 40 lines to the terminal at a time. If the terminal display specification is 24 lines, only the last 24 lines are displayed on the terminal screen. To view the previous 16 lines, you must press PgUp.
To continue to display command output after a pause, press the space bar.
By default, pausing between screens of output is enabled.
This command is available in both user line view and user line class view. A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.
The setting in user line view takes effect immediately on the current session. The setting in user line class view takes effect on login sessions that are established after the setting is configured.
Examples
# Set the maximum number of lines to send at a time to 30 for VTY line 0.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] screen-length 30
screen-length disable
send
Use send to send messages to online login users.
Syntax
send { all | number1 | { console | vty } number2 }
Views
User view
Predefined user roles
network-admin
Parameters
all: Specifies all user lines.
number1: Specifies the absolute number of a user line. The value range is 0 to 73.
console: Specifies the console line.
vty: Specifies the VTY line.
number2: Specifies the relative number of a user line. The value range is 0 to 9 for console lines and 0 to 63 for VTY lines.
Usage guidelines
You can use this command to send notifications to online users before performing an operation that might affect other online users, for example, before rebooting the device.
To end a message, press Enter. To abort the send operation, press Ctrl+C.
Examples
# Send a notification to the user on VTY 1.
<Sysname> send vty 1
Input message, end with Enter; abort with CTRL+C:
Your attention, please. I will reboot the system in 3 minutes.
Send message? [Y/N]:y
The message should appear on the user's terminal screen as follows:
[Sysname]
***
***
***Message from vty0 to vty1
***
Your attention, please. I will reboot the system in 3 minutes.
set authentication password
Use set authentication password to set the password for local password authentication.
Use undo set authentication password to restore the default.
Syntax
set authentication password { hash | simple } string
undo set authentication password
Default
No password is set for local password authentication.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
hash: Specifies a password in hashed form.
simple: Sets a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in hashed form.
string: Specifies the password. Its plaintext form is a case-sensitive string of 4 to 16 characters and must contain a minimum of two character types. Its hashed form is a case-sensitive string of 1 to 110 characters.
Usage guidelines
This command is not supported in FIPS mode.
Only users assigned the network-admin, or level-15 user role can execute this command. Other users cannot execute this command, even if they are granted the right to execute this command.
This command is available in both user line view and user line class view. A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.
A password change does not take effect on the current session. It takes effect on subsequent login sessions.
Examples
# Set the password to hello12345 for local password authentication on VTY line 0.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] authentication-mode password
[Sysname-line-vty0] set authentication password simple hello12345
Related commands
authentication-mode
shell
Use shell to enable the terminal service for user lines.
Use undo shell to disable the terminal service for user lines.
Syntax
shell
undo shell
Default
The terminal service is enabled on all user lines.
Views
User line view
User line class view
Predefined user roles
network-admin
Usage guidelines
The undo shell command is not supported in console line view or console line class view.
You cannot disable the terminal service on the user line you are using.
When the device acts as a Telnet or SSH server, you cannot execute the undo shell command.
If the undo shell command is executed in user line class view, you cannot execute the shell command in the view of a user line in the class.
When terminal service is enabled, a user line can be used for device login. If the device is acting as the redirect server, the user line can also be used for the redirect service. However, the user line can be used for only one purpose at a time.
Examples
# Disable the terminal service for VTY lines VTY 0 through 4 so no user can log in to the device through the user lines.
<Sysname> system-view
[Sysname] line vty 0 4
[Sysname-line-vty0-4] undo shell
Disable ui-vty0-4 , are you sure? [Y/N]:y
[Sysname-line-vty0-4]
speed
Use speed to set the transmission rate (also called the baud rate) on a user line.
Use undo speed to restore the default.
Syntax
speed speed-value
undo speed
Default
The transmission rate is 9600 bps on a user line.
Views
User line view
Predefined user roles
network-admin
Parameters
speed-value: Specifies the transmission rate in bps.
Usage guidelines
This command is not supported in VTY line view.
The configuration terminal and the device must be configured with the same transmission rate to communicate.
Examples
# Set the transmission rate to 19200 bps for console line 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] speed 19200
stopbits
Use stopbits to specify the number of stop bits for a character.
Use undo stopbits to restore the default.
Syntax
stopbits { 1 | 1.5 | 2 }
undo stopbits
Default
One stop bit is used.
Views
User line view
Predefined user roles
network-admin
Parameters
1: Uses one stop bit.
1.5: Uses one and a half stop bits. The device does not support using one and a half stop bits. If you specify this keyword, two stop bits are used.
2: Uses two stop bits.
Usage guidelines
This command is not supported in VTY line view.
The configuration terminal and the device must use the same number of stop bits to communicate.
Examples
# Set the number of stop bits to 1 for console line 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] stopbits 1
telnet
Use telnet to Telnet to a host in an IPv4 network.
Syntax
telnet remote-host [ service-port ] [ vpn-instance vpn-instance-name ] [ source { interface interface-type interface-number | ip ip-address } | dscp dscp-value ] * [ escape character ]
Views
User view
Predefined user roles
network-admin
Parameters
remote-host: Specifies the IPv4 address or host name of a remote host. A host name can be a case-insensitive string of 1 to 253 characters. Valid characters include letters, digits, hyphens (-), underscores (_), and dots (.).
service-port: Specifies the TCP port number for the Telnet service on the remote host. The value range is 0 to 65535 and the default is 23.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the remote host belongs. The vpn-instance-name argument represents the VPN instance name, a case-sensitive string of 1 to 31 characters. If the remote host belongs to the public network, do not specify this option.
source: Specifies a source IPv4 address or source interface for outgoing Telnet packets. If you do not specify this option, the device uses the primary IPv4 address of the output interface for the route to the server as the source address.
interface interface-type interface-number: Specifies the source interface. The primary IPv4 address of the interface will be used as the source IPv4 address for outgoing Telnet packets.
ip ip-address: Specifies the source IPv4 address for outgoing Telnet packets.
dscp dscp-value: Specifies a DSCP value for outgoing Telnet packets. The value range is 0 to 63. The default is 48. The DSCP value is carried in the TOS field of an IPv4 packet to indicate the packet transmission priority.
escape character: Specifies an escape character. The specified escape character works together with a period (.) to terminate the current Telnet connection and return to the previous-level connection view. The escape character is a case-sensitive character and cannot be the same as the username used for login. As a best practice, specify the tilde (~) as the escape character.
Usage guidelines
This command is not supported in FIPS mode.
To terminate the current Telnet connection, perform one of the following operations:
· Press Ctrl+K.
This operation can be performed under any circumstances. It terminates all Telnet connections.
· Execute the quit command.
This operation terminates the current Telnet connection and returns to the previous-level connection view. The quit command is not usable when the server is operating incorrectly or is restarting.
· Enter the escape character.
This operation can be performed under any circumstances. It terminates the current Telnet connection and returns to the previous-level connection view.
When you perform this operation, enter the escape character in conjunction with a period at the beginning of a line. Otherwise, this operation cannot take effect. If the line contains other characters or has executed other operations (such as backspace), you must enter the escape character and the period in a new line.
If an escape character is specified, the Ctrl+K key combination will become ineffective.
The source address or interface specified by this command is applied only to the Telnet connection that is being established.
Examples
# Telnet to host 1.1.1.2, using 1.1.1.1 as the source IP address for outgoing Telnet packets.
<Sysname> telnet 1.1.1.2 source ip 1.1.1.1
Related commands
telnet client source
telnet client source
Use telnet client source to specify a source IPv4 address or source interface for the Telnet client to use for outgoing Telnet packets.
Use undo telnet client source to restore the default.
Syntax
telnet client source { interface interface-type interface-number | ip ip-address }
undo telnet client source
Default
No source IPv4 address or source interface is specified. The Telnet client uses the primary IPv4 address of the output interface for the route to the server as the source IPv4 address.
Views
System view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Specifies a source interface. The primary IPv4 address of the interface will be used as the source IPv4 address for outgoing Telnet packets.
ip ip-address: Specifies a source IPv4 address.
Usage guidelines
This command is not supported in FIPS mode.
The setting configured by this command applies to all Telnet connections but has a lower precedence than the source setting specified for the telnet command.
Examples
# Set the source IPv4 address to 1.1.1.1 for outgoing Telnet packets.
<Sysname> system-view
[Sysname] telnet client source ip 1.1.1.1
Related commands
display telnet client configuration
telnet ipv6
Use telnet ipv6 to Telnet to a host in an IPv6 network.
Syntax
telnet ipv6 remote-host [ -i interface-type interface-number ] [ port-number ] [ vpn-instance vpn-instance-name ] [ source { interface interface-type interface-number | ipv6 ipv6-address } | dscp dscp-value ] *
Views
User view
Predefined user roles
network-admin
Parameters
remote-host: Specifies the IPv6 address or host name of a remote host. A host name can be a case-insensitive string of 1 to 253 characters. Valid characters include letters, digits, hyphens (-), underscores (_), and dots (.).
-i interface-type interface-number: Specifies the interface for sending Telnet packets. This option is required when the remote host address is a link-local address. When the server address is a global unicast address, you cannot specify this option.
port-number: Specifies the TCP port number for the Telnet service on the remote host. The value range is 0 to 65535 and the default is 23.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the remote host belongs. The vpn-instance-name argument represents the VPN instance name, a case-sensitive string of 1 to 31 characters. If the remote host belongs to the public network, do not specify this option.
source: Specifies a source IPv6 address or source interface for outgoing Telnet packets. If you do not specify this option, the device uses the primary IPv6 address of the output interface for the route to the server as the source address.
interface interface-type interface-number: Specifies the source interface. The primary IPv6 address of the interface will be used as the source IPv6 address for outgoing Telnet packets.
ipv6 ipv6-address: Specifies the source IPv6 address for outgoing Telnet packets.
dscp dscp-value: Specifies a DSCP value for outgoing Telnet packets. The value range is 0 to 63. The default is 48. The DSCP value is carried in the Traffic class field of an IPv6 packet to indicate the packet transmission priority.
Usage guidelines
This command is not supported in FIPS mode.
To terminate the current Telnet connection, press Ctrl+K or execute the quit command.
Examples
# Telnet to the host at 5000::1.
<Sysname> telnet ipv6 5000::1
# Telnet to the host at 2000::1. Use 1000::1 as the source address for outgoing Telnet packets.
<Sysname> telnet ipv6 2000::1 source ipv6 1000::1
telnet server acl
Use telnet server acl to apply an ACL to filter Telnet logins.
Use undo telnet server acl to restore the default.
Syntax
telnet server acl [ mac ] acl-number
undo telnet server acl
Default
No ACL is used to filter Telnet logins.
Views
System view
Predefined user roles
network-admin
Parameters
mac: Specifies a Layer 2 ACL. To specify an ACL of a different type, do not specify this keyword.
acl-number: Specifies an ACL by its number. If you specify the mac keyword, the value range for this argument is 4000 to 4999. If you do not specify the mac keyword, the value range for this argument is 2000 to 3999.
Usage guidelines
This command is not supported in FIPS mode.
When no ACL is applied to the Telnet service, all users can Telnet to the device. To control Telnet logins, specify an ACL that exists and has rules so that only users permitted by the ACL can Telnet to the device. If you specify an ACL that does not exist or does not have rules, no users can Telnet to the device.
If a VPN instance is specified in an ACL rule, the rule applies only to the packets of the VPN instance. If no VPN instance is specified in an ACL rule, the rule applies only to the packets on the public network.
For more information about ACLs, see ACL and QoS Configuration Guide.
If you execute this command multiple times, the most recent configuration takes effect.
This command does not take effect on existing Telnet connections.
Examples
# Permit only the user at 1.1.1.1 to Telnet to the device.
<Sysname> system-view
[Sysname] acl basic 2001
[Sysname-acl-ipv4-basic-2001] rule permit source 1.1.1.1 0
[Sysname-acl-ipv4-basic-2001] quit
[Sysname] telnet server acl 2001
telnet server acl-deny-log enable
Use telnet server acl-deny-log enable to enable logging for Telnet login attempts that are denied by the Telnet login control ACL.
Use undo telnet server acl-deny-log enable to disable logging for Telnet login attempts that are denied by the Telnet login control ACL.
Syntax
telnet server acl-deny-log enable
undo telnet server acl-deny-log enable
Default
Logging is disabled for Telnet login attempts that are denied by the Telnet login control ACL.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Only clients permitted by the Telnet login control ACL can Telnet to the device. This logging feature generates log messages for Telnet login attempts that are denied by the Telnet login control ACL.
For information about log message output, see the information center in Network Management and Monitoring Configuration Guide. For information about configuring a Telnet login control ACL, see the telnet server acl or telnet server ipv6 acl command.
Examples
# Enable logging for Telnet login attempts that are denied by the Telnet login control ACL.
<Sysname> system-view
[Sysname] telnet server acl-deny-log enable
Related commands
telnet server acl
telnet server ipv6 acl
telnet server dscp
Use telnet server dscp to specify the DSCP value for IPv4 to use for Telnet packets sent to a Telnet client.
Use undo telnet server dscp to restore the default.
Syntax
telnet server dscp dscp-value
undo telnet server dscp
Default
IPv4 uses the DSCP value 48 for Telnet packets sent to a Telnet client.
Views
System view
Predefined user roles
network-admin
Parameters
dscp-value: Specifies a DSCP value in the range of 0 to 63.
Usage guidelines
This command is not supported in FIPS mode.
The DSCP value is carried in the ToS field of an IPv4 packet to indicate the packet transmission priority.
Examples
# Set the DSCP value for IPv4 to use for outgoing Telnet packets to 30 on a Telnet server.
<Sysname> system-view
[Sysname] telnet server dscp 30
telnet server enable
Use telnet server enable to enable the Telnet server.
Use undo telnet server enable to disable the Telnet server.
Syntax
telnet server enable
undo telnet server enable
Default
The Telnet server is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command is not supported in FIPS mode.
Users can Telnet to the device only when the Telnet server is enabled.
Examples
# Enable the Telnet server.
<Sysname> system-view
[Sysname] telnet server enable
telnet server ipv6 acl
Use telnet server ipv6 acl to apply an IPv6 ACL to filter IPv6 Telnet logins.
Use undo telnet server ipv6 acl to restore the default.
Syntax
telnet server ipv6 acl { ipv6 | mac } acl-number
undo telnet server ipv6 acl
Default
No IPv6 ACL is used to filter IPv6 Telnet logins.
Views
System view
Predefined user roles
network-admin
Parameters
ipv6: Specifies an IPv6 ACL.
mac: Specifies a Layer 2 ACL. To specify an ACL of a different type, do not specify this keyword.
acl-number: Specifies an ACL by its number. If you specify the ipv6 keyword, the value range for this argument is 2000 to 3999. If you specify the mac keyword, the value range for this argument is 4000 to 4999.
Usage guidelines
This command is not supported in FIPS mode.
When no ACL is applied to the Telnet service, all users can Telnet to the device. To control Telnet logins, specify an ACL that exists and has rules so that only users permitted by the ACL can Telnet to the device. If you specify an ACL that does not exist or does not have rules, no users can Telnet to the device.
If a VPN instance is specified in an ACL rule, the rule applies only to the packets of the VPN instance. If no VPN instance is specified in an ACL rule, the rule applies only to the packets on the public network.
For more information about ACLs, see ACL and QoS Configuration Guide.
If you execute this command multiple times, the most recent configuration takes effect.
This command does not take effect on existing Telnet connections.
Examples
# Permit only the user at 2000::1 to Telnet to the device.
<Sysname> system-view
[Sysname] acl ipv6 basic 2001
[Sysname-acl6-ipv6-basic-2001] rule permit source 2000::1 128
[Sysname-acl6-ipv6-basic-2001] quit
[Sysname] telnet server ipv6 acl ipv6 2001
telnet server ipv6 dscp
Use telnet server ipv6 dscp to specify the DSCP value for IPv6 to use for Telnet packets sent to a Telnet client.
Use undo telnet server ipv6 dscp to restore the default.
Syntax
telnet server ipv6 dscp dscp-value
undo telnet server ipv6 dscp
Default
IPv6 uses the DSCP value 48 for Telnet packets sent to a Telnet client.
Views
System view
Predefined user roles
network-admin
Parameters
dscp-value: Specifies a DSCP value in the range of 0 to 63.
Usage guidelines
This command is not supported in FIPS mode.
The DSCP value is carried in the Traffic class field of an IPv6 packet to indicate the packet transmission priority.
Examples
# Set the DSCP value for IPv6 to use for outgoing Telnet packets to 30 on a Telnet server.
<Sysname> system-view
[Sysname] telnet server ipv6 dscp 30
telnet server ipv6 port
Use telnet server ipv6 port to specify the IPv6 Telnet service port number.
Use undo telnet server ipv6 port to restore the default.
Syntax
telnet server ipv6 port port-number
undo telnet server ipv6 port
Default
The IPv6 Telnet service port number is 23.
Views
System view
Predefined user roles
network-admin
Parameters
port-number: Specifies a port number. The value can be 23 or in the range of 1025 to 65535.
Usage guidelines
This command terminates all existing Telnet connections to the IPv6 Telnet server. To use the Telnet service, users must reestablish Telnet connections.
Examples
# Set the IPv6 Telnet service port number to 1026.
<Sysname> system-view
[Sysname] telnet server ipv6 port 1026
telnet server login-failed threshold-alarm
Use telnet server login-failed threshold-alarm to configure the alarm threshold and alarm clearance threshold for Telnet login failures in a statistics period.
Use undo telnet server login-failed threshold-alarm to restore the default.
Syntax
telnet server login-failed threshold-alarm upper-limit report-times lower-limit resume-times period period-time
undo telnet server login-failed threshold-alarm
Default
The statistics period is five minutes and the alarm threshold and alarm clearance threshold for Telnet login failures in the statistics period is 30 and 20, respectively.
Views
System view
Predefined user roles
network-admin
Parameters
upper-limit report-times: Specifies the alarm threshold for Telnet login failures. The device generates an alarm message if the number of Telnet login failures in the statistics period specified by the period period-time option reaches or exceeds the alarm threshold. The report-times argument specifies the number of Telnet login failures, in the range of 0 to 100. If you set the report-times argument to 0, the device does not generate any alarm message upon Telnet login failures.
lower-limit resume-times: Specifies the alarm clearance threshold for Telnet login failures. The device generates an alarm clearance message if the number of Telnet login failures in the statistics period specified by the period period-time option drops below the alarm clearance threshold. The resume-times argument specifies the number of Telnet login failures. If the value for the report-times argument is equal to or smaller than 45, the value range for the resume-times argument is 0 to the report-times argument. If the value for the report-times argument is greater than 45, the value range for the resume-times argument is 0 to 45. Both values 0 and 1 indicate that the device generates an alarm clearance message only when no Telnet login failure occurs in the specified statistics period.
period period-time: Specifies the statistics period for Telnet login failures, in the range of 1 to 120 minutes. The default is 5.
Usage guidelines
Application scenarios
By default, an alarm message or alarm clearance message is generated when the number of Telnet login failures is not smaller than 30 or is smaller than 20, respectively. You can configure the settings as follows:
· If you do not care about the number of Telnet login failures and do not want to obtain alarm information upon these failures, set the report-times argument to 0. In this case, the device does not generate any alarm information about Telnet login failures.
· If you care about care about the number of Telnet login failures and want to obtain alarm information about these failures, use this command as needed.
Restrictions and guidelines
The value for the report-times argument must be equal to or greater than that for the resume-times argument.
Examples
# Specify the statistics period for Telnet login failures as three minutes and set the alarm threshold and alarm clearance threshold to 20 and 10, respectively.
<Sysname> system-view
[Sysname] telnet server login-failed threshold-alarm upper-limit 20 lower-limit 10 period 3
telnet server port
Use telnet server port to specify the IPv4 Telnet service port number.
Use undo telnet server port to restore the default.
Syntax
telnet server port port-number
undo telnet server port
Default
The IPv4 Telnet service port number is 23.
Views
System view
Predefined user roles
network-admin
Parameters
port-number: Specifies a port number. The value can be 23 or in the range of 1025 to 65535.
Usage guidelines
This command terminates all existing Telnet connections to the IPv4 Telnet server. To use the Telnet service, users must reestablish Telnet connections.
Examples
# Set the IPv4 Telnet service port number to 1025.
<Sysname> system-view
[Sysname] telnet server port 1025
terminal character-encoding
Use terminal character-encoding to specify a character encoding for the current terminal.
Use undo terminal character-encoding to restore the default.
Syntax
terminal character-encoding { gb18030 | utf-8 }
undo terminal character-encoding
Default
The character encoding of the current terminal is the same as the CLI.
Views
User view
Predefined user roles
network-admin
Parameters
gb18030: Specifies the GB18030 encoding.
utf-8: Specifies the UTF-8 encoding.
Usage guidelines
This command makes sense only when the system character encoding is configured. You can use character-encoding to specify the system and terminal encodings. If you change the user encoding on the user interface, use terminal character-encoding to change the terminal encoding to keep user encoding and terminal encoding consistent. The terminal character-encoding command takes effect immediately.
Examples
# Set the character encoding on the current terminal to UTF-8.
<Sysname> terminal character-encoding utf-8
Related commands
character-encoding
display character-encoding
terminal type
Use terminal type to specify the terminal display type.
Use undo terminal type to restore the default.
Syntax
terminal type { ansi | vt100 }
undo terminal type
Default
The terminal display type is ANSI.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
ansi: Specifies the ANSI type.
vt100: Specifies the VT100 type.
Usage guidelines
The device supports two terminal display types: ANSI and VT100. As a best practice, specify the VT100 type on both the device and the configuration terminal. If either side uses the ANSI type, a display problem might occur when a command line has more than 80 characters. For example, a cursor positioning error might occur.
This command is available in both user line view and user line class view. A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.
A terminal display type change does not take effect on the current session. It takes effect on subsequent login sessions.
Examples
# Set the terminal display type to VT100.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] terminal type vt100
user-interface
Use user-interface to enter one or multiple user line views.
Syntax
user-interface { first-number1 [ last-number1 ] | { console | vty } first-number2 [ last-number2 ] }
Views
System view
Predefined user roles
network-admin
Parameters
first-number1: Specifies the absolute number of the first user line. The value range is 0 to 73.
last-number1: Specifies the absolute number of the last user line. The value range is 1 to 73. This number must be greater than first-number1.
console: Specifies the console line.
vty: Specifies the VTY line.
first-number2: Specifies the relative number of the first user line. The value range is 0 to 9 for console lines and 0 to 63 for VTY lines.
last-number2: Specifies the relative number of the last user line. The value range is 1 to 9 for console lines and 1 to 63 for VTY lines. This number must be greater than first-number2.
Usage guidelines
This command is an older version reserved for backward compatibility purposes. It has the same functionality and output as the line command. As a best practice, use the line command.
To configure settings for a single user line, use this command to enter the user line view.
To configure the same settings for multiple user lines, use this command to enter multiple user line views.
Examples
# Enter the views of VTY lines 0 to 4.
<Sysname> system-view
[Sysname] user-interface vty 0 4
[Sysname-line-vty0-4]
user-interface class
user-interface class
Use user-interface class to enter user line class view.
Syntax
user-interface class { console | vty }
Views
System view
Predefined user roles
network-admin
Parameters
console: Specifies the console line class view.
vty: Specifies the VTY line class view.
Usage guidelines
This command is an older version reserved for backward compatibility purposes. It has the same functionality and output as the line class command. As a best practice, use the line class command.
To configure the same settings for all user lines of a line class, you can use this command to enter the user line class view.
The following commands are available in user line class view:
· activation-key
· auto-execute command
· authentication-mode
· command accounting
· command authorization
· escape-key
· history-command max-size
· idle-timeout
· protocol inbound
· screen-length
· set authentication password
· shell
· terminal type
· user-role
For commands that are available in both user line view and user line class view, the device uses the following rules to determine the settings to use:
· A setting in user line view applies only to the user line. A setting in user line class view applies to all user lines of the class.
· A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.
· A setting in user line class view does not take effect on current online users. It takes effect only for new login users.
Examples
# Set the CLI connection idle-timeout timer to 15 minutes in VTY line class view.
<Sysname> system-view
[Sysname] user-interface class vty
[Sysname-line-class-vty] idle-timeout 15
Related commands
user-interface
user-role
Use user-role to assign a user role to a user line. The device assigns the user role to a user of the line when the user logs in.
Use undo user-role to remove a user role or restore the default.
Syntax
user-role role-name
undo user-role [ role-name ]
Default
A console user is assigned the network-admin user role. Other users are assigned the network-operator user role.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters. The user role can be user-defined or predefined. Available predefined user roles include network-admin, network-operator, and level-0 to level-15. The predefined security-audit and guest-manager user roles are not supported in user line view or user line class view. If you do not specify this argument, the undo user-role command restores the default user role.
Usage guidelines
This command is not supported in FIPS mode.
Only users assigned the network-admin, or level-15 user role can execute this command. Other users cannot execute this command, even if they are granted the right to execute this command.
This command is available in both user line view and user line class view. A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.
A user role change does not take effect on the current session. It takes effect on subsequent login sessions.
You can assign up to 64 user roles to a user line.
For more information about user roles, see RBAC configuration in Fundamentals Configuration Guide.
Examples
# Assign user role network-admin to console line 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] user-role network-admin
