HP A3100 v2 Switch Series - PDF Free Download

HP A3100 v2 Switch Series Fundamentals Command Reference HP A3100-8 v2 SI Switch (JG221A) HP A3100-16 v2 SI Switch (JG222A) HP A3100-24 v2 SI Switch (JG223A) HP A3100-8 v2 EI Switch (JD318B) HP A3100-16 v2 EI Switch (JD319B) HP A3100-24 v2 EI Switch (JD320B) HP A3100-8-PoE v2 EI Switch (JD311B) HP A3100-16-PoE v2 EI Switch (JD312B) HP A3100-24-PoE v2 EI Switch (JD313B) Part number: 5998-1973 Software version: Release 5103 Document version: 6W100-20110909

Legal and notice information Copyright 2011 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

Contents CLI configuration commands 1 command-alias enable 1 command-alias mapping 1 command-privilege 2 display clipboard 3 display command-alias 4 display history-command 4 display hotkey 5 hotkey 7 quit 8 return 9 screen-length disable 9 super 10 super authentication-mode 11 super password 11 system-view 13 Logging in to the switch commands 14 acl (user interface view) 14 activation-key 15 auto-execute command 16 authentication-mode 17 command accounting 18 command authorization 19 databits 20 display ip http 20 display ip https 21 display telnet client configuration 22 display user-interface 23 display users 25 display web users 26 escape-key 27 flow-control 28 free user-interface 29 free web-users 30 history-command max-size 30 idle-timeout 31 ip http acl 32 ip http enable 32 ip http port 33 ip https acl 34 ip https certificate access-control-policy 34 ip https enable 35 ip https port 36 ip https ssl-server-policy 36 lock 37 parity 38 protocol inbound 38 screen-length 39 i

send 40 set authentication password 41 shell 41 speed (user interface view) 42 stopbits 43 telnet 44 telnet client source 44 telnet ipv6 45 telnet server enable 46 terminal type 46 user privilege level 47 user-interface 48 FTP configuration commands 49 FTP server configuration commands 49 display ftp-server 49 display ftp-user 50 free ftp user 51 ftp server acl 51 ftp server enable 52 ftp timeout 52 ftp update 53 FTP client configuration commands 54 ascii 54 binary 54 bye 55 cd 55 cdup 56 close 57 debugging 57 delete 59 dir 59 disconnect 60 display ftp client configuration 61 ftp 61 ftp client source 62 ftp ipv6 63 get 64 lcd 65 ls 65 mkdir 66 open 67 open ipv6 68 passive 68 put 69 pwd 70 quit 70 remotehelp 71 rmdir 72 user 73 verbose 74 TFTP client configuration commands 76 display tftp client configuration 76 tftp-server acl 76 ii

tftp 77 tftp client source 78 tftp ipv6 79 File management commands 81 cd 81 copy 81 delete 82 dir 83 execute 84 file prompt 84 fixdisk 85 format 85 mkdir 86 more 87 move 87 pwd 88 rename 88 reset recycle-bin 89 rmdir 90 undelete 91 Configuration file management commands 93 archive configuration 93 archive configuration interval 93 archive configuration location 94 archive configuration max 95 backup startup-configuration 96 configuration replace file 97 display archive configuration 97 display current-configuration 98 display default-configuration 100 display saved-configuration 100 display startup 102 display this 103 reset saved-configuration 105 restore startup-configuration 105 save 106 startup saved-configuration 108 Software upgrade commands 109 boot-loader 109 bootrom 109 bootrom-update security-check enable 110 display boot-loader 111 display patch information 111 patch active 113 patch deactive 113 patch delete 114 patch install 114 patch load 115 patch location 116 patch run 116 Device management commands 118 clock datetime 118 iii

clock summer-time one-off 118 clock summer-time repeating 119 clock timezone 120 copyright-info enable 121 display clock 122 display cpu-usage 123 display cpu-usage history 125 display device 127 display device manuinfo 129 display diagnostic-information 129 display environment 130 display fan (available only on the A3100 v2 EI) 132 display job 132 display memory 133 display power 134 display reboot-type 135 display rps 136 display schedule job 137 display schedule reboot 137 display system-failure 138 display transceiver 139 display transceiver alarm 140 display transceiver diagnosis 142 display transceiver manuinfo 143 display version 144 display version-update-record 145 header 146 job 147 reboot 148 reset unused porttag 149 reset version-update-record 149 schedule job 150 schedule reboot at 151 schedule reboot delay 152 shutdown-interval 153 startup bootrom-access enable 154 sysname 155 system-failure 155 temperature-limit (available only on the A3100 v2 EI) 156 time at 157 time delay 158 view 159 Support and other resources 161 Contacting HP 161 Subscription service 161 Related information 161 Documents 161 Websites 161 Conventions 162 Index 164 iv

CLI configuration commands command-alias enable command-alias enable undo command-alias enable System view 2: System level None Use the command-alias enable command to enable the command alias function. Use the undo command-alias enable command to disable the command alias function. By default, the command alias function is disabled. # Enable the command alias function. <Sysname> system-view [Sysname] command-alias enable # Disable the command alias function. <Sysname> system-view [Sysname] undo command-alias enable command-alias mapping command-alias mapping cmdkey alias undo command-alias mapping cmdkey System view 2: System level cmdkey: The complete form of the first keyword of a command. 1

alias: Specifies the command alias, which cannot be the same as the first keyword of an existing command. Use the command-alias mapping command to configure command aliases. Use the undo command-alias mapping command to delete command aliases. By default, a command has no alias. # Configure command aliases by specifying show to replace the display keyword. <Sysname> system-view [Sysname] command-alias mapping display show After you configure the command aliases, the display commands have aliases. For example, if the original command is display clock, now its alias is show clock and you can input the alias to view the system time and date. # Delete the command aliases by canceling the replacement of the display keyword. <Sysname> system-view [Sysname] undo command-alias mapping display command-privilege command-privilege level level view view command undo command-privilege view view command System view level level: Command level, which ranges from 0 to 3. view view: Specifies a view. The value shell represents a user view. The view argument must be the view where the command resides. command: Command to be set in the specified view. Use the command-privilege command to assign a level for the specified command in the specified view. Use the undo command-privilege view command to restore the default. By default, each command in a view has a specified level. Command levels include four privileges: visit (0), monitor (1), system (2), and manage (3). You can assign a privilege level according to the user s need. When logging in to the switch, the user can access the assigned level and all levels below it. Level changes can cause maintenance, operation, and security problems. HP recommends that you use the default command level or that you modify the command level under the guidance of professional staff. 2

The command specified in the command-privilege command must be complete, and has valid arguments. For example, the default level of the tftp server-address { get put sget } source-filename [ destination-filename ] [ source { interface interface-type interface-number ip source-ip-address } ] command is 3. After the command-privilege level 0 view shell tftp 1.1.1.1 put a.cfg command is executed, when users with the user privilege level of 0 log in to the switch, they can execute the tftp server-address put source-filename command (such as the tftp 192.168.1.26 put syslog.txt command), but cannot execute the command with the get, sget or source keyword, and cannot specify the destination-filename argument. The command specified in the undo command-privilege view command can be incomplete. For example, after the undo command-privilege view system ftp command is executed, all commands starting with the keyword ftp (such as ftp server acl, ftp server enable, and ftp timeout) are restored to their default level. If you have modified the level of commands ftp server enable and ftp timeout, and you want to restore only the ftp server enable command to its default level, you should use the undo command-privilege view system ftp server command. If you modify the command level of a command in a specified view from the default command level to a lower level, remember to modify the command levels of the quit command and the corresponding command that is used to enter this view. For example, the default command level of commands interface and system-view is 2 (system level). If you want to make the interface command available to the level 1 users, you need to execute the following three commands: command-privilege level 1 view shell system-view, command-privilege level 1 view system interface Ethernet 1/0/1, and command-privilege level 1 view system quit. Then, the level 1 users can enter system view, execute the interface Ethernet command, and return to user view. # Set the command level of the system-view command to 3 in system view. (By default, level 2 and level 3 users can use the system-view command. After the configuration, only level 3 users can use this command.) <Sysname> system-view [Sysname] command-privilege level 3 view shell system-view display clipboard Any view display clipboard [ { begin exclude include } regular-expression ] 1: Monitor level : Filters command output by specifying a regular expression. For more information about regular expressions, see the chapter CLI configuration. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. 3

Use the display clipboard command to view the contents of the clipboard. To copy the specified content to the clipboard: Move the cursor to the starting position of the content and press the <Esc+Shift+,> combination. Move the cursor to the ending position of the content and press the <Esc+Shift+.> combination. # the content of the clipboard. <Sysname> display clipboard ---------------- CLIPBOARD----------------- display current-configuration display command-alias Any view display command-alias [ { begin exclude include } regular-expression ] 1: Monitor level : Filters command output by specifying a regular expression. For more information about regular expressions, see the chapter CLI configuration. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Use the display command-alias command to display defined command aliases and the corresponding commands. # Display the defined command aliases and the corresponding commands. <Sysname> display command-alias Command alias is enabled index alias command key 1 show display display history-command display history-command [ { begin exclude include } regular-expression ] 4

Any view 1: Monitor level : Filters command output by specifying a regular expression. For more information about regular expressions, see the chapter CLI configuration. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Use the display history-command command to display commands saved in the history command buffer. By default, the system saves the last 10 executed commands in the history command buffer. To set the size of the history command buffer, use the history-command max-size command. For more information, see the chapter Logging in to the switch commands. # Display history commands in current user view. <Sysname> display history-command display history-command system-view vlan 2 quit display hotkey Any view display hotkey [ { begin exclude include } regular-expression ] 1: Monitor level : Filters command output by specifying a regular expression. For more information about regular expressions, see the chapter CLI configuration. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. 5

Use the display hotkey command to display hotkey information. # Display hotkey information. <Sysname> display hotkey ----------------- HOTKEY ----------------- =Defined hotkeys= Hotkeys Command CTRL_G display current-configuration CTRL_L display ip routing-table CTRL_O undo debug all =Undefined hotkeys= Hotkeys Command CTRL_T NULL CTRL_U NULL =System hotkeys= Hotkeys Function CTRL_A Move the cursor to the beginning of the current line. CTRL_B Move the cursor one character left. CTRL_C Stop current command function. CTRL_D Erase current character. CTRL_E Move the cursor to the end of the current line. CTRL_F Move the cursor one character right. CTRL_H Erase the character left of the cursor. CTRL_K Kill outgoing connection. CTRL_N Display the next command from the history buffer. CTRL_P Display the previous command from the history buffer. CTRL_R Redisplay the current line. CTRL_V Paste text from the clipboard. CTRL_W Delete the word left of the cursor. CTRL_X Delete all characters up to the cursor. CTRL_Y Delete all characters after the cursor. CTRL_Z Return to the User. CTRL_] Kill incoming connection or redirect connection. ESC_B Move the cursor one word back. ESC_D Delete remainder of word. ESC_F Move the cursor forward one word. ESC_N Move the cursor down a line. ESC_P Move the cursor up a line. ESC_< Specify the beginning of clipboard. ESC_> Specify the end of clipboard. 6

hotkey hotkey { CTRL_G CTRL_L CTRL_O CTRL_T CTRL_U } command undo hotkey { CTRL_G CTRL_L CTRL_O CTRL_T CTRL_U } System view 2: System level CTRL_G: Associates hot key Ctrl+G to the specified command. CTRL_L: Associates hot key Ctrl+L to the specified command. CTRL_O: Associates hot key Ctrl+O to the specified command. CTRL_T: Associates hot key Ctrl+T to the specified command. CTRL_U: Associates hot key Ctrl+U to the specified command. command: The command line associated with the hot key. Use the hotkey command to associate a hot key to a command. Use the undo hotkey command to restore the default. By default, Ctrl+G, Ctrl+L and Ctrl+O have these corresponding commands: Ctrl+G corresponds to display current-configuration. Ctrl+L corresponds to display ip routing-table. Ctrl+O corresponds to undo debugging all. You can modify the associations as needed. # Associate the hot key Ctrl+T to the display tcp status command. <Sysname> system-view [Sysname] hotkey ctrl_t display tcp status # Display hotkeys. [Sysname] display hotkey ----------------- HOTKEY ----------------- =Defined hotkeys= Hotkeys Command CTRL_G display current-configuration CTRL_L display ip routing-table CTRL_O undo debug all CTRL_T display tcp status =Undefined hotkeys= Hotkeys Command 7

CTRL_U NULL quit =System hotkeys= Hotkeys Function CTRL_A Move the cursor to the beginning of the current line. CTRL_B Move the cursor one character left. CTRL_C Stop current command function. CTRL_D Erase current character. CTRL_E Move the cursor to the end of the current line. CTRL_F Move the cursor one character right. CTRL_H Erase the character left of the cursor. CTRL_K Kill outgoing connection. CTRL_N Display the next command from the history buffer. CTRL_P Display the previous command from the history buffer. CTRL_R Redisplay the current line. CTRL_V Paste text from the clipboard. CTRL_W Delete the word left of the cursor. CTRL_X Delete all characters up to the cursor. CTRL_Y Delete all characters after the cursor. CTRL_Z Return to the user view. CTRL_] Kill incoming connection or redirect connection. ESC_B Move the cursor one word back. ESC_D Delete remainder of word. ESC_F Move the cursor forward one word. ESC_N Move the cursor down a line. ESC_P Move the cursor up a line. ESC_< Specify the beginning of clipboard. ESC_> Specify the end of clipboard. quit Any view 0: Visit level (executed in user view) 2: System level (executed in other views) None Use the quit command to return to a lower-level view. In user view, the quit command terminates the connection and reconnects to the switch. 8

return # Switch from Ethernet 1/0/1 interface view to system view, and then to user view. [Sysname-Ethernet1/0/1] quit [Sysname] quit <Sysname> return Any view except user view 2: System level None Use the return command to return to user view, which can also be done with the hot key Ctrl+Z. Related commands: quit. # Return to user view from Ethernet 1/0/1 view. [Sysname-Ethernet1/0/1] return <Sysname> screen-length disable User view screen-length disable undo screen-length disable 1: Monitor level None Use the screen-length disable command to disable the multiple-screen output function. Use the undo screen-length disable command to enable the multiple-screen output function. By default, a login user uses the settings of the screen-length command. The default settings of the screen-length command are: multiple-screen output is enabled and 24 lines are displayed on the next 9

screen. For more information about the screen-length command, see the chapter Logging in to the switch commands. When the user logs out, the settings restore to their default values. super # Disable multiple-screen output for the current user. <Sysname> screen-length disable super [ level ] User view 0: Visit level level: User level, which ranges from 0 to 3 and defaults to 3. Use the super command to switch from the user privilege level to a specified user privilege level. If no level is specified, the command switches the user privilege level to 3. Command levels include four privileges: visit (0), monitor (1), system (2), and manage (3). You can assign a privilege level according to the user s need. When logging in to the switch, the user can access the assigned level and all levels below it. A user can switch to a lower privilege level unconditionally. An AUX user can switch to a higher privilege level without inputting any password. A VTY user must input the switching password set by the super password command to switch to a higher privilege level. If the password is incorrect or no password is configured, the switching operation fails. Related commands: super password. # Switch to user privilege level 2 from privilege level 3. <Sysname> super 2 User privilege level is 2, and only those commands can be used whose level is equal or less than this. Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE # Switch the user privilege level back to 3 (the switching password 123 has been set). If no password is set, the user privilege level cannot be switched to 3. <Sysname> super 3 Password: User privilege level is 3, and only those commands can be used whose level is equal or less than this. Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE 10

super authentication-mode super authentication-mode { local scheme } * undo super authentication-mode System view 2: System level local: Authenticates a user by using the local password set by the super password command. When no password is set, two results can occur: the privilege level switch succeeds if the user is logged in through the AUX user interface; the switch operation fails if the user logs in through a VTY user interface. If the input password is incorrect, the switch operation fails. scheme: AAA authentication. For more information about AAA, see the Security Configuration Guide. local scheme: First local and then scheme, which authenticates a user by using the local password first. If no password is set, the user logged in through the AUX user interface can switch the privilege level; other users need to pass AAA authentication before they can switch the privilege level. scheme local: First scheme and then local, which authenticates a user by performing the AAA authentication first. If the AAA configuration is invalid (the domain parameters or authentication scheme are not configured) or the server does not respond, the local password authentication is performed. Use the super authentication-mode command to set the authentication mode for user privilege level switch. Use the undo super authentication-mode command to restore the default. By default, the authentication mode for the user privilege level switch is local. Related commands: super password. # Set the authentication mode for the user privilege level switch to local. <Sysname> system-view [Sysname] super authentication-mode local # Set the authentication mode for the user privilege level switch to scheme local. <Sysname> system-view [Sysname] super authentication-mode scheme local super password super password [ level user-level ] { simple cipher } password undo super password [ level user-level ] 11

System view 2: System level level user-level: User privilege level, which ranges from 1 to 3 and defaults to 3. simple: Plain text password. cipher: Cipher text password. password: Password, a case-sensitive string of characters. A simple password is a string of 1 to 16 characters. A cipher password is a string of 1 to 16 characters in plain text or 24 characters in cipher text. For example, the simple text 1234567 corresponds to the cipher text (TT8F]Y\5SQ=^Q`MAF4<1!!. Use the super password command to set the password used to switch from the user privilege level to a higher one. Use the undo super password command to restore the default. By default, no password is set for switching to a higher privilege level. Use the simple keyword to set a simple-text password. Use the cipher keyword to set a cipher-text password. A cipher-text password is recommended. During authentication, you must input a cipher-text password regardless of the password type you set. # Set simple-text password abc for switching to user privilege level 3. <Sysname> system-view [Sysname] super password level 3 simple abc # Display the configured password for level switching. [Sysname] display current-configuration # super password level 3 simple abc # Set cipher-text password abc for switching to user privilege level 3. <Sysname> system-view [Sysname] super password level 3 cipher abc # Display the configured password for level switching. [Sysname] display current-configuration include super # super password level 3 cipher ;)<01%^&;YGQ=^Q`MAF4<1!! 12

system-view system-view User view 2: System level None Use the system-view command to enter system view from the user view. Related commands: quit, return. # Enter system view from the user view. <Sysname> system-view System : return to User with Ctrl+Z. [Sysname] 13

Logging in to the switch commands acl (user interface view) To use a basic or advanced ACL: acl [ ipv6 ] acl-number { inbound outbound } undo acl [ ipv6 ] acl-number { inbound outbound } To use an Ethernet frame header ACL: acl acl-number inbound undo acl acl-number inbound VTY user interface view 2: System level ipv6: When this keyword is present, the command supports IPv6; otherwise, it supports IPv4. acl-number: Number of the access control list (ACL). The value range varies with switches: Basic ACL: 2000 to 2999 Advanced ACL: 3000 to 3999 Ethernet frame header ACL: 4000 to 4999 inbound: Restricts Telnet or SSH connections established in the inbound direction through the VTY user interface. If the received packets for establishing a Telnet or SSH connection are permitted by an ACL rule, the connection is allowed to be established. When the device functions as a Telnet server or SSH server, this keyword is used to control access of Telnet clients or SSH clients. outbound: Restricts Telnet connections established in the outbound direction through the VTY user interface. If the packets sent for establishing a Telnet connection are permitted by an ACL rule, the connection is allowed to be established. When the device functions as a Telnet client, this keyword is used to define Telnet servers accessible to the client. Use the acl command to reference ACLs to control access to the VTY user interface. Use the undo acl command to cancel the ACL application. For more information about ACL, see the ACL and QoS Configuration Guide. By default, access to the VTY user interface is not restricted. If no ACL is referenced in VTY user interface view, the VTY user interface has no access control over establishing a Telnet or SSH connection. If an ACL is referenced in VTY user interface view, the connection is permitted to be established only when packets for establishing a Telnet or SSH connection match a permit statement in the ACL. 14

The system regards the basic/advanced ACL with the inbound keyword, the basic/advanced ACL with the outbound keyword, Ethernet frame header ACL as four different types of ACLs, which can coexist in one VTY user interface. The match order is basic/advanced ACL, Ethernet frame header ACL. At most one ACL of each type can be referenced in the same VTY user interface, and the last configured one takes effect. # Allow only the user with the IP address of 192.168.1.26 to access the device through Telnet or SSH. <Sysname> system-view [Sysname] acl number 2001 [Sysname-acl-basic-2001] rule permit source 192.168.1.26 0 [Sysname-acl-basic-2001] quit [Sysname] user-interface vty 0 [Sysname-ui-vty0] acl 2001 inbound With this configuration, user A (with IP address 192.168.1.26) can telnet to the device but user B (with IP address 192.168.1.60) cannot. If a connection failure occurs, the "%connection closed by remote host!" message will appear. activation-key activation-key character undo activation-key User interface view character: Shortcut key for starting a terminal session, a single character (or its corresponding ASCII code value that ranges from 0 to 127) or a string of one to three characters. Only the first character functions as the shortcut key. For example, if you input an ASCII code value of 97, the system uses its character a as the shortcut key. If you input string b@c, the system uses the first character b as the shortcut key. Use the activation-key command to define a shortcut key for starting a terminal session. Use the undo activation-key command to restore the default. By default, pressing the Enter key starts a terminal session. If a new shortcut key is defined with the activation-key command, the Enter key no longer functions. To display the shortcut key you have defined, use the display current-configuration include activation-key command. NOTE: The activation-key command is not supported by the VTY user interface. # Configure character s as the shortcut key for starting a terminal session on the console port. 15

<Sysname> system-view [Sysname] user-interface aux 0 [Sysname-ui-aux0] activation-key s To verify the configuration, perform the following operations: Exit the terminal session on the console port. [Sysname-ui-aux0] return <Sysname> quit Log in to the console port again. The following message appears. ****************************************************************************** * Copyright (c) 2010-2011 Hewlett-Packard Development Company, L.P. * * Without the owner's prior written consent, * * no decompiling or reverse-engineering shall be allowed. * ****************************************************************************** User interface aux0 is available. Please press ENTER. At this moment, pressing Enter does not start a session. To start the terminal session, enter s. <Sysname> %Mar 2 18:40:27:981 2005 Sysname SHELL/5/LOGIN: Console logged in from aux0. auto-execute command auto-execute command command undo auto-execute command User interface view command: Specifies a command to be automatically executed. Use the auto-execute command command to specify a command to be automatically executed when a user logs in to the current user interface. Use the undo auto-execute command command to remove the configuration. By default, command auto-execution is disabled. The auto-execute command command is not supported by the console port. 16

The system automatically executes the specified command when a user logs in to the user interface, and tears down the user connection after the command is executed. If the command triggers another task, the system does not tear down the user connection until the task is completed. CAUTION: Applying the auto-execute command command to the user interface may disable you from configuring the system. Before configuring the command and saving the configuration (by using the save command), make sure that you can access the device through VTY, AUX interfaces to remove the configuration when a problem occurs. # Configure the device to automatically telnet to 192.168.1.41 after a user logs in to interface VTY 0. <Sysname> system-view <Sysname> system-view [Sysname] user-interface vty 0 [Sysname-ui-vty0] auto-execute command telnet 192.168.1.41 % This action will lead to configuration failure through ui-vty0. Are you sure? [Y/N]:y [Sysname-ui-vty0] To verify the configuration, perform the following operations: Telnet to 192.168.1.40. The device automatically telnets to 192.168.1.41. The following output is displayed: C:\> telnet 192.168.1.40 ****************************************************************************** * Copyright (c) 2010-2011 Hewlett-Packard Development Company, L.P. * * Without the owner's prior written consent, * * no decompiling or reverse-engineering shall be allowed. * ****************************************************************************** <Sysname> Trying 192.168.1.41... Press CTRL+K to abort Connected to 192.168.1.41... ****************************************************************************** * Copyright (c) 2010-2011 Hewlett-Packard Development Company, L.P. * * Without the owner's prior written consent, * * no decompiling or reverse-engineering shall be allowed. * ****************************************************************************** <Sysname.41> This operation is the same as directly logging in to the device at 192.168.1.41. If the telnet connection to 192.168.1.41 breaks down, the telnet connection to 192.168.1.40 breaks down at the same time. authentication-mode authentication-mode { none password scheme } 17

undo authentication-mode User interface view none: Performs no authentication. password: Performs local password authentication. scheme: Performs AAA authentication. For more information about AAA, see the Security Configuration Guide. Use the authentication-mode command to set the authentication mode for the user interface. Use the undo authentication-mode command to restore the default. By default, the authentication mode for VTY user interfaces is password, and for AUX user interfaces is none. Related commands: set authentication password. # Specify that no authentication is needed when users log in to the device through VTY 0. This mode is insecure. <Sysname> system-view [Sysname] user-interface vty 0 [Sysname-ui-vty0] authentication-mode none # Use password authentication when users log in to the device through VTY 0, and set the authentication password to 321. <Sysname> system-view [Sysname] user-interface vty 0 [Sysname-ui-vty0] authentication-mode password [Sysname-ui-vty0] set authentication password cipher 321 # Authenticate users by username and password when users log in to the device through VTY 0. Set the username to 123 and the password to 321. <Sysname> system-view [Sysname] user-interface vty 0 [Sysname-ui-vty0] authentication-mode scheme [Sysname-ui-vty0] quit [Sysname] local-user 123 [Sysname-luser-123] password cipher 321 [Sysname-luser-123] service-type telnet [Sysname-luser-123] authorization-attribute level 3 command accounting command accounting 18

undo command accounting User interface view None Use the command accounting command to enable command accounting. Use the undo command accounting command to restore the default. By default, command accounting is disabled. The accounting server does not record the commands that users have executed. When command accounting is enabled and command authorization is not, every executed command is recorded on the HWTACACS server. When both command accounting and command authorization are enabled, only the authorized and executed commands are recorded on the HWTACACS server. # Enable command accounting on VTY 0. The HWTACACS server records the commands executed by users that have logged in through VTY 0. <Sysname> system-view [Sysname] user-interface vty 0 [Sysname-ui-vty0] command accounting command authorization command authorization undo command authorization User interface view None Use the command authorization command to enable command authorization. Use the undo command authorization command to restore the default. By default, command authorization is disabled. Logged-in users can execute commands without authorization. With command authorization enabled, users can perform only commands authorized by the server. 19

databits # Enable command accounting for VTY 0 so that users logging in from VTY 0 can perform only the commands authorized by the HWTACACS server. <Sysname> system-view [Sysname] user-interface vty 0 [Sysname-ui-vty0] command authorization databits { 5 6 7 8 } undo databits User interface view 2: System level 5: Sets 5 data bits for each character. 6: Sets 6 data bits for each character. 7: Sets 7 data bits for each character. 8: Sets 8 data bits for each character. Use the databits command to set data bits for each character. Use the undo databits command to restore the default. By default, 8 data bits are set for each character. NOTE: The command is only applicable to the console port. The data bits setting must be the same for the user interfaces of the connecting ports on the device and the terminal device for communication. # Specify 5 data bits for each character. <Sysname> system-view [Sysname] user-interface aux 0 [Sysname-ui-aux0] databits 5 display ip http display ip http [ { begin exclude include } regular-expression ] 20

Any view 1: Monitor level : Filters command output by specifying a regular expression. For more information about regular expressions, see the chapter CLI configuration. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Use the display ip http command to display HTTP information. # Display information about HTTP. <Sysname> display ip http HTTP port: 80 Basic ACL: 2222 Current connection: 0 Operation status: Running Table 1 Output description Field HTTP port Basic ACL Current connection Operation status Port number used by the HTTP service Basic ACL number associated with the HTTP service Number of current connections Operation status: Running The HTTP service is enabled. Stopped The HTTP service is disabled. display ip https display ip https [ { begin exclude include } regular-expression ] Any view 1: Monitor level 21

: Filters command output by specifying a regular expression. For more information about regular expressions, see the chapter CLI configuration. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Use the display ip https command to display information about HTTPS. # Display information about HTTPS. <Sysname> display ip https HTTPS port: 443 SSL server policy: test Certificate access-control-policy: Basic ACL: 2222 Current connection: 0 Operation status: Running Table 2 Output description Field HTTPS port SSL server policy Certificate access-control-policy Basic ACL Current connection Operation status Port number used by the HTTPS service The SSL server policy associated with the HTTPS service The certificate attribute access control policy associated with the HTTPS service The basic ACL number associated with the HTTPS service Number of current connections Operation status: Running The HTTPS service is enabled. Stopped The HTTPS service is disabled. display telnet client configuration display telnet client configuration [ { begin exclude include } regular-expression ] Any view 1: Monitor level 22

: Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Use the display telnet client configuration command to display the configuration of the device when it serves as a telnet client. # Display the configuration of the device when it serves as a telnet client. <Sysname> display telnet client configuration The source IP address is 1.1.1.1. The output shows that when the device serves as a client, the source IPv4 address for sending telnet packets is 1.1.1.1. display user-interface display user-interface [ num1 { aux vty } num2 ] [ summary ] [ { begin exclude include } regular-expression ] Any view 1: Monitor level num1: Absolute number of a user interface. It ranges from 0 to 32. aux: Specifies the AUX user interface. vty: Specifies the VTY user interface. num2: Relative number of a user interface. It ranges 0 for an AUX user interface and from 0 to 15 for a VTY user interface. summary: Displays summary about user interfaces. : Filters command output by specifying a regular expression. For more information about regular expressions, see the chapter CLI configuration. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. 23

Use the display user-interface command to display information about a specified or all user interfaces. If the summary keyword is not included, the command displays the type of the user interface, absolute or relative number, transmission rate, user privilege level, authentication mode, and the access port. If the summary keyword is included, the command displays all the numbers and types of user interfaces. # Display information about user interface 29. <Sysname> display user-interface 0 Idx Type Tx/Rx Modem Privi Auth Int 0 AUX 0 9600-3 N - + : Current user-interface is active. F : Current user-interface is active and work in async mode. Idx : Absolute index of user-interface. Type : Type and relative index of user-interface. Privi: The privilege of user-interface. Auth : The authentication mode of user-interface. Int : The physical location of UIs. A : Authentication use AAA. L : Authentication use local database. N : Current UI need not authentication. P : Authentication use current UI's password. Table 3 Output description Field + The current user interface is active. F Idx Type Tx/Rx Modem Privi Auth Int A L N P The current user interface is active and works in asynchronous mode. Absolute number of the user interface. Type and relative number of the user interface. Transmission/Receive rate of the user interface Whether the modem is allowed to dial in (in), dial out (out), or both (inout) By default, the character - is displayed to indicate that this function is disabled. Indicates the command level of a user under that user interface Authentication mode for the users: A AAA authentication P Password authentication L Local authentication N None authentication The physical port that corresponds to the user interface. AAA authentication with the authentication mode of scheme. Local authentication (not supported) No authentication with the authentication mode of none. Password authentication with the authentication mode of password. 24

# Display summary about all user interfaces. <Sysname> display user-interface summary User interface type : [AUX] 0:X User interface type : [VTY] 1:UUUU UUXX XXXX XXXX 6 character mode users. (U) 11 UI never used. (X) 6 total UI in use Table 4 Output description Field User interface type 0:X Type of user interface (AUX or VTY) 0 Represents the absolute number of the user interface. X This user interface is not used; U This user interface is in use. character mode users. (U) Number of users, or, the total number of character U. UI never used. total UI in use (X) Number of user interfaces not used, or, the total number of character X. Total number of user interfaces in use display users Any view display users [ all ] [ { begin exclude include } regular-expression ] 1: Monitor level all: Displays information about all user interfaces that the device supports. : Filters command output by specifying a regular expression. For more information about regular expressions, see the chapter CLI configuration. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Use the display users command to display information about the user interfaces that are being used. Use the display users all command to display information about all user interfaces supported by the device. 25

# Display information about the user interfaces that are being used. <Sysname>display users The user application information of the user interface(s): Idx UI Delay Type Userlevel 1 VTY 0 00:03:32 TEL 3 2 VTY 1 03:34:55 TEL 3 + 3 VTY 2 00:00:00 TEL 3 Following are more details. VTY 0 : Location: 192.168.0.5 VTY 1 : Location: 192.168.0.11 VTY 2 : Location: 192.168.0.10 + : Current operation user. F : Current operation user work in async mode. Table 5 Output description Field Idx UI Delay Type Userlevel Absolute number of the user interface Relative number of the user interface. For example, with VTY, the first column represents user interface type, and the second column represents the relative number of the user interface. Time elapsed since the user's last input, in the format of hh:mm:ss. User type, such as Telnet, SSH User level: 0 for visit, 1 for monitor, 2 for system, and 3 for manage. + Current user Location F IP address of the user The current user works in asynchronous mode display web users Any view display web users [ { begin exclude include } regular-expression ] 1: Monitor level Parameter : Filters command output by specifying a regular expression. For more information about regular expressions, see the chapter CLI configuration. 26

begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Use the display web users command to display information about web users. Example # Display information about the current web users. <Sysname> display web users UserID Name Language Level State LinkCount LoginTime LastTime ab890000 admin Chinese Management Enable 0 14:13:46 14:14:18 Table 6 Output description Field UserID Name Language Level State LinkCount LoginTime LastTime ID of a web user Name of the web user Login language used by the web user Level of the web user State of the web user Number of tasks that the web user runs Time when the web user logged in Last time when the web user accessed the switch escape-key escape-key { default character } undo escape-key User interface view character: Specifies the shortcut key for aborting a task, a single character (or its ASCII code value in the range 0 to 127) or a string of 1 to 3 characters. Only the first character of a string functions as the shortcut key. If you enter an ASCII code value of 113, the system uses its character q as the shortcut key. If you enter the string q@c, the system uses the first character q as the shortcut key. default: Restores the default escape key combination of Ctrl+C. 27

Use the escape-key command to define a shortcut key for aborting a task. The new shortcut key functions to terminate a task. Use the undo escape-key command to disable the shortcut key for aborting tasks. By default, you can use Ctrl+C to terminate a task. To display the shortcut key you have defined, use the display current-configuration command. If you set the character argument in a user interface to log in to the device and then telnet to another device, the character argument can only be used as a control character to abort a task (not for input as a common character). For example, if you specify character as e in VTY 0 user interface of Device A, when you log in to Device A by using VTY 0 on a PC (Hyper Terminal), you can input e as a common character on the PC, and you can also use e to terminate the task running on Device A. If you telnet to Device B from Device A, you can only use e to terminate the task running on Device B, rather than input e as a common character. To avoid this, specify character as a key combination. # Define key a as the shortcut key for aborting a task. <Sysname> system-view [Sysname] user-interface aux 0 [Sysname-ui-aux0] escape-key a To verify the configuration, perform the following operations: # Use the ping command to check the reachability of the device with the IP address of 192.168.1.49, and use the -c keyword to specify the number of ICMP echo packets to be sent as 20. <Sysname> ping -c 20 192.168.1.49 PING 192.168.1.49: 56 data bytes, press a to break Reply from 192.168.1.49: bytes=56 Sequence=1 ttl=255 time=3 ms Reply from 192.168.1.49: bytes=56 Sequence=2 ttl=255 time=3 ms # Enter a. The task terminates immediately and the system returns to system view. --- 192.168.1.49 ping statistics --- 2 packet(s) transmitted 2 packet(s) received 0.00% packet loss round-trip min/avg/max = 3/3/3 ms <Sysname> flow-control flow-control { hardware none software } undo flow-control User interface view 2: System level 28

hardware: Performs hardware flow control. none: Disables flow control. software: Performs software flow control. Use the flow-control command to configure the flow control mode. Use the undo flow-control command to restore the default. By default, the flow control mode is none, which means no flow control is performed. NOTE: The switch supports the none flow control mode only. The command is only applicable to the console port. # Configure no flow control in the inbound and outbound directions for AUX 0. <Sysname> system-view [Sysname] user-interface aux 0 [Sysname-ui-aux0] flow-control none free user-interface User view free user-interface { num1 { aux vty } num2 } num1: Absolute number of a user interface. The value ranges from 0 to 32. aux: Specifies the AUX user interface. vty: Specifies the VTY user interface. num2: Relative number of a user interface. The value ranges 0 for an AUX user interface and from 0 to 15 for a VTY user interface. Use the free user-interface command to release the connection(s) established on the specified user interface. This command cannot release the connection that you are using. # Display the connection established on user interface VTY 1. <Sysname> display users The user application information of the user interface(s): Idx UI Delay Type Userlevel 29

+ 1 VTY 0 00:11:58 TEL 3 Following are more details. VTY 0 : Location: 192.168.0.5 + : Current operation user. F : Current operation user work in async mode. // You can display information about the users that are using the device. <Sysname> free user-interface vty 1 Are you sure to free user-interface vty1? [Y/N]:y // To make configurations without interruption from the user using VTY 1, you can release the connection established on VTY 1. free web-users User view free web-users { all user-id userid user-name username } 2: System level Parameter userid: Web user ID. username: Name of the web user. This argument can contain 1 to 80 characters. all: Specifies all web users. Example Use the free web-users command to disconnect a specified web user or all web users by force. # Disconnect all web users by force. <Sysname> free web-users all history-command max-size history-command max-size size-value undo history-command max-size User interface view 2: System level 30