Table of Contents 1 Commands for Access Controller Switch Interface Board 1-1

Similar documents
Login management commands

Operation Manual Login and User Interface. Table of Contents

H3C WA Series WLAN Access Points. Fundamentals Command Reference

HP A3100 v2 Switch Series

Logging in to the CLI

HP 3600 v2 Switch Series

HP 3600 v2 Switch Series

Logging in through SNMP from an NMS 22 Overview 22 Configuring SNMP agent 22 NMS login example 24

Table of Contents 1 Basic Configuration Commands 1-1

HPE FlexFabric 5700 Switch Series

Table of Contents 1 SSH Configuration 1-1

HP Load Balancing Module

Table of Contents 1 Basic Configuration Commands 1-1

User authentication configuration example 11 Command authorization configuration example 13 Command accounting configuration example 14

Privilege Level Switching Authentication Technology White Paper

Table of Contents 1 Basic Configuration Commands 1-1

Table of Contents 1 FTP and SFTP Configuration TFTP Configuration 2-1

Part number: DUA1756-1CAA01 Published: September 2005 SuperStack 3 Switch 4500 Family Command Reference Guide Version 3.1.

Using Cisco IOS XE Software

SSH H3C Low-End Ethernet Switches Configuration Examples. Table of Contents

HP High-End Firewalls

CHAPTER 2 ACTIVITY

HWTACACS Technology White Paper

FSOS Getting Started Operation

Operation Manual SSH H3C S3610&S5510 Series Ethernet Switches. Table of Contents

Passwords and Privileges Commands

Lab 7 Configuring Basic Router Settings with IOS CLI

Configuring the Management Interface and Security

Using the Command-Line Interface

CCNA 1 Chapter 2 v5.0 Exam Answers %

PPP configuration commands

Managing GSS User Accounts Through a TACACS+ Server

CCNA 1 Chapter 2 v5.0 Exam Answers 2013

SSH Configuration Examples H3C S7500 Series Ethernet Switches Release Table of Contents

Console Port, Telnet, and SSH Handling

Lab - Configuring a Switch Management Address

Command-Line Interfaces

Configuring Terminal Settings and Sessions

Using the Command-Line Interface

Configuring a Terminal/Comm Server

H3C S5830V2 & S5820V2 Switch Series

Lab Using the CLI to Gather Network Device Information Topology

Managing GSS User Accounts Through a TACACS+ Server

Table of Contents 1 PPP Configuration Commands PPPoE Configuration Commands 2-1

Configuring Security with Passwords, Privileges, and Logins

Managing GSS User Accounts Through a TACACS+ Server

Configuring Switch-Based Authentication

HP A5830 Switch Series Fundamentals. Configuration Guide. Abstract

HP 6125 Blade Switch Series

H3C Intelligent Management Center

Overview of the Cisco NCS Command-Line Interface

Operation Manual Security. Table of Contents

Examples of Cisco APE Scenarios

Part number: Published: March Com Switch 4500 Family Configuration Guide

Configuring Secure Shell (SSH)

Configuring Management Access

Command-Line Interfaces

Upgrading software. Router software overview. Software upgrade configuration task list

Table of Contents. 2 MIB Style Configuration 2-1 Overview 2-1 Setting the MIB Style 2-1 Displaying and Maintaining MIB 2-1

Administration of Cisco WLC

H3C S9500 Series Routing Switches

Lab Configuring Basic RIPv2 (Solution)

HP 6125G & 6125G/XG Blade Switches

HP 5920 & 5900 Switch Series

Lab Designing and Implementing a VLSM Addressing Scheme. Topology. Objectives. Background / Scenario

Operation Manual System Management. Table of Contents

Configuring IPv6 DNS. Introduction to IPv6 DNS. Configuring the IPv6 DNS client. Configuring static domain name resolution

Operation Manual AAA RADIUS HWTACACS H3C S5500-EI Series Ethernet Switches. Table of Contents

Table of Contents. 1 TFTP Configuration Commands 1-1 TFTP Client Configuration Commands 1-1 tftp-server acl 1-1 tftp 1-2 tftp ipv6 1-3

CISCO SWITCH BEST PRACTICES GUIDE

Lab Configuring and Verifying Standard IPv4 ACLs (Instructor Version Optional Lab)

Table of Contents. 2 MIB Style Configuration 2-1 Setting the MIB Style 2-1 Displaying and Maintaining MIB 2-1

HP 5120 SI Switch Series

HP Load Balancing Module

Before you start the lab exercises see the lab administrator or EEE3080F tutor to get assigned to your routers.

Managing Connections Menus and System Banners

CCNA Semester 2 labs. Labs for chapters 2 10

Lab - Examining Telnet and SSH in Wireshark

HP 5500 EI & 5500 SI Switch Series

CCNA Explorer 1 Chapter 11 Configuring & Testing Your Network

Lab Configuring and Verifying Standard IPv4 ACLs Topology

Firewall Authentication Proxy for FTP and Telnet Sessions

DGS-1510 Series Gigabit Ethernet SmartPro Switch Web UI Reference Guide. Figure 9-1 Port Security Global Settings window

Configuring Security for the ML-Series Card

Skills Assessment Student Training Exam

Chapter 10 - Configure ASA Basic Settings and Firewall using ASDM

Administration of Cisco WLC

Command Manual Network Protocol. Table of Contents

SLIP and PPP Configuration Commands

Secure Shell Commands

Lab - Troubleshooting Standard IPv4 ACL Configuration and Placement Topology

aaa max-sessions maximum-number-of-sessions The default value for aaa max-sessions command is platform dependent. Release 15.0(1)M.

Table of Contents 1 AAA Overview AAA Configuration 2-1

Using the Cisco NCS Command-Line Interface

Table of Contents 1 FTP Configuration Commands TFTP Configuration Commands 2-1

Configuring Switch Security

Chapter 11. Configuring and Testing Your Network

Chapter 4. Network Security. Part II

Lab 5.6b Configuring AAA and RADIUS

Table of Contents X Configuration 1-1

Transcription:

Table of Contents 1 Commands for Access Controller Switch Interface Board 1-1 Commands for Access Controller and Access Controller Switch Interface Board 1-1 acl (user interface view) 1-1 activation-key 1-2 authentication-mode 1-3 auto-execute command 1-4 databits 1-5 display user-interface 1-6 display users 1-7 escape-key 1-8 free user-interface 1-9 header 1-10 history-command max-size 1-12 idle-timeout 1-13 lock 1-13 parity 1-14 protocol inbound 1-15 screen-length 1-16 send 1-16 service-type 1-17 service-type lan-access 1-18 set authentication password 1-19 shell 1-20 speed 1-20 stopbits 1-21 sysname 1-22 telnet 1-22 telnet client source 1-23 telnet server enable 1-24 terminal type 1-25 user-interface 1-25 user privilege level 1-26 Commands for Logging In to the Access Controller Switch Interface Board Through OAP 1-27 oap connect slot 1-27 oap reboot slot 1-27 telnet 1-28 i

1 Commands for Access Controller Switch Interface Board Unless otherwise specified, the term switch in this document refers to a switch in a generic sense or an access controller that supports the switching function. Commands for Access Controller and Access Controller Switch Interface Board acl (user interface view) For common and advanced ACLs: acl [ ipv6 ] acl-number { inbound outbound } undo acl acl-number { inbound outbound } undo acl ipv6 { inbound outbound } For Layer 2 ACLs: acl link-acl-number inbound undo acl link-acl-number inbound ipv6: Indicates IPv6 is supported. If this keyword is not specified, IPv4 is supported. acl-number: Basic ACL or advanced ACL number, in the range 2000 to 3999. link-acl-number: Layer 2 ACL number, in the range 4000 to 4999. inbound: Limits the incoming call authority of the user interface. outbound: Limits the outgoing call authority of the user interface. Use the acl command to apply an Access Control List (ACL) for limiting the access authority of the current user interface. 1-1

Use the undo acl command to remove the limit on the access authority of the user interface. Refer to ACL in H3C WX6103 Access Controller Switch Interface Board Command Reference for information about ACL. This command is available only in VTY user interface view. By default, the access authority of a user interface is not limited. # Apply ACL 2000 for controlling the users telnetting to the device (assuming that ACL 2000 already exists). [Sysname] user-interface vty 0 4 [Sysname-ui-vty0-4] acl 2000 inbound activation-key activation-key character undo activation-key 3: Manage level character: Shortcut key for starting terminal sessions, a character or its ASCII decimal equivalent in the range 0 to 127; or a string of 1 to 3 characters. Use the activation-key command to define a shortcut key for starting a terminal session. Use the undo activation-key command to restore the default shortcut key. Use these two commands in the console user interface only. You can use a single character (or its corresponding ASCII code value in the range 0 to 127) or a string of 1 to 3 characters to define a shortcut key. In the latter case, the system takes only the first character to define the shortcut key. For example, if you input an ASCII code value 97, the system will set the shortcut key to <a>; if you input the string b@c, the system will set the shortcut key to <b>. You may use the display current-configuration command to verify the shortcut key you have defined. By default, pressing Enter key will start a terminal session. # Set the shortcut key for starting terminal sessions to s. [Sysname] user-interface console 0 [Sysname-ui-console0] activation-key s To verify the configuration, do the following: # Exit the terminal session on the console port, and enter s at the prompt of Please press ENTER. You will see the terminal session being started. 1-2

[Sysname-ui-console0] return <Sysname> quit *********************************************************************** * Copyright(c) 2004-2007 Hangzhou H3C Technologies Co., Ltd. * * Without the owner's prior written consent, * * no decompiling or reverse-engineering shall be allowed. * *********************************************************************** User interface console0 is available. Please press ENTER. <Sysname> %Apr 28 04:33:11:611 2005 Sysname SHELL/5/LOGIN: Console login from console0 authentication-mode authentication-mode { none password scheme [ command-authorization ] } 3: Manage level none: Specifies that users are not authenticated. password: Authenticates users using the local password. scheme: Authenticates users locally or remotely using usernames and passwords. command-authorization: Performs command authorization on TACACS authentication server. Use the authentication-mode command to specify the authentication mode. If you specify the password keyword to authenticate users using the local password, remember to set the local password using the set authentication password { cipher simple } password command. If you specify the scheme keyword to authenticate users locally or remotely using usernames and passwords, the actual authentication mode depends on other related configuration. If this command is executed with the command-authorization keyword specified, authorization is performed on the TACACS server whenever you attempt to execute a command, and the command can be executed only when you pass the authorization. Normally, a TACACS server contains a list of the commands available to different users. 1-3

After you specify to perform local password authentication, when a user logs in through the console port, a user can log in to the device even if the password is not configured on the device. But for a VTY user interface, a password is needed for a user to log in to the device through it under the same condition. By default, users logging in through the console port are not authenticated, whereas Telnet users are authenticated. For VTY user interface, if you want to set the login authentication mode to none or password, you must first verify that the SSH protocol is not supported by the user interface. Otherwise, your configuration will fail. Refer to section protocol inbound. # Configure to authenticate users using the local password. [Sysname] user-interface console 0 [Sysname-ui-console0] authentication-mode password auto-execute command auto-execute command text undo auto-execute command 3: Manage level text: Command to be executed automatically. Use the auto-execute command command to set the command that is executed automatically after a user logs in. Use the undo auto-execute command command to disable the specified command from being automatically executed. Use these two commands in the VTY user interface only. Normally, the telnet command is specified to be executed automatically to enable the user to Telnet to a specific network device automatically. By default, no command is automatically executed. 1-4

The auto-execute command command may cause you unable to perform common configuration in the user interface, so use it with caution. Before executing the auto-execute command command and saving your configuration, make sure you can log in to the device in other modes and cancel the configuration. # Configure the telnet 10.110.100.1 command to be executed automatically after users log in to VTY 0. [Sysname] user-interface vty 0 [Sysname-ui-vty0] auto-execute command telnet 10.110.100.1 % This action will lead to configuration failure through ui-vty0. Are you sure?[y/n]y databits databits { 5 6 7 8 } undo databits 5: Five data bits. 6: Six data bits. 7: Seven data bits. 8: Eight data bits. Use the databits command to set the databits for the user interface. Use the undo databits command to revert to the default data bits. Execute these two commands in console user interface view only. The default data bits is 8. The device only supports data bits 7 and 8. To establish the connection again, you need to modify the configuration of the termination emulation utility running on your PC accordingly. 1-5

# Set the data bits to 7. [Sysname] user-interface console 0 [Sysname-ui-console0] databits 7 display user-interface display user-interface [ type number number ] [ summary ] Any view 1: Monitor level type: User interface type, including console user interface and VTY user interface. number: Relative user interface index or absolute user interface index. Relative user interface index: If you provide the type argument, number indicates the user interface index of the type. When the type is console, the number is 0; when the type is VTY, the number ranges from 0 to 4. Absolute user interface index: If you do not provide the type argument, number indicates absolute user interface index, which ranges from 0 to 6. summary: Displays the summary information about a user interface. Use the display user-interface command to view information about the specified or all user interfaces. When the summary keyword is absent, the command will display the type of the user interface, the absolute or relative number, the speed, the user privilege level, the authentication mode and the physical location. When the summary keyword is present, the command will display all the number and type of user interfaces under use and without use. # Display the information about user interface 0. <Sysname> display user-interface 0 Idx Type Tx/Rx Modem Privi Auth Int F 0 console 0 9600-3 N - + : Current user-interface is active. F : Current user-interface is active and work in async mode. Idx : Absolute index of user-interface. Type : Type and relative index of user-interface. Privi: The privilege of user-interface. Auth : The authentication mode of user-interface. Int : The physical location of UIs. A : Authenticate use AAA. 1-6

L : Authentication use local database. N : Current UI need not authentication. P : Authenticate use current UI's password. Table 1-1 display user-interface command output description Filed + F Idx Type Tx/Rx Modem Privi Auth Int A L N P The information displayed is about the current user interface. The information displayed is about the current user interface. And the current user interface operates in asynchronous mode. The absolute index of the user interface User interface type and the relative index Transmission speed of the user interface Indicates whether or not a modem is used. The available command level The authentication mode The physical position of the user interface Uses AAA server to authenticate Uses local data base to authenticate The current user interface (UI) needs no authentication Uses the current UI password to authenticate display users display users [ all ] Any view 1: Monitor level all: Displays the information about all user interfaces. Use the display users command to display the information about user interfaces. If you do not specify the all keyword, only the information about the current user interface is displayed. # Display the information about the current user interface. <Sysname> display users The user application information of the user interface(s): Idx UI Delay Type Userlevel 1-7

1 VTY 0 00:11:45 TEL 3 2 VTY 1 00:16:35 TEL 3 3 VTY 2 00:16:54 TEL 3 + 4 VTY 3 00:00:00 TEL 3 Following are more details. VTY 0 : Location: 192.168.0.123 VTY 1 : Location: 192.168.0.43 VTY 2 : Location: 192.168.0.2 VTY 3 : User name: user Location: 192.168.0.33 + : Current operation user. F : Current operation user work in async mode. Table 1-2 display users command output description Field + The information displayed is about the current user interface. F Idx UI Delay Type Userlevel Location User name The information is about the current user interface, and the current user interface operates in asynchronous mode. Absolute user interface number Relative user interface number The period in seconds the user interface idles for. User type The level of the commands available to the users logging in to the user interface The IP address form which the user logs in. The login name of the user that logs into the user interface. escape-key escape-key { default character } undo escape-key 3: Manage level default: Restores the default escape key combination <CTRL+C>. character: Specifies the shortcut key for aborting a task, a single character (or its corresponding ASCII code value in the range 0 to 127) or a string of 1 to 3 characters. 1-8

Use the escape-key command to define a shortcut key for aborting tasks. Use the undo escape-key command to cancel the configuration. You can use a single character (or its corresponding ASCII code value in the range 0 to 127) or a string of 1 to 3 characters to define a shortcut key. But in fact, only the first character functions as the shortcut key. For example, if you enter an ASCII value 113, the system will use its corresponding character <q> as the shortcut key; if you input the string q@c, the system will use the first letter <q> as the shortcut key. By default, you can use <Ctrl+C> to terminate a task. You can use the display current-configuration command to verify the shortcut key you have defined. # Define <Q> as the escape key. [Sysname] user-interface console 0 [Sysname-ui-console0] escape-key Q To verify the configuration, do the following: # Run the ping command to test the connection. <Sysname> ping c 20 125.241.23.46 PING 1.1.1.1: 56 data bytes, press Q to break Request time out Request time out Request time out --- 1.1.1.1 ping statistics --- 5 packet(s) transmitted 0 packet(s) received 100.00% packet loss Enter <Q>, if the ping task is terminated and return to the current view, the configuration is correct. <Sysname> free user-interface free user-interface [ type ] number User view 3: Manage level type: User interface type, including console user interface and VTY user interface. number: Absolute user interface index or relative user interface index. Relative user interface index: If you provide the type argument, number indicates the user interface index of the type. When the type is console, the number is 0; when the type is VTY, the number ranges from 0 to 4. 1-9

Absolute user interface index: If you do not provide the type argument, number indicates absolute user interface index, which ranges from 0 to 6. Use the free user-interface command to clear a specified user interface. If you execute this command, the corresponding user interface will be disconnected. Note that the current user interface can not be cleared. # Log in to the device through user interface 0 and clear user interface 1. <Sysname> free user-interface 1 Are you sure to free user-interface vty0 [Y/N]y [OK] After you execute this command, user interface 1 will be disconnected. The user in it must log in again to connect to the device. header header { incoming legal login motd shell } text undo header { incoming legal login motd shell } System view incoming: Configures the information output after a Modem user logs in. Note that the device does not support Modem login. legal: Sets the authorization banner. If you specify to authenticate login users, the banner appears before a user passes the authentication. login: Login information in case of authentication. It is displayed before the user is prompted to enter user name and password. shell: User conversation established header, the information output after user conversation has been established. If authentication is required, it is prompted after the user passes authentication. motd: Sets the login banner. If you specify to authenticate login users, the banner appears before a user passes the authentication but after the legal banner. text: Specifies the title text. If you do not choose any keyword in the command, the system displays the login information by default. The system supports two types of input modes: One is to input all the text in one line, and altogether 510 characters, including command key word, can be input. The beginning character and the end character you input must be the same, but the two characters are not included in the content of the welcome information. The other is to input all the text in several lines using the Enter key, and more than 510 characters can be input. And this input mode falls into the following three types: 1-10

1) Press the Enter key directly at the first line, and end the setting with %. The % character and the carriage-return character do not act as part of the banner. 2) Type a character in the first line of a banner, then press the Enter key, and end the setting with the character typed in the first line. The beginning character and the end character do not act as part of the banner. 3) Type multiple characters in the first line (the first and last characters in the line are different), then press Enter, and then end the setting with the first character of the first line. The first character of the first line and the end character do not act as part of the banner. Use the header command to configure the welcome information for a specific operation. Use the undo header command to cancel the configuration. The welcome information starts with the first character and ends with the same character. This means that you should type in the initial character again at the end of the information, and after that the system will exit the interaction. Note the following: The banner configured with the header legal command is displayed when you enter the user interface. If password authentication is enabled or an authentication scheme is specified, this banner is displayed before login authentication. The banner configured with the header motd command is displayed when you enter the user interface. If password authentication is enabled or an authentication scheme is specified, this banner is displayed after the banner configured with the header legal and before login authentication. With password authentication enabled or an authentication scheme specified, the banner configured with the header login command is displayed after the banner configured with the header motd command and before login authentication. The banner configured with the header shell command is displayed after a user session is established. # Configure welcome information of user interface. [Sysname] header incoming % Input banner text, and quit with the character '%'. Welcome to incoming(header incoming)% [Sysname] header legal % Input banner text, and quit with the character '%'. Welcome to legal (header legal)% [Sysname] header login % Input banner text, and quit with the character '%'. Welcome to login(header login)% [Sysname] header motd % Input banner text, and quit with the character '%'. Welcome to motd(header motd)% [Sysname] header shell % Input banner text, and quit with the character '%'. 1-11

Welcome to shell(header shell)% In this example, % acts as the beginning/end character of the text. After the text is displayed, enter the % character to end the text and quit the header command. As the beginning/end character, the % character does not act as part of the welcome information. # Test above configuration. ************************************************************************** * Copyright(c) 2004-2007 Hangzhou H3C Technologies Co., Ltd. * * Without the owner's prior written consent, * * no decompiling or reverse-engineering shall be allowed. * ************************************************************************** Welcome to legal(header legal) Press Y or ENTER to continue, N to exit. Welcome to motd(header motd) Welcome to login(header login) Login authentication Password: Welcome to shell(header shell) <Sysname> history-command max-size history-command max-size value undo history-command max-size value: Size of the history command buffer. This argument ranges from 0 to 256 and defaults to 10. That is, the history command buffer can store 10 commands by default. Use the history-command max-size command to set the size of the history command buffer. 1-12

Use the undo history-command max-size command to revert to the default history command buffer size. # Set the size of the history command buffer to 20 to enable it to store up to 20 commands. [Sysname] user-interface console 0 [Sysname-ui-console0] history-command max-size 20 idle-timeout idle-timeout minutes [ seconds ] undo idle-timeout minutes: Number of minutes. This argument ranges from 0 to 35,791. seconds: Number of seconds. This argument ranges from 0 to 59. Use the idle-timeout command to set the timeout time. The connection to a user interface is terminated if no operation is performed in the user interface within the specified period. Use the undo idle-timeout command to revert to the default timeout time. You can use the idle-timeout 0 command to disable the timeout function. The default timeout time is 10 minutes. # Set the timeout time of console 0 to 1 minute. [Sysname] user-interface console 0 [Sysname-ui-console0] idle-timeout 1 0 lock lock User view 3: Manage level None 1-13

Use the lock command to lock the current user interface to prevent unauthorized users from operating the user interface. With the execution of this command, the system prompts to enter and confirm the password (up to 16 characters), and then locks the user interface. To cancel the lock, press the Enter key and enter the correct password. By default, the system will not lock the current user interface automatically. # Lock the current user interface. <Sysname> lock Please input password<1 to 16> to lock current user terminal interface: Password: Again: # Cancel the lock. Password: <Sysname> locked! parity parity { even mark none odd space } undo parity even: Performs even checks. mark: Performs mark checks. none: Does not check. odd: Performs odd checks. space: Performs space checks. Use the parity command to set the check mode of the user interface. Use the undo parity command to revert to the default check mode. Use these two commands in console user interface view only. No check is performed by default. 1-14

The device supports the even, none, and odd check modes only. To establish the connection again, you need to modify the configuration of the termination emulation utility running on your PC accordingly. # Set to perform even checks. [Sysname] user-interface console 0 [Sysname-ui-console0] parity even protocol inbound protocol inbound { all ssh telnet } 3: Manage level all: Supports both Telnet protocol and SSH protocol. ssh: Supports SSH protocol. telnet: Supports Telnet protocol. Use the protocol inbound command to configure the user interface to support specified protocols. Both Telnet and SSH protocols are supported by default. Use this command in VTY user interface view only. Related commands: user-interface vty. If you want to configure the user interface to support SSH, to ensure a successful login, you must first configure the authentication mode to scheme on the user interface. If you set the authentication mode to password or none, the protocol inbound ssh command will fail. Refer to section authentication-mode. # Configure VTY 0 to support only SSH protocol. [Sysname] user-interface vty 0 1-15

[Sysname-ui-vty0] protocol inbound ssh screen-length screen-length screen-length undo screen-length screen-length: Number of lines the screen can contain. This argument ranges from 0 to 512 and defaults to 24. Use the screen-length command to set the number of lines the terminal screen can contain. Use the undo screen-length command to revert to the default number of lines. You can use the screen-length 0 command to disable the function to display information in pages. # Set the number of lines the terminal screen can contain to 20. [Sysname] user-interface console 0 [Sysname-ui-console0] screen-length 20 send send { all number type number } User view 1: Monitor level all: Specifies to send messages to all user interfaces. type: User interface type, including console user interface and VTY user interface. number: Absolute user interface index or relative user interface index. Relative user interface index: If you provide the type argument, the number argument indicates the user interface index of the type. When the type is console, number is 0; when the type is VTY, number ranges from 0 to 4. Absolute user interface index: If you do not provide the type argument, the number argument indicates the absolute user interface index, and ranges from 0 to 6. 1-16

Use the send command to send messages to a specified user interface or all user interfaces. # Send messages to all user interfaces. <Sysname> send all Enter message, end with CTRL+Z or Enter; abort with CTRL+C: hello^z Send message? [Y/N]y <Sysname> *** *** ***Message from vty0 to vty0 *** hello <Sysname> service-type service-type { ssh telnet terminal }* [ level level ] undo service-type { ssh telnet terminal }* Local user view 3: Manage level ssh: Specifies the users to be of SSH type. telnet: Specifies the users to be of Telnet type. terminal: Makes terminal services available to users logging in through the console port. level level: Specifies the user level for Telnet users, Terminal users, or SSH users. The level argument ranges from 0 to 3 and defaults to 0. Use the service-type command to specify the login type and the corresponding available command level. Use the undo service-type command to cancel login type configuration. Commands fall into four command levels: visit, monitor, system, and manage, which are described as follows: Visit level: Commands of this level are used to diagnose network and change the language mode of user interface, such as the ping, tracert, and language-mode command. The Telnet command is also of this level. Commands of this level cannot be saved in configuration files. 1-17

Monitor level: Commands of this level are used to maintain the system, to debug service problems, and so on. The display and debugging command are of monitor level. Commands of this level cannot be saved in configuration files. System level: Commands of this level are used to configure services. Commands concerning routing and network layers are of system level. You can utilize network services by using these commands. Manage level: Commands of this level are for the operation of the entire system and the system supporting modules. Services are supported by these commands. Commands concerning file system, file transfer protocol (FTP), trivial file transfer protocol (TFTP), downloading using XMODEM, user management, and level setting are of administration level. # Configure that commands of level 0 are available to the users logging in using the user name of user. [Sysname] local-user user [Sysname-luser-user] service-type telnet level 0 # To verify the above configuration, you can quit the system, log in again using the user name of user, and then list the available commands, as listed in the following. <Sysname>? User view commands: ping Ping function quit Exit from current command view ssh2 Establish a secure shell client connection super Set the current user priority level telnet Establish one TELNET connection tracert Trace route function service-type lan-access service-type lan-access undo service-type lan-access Local user view None Use the service-type lan-access command to specify the service type that a user can use as lan-access (to the user of Ethernet, that is, 802.1x user). Use the undo service-type lan-access command to cancel the lan-access service type. By default, no service is supplied to a user. 1-18

# Configure the service type as lan-access. [Sysname] local-user user1 [Sysname-luser-user1] service-type lan-access set authentication password set authentication password { cipher simple } password undo set authentication password 3: Manage level cipher: Specifies to display the local password in encrypted text when you display the current configuration. simple: Specifies to display the local password in plain text when you display the current configuration. password: Password. The password must be in plain text if you specify the simple keyword in the set authentication password command. If you specify the cipher keyword, the password can be in either encrypted text or plain text. Whether the password is in encrypted text or plain text depends on the password string entered. Strings containing up to 16 characters (such as 123) are regarded as plain text passwords and are converted to the corresponding 24-character encrypted password (such as!tp<\*emuhl,408`w7th!q!!). A encrypted password must contain 24 characters and must be in ciphered text (such as!tp<\*emuhl,408`w7th!q!!). Use the set authentication password command to set the local password. Use the undo set authentication password command to remove the local password. Note that only plain text passwords are expected when users are authenticated. By default, Telnet users need to provide their passwords to log in. If no password is set, Login password has not been set! appears on the terminal when a user logs in. # Set the local password of VTY 0 to 123. [Sysname] user-interface vty 0 [Sysname-ui-vty0] set authentication password simple 123 1-19

shell shell undo shell 3: Manage level None Use the shell command to make terminal services available for the user interface. Use the undo shell command to make terminal services unavailable to the user interface. By default, terminal services are available in all user interfaces. Note the following when using the undo shell command: This command is not available in console user interface. This command is unavailable in the current user interface. This command prompts for confirmation when being executed in any valid user interface. # Log in to user interface 0 through the console port and make terminal services unavailable in VTY 0 through VTY 4. speed [Sysname] user-interface vty 0 4 [Sysname-ui-vty0-4] undo shell % Disable ui-vty0-4, are you sure? [Y/N]y speed speed-value undo speed speed-value: Transmission speed (in bps). This argument can be 300, 600, 1200, 2400, 4800, 9600, 19,200, 38,400, 57,600, 115,200 and defaults to 9,600. Use the speed command to set the transmission speed of the user interface. 1-20

Use the undo speed command to revert to the default transmission speed. Use these two commands in the console user interface view only. After you use the speed command to configure the transmission speed of the console user interface, you must change the corresponding configuration of the terminal emulation program running on the PC, to keep the configuration consistent with that on the device. # Set the transmission speed of the console user interface to 115,200 bps. [Sysname] user-interface console 0 [Sysname-ui-console0] speed 115200 stopbits stopbits { 1 1.5 2 } undo stopbits 1: Sets the stop bits to 1. 1.5: Sets the stop bits to 1.5. 2: Sets the stop bits to 2. Use the stopbits command to set the stop bits of the user interface. Use the undo stopbits command to revert to the default stop bits. Use these two commands in the console user interface only. By default, the stop bits is 1. The device does not support the keyword 1.5. 1-21

# Set the stop bits to 2. [Sysname] user-interface console 0 [Sysname-ui-console0] stopbits 2 sysname sysname string undo sysname System view string: System name of the device, a string of 1 to 30 characters. The system default is H3C. Use the sysname command to set the system name for the device. Use the undo sysname command to revert to the default system name. The CLI prompt reflects the system name of a device. For example, if the system name of an access controller is H3C, then the prompt of user view is <H3C>. # Set the system name of the access controller to ABC. [Sysname] sysname ABC [ABC] telnet telnet { hostname ipv4-address } [ port-number ] telnet ipv6 { hostname ipv6-address } [ -i interface-type interface-number ] [ port-number ] User view 0: Visit level hostname: Host name of the remote device. You can use the ip host command to assign a host name to a device. Ipv4-address: IPv4 address of the remote device. ipv6-address: IPv6 address of the remote device. 1-22

-i interface-type interface-number: Specifies the type and number of an outgoing interface. It is required when the destination address is a link local address. port-number: TCP port number of the port that provides Telnet service on the device. This argument ranges from 0 to 65535. The default TCP port number is 23. Use the telnet command to Telnet to another device from the current device to manage the former remotely. You can terminate a Telnet connection by pressing Ctrl+K. Related commands: display tcp status. # Telnet to the device with the host name of Sysname2 and IP address of 129.102.0.1 from the current device (with the host name of Sysname1). <Sysname1> telnet 129.102.0.1 Trying 129.102.0.1... Press CTRL+K to abort Connected to 129.102.0.1... *********************************************************************** * Copyright(c) 2004-2007 Hangzhou H3C Technologies Co., Ltd. * * Without the owner's prior written consent, * * no decompiling or reverse-engineering shall be allowed. * *********************************************************************** <Sysname2> telnet client source telnet client source { ip source-ip-address interface interface-type interface-number } undo telnet client source System view ip source-ip-address: Specifies the source IP address of the Telnet connection. This address must be an IP address already configured on the device. interface interface-type interface-number: Specifies the source interface of the Telnet connection by its type and number. The IP address of the source interface is the source IP address of the Telnet packets. If no IP address is configured for the source interface, the Telnet connection fails. Use the telnet client source command to configure the source IP address for a device operating as a Telnet client. Use the undo telnet client source command to restore the default. By default, the source IP address used is determined by the route between the device operating as the Telnet client and the Telnet server. 1-23

Note that: You can configure the source address by specifying either the source interface or the source IP address. A newly configured source address overrides the existing one. The source address specified by the telnet command overrides the source address specified by the telnet client source command. The source address specified by the telnet client source command applies to all the Telnet connections established on the current device; while the source address specified by the telnet command applies to only the current Telnet connection. # Assign the source IP address 2.2.2.2 to the Telnet client. [Sysname] telnet client source ip 2.2.2.2 # Specify the source interface of the Telnet client as VLAN-interface 1. [Sysname] telnet client source interface Vlan-interface 1 telnet server enable telnet server enable undo telnet server enable System view 3: Manage level None Use the telnet server enable command to enable the Telnet server. Use the undo telnet server enable command to disable the Telnet server. By default, the Telnet server is disabled. # Enable the Telnet Server. [Sysname] telnet server enable % Start Telnet server # Disable the Telnet Server. [Sysname] undo telnet server enable % Close Telnet server 1-24

terminal type terminal type { ansi vt100 } undo terminal type ansi: Specifies the terminal display type to ANSI. vt100: Specifies the terminal display type to VT100. Use the terminal type command to configure the type of terminal display. Use the undo terminal type command to restore the default. Currently, the system support two types of terminal display : ANSI and VT100. By default, the terminal display type is ANSI. The device must use the same display type as the terminal. If the terminal uses VT 100, the device should also use VT 100. # Set the terminal display type to VTY 100. [Sysname] user-interface vty 0 [Sysname-ui-vty0] terminal type vt100 user-interface user-interface [ type ] first-number [ last-number ] System view type: User interface type, including console user interface and VTY user interface. first-number: User interface index, which identifies the first user interface to be configured. If the type argument is provided, it is the user interface index of this type. If the user interface is console, the first-number argument takes 0; if the user interface is console, it takes 0; if the user interface is VTY, it ranges from 0 to 4. If the type argument is not provided, the first-number argument indicates an absolute user interface index, in the range 0 to 6. last-number: User interface index, which identifies the last user interface to be configured. 1-25

Use the user-interface command to enter one or more user interface views to perform configuration. # Enter VTY 0 to 4 user interface view. [Sysname] user-interface vty 0 4 [Sysname-ui-vty0-4] user privilege level user privilege level level undo user privilege level 3: Manage level level: Command level ranging from 0 to 3. Use the user privilege level command to configure the command level available to the users logging in to the user interface. Use the undo user privilege level command to revert to the default command level. By default, the commands of level 3 are available to the users logging in to the console user interface. The commands of level 0 are available to the users logging in to VTY user interfaces. # Configure that commands of level 0 are available to the users logging in to VTY 0. [Sysname] user-interface vty 0 [Sysname-ui-vty0] user privilege level 0 # You can verify the above configuration by Telnetting to VTY 0 and displaying the available commands, as listed in the following. <Sysname>? User view commands: ping Ping function quit Exit from current command view ssh2 Establish a secure shell client connection super Set the current user priority level telnet Establish one TELNET connection tracert Trace route function 1-26

Commands for Logging In to the Access Controller Switch Interface Board Through OAP oap connect slot oap connect slot slot-number User view slot-number: Number of the slot where an Open Application Platform (OAP) board resides. The value of this argument is 0. Use the oap connect slot command to redirect from the device to the OAP board. You can press Ctrl+K to return from the operating system of the OAP board to the command line interface of the device. # Redirect from the device to the OAP board in slot 0. <Sysname> oap connect slot 0 Connected to OAP! oap reboot slot oap reboot slot slot-number User view slot-number: Number of the slot where an OAP board resides. The value of this argument is 0. Use the oap reboot slot command to reset the system of an OAP board. This command must be executed on the device. # Reset the system of the OAP board in slot 0. <Sysname> oap reboot slot 0 This command will recover the OAP from shutdown or other failed state. Warning: This command may lose the data on the hard disk if the OAP is not being shut down! 1-27

Continue? [Y/N]:y Reboot OAP by command. telnet telnet { hostname ipv4-address } [ port-number ] telnet ipv6 { hostname ipv6-address } [ -i interface-type interface-number ] [ port-number ] User view 0: Visit level hostname: Host name of a remote system. The host name should be configured by using the ip host or ipv6 host command. ipv4-address: IPv4 address of the remote system. ipv6-address: IPv6 address of the remote system. -i interface-type interface-number: Specifies the source interface for sending Telnet packets, where interface-type interface-number represents the interface type and number. This argument should be provided when the destination address is a link local address. port-number: TCP port number for the remote system to provide Telnet services. It ranges from 0 to 65535 and defaults to 23. Use the telnet command to telnet a remote host from the current device to remotely manage the host. You can terminate a Telnet connection by pressing Ctrl+K. The default Telnet port number is 23. Related commands: display tcp status, ip host. # Telnet switch interface board Sysname 2 (IP address 129.102.0.1) of the remote device from the current device Sysname 1. <Sysname1> telnet 129.102.0.1 Trying 129.102.0.1... Press CTRL+K to abort Connected to 129.102.0.1... *********************************************************************** * Copyright(c) 2004-2007 Hangzhou H3C Technologies Co., Ltd. * * Without the owner's prior written consent, * * no decompiling or reverse-engineering shall be allowed. * *********************************************************************** <Sysname2> 1-28

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback