3Com Corporation reserves the right to revise this documentation and to make changes in content from time
to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.
3Com Corporation provides this documentation without warranty, term, or condition of any kind, either
implied or expressed, including, but not limited to, the implied warranties, terms or conditions of
merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may make improvements or
changes in the product(s) and/or the program(s) described in this documentation at any time.
If there is any software on removable media described in this documentation, it is furnished under a license
agreement included with the product as a separate document, in the hard copy documentation, or on the
removable media in a directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy,
please contact 3Com and a copy will be provided to you.
UNITED STATES GOVERNMENT LEGEND
If you are a United States government agency, then this documentation and the software described herein
are provided to you subject to the following:
All technical data and computer software are commercial in nature and developed solely at private expense.
Software is delivered as “Commercial Computer Software” as defined in DFARS 252.227-7014 (June 1995)
or
as a “commercial item” as defined in FAR 2.101(a) and as such is provided with only such rights as are
provided in 3Com’s standard commercial license for the Software. Technical data is provided with limited
rights only as provided in DFAR 252.227-7015 (Nov
applicable. You agree not to remove or deface any portion of any legend provided on any licensed program
or documentation contained in, or delivered to you in conjunction with, this User Guide.
Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may
not be registered in other countries.
3Com, the 3Com logo, are registered trademarks of 3Com Corporation.
Intel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, and
Windows NT are registered trademarks of Microsoft
States and other countries, licensed exclusively through X/Open Company, Ltd.
All other company and product names may be trademarks of the respective companies with which they are
associated.
1995) or FAR 52.227-14 (June 1987), whichever is
Corporation. UNIX is a registered trademark in the United
CONTENTS
ABOUT THIS GUIDE
Conventions 9
SYSTEM ACCESS
Product Overview 11
Features 11
Configuring the Switch 7750 12
Setting Terminal Parameters 13
Configuring Through Telnet 16
Configuring Through a Dial-up Modem 18
Configuring the User Interface 20
Command Line Interface 28
Command Line View 28
Features and Functions of the Command Line 31
PORT CONFIGURATION
Ethernet Port Overview 35
Configuring Ethernet Ports 35
Troubleshooting VLAN Port Configuration 42
Configuring Link Aggregation 42
Subnet and Mask 68
Configuring an IP Address 68
Troubleshooting an IP Address Configuration 70
Configuring Address Resolution Protocol (ARP) 70
Configuring ARP 71
DHCP Relay 72
Configuring DHCP Relay 73
Troubleshooting a DHCP Relay Configuration 76
IP Performance 77
Configuring TCP Attributes 77
Configuring Special IP Packet Transmission to the CPU 77
Configuring L3 Broadcast Forwarding 78
Displaying and Debugging IP Performance 78
Troubleshooting IP Performance 79
IP ROUTING PROTOCOL OPERATION
IP Routing Protocol Overview 81
Selecting Routes Through the Routing Table 82
Routing Management Policy 83
Filtering or Classifying Data Transmitted by the Hardware 149
Filtering or Classifying Data Transmitted by the Software 150
ACL Support on the Switch 7750 150
Configuring ACLs 151
Configuring the Time Range 151
Selecting the ACL Mode 151
Defining an ACL 151
Activating an ACL 154
ACL Configuration Examples 155
Access Control 155
Basic ACL 156
Link ACL 157
Configuring QoS 157
Qos Concepts 158
Configuring QoS 161
QoS Configuration Examples 168
Configuring ACL Control 175
Configuring ACL Control for TELNET Users 176
Configuring ACL Control for SNMP Users 177
STP OPERATION
STP Overview 181
Configuring STP 181
Designating Switches and Ports 182
Calculating the STP Algorithm 182
Generating the Configuration BPDU 183
Selecting the Optimum Configuration BPDU 183
Designating the Root Port 183
Configuring the BPDU Forwarding Mechanism 185
MSTP Overview 186
MSTP Concepts 186
MSTP Principles 189
Configuring MSTP 189
Configuring the MST Region for a Switch 190
Specifying the Switch as Primary or Secondary Root Switch 191
Configuring the MSTP Running Mode 192
Configuring the Bridge Priority for a Switch 193
Configuring the Max Hops in an MST Region 194
Configuring the Switching Network Diameter 194
Configuring the Time Parameters of a Switch 195
Configuring the Max Transmission Speed on a Port 196
Configuring a Port as an Edge Port 197
Configuring the Path Cost of a Port 198
Configuring the Priority of a Port 200
Configuring the Port Connection with the Point-to-Point Link 201
Configuring the mCheck Variable of a Port 202
Configuring the Switch Security Function 202
Enabling MSTP on the Device 204
Enabling or Disabling MSTP on a Port 204
Displaying and Debugging MSTP 205
Digest Snooping 205
Configuring Digest Snooping 205
AAA AND RADIUS OPERATION
IEEE 802.1x 207
802.1x System Architecture 207
Configuring 802.1x 209
Implementing the AAA and RADIUS Protocols 215
Configuring AAA 217
Configuring the RADIUS Protocol 220
Configuring HWTACACS 230
Displaying and Debugging the AAA, RADIUS, and HWTACACS Protocols 237
AAA, RADIUS, and HWTACACS Protocol Configuration Examples 238
Configuring FTP/Telnet User Authentication at Remote RADIUS Server 238
Configuring FTP/Telnet User Authentication at the Local RADIUS Server 239
Configuring the FTP/Telnet User Authentication at a Remote TACACS Server 239
Dynamic VLAN with RADIUS Server Configuration Example 240
Troubleshooting AAA, RADIUS, and HWTACACS Configurations 241
SYSTEM MANAGEMENT
File System 243
Using a Directory 243
Managing Files 244
Formatting Storage Devices 244
Setting the Prompt Mode of the File System 244
Configuring File Management 245
FTP 246
TFTP 248
Managing the MAC Address Table 249
Configuring the MAC Address Table 250
Managing Devices 253
Designating the APP for the Next Boot 254
Displaying Devices 255
Maintaining and Debugging the System 255
Configuring System Basics 256
Displaying System Information and State 257
Debugging the System 257
Testing Tools for Network Connection 259
Logging Function 260
SNMP 265
SNMP Versions and Supported MIB 266
Configuring SNMP 267
This guide describes the 3Com® Switch 7750 and how to configure it in version
3.0 of the software.
ConventionsTa bl e 1 lists icon conventions that are used throughout this book.
Ta bl e 1 Notice Icons
IconNotice TypeDescription
Information
note
Information that describes important features or
instructions.
CautionInformation that alerts you to potential loss of data
WarningInformation that alerts you to potential personal
or potential damage to an application, system, or
device.
injury.
Ta bl e 2 lists the text conventions used in this book.
Ta bl e 2 Text Conventions
ConventionDescription
Screen displaysThis typeface represents information as
Keyboard key namesIf you must press two or more keys
The words “enter” and type”When you see the word “enter” in this
it appears on the screen.
simultaneously, the key names are
linked with a plus sign (+), for example:
Press Ctrl+Alt+Del
guide, you must type something, and
then press Return or Enter. Do not
press Return or Enter when an
instruction simply says “type.”
10ABOUT THIS GUIDE
Table 2 Text Conventions
ConventionDescription
Words in italicsItalics are used to:
■ Emphasize a point.
■ Denote a new term at the place
where it is defined in the text.
■ Identify command variables.
■ Identify menu names, menu
commands, and software button
names. Examples:
From the Help menu, select
Contents.
Click OK.
Words in boldBoldface type is used to highlight
command names. For example, “Use
the display user-interface
command to...”
SYSTEM ACCESS
1
This chapter covers the following topics:
■ Product Overview
■ Configuring the Switch 7750
■ Setting Terminal Parameters
■ Command Line Interface
Product OverviewThe 3Com Switch 7750 is a large capacity, modularized wire speed Layer 2/Layer 3
switch. It is designed for IP metropolitan area networks (MAN), large-sized
enterprise networks, and campus network users.
The Switch 7750 has an integrated chassis structure. The chassis contains a card
area, fan area, power supply area, and a power distribution area. In the card area,
there are seven slots. Slot 0 is prepared specially for the switch Fabric module. The
remaining slots are for interface modules. You can install different interface
modules for different networks; the slots support a mixed set of modules.
The Switch 7750 supports the following services:
■ MAN, enterprise/campus networking
■ Multicast service and multicast routing functions and audio and video multicast
service.
FeaturesTa bl e 3 lists and describes the function features that the Switch 7750 supports.
Internet Group Management Protocol (IGMP) Snooping
Internet Group Management Protocol (IGMP)
Protocol-Independent Multicast-Dense Mode (PIM-DM)
Protocol-Independent Multicast-Sparse Mode (PIM-SM)
Security featuresMulti-level user management and password protection
Quality of Service (QoS)Traffic classification
Management and
maintenance
Loading and updatingLoading and upgrading software using the XModem protocol
802.1X authentication
Packet filtering
AAA and RADIUS/HWTACACS
Bandwidth control
Priority
Queues of different priority on the port
Queue scheduling: supports Strict Priority Queueing (SP)
Command line interface configuration
Configuration through the console port
Remote configuration by Telnet
Configuration through dialing the modem
SNMP
System log
Level alarms
Output of the debugging information
PING and Tracert
Remote maintenance with Telnet, modem
Loading and upgrading software using the File Transfer Protocol
(FTP) and Trivial File Transfer Protocol (TFTP)
Configuring the
Switch 7750
On the Switch 7750, you can set up the configuration environment through the
console port. To set up the local configuration environment:
1 Plug the DB-9 or DB-25 female plug of the console cable into the serial port of the
PC or the terminal where the switch is to be configured.
2 Connect the RJ-45 connector of the console cable to the console port of the
switch, as shown in
Figure 1 Setting Up the Local Configuration Environment Through the Console Port
Figure 1.
Console cable
Setting Terminal Parameters13
Setting Terminal
Parameters
To set terminal parameters:
1 Start the PC and select Start > Programs > Accessories > Communications >
HyperTerminal. The HyperTerminal window displays the Connection Description
dialog box, as shown in
Figure 2 Set Up the New Connection
Figure 2.
2 Enter the name of the new connection in the Name field and click OK. The dialog
box, shown in
Figure 3 displays.
3 Select the serial port to be used from the Connect using dropdown menu.
Figure 3 Properties Dialog Box
4 Click OK. The Port Settings tab, shown in Figure 4, displays and you can set serial
port parameters. Set the following parameters:
14CHAPTER 1: SYSTEM ACCESS
■ Baud rate = 9600
■ Databit = 8
■ Parity check = none
■ Stopbit = 1
■ Flow control = none
Figure 4 Set Communication Parameters
5 Click OK. The HyperTerminal dialogue box displays, as shown in Figure 5.
6 Select Properties.
Setting Terminal Parameters15
Figure 5 HyperTerminal Window
7 In the Properties dialog box, select the Settings tab, as shown in Figure 6.
8 Select VT100 in the Emulation dropdown menu.
9 Click OK.
Figure 6 Settings Tab
16CHAPTER 1: SYSTEM ACCESS
Setting the Terminal Parameters is described in the following sections:
■ Configuring Through Telnet
■ Configuring Through a Dial-up Modem
■ Configuring the User Interface
Configuring Through
Te ln e t
Before you can telnet to a Switch 7750 and configure it, you must:
1 Configure the IP address of a VLAN interface for the Switch 7750 through the
console port (using the
ip address command in VLAN interface view)
2 Add the port (that connects to a terminal) to this VLAN (using the port command
in VLAN view)
3 Log in to the Switch 7750
Tasks for Configuring through Telnet are described in the following sections:
■ Connecting the PC to the Switch 7750
■ Connecting Two Switch 7750 Systems
Connecting the PC to the Switch 7750
To connect the PC and Switch 7750 through Telnet:
1 Authenticate the Telnet user through the console port before the user logs in by
Te ln e t.
By default, a password is required for authenticating the Telnet user to log in the
Switch 7750. If a user logs in by Telnet without a password, the user sees the
message:
Login password has not been set!
2 Enter system view, return to user view by pressing Ctrl+Z.
(xxxx is the preset login password of Telnet user)
3 To set up the configuration environment, connect the Ethernet port of the PC to
that of the Switch 7750 through the LAN. See
Figure 7 Setting Up the Configuration Environment Through Telnet
Workstation
Ethernet port
Figure 7.
Ethernet
WorkstationServer
PC (for configuring
the switch through Telnet)
Setting Terminal Parameters17
4 Run Telnet on the PC by selecting Start > Run from the Windows desktop and
entering Tel ne t in the Open field, as shown in
Figure 8 Run Telnet
Figure 8. Click OK.
The terminal displays Login authentication and prompts you for the logon
password.
5 Enter the password. The terminal displays the command line prompt (<SW7750>).
If the message, All user interfaces are used, please try later! appears,
try to reconnect later. At most, 5 Telnet users are allowed to log on to a Switch
7750 simultaneously.
6 Use the appropriate commands to configure the Switch 7750 or to monitor the
operational state. Enter
? to get immediate help. For details on specific
commands, refer to the chapters in this guide.
When configuring the Switch 7750 by Telnet, do not modify the IP address unless
necessary, because the modification might terminate the Telnet connection. By
default, after passing the password authentication and logging on, a Telnet user
can access the commands at login level 0.
Connecting Two Switch 7750 Systems
Before you can telnet the Switch 7750 to another Switch 7750, as shown in
Figure 9, you must:
1 Configure the IP address of a VLAN interface for the Switch 7750 through the
console port (using the
ip address command in VLAN interface view)
2 Add the port (that connects to a terminal) to this VLAN (using the port command
in VLAN view)
3 Log in to the Switch 7750
After you telnet to a Switch 7750, you can run the telnet command to log in and
configure another Switch 7750.
18CHAPTER 1: SYSTEM ACCESS
Figure 9 Provide Telnet Client Service
PC
Telnet client
Telnet server
1 Authenticate the Telnet user through the console port on the Telnet Server (Switch
7750) before login.
By default, a password is required for authenticating the Telnet user to log in the
Switch 7750. If a user logs into Telnet without password, the system displays the
following message:
Login password has not been set!
2 Enter system view, return to user view by pressing Ctrl+Z.
<SW7750>system-view
[SW7750]user-interface vty 0
[SW7750-ui-vty0]set authentication password simple/cipher xxxx (xxxx
is the preset login password of Telnet user)
3 Log in to the Telnet client (Switch 7750). For the login process, see “Connecting
the PC to the Switch 7750”.
4 Perform the following operations on the Telnet client:
<SW7750>telnet xxxx
(XXXX can be the hostname or IP address of the Telnet Server. If it is the hostname,
you must use the
ip host command to specify it.
5 Enter the preset login password. The Switch 7750 prompt (<SW7750>) displays. If
the message,
All user interfaces are used, please try later! displays, try
to connect later.
Configuring Through a
Dial-up Modem
6 Use the appropriate commands to configure the Switch 7750 or view its
operational state. Enter
? to get immediate help. For details on a specific
command, refer to the appropriate chapter in this guide.
To configure your router through a dial-up modem:
1 Authenticate the modem user through the console port of the Switch 7750 before
the user logs in to the switch through a dial-up modem.
By default, a password is required for authenticating the modem user to log in to
the Switch 7750. If a user logs in through the modem without a password, the
user sees an error message.
<SW7750>system-view
[SW7750]user-interface aux 0
[SW7750-ui-aux0]set authentication password simple/cipher xxxx (xxxx
is the preset login password of the Modem user.)
2 Using the modem command, you can configure the console port to modem mode.
[SW7750-ui-aux0]modem
3 To set up the remote configuration environment, connect the modems to a PC (or
a terminal) serial port and to the Switch 7750 console port, as shown in
Set Up
Remote Configuration Environment.
Figure 10 Set Up Remote Configuration Environment
Modem serial port line
Modem
Telephone line
PST
Modem
Setting Terminal Parameters19
Console port
Remote telephone:
555-5555
4 Dial for a connection to the switch, using the terminal emulator and modem on
the remote end. Dial the telephone number of the modem connected to the
Switch 7750. See
Figure 11 Set the Dialed Number
Figure 11 and Figure 12.
20CHAPTER 1: SYSTEM ACCESS
5 Enter the preset login password on the remote terminal emulator and wait for the
6 Use the appropriate commands to configure the Switch 7750 or view its
Figure 12 Dial the Remote PC
<SW7750> prompt.
operational state. Enter
? to get immediate help. For details on a specific
command, refer to the appropriate chapter in this guide.
Configuring the User
Interface
By default, after login, a modem user can access the commands at Level 0.
User interface configuration is another way to configure and manage port data.
The Switch 7750 supports the following configuration methods:
■ Local configuration through the console port
■ Remote configuration through Telnet on the Ethernet port
■ Remote configuration through a modem through the console port.
There are two types of user interfaces:
■ AUX user interface is used to log in the Switch 7750 through a dial-up modem.
A Switch 7750 can only have one AUX port.
■ VTY user interface is used to telnet the Switch 7750.
For the Switch 7750, the AUX port and Console port are the same port. There is
only the type of AUX user interface.
The user interface is numbered by absolute number or relative number.
To number the user interface by absolute number:
■ The AUX user interface is the first interface — user interface 0.
■ The VTY is numbered after the AUX user interface. The absolute number of the
first VTY is the AUX user interface number plus 1.
Setting Terminal Parameters21
To number the user interface by relative number, represented by interface +
number assigned to each type of user interface:
■ AUX user interface = AUX 0.
■ The first VTY interface = VTY 0, the second one = VTY 1, and so on.
Tasks for configuring the user interface are described in the following sections:
■ Entering the User Interface View
■ Configuring the Attributes of the AUX (Console) Port
■ Configuring the Terminal Attributes
■ Managing Users
■ Configuring the Attributes of a Modem
■ Configuring Redirection
■ Displaying and Debugging User Interface
Entering the User Interface View
Use the user-interface command (see Ta bl e 4) to enter a user interface view.
You can enter a single user interface view or multi-user interface view to configure
one or more user interfaces.
Perform the following configuration in system view.
Ta bl e 4 Enter User Interface View
OperationCommand
Enter a single user interface view or multi user
interface views
user-interface [ type ] first-number [
last-number ]
Configuring the Attributes of the AUX (Console) Port
Use the speed, flow control, parity, stop bit, and data bit commands
Ta bl e 5) to configure these attributes of the AUX (Console) port.
(see
Perform the following configurations in user interface (AUX user interface only)
view.
Ta bl e 5 Configure the Attributes of the AUX (Console) Port
OperationCommand
Configure the transmission speed on AUX
(Console) port. By default, the transmission
speed is 9600bps
Restore the default transmission speed on
AUX (Console) port
Configure the flow control on AUX (Console)
port. By default, no flow control is performed
on the AUX (Console) port
Restore the default flow control mode on AUX
(Console) port
Configure parity mode on the AUX (Console)
port. By default, there is no parity bit on the
AUX (Console) port
Restore the default parity modeundo parity
speedspeed-value
undo speed
flow-control { hardware | none |
software }
undo flow-control
parity { even | mark | none | odd | space }
22CHAPTER 1: SYSTEM ACCESS
Table 5 Configure the Attributes of the AUX (Console) Port
OperationCommand
Configure the stop bit of AUX (Console) port.
By default, AUX (Console) port supports 1
stop bit
Restore the default stop bit of AUX (Console)
port
Configure the data bit of AUX (Console) port.
By default, AUX (Console) port supports 8
data bits.
Restore the default data bit of AUX (Console)
port
stopbits { 1 | 1.5 | 2 }
undo stopbits
databits { 7 | 8 }
undo databits
Configuring the Terminal Attributes
The following commands can be used for configuring the terminal attributes,
including enabling/disabling terminal service, disconnection upon timeout,
lockable user interface, configuring terminal screen length and history command
buffer size.
Perform the following configuration in user interface view. Perform the lock
command in user view.
Enabling and Disabling Terminal Service After the terminal service is
disabled on a user interface, you cannot log in to the Switch 7750 through the
user interface. However, if a user is logged in through the user interface before
disabling the terminal service, the user can continue operation. After the user logs
out, the user cannot log in again. In this case, the user can log in to the Switch
through the user interface only when the terminal service is enabled again. Use
the commands described in
Ta bl e 6 Enabling and Disabling Terminal Service
OperationCommand
Enable terminal serviceshell
Disable terminal serviceundo shell
Ta bl e 6 to enable or disable terminal service.
By default, terminal service is enabled on all the user interfaces.
Note the following points:
■ For the sake of security, the undo shell command can only be used on the
user interfaces other than the AUX user interface.
■ You cannot use this command on the user interface through which you log in.
■ You must confirm your privilege before using the undo shell command in any
legal user interface.
Setting Terminal Parameters23
Configuring idle-timeout By default, idle-timeout is enabled and set to 10
minutes on all the user interfaces. The
Locking the User Interface The lock command locks the current user
interface and prompts the user to enter a password. This makes it impossible for
others to operate in the interface after the user leaves. The
described in
Ta bl e 8 Lock User Interface
OperationCommand
Lock user interfacelock
Ta bl e 8.
lock command is
Setting the Screen Length If a command displays more than one screen of
information, you can use the
screen length command to determine how many
lines are displayed on a screen so that information can be separated in different
screens and you can view it more conveniently. The
described in
Ta bl e 9 Setting Screen Length
Ta bl e 9.
screen-length command is
OperationCommand
Set the screen lengthscreen-length screen-length
(screen-length 0 indicates to disable
screen display separation function.)
Restore the default screen lengthundo screen-length
By default, the terminal screen length is 24 lines.
Setting the History Command Buffer Size
Ta bl e 10 describes the history-command max-size command. By default, the size
of the history command buffer is 10.
Ta bl e 10 Set the History Command Buffer Size
OperationCommand
Set the history command buffer sizehistory-command max-size value
Restore the default history command buffer
size
undo history-command max-size
Managing Users
The management of users includes: the setting of the user logon authentication
method, the level of command a user can use after logging on, the level of
command a user can use after logging on from the specific user interface, and the
command level.
24CHAPTER 1: SYSTEM ACCESS
1 Configure local password authentication for the user interface.
Configuring the Authentication Method The authentication-mode
command configures the user login authentication method that allows access to
an unauthorized user.
Ta bl e 11 describes the authentication-mode command.
Perform the following configuration in user interface view.
Ta bl e 11 Configure Authentication Method
OperationCommand
Configure the authentication methodauthentication-mode { password |
scheme [ command-authorization ]
}
Configure no authenticationauthentication-mode none
By default, terminal authentication is not required for users who log in through
the console port, whereas a password is required for authenticating modem and
Telnet users when they log in.
To configure authentication for modem and Telnet users:
When you set the password authentication mode, you must also configure a login
password to log in successfully.
password command.
Ta bl e 12 describes the set authentication
Perform the following configuration in user interface view.
Ta bl e 12 Configure the Local Authentication Password
OperationCommand
Configure the local authentication passwordset authentication password {
cipher | simple } password
Remove the local authentication passwordundo set authentication password
Configure for password authentication when a user logs in through a VTY 0 user
interface and set the password to 3Com:
2 Configure the local or remote authentication username and password.
Use the authentication-mode scheme command to perform local or remote
authentication of username and password. The type of the authentication
depends on your configuration. For detailed information, see
“AAA and RADIUS
Operation”
Perform username and password authentication when a user logs in through the
VTY 0 user interface and set the username and password to zbr and 3Com
respectively:
The authentication-mode scheme command-authorization command indicates
that you must be authorized to use the command lines on the TACACS
Setting Terminal Parameters25
authentication server before executing the other commands. Commands that
different users can execute are defined on the TACACS authentication server.
For example, the user tel@hwtac passes the authentication of the TACACS server
192.168.6.1 and logs into the switch through the port vty0. As the
authentication-mode scheme command-authorization command is configured
for the vty0 port on the switch, the NAS sends a request for authorization to the
AAA server when you perform the
display current-configuration command.
If the reply indicates that the authorization succeeds, the user can execute the
command.
4 Set the Switch 7750 to allow user access without authentication.
[SW7750-ui-vty0]authentication-mode none
By default, the password is required for authenticating the modem and Telnet
users when they log in. If the password has not been set, when a user logs in, the
following message displays,
Login password has not been set!
If the authentication-mode none command is used, the modem and Telnet users
are not required to enter a password.
Set the Command Level after Login The following command is used for
setting the command level used after a user logs in.
Perform the following configuration in local-user view.
Ta bl e 13 Set Command Level Used After a User Logs In
OperationCommand
Set command level used after a user logging inservice-type { [ level level |
Restore the default command level used after
a user logging in
By default, a Telnet user can access the commands at Level 1 after logon.
Setting the Command Level Used after a User Logs in from a User Interface
Use the user privilege level command to set the command level, after a user
logs in from a specific user interface, so that a user is able to execute the
commands at that command level.
Ta bl e 14 describes the user privilege level
command.
Perform the following configuration in user interface view.
Ta bl e 14 Set Command Level After User Login
OperationCommand
Set command level used after a user logging
in from a user interface
Restore the default command level used after
a user logging in from a user interface
user privilege level level
undo user privilege level
26CHAPTER 1: SYSTEM ACCESS
By default, a user can access the commands at Level 3 after logging in through the
AUX user interface, and the commands at Level 0 after logging in through the VTY
user interface.
When a user logs in to the switch, the command level that the user can access
depends on two points. One is the command level that the user can access, the
other is the set command level of the user interface. If the two levels are different,
the former is taken. For example, the command level of VTY 0 user interface is 1,
however, user Tom has the right to access commands of level 3; if Tom logs in from
VTY 0 user interface, he can access commands of level 3 and lower.
Setting Command Priority The command-privilege level command sets the
priority of a specified command in a certain view. The command levels include
visit, monitoring, configuration, and management, which are identified with
command level 0 through 3, respectively. An administrator assigns authority
according to user requirements. See
Ta bl e 15.
Perform the following configuration in system view.
Ta bl e 15 Set Command Priority
OperationCommand
Set the command priority in a specified view.command-privilege level level view view
command
Restore the default command level in a
specified view.
undo command-privilegeview view
command
Configuring the Attributes of a Modem
You can use the commands described in Ta bl e 16 to configure the attributes of a
modem when logging in to the Switch through the modem.
Perform the following configuration in user interface view.
Ta bl e 16 Configure Modem
OperationCommand
Set the interval since the system receives the
RING until CD_UP
Restore the default interval since the system
receives the RING until CD_UP
Configure auto answermodem auto-answer
Configure manual answerundo modem auto-answer
Configure to allow call-inmodem call-in
Configure to bar call-inundo modem call-in
Configure to permit call-in and call-out.modem both
Configure to disable call-in and call-outundo modem both
modem timer answer seconds
undo modem timer answer
Configuring Redirection
The send Command can be used for sending messages between user
interfaces. See
Ta bl e 17.
Setting Terminal Parameters27
Perform the following configuration in user view.
Ta bl e 17 Configure to Send Messages Between User Interfaces
OperationCommand
Configure to send messages between
different user interfaces.
send { all | number | type number }
The auto-execute Command is used to run a command automatically after
you log in. The command is automatically executed when you log in again. See
Ta bl e 18.
This command is usually used to execute the telnet command automatically on a
terminal, which connects the user to a designated device.
Perform the following configuration in user interface view.
Ta bl e 18 Configure Automatic Command Execution
OperationCommand
Configure to automatically run the command auto-execute command text
Configure not to automatically run the
command
undo auto-execute command
CAUTION: After applying the auto-execute command, the user interface can no
longer be used to carry out the routine configurations for the local system.
Make sure that you will be able to log in to the system in some other way and
cancel the configuration before you use the
auto-execute command and save
the configuration.
Telnet 10.110.100.1 after the user logs in through VTY0 automatically.:
When a user logs on by VTY 0, the system will run telnet 10.110.100.1
automatically.
Displaying and Debugging User Interface
After creating the previous configuration, execute the display command in all
views to display the user interface configuration, and to verify the effect of the
configuration. Execute the
free command in user view to clear a specified user
interface.
Ta bl e 19 Display and Debug User Interface
OperationCommand
Clear a specified user interfacefree user-interface [ type ]
Display the user application information of the
user interface
Display the physical attributes and some
configurations of the user interface
number
display users [ all ]
display user-interface [ type number ] [ number ] [summary]
28CHAPTER 1: SYSTEM ACCESS
Command Line
Interface
The Switch 7750 provides a series of configuration commands and command line
interfaces for configuring and managing the Switch 7750. The command line
interface has the following features.
■ Local configuration through the console port.
■ Local or remote configuration through Telnet.
■ Remote configuration through a dial-up Modem to log in to the Switch 7750.
■ Hierarchy command protection to prevent unauthorized users from accessing
the switch.
■ Access to online Help by entering ?.
■ Network test commands, such as Tracert and Ping, for rapid troubleshooting of
the network.
■ Detailed debugging information to help with network troubleshooting.
■ Ability to log in and manage other Switch 7750s directly, using the telnet
command.
■ FTP service for the users to upload and download files.
■ Ability to view previously executed commands.
■ The command line interpreter that searches for a target not fully matching the
keywords. You can enter the whole keyword or part of it, as long as it is unique
and not ambiguous.
Configuring a Command Line Interface is described in the following sections:
■ Command Line View
■ Features and Functions of the Command Line
Command Line ViewThe Switch 7750 provides hierarchy protection for the command lines to prevent
unauthorized users from accessing the switch illegally.
There are four levels of commands:
■ Visit level — involves commands for network diagnosis tools (such as ping and
tracert), command of the switch between different language environments
of user interface (language-mode) and the
telnet command. Saving the
configuration file is not allowed on this level of commands.
■ Monitoring level — includes the display command and the debugging
command for system maintenance, service fault diagnosis, and so on. Saving
the configuration file is not allowed on this level of commands.
■ Configuration level — provides service configuration command, such as the
routing command and commands on each network layer that are used to
provide direct network service to the user.
■ Management level — influences the basic operation of the system and the
system support module which plays a support role for service. Commands at
this level involve file system commands, FTP commands, TFTP commands,
XModem downloading commands, user management commands, and level
setting commands.
Command Line Interface29
Login users are also classified into four levels that correspond to the four
command levels. After users of different levels log in, they can only use commands
at their own, or lower, levels.
To prevent unauthorized users from illegal intrusion, users are identified when
switching from a lower level to a higher level with the
super [ level ]
command. User ID authentication is performed when users at a lower level switch
to users at a higher level. Only when the correct password is entered three times,
can the user switch to the higher level. Otherwise, the original user level remains
unchanged.
Command views are implemented according to requirements that are related to
one another. For example, after logging in to the Switch 7750, you enter user
view, in which you can only use some basic functions, such as displaying the
operating state and statistics information. In user view, key in
system-view to
enter system view, in which you can key in different configuration commands and
enter the corresponding views.
The command line provides the following views:
■ User view
■ System view
■ Ethernet Port view
■ VLAN view
■ VLAN interface view
■ Local-user view
■ User interface view
■ FTP client view
■ Cluster view
■ PIM view
■ RIP view
■ Route policy view
■ Basic ACL view
■ Advanced ACL view
■ Layer-2 ACL view
■ RADIUS server group view
■ HWTACACS view
■ ISP domain view
Ta bl e 20 describes the function features of different views.
30CHAPTER 1: SYSTEM ACCESS
For all views, use the quit command to return to system view and use the return
command to return to user view.
Ta bl e 20 Function Feature of Command View
Command viewFunctionPromptCommand to enter
User view Show basic infor-
mation about
operation and
statistics
System view Configure system
parameters
Ethernet Port viewConfigure Ethernet
port parameters
VLAN viewConfigure VLAN
parameters
VLAN interface view Configure IP interface
parameters for a
VLAN or a VLAN
aggregation
Local-user view Configure local user
parameters
User interface view Configure user
interface parameters
FTP Client viewConfigure FTP Client
parameters
PIM viewConfigure PIM
parameters
RIP viewConfigure RIP
parameters
Route policy viewConfigure route policy
parameters
Basic ACL viewDefine the rule of
basic ACL
Advanced ACL viewDefine the rule of
advanced ACL
Layer-2 ACL viewDefine the rule of
layer-2 ACL
RADIUS scheme viewConfigure radius
parameters
HWTACACS viewConfigure
HWTACACS
parameters
<SW7750>Enter immediately
after connecting the
switch
[SW7750]Enter system-view
in user view
[SW7750-Etherne
t1/0/1]
[SW7750-Gigabit
Ethernet1/0/1]
[SW7750Vlan1]
[SW7750-Vlan-in
terface1]
[SW7750-useruser1]
[SW7750-ui0]Enter
[ftp]Enter ftp in user view
[SW7750-PIM]Enter pim in system
[SW7750-rip]Enter rip in system
[SW7750-routepolicy]
[SW7750-aclbasic-2000]
[SW7750-acl-adv
-3000]
[SW7750-acllink-4000]
[SW7750-radius-1]Enter radius
[SW7750-hwtacacs-1] Enter hwtacacs
100M Ethernet port
view
Enter interface ethernet1/0/1 in
system view
Gigabit Ethernet port
view
Enter interface
gigabitethernet
1/0/1 in system view
Enter vlan 1 in
System view
Enter interface
vlan-interface
1 in System view
Enter local-user
user1 in System view
user-interface
0 in System view
view
view
Enter
route-policy
policy1 permit
node 10 in System
view
Enter acl number 2000 in System view
Enter acl number 3000 in system view
Enter acl number
4000 in system view
scheme 1 in system
view
scheme1 in system
view
Loading...
+ 264 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.