H3C S5120-SI Series Operation Manual
H3C S5120-SI Series Ethernet Switches
Operation Manual
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Manual Version: 6W101-20090625
Product Version: Release 1101
Copyright © 2009, Hangzhou H3C Technologies Co., Ltd. and its licensors
All Rights Reserved
No part of this manual may be reproduced or transmitted in any form or by any means without prior
written consent of Hangzhou H3C Technologies Co., Ltd.
Trademarks
H3C, , Aolynk, , H3Care,
, TOP G, , IRF, NetPilot, Neocean, NeoVTL,
SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V
2
G, VnG, PSPT,
XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co.,
Ltd.
All other trademarks that may be mentioned in this manual are the property of their respective owners.
Notice
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Technical Support
customer_service@h3c.com
http://www.h3c.com
About This Manual
Organization
H3C S5120-SI Series Switches Configuration Manual – Release 1101 is organized a s follo ws:
Chapter Contents
00-1 Product Overview
Introduces the characteristics and implementations of the
Ethernet switch.
01-Login
Introduces the command hierarchy, command view and CLI
features of the Ethernet switch.
02-Ethernet Interface Introduces Ethernet port configuration.
03-Loopback Interface and Null
Interface
Introduces loopback interface and null interface configuration.
04-Link Aggregation Introduces link aggregation and the related configuration.
05-Port Isolation Introduces port isolation and the related configuration.
06-Port Mirroring Introduces local port mirroring and the related configuration.
07-LLDP Introduces LLDP and the related configuration.
08-VLAN Introduces VLAN fundamental and the related configuration.
09-MSTP Introduces STP and the related configuration.
10-IP Addressing Introduces IP address configuration.
11-IP Performance
Optimization
Introduces IP performance fundamental and the related
configuration.
12-ARP Introduces ARP and the related configuration.
13-DHCP
Introduces DHCP relay, DHCP-Snooping, DHCP client, BOOTP
client and the related configuration.
14-FTP and TFTP
Introduces basic configuration for FTP and TFTP, and the
applications.
15-IP Routing Basics
Configuration
Introduces the ip routing and routing table.
16-Static Routing Introduces the static route configuration.
17-Mulitcast
Introduces the configuration of IGMP snooping and multicast
VLAN.
18-QoS
Introduces the configuration of QoS Policy, Priority Mapping, Line
Rate, SP, WRR, and SP+WRR Queuing.
19-802.1X Introduces the configuration of 802.1X.
20-AAA Introduces AAA, RADIUS and the related configuration.
21-PKI Introduces the configuration of PKI.
22-SSL Introduces the configuration of SSL.
23-SSH2.0
Introduces the configuration of SSH Server, SSH Client, SFTP
Server, SFTP Client.
24-Public Key
Introduces the configuration of local asymmetric key pair and
public key of a peer.
Chapter Contents
25-HABP Introduces the configuration of HABP.
26-ACL Introduces the configuration of ACL.
27-Device Management
Introduces the configuration of rebooting a device, upgrading
device software and identifying and diagnosing pluggable
transceivers
28-NTP Introduces the configuration of NTP and the related configuration.
29-SNMP
Introduces the configuration of SNMP and the related
configuration.
30-RMON
Introduces the configuration of RMON and the related
configuration.
31-File System Management Introduces basic configuration for file system management.
32-System Maintaining and
Debugging
Introduces daily system maintenance and debugging.
33-Basic System Configuration Introduces the configuration display and CLI features.
34-Information Center
Introduces the configuration to analyze and diagnose networks
using the information center.
35-MAC Address Table
Introduces MAC address forwarding table management and the
related configuration.
36-Cluster Management
Introduces the configuration of Cluster and the related
configuration.
37-HTTP Introduces the configuration of HTTP and HTTPS.
38-Stack Management
Introduces the configuration of Stack Management and the related
configuration.
39-Appendix List of acronyms.
Conventions
The manual uses the following conventions:
Command conventions
Convention Description
Boldface
The keywords of a command line are in Boldface.
italic
Command arguments are in italic.
[ ] Items (keywords or arguments) in square brackets [ ] are optional.
{ x | y | ... }
Alternative items are grouped in braces and separated by vertical bars.
One is selected.
[ x | y | ... ]
Optional alternative items are grouped in square brackets and
separated by vertical bars. One or none is selected.
{ x | y | ... } *
Alternative items are grouped in braces and separated by vertical bars.
A minimum of one or a maximum of all can be selected.
[ x | y | ... ] *
Optional alternative items are grouped in square brackets and
separated by vertical bars. Many or none can be selected.
&<1-n>
The argument(s) before the ampersand (&) sign can be entered 1 to n
Convention Description
times.
# A line starting with the # sign is comments.
GUI conventions
Convention Description
Boldface
Window names, button names, field names, and menu items are in
Boldface. For example, the New User window appears; click OK.
>
Multi-level menus are separated by angle brackets. For example, File >
Create > Folder.
Convention Description
< > Button names are inside angle brackets. For example, click <OK>.
[ ]
Window names, menu items, data table and field names are inside
square brackets. For example, pop up the [New User] window.
/
Multi-level menus are separated by forward slashes. For example,
[File/Create/Folder].
Symbols
Convention Description
Means reader be extremely careful. Improper operation may cause
bodily injury.
Means reader be careful. Improper operation may cause data loss or
damage to equipment.
Means an action or information that needs special attention to ensure
successful configuration or good performance.
Means a complementary description.
Means techniques helpful for you to make configuration with ease.
Related Documentation
In addition to this manual, each H3C S5120-SI Series Ethernet Switches documentation set includes
the following:
Manual Description
H3C S5120-SI Series Ethernet Switches
Command Manual-Release 1101
It is used for assisting the users in using various
commands.
H3C S5120-SI Series Ethernet Switches
Installation Manual
It provides information for the system installation.
Obtaining Documentation
You can access the most up-to-date H3C product documentation on the World Wide Web at this URL:
http://www.h3c.com.
The following are the columns from which you can obtain different categories of product documentation:
[Products & Solutions]: Provides information about products and technologies, as well as solutions.
[Technical Support & Document > Technical Documents]: Provides several categories of product
documentation, such as installation, configuration, and maintenance.
[Technical Support & Document > Software Download]: Provides the documentation released with the
software version.
Documentation Feedback
You can e-mail your comments about product documentation to info@h3c.com.
We appreciate your comments.
i
Table of Contents
1 Obtaining the Documentation··················································································································1-1
H3C Website···········································································································································1-1
Software Release Notes ·························································································································1-1
2 Correspondence Between Documentation and Software·····································································2-1
Software Version·····································································································································2-1
Manual List··············································································································································2-1
3 Product Features·······································································································································3-1
Introduction to Product····························································································································3-1
Feature Lists ···········································································································································3-1
Features··················································································································································3-1
4 Networking Applications ··························································································································4-1
Distribution Layer Switches·····················································································································4-1
Access Switches·····································································································································4-2
1-1
1 Obtaining the Documentation
H3C Technologies Co., Lt d . provides various ways for you to obt ain document atio n, through wh ich you
can obtain the product documentations and those concerning newly added new features. The
documentations are available in one of the following ways:
z H3C website
z Software release notes
H3C Website
Perform the following steps to query and download the product docum entation from the H3C website.
Table 1-1 Download documentation from the H3C website
How to apply for an
account
Access the homepage of H3C at http://www.h3c.com and click
Registration at the top right. In the displayed page, provide your
information and click Submit to register.
How to get
documentation
In the homepage, select Technical Support & Document > Technical
Documents from the navigation bar at the top.
Select a product for its documents.
Software Release Notes
With software upgrade, new software features may be added. You can acquire the information about
the newly added software features through software release notes.
2-1
2 Correspondence Between Documentation and
Software
Software Version
H3C S5120-SI Series Ethernet Switches Operation Manual and H3C S5120-SI Series Ethernet
Switches Command Manual are for the software version of Release 1101 of the S5120-SI series
products.
Manual List
Table 2-1 配套手册清单
手册名称 资料版本
H3C S5120-SI Series Ethernet Switches Installation Manual
6PW102
H3C S5120-SI Series Ethernet Switches Operation Manual
6W101
H3C S5120-SI Series Ethernet Switches Command Manual
6W101
3-1
3 Product Features
Introduction to Product
The H3C S5120-SI Series Ethernet Switches (hereinafter referred to as the S5 120-SI series) are Laye r
2 Gigabit Ethernet switches developed by Hangzhou H3C Technology Co., Ltd. They are intelligent
manageable switches designed for network environments where high performance, high-density port
distribution, and easy installation are required.
With 10/100/1000 Mbps Ethernet interfaces, the S5120-SI series are mainly deployed at the access
layer in enterprise networks requiring Gigabit to the Desktop (GTTD) application and at the di strib ution
layer in metropolitan-area networks (MANs). In the latter deployment, the S5120-SI series provide GE
electrical interfaces for user access or low-end switch convergence in the downlink direction. Whereas,
in the uplink direction, they are aggregated to large-capacity Layer 3 switches or switches at the
exchange office through their GE interfaces.
Feature Lists
Table 3-1 lists the models in the S5120-SI series:
Table 3-1 Models in the H3C S5120-SI series
Model
Power
supply
unit
Number of
service
ports
Ports
Consol
e port
H3C S5120-20P-SI AC-input 20
16 × 10/100/1000Base-T autosensing
Ethernet ports + 4 GE SFP interfaces
1
H3C S5120-28P-SI AC-input 28
24 × 10/100/1000Base-T autosensing
Ethernet ports + 4 GE SFP interfaces
1
H3C S5120-52P-SI AC-input 52
48 × 10/100/1000Base-T autosensing
Ethernet ports + 4 GE SFP interfaces
1
Features
The following sections provide an overview of the main features of each module supported by the
S5120-SI series.
3-2
Table 3-2 Features
Features Description
01-Login
z How to log in to your Ethernet switch
z Introdu ction to the user interface and common configurations
z Loggi ng In Through the Console Port
z Loggi ng In Through Telnet
z Loggi ng In Using Modem
z Loggi ng in Through Web-based Network Management System
z Loggi ng In Through NMS
z Specifying Source IP address/Interface for Telnet Packets
z Cont rolling Login Users
02-Ethernet Interface
z Basi c Ethernet Interface Configuration
z Configuring Flow Control on an Ethernet Interface
z Config uring Loopback Testing on an Ethernet Interface
z Enabling Auto Power Down on an Ethernet Interface
z Config uring a Port Group
z Configuring an Auto-negotiation Transmission Rate
z Config uring Storm Suppression
z Setting the Interval for Coll ecting Ethernet Interface Statistics
z Enabling Forwarding of Jumbo Frames
z Enablin g Loopback Detection on an Ethernet Interface
z Configuring the MDI Mode for an Ethernet Interface
z Enabling Bridging on an Ethernet Interface
z Testing the Cable on an Ethernet Interface
z Configuring the Storm Constrain Function on an Ethernet Interface
03-Loopback Interface
and Null Interface
z Introdu ction to Loopback Interface
z Config uring a Loopback Interface
z Introduction t o Null Interface
z Configuring Null 0 Interface
04-Link Aggregation
z Overview
z Configuring a Static Aggregation Group
z Config uring a Dynamic Aggregation Group
z Configuring an Aggregate Interface
05-Port Isolation
z Introduction to Port Isolation
z Config uring an Isolation Group
06-Port Mirroring z Configuring Local Port Mirroring
07-LLDP
z Introduction to LLDP
z Performi ng Basic LLDP Configuration
z Configuri ng CDP Compatibility
z Configuring LLDP Trapping
08-VLAN
z Introduction to VLAN
z Types of VLA N
z Introdu ction and Configuration of Voice VLAN
09-MSTP
z Introduction to STP/RSTP/MSTP
z Config uring the Root Bridge and Leaf Nodes
z Performi ng mCheck
z Configuring the VLAN Ignore Feature
z Configuring Digest Snooping
z Config uring No Agreement Check
z Config uring Protection Functions
10-IP Addressing
z IP Addressing Overview
z Configuring IP Addresses
3-3
Features Description
11-IP Performance
Optimization
z Enabling Reception and Forwarding of Directed Broadcasts to a
Directly Connected Network
z Configuring TCP Attributes
z Configuring ICMP to Send Error Packets
12-ARP
z Configuring ARP
z Configuri ng Gratuito us ARP
z Configuring ARP Packet Rate Limit
z Configuring ARP Detection
z Configuring Periodic Sending of Gratuitous ARP Packets
13-DHCP
z DHCP Relay Agent Configuration
z DHCP Cli ent Configuration
z DHCP Snooping Configuration
z BOOTP Client Configuration
14-FTP and TFTP
z FTP Configuration
z TFTP Configuration
15-IP Routing Basics
Configuration
z Introduction to IP routing and routing table
z Routing protocol overview
16-Static Routing
z Static route ov erview
z Static route configuration
17-Mulitcast
z Multicast overview
z IGMP Snoopi ng overview
z Config uring Basic Functions of IGMP Snooping
z Configuring IGMP Snooping Port Functions
z Config uring IGMP Snooping Querier
z Configuring IGMP Snooping Proxying
z Configuring an IGMP Snooping Policy
z Multicast VLAN Co nfiguration
18-QoS
z Configuri ng QoS Policy
z Configuring Priority Mapping
z Config uring Line Rate
z Config uring SP, WRR, and SP+WRR Queuing
19-802.1X
z 802.1X ba sic configuration
z 802.1X extended configuration
z 802.1X Guest-VLAN
z 802.1X Auth-Fail VLAN
20-AAA
z Authentication, authori zati on, and accounting (AAA)
z Rem ote authentication dial-In user service (RADIUS)
21-PKI z PKI configurat ion
22-SSL
z SSL Server
z SSL Client
23-SSH2.0
z SSH Server
z SSH Client
z SFTP Server
z SFTP Client
24-Public Key
z Local Asymmetric Key Pair
z Public Key of a Peer
25-HABP
z HABP server
z HABP client
3-4
Features Description
26-ACL
z Config uring Basic ACL
z Configuring Advanced ACL
z Configuring Ethernet Frame Header ACL
z Configuring ACL Application for Packet Filtering
27-Device
Management
z Device management overview
z Config uring the Exception Handling Method
z Reb ooting a device
z Configuring the scheduled automatic execution function
z Upgrading Device Software
z Clearing the 16-bit interface indexes not used in the current system
z Identifying an d Diagnosing Pluggable Transceivers
28-NTP
z NTP overview
z Config uring the Operation Modes of NTP
z Configuring Optional Parameters of NTP
z Config uring Access-Control Rights
z Configuring NTP Authentication
29-SNMP
z SNMP overvi ew
z Basi c SNMP function configuration
z SNMP log configuration
z Trap configuration
z MIB style conf iguration
30-RMON
z RMON overvi ew
z RMON configuration (event group, history group, alarm group, private
alarm group)
31-File System
Management
z File system management
z Configuration File Management
32-System Maintaining
and Debugging
z Maintenance and debugging overview
z Maintenance and debugging configuration
33-Basic System
Configuration
z Configuration display
z Basic configurations
z CLI features
34-Information Center
z Information Center Overview
z Setting to Output System Information to the Console
z Setting to Output System Information to a Monitor Terminal
z Setting to Output System Information to a Log Host
z Setting to Output System Information to the Trap Buffer
z Setting to Output System Information to the Log Buffer
z Setting to Output System Information to the SNMP Module
z Config uring Synchronous Information Output
z Disabling a Port from Generating Link Up/Down Logging Information
35-MAC Address Table
z MAC address table overview
z Config uring MAC Address Entries
z Config uring MAC Address Aging Timer
z Configuring the MAC Learning Limit
36-Cluster
Management
z Establi shin g a Cluster
z Configuring Black List of the Cluster
z Back Up and Restore the Topology
37-HTTP
z HTTP
z HTTPS
38-Stack Management z Configuring a Stack
4-1
4 Networking Applications
The S5120-SI series are GigabitEthernet switches. They are designed as distribution and access
devices for small- and medium-sized enterprise networks. An S5120-SI switch provides 16, 24, or 48
autosensing downstream GE interfaces, and thus can be used in networking flexibly. For example, the
S5120-SI series can be used for Gigabit to the Desktop (GTTD) access in enterprise networks and
connecting data center server clusters. Several typical networking applications are presented in this
section.
Distribution Layer Switches
In medium- and large-sized enterprises or campus networks, the S5120-SI series Ethernet switches
can serve as distribution layer switches that provide high-performance and large-capacity switching
service.
Figure 4-1 Application of the S5120-SI series at the distribution layer of enterprise networks/campus
networks
4-2
Access Switches
The S5120-SI series can serve as access switches to provide large access bandwidth and high port
density.
Figure 4-2 Application of the S5120-SI series at the access layer
S9500/S7500E
S5120-SI
Access
Core/Aggregation
S5120-SI
i
Table of Contents
1 Logging In to an Ethernet Switch ············································································································1-1
Logging In to an Ethernet Switch············································································································1-1
Introduction to User Interface··················································································································1-1
Supported User Interfaces ··············································································································1-1
User Interface Number····················································································································1-1
Common Login in to an Ethernet Switch·································································································1-2
2 Logging In Through the Console Port·····································································································2-1
Introduction ·············································································································································2-1
Setting Up the Connection to the Console Port······················································································2-2
Console Port Login Configuration···········································································································2-3
Common Configuration····················································································································2-3
Console Port Login Configurations for Different Authentication Modes··········································2-4
Console Port Login Configuration with Authentication Mode Being None··············································2-5
Configuration Procedure··················································································································2-5
Configuration Example····················································································································2-7
Console Port Login Configuration with Authentication Mode Being Password······································2-8
Configuration Procedure··················································································································2-8
Configuration Example··················································································································2-10
Console Port Login Configuration with Authentication Mode Being Scheme·······································2-11
Configuration Procedure················································································································2-11
Configuration Example··················································································································2-13
3 Logging In Through Telnet/SSH···············································································································3-1
Introduction ·············································································································································3-1
Telnet Connection Establishment···········································································································3-2
Telnetting to a Switch from a Terminal····························································································3-2
Telnetting to Another Switch from the Current Switch ····································································3-3
Common Configuration···························································································································3-4
Telnet Configurations for Different Authentication Modes·······························································3-5
Telnet Configuration with Authentication Mode Being None ··································································3-5
Configuration Procedure··················································································································3-5
Configuration Example····················································································································3-7
Telnet Configuration with Authentication Mode Being Password···························································3-8
Configuration Procedure··················································································································3-8
Configuration Example····················································································································3-9
Telnet Configuration with Authentication Mode Being Scheme····························································3-10
Configuration Procedure················································································································3-10
Configuration Example··················································································································3-12
4 Logging in Through Web-based Network Management System··························································4-1
Introduction ·············································································································································4-1
Web Server Configuration·······················································································································4-1
Displaying Web Users·····························································································································4-2
Configuration Example····························································································································4-2
ii
5 Logging In Through NMS··························································································································5-1
Introduction ·············································································································································5-1
Connection Establishment Using NMS···································································································5-1
6 Specifying Source for Telnet Packets·····································································································6-1
Introduction ·············································································································································6-1
Specifying Source IP address/Interface for Telnet Packets····································································6-1
Displaying the source IP address/Interface Specified for Telnet Packets··············································6-2
7 Controlling Login Users····························································································································7-1
Introduction ·············································································································································7-1
Controlling Telnet Users ·························································································································7-1
Prerequisites····································································································································7-1
Controlling Telnet Users by Source IP Addresses··········································································7-1
Controlling Telnet Users by Source and Destination IP Addresses················································7-2
Controlling Telnet Users by Source MAC Addresses ·····································································7-3
Configuration Example····················································································································7-3
Controlling Network Management Users by Source IP Addresses························································7-4
Prerequisites····································································································································7-4
Controlling Network Management Users by Source IP Addresses·················································7-4
Configuration Example····················································································································7-5
Controlling Web Users by Source IP Addresses····················································································7-6
Prerequisites····································································································································7-6
Controlling Web Users by Source IP Addresses·············································································7-6
Forcing Online Web Users Offline···································································································7-7
Configuration Example····················································································································7-7
1-1
1 Logging In to an Ethernet Switch
When logging in to an Ethernet switch, go to these sections for information you are interested in:
z Logging In to an Ethernet Switch
z Introduction to User Interface
z Specifying Source for Telnet Packets
z Controlling Login Users
Logging In to an Ethernet Switch
You can log in to an H3C S5120-SI series Ethernet switch in one of the following ways:
z Logging In Through the Console Port
z Logging In Through Telnet/SSH
z Logging in Through Web-based Network Management System
z Logging In Through NMS
Introduction to User Interface
Supported User Interfaces
H3C S5120-SI series Ethernet switch supports two types of user interfaces: AUX and VTY.
Table 1-1 Description on user interface
User interface Applicable user Port used Description
AUX
Users logging in
through the Console
port
Console port
Each switch can
accommodate one
AUX user.
VTY
Telnet users and SSH
users
Ethernet port
Each switch can
accommodate up to
five VTY users.
As the AUX port and the Console port of a H3C series switch are the same one, you will be in the AUX
user interface if you log in through this port.
User Interface Number
Two kinds of user interfa ce index exist: absolute user interface index and relative user interface index.
1) The absolute user interface indexes are as follows:
z AUX user interface: 0
1-2
z VTY user interfaces: Numbered after AUX user interfaces and increases in the step of 1
2) A relative user interface index can be obtained by appending a number to the identifier of a user
interface type. It is generated by user interface type. The relative user interface indexes are as
follows:
z AUX user interface: AUX 0
z VTY user interfaces: VTY 0, VTY 1, VTY 2, and so on.
Common Login in to an Ethernet Switch
Follow these steps to perform common user interface configuration:
T o do… Use the command… Remarks
Lock the current user interface
lock
Optional
Execute this command in user
view.
A user interface is not locked by
default.
Specify to send messages to all
user interfaces/a specified user
interface
send { all | number | type
number }
Optional
Execute this command in user
view.
Disconnect a specified user
interface
free user-interface [ type ]
number
Optional
Execute this command in user
view.
Enter system view
system-view
—
Set the banner
header { incoming | legal |
login | shell | motd } text
Optional
Set a system name for the
switch
sysname string
Optional
Enter user interface view
user-interface [ type ]
first-number [ last-number ]
—
Define a shortcut key for
aborting tasks
escape-key { default |
character }
Optional
The default shortcut key
combination for aborting tasks
is < Ctrl + C >.
Set the history command buffer
size
history-command max-size
value
Optional
The default history command
buffer size is 10. That is, a
history command buffer can
store up to 10 commands by
default.
1-3
T o do… Use the command… Remarks
Set the timeout time for the
user interface
idle-timeout minutes
[ seconds ]
Optional
The default timeout time of a
user interface is 10 minutes.
With the timeout time being 10
minutes, the connection to a
user interface is terminated if
no operation is performed in the
user interface within 10
minutes.
You can use the idle-timeout 0
command to disable the
timeout function.
Set the maximum number of
lines the screen can contain
screen-length screen-length
Optional
By default, the screen can
contain up to 24 lines.
You can use the screen-length
0 command to disable the
function to display information
in pages.
Make terminal services
available
shell
Optional
By default, terminal services
are available in all user
interfaces.
Set the display type of a
terminal
terminal type { ansi | vt100 }
Optional
By default, the terminal display
type is ANSI. The device must
use the same type of display as
the terminal. If the terminal
uses VT 100, the device should
also use VT 100.
Display the information about
the current user interface/all
user interfaces
display users [ all ]
You can execute this command
in any view.
Display the physical attributes
and configuration of the
current/a specified user
interface
display user-interface [ type
number | number ] [ summary ]
You can execute this command
in any view.
2-1
2 Logging In Through the Console Port
When logging in through the Console port, go to these sections for information you are interested in:
z Introduction
z Setting Up the Connection to the Console Port
z Console Port Login Configuration
z Console Port Login Configuration with Authentication Mode Being None
z Console Port Login Configuration with Authentication Mode Being Password
z Console Port Login Configuration with Authentication Mode Being Scheme
The default system name of an H3C S5120-SI series Ethernet switch is H3C, that is, the command line
prompt is H3C. All the following examples take H3C as the command line prompt.
Introduction
To log in through the Console port is the most common way to log in to a switch. It is also the
prerequisite to configure other login methods. By default, you can log in to an H3C S5120-SI series
Ethernet switch through its Console port only.
To log in to an Ethernet switch through its Console port, the related configuration of the user terminal
must be in accordance with that of the Console port.
Table 2-1 lists the default settings of a Console port.
Table 2-1 The default settings of a Console port
Setting Default
Baud rate 9,600 bps
Flow control Off
Check mode No check bit
Stop bits 1
Data bits 8
After logging in to a switch, you can perform configuration for AUX users. Refer to
Console Port Login
Configuration
for details.
2-2
Setting Up the Connection to the Console Port
z Connect the serial port of your PC/terminal to the Console port of the switch, as shown in Figure
2-1.
Figure 2-1 Diagram for setting the connection to the Console port
z If you use a PC to connect to the Console port, launch a terminal emulation utility (such as Terminal
in Windows 3.X or HyperTerminal in Windows 9X/Windows 2000/Windows XP) and perform the
configuration shown in
Figure 2-2 through Figure 2-4 for the connection to be created. Normally,
the parameters of a terminal are configured as those listed in
Table 2-1.
Figure 2-2 Create a connection
Figure 2-3 Specify the port used to establish the connection
2-3
Figure 2-4 Set port parameters terminal window
z Turn on the switch. The user will be prompted to press the Enter key if the switch successfully
completes POST (power-on self test). The prompt (such as <H3C>) appears after the user presses
the Enter key.
z You can then configure the switch or check the information about the switch by executing
commands. You can also acquire help by type the ? character. Refer to the following chapters for
information about the commands.
Console Port Login Configuration
Common Configuration
Table 2-2 lists the common configuration of Console port login.
Table 2-2 Common configuration of Console port login
Configuration Description
Baud rate
Optional
The default baud rate is 9,600 bps.
Check mode
Optional
By default, the check mode of the Console port is set
to “none”, which means no check bit.
Stop bits
Optional
The default stop bits of a Console port is 1.
Data bits
Optional
The default data bits of a Console port is 8.
Console port
configuration
Flow control
Optional
The default is none, which disables flow control.
2-4
Configuration Description
AUX user
interface
configuration
Configure the command
level available to the
users logging in to the
AUX user interface
Optional
By default, commands of level 3 are available to the
users logging in to the AUX user interface.
Define a shortcut key for
aborting tasks
Optional
The default shortcut key combination for aborting
tasks is < Ctrl + C >.
Define a shortcut key for
starting terminal sessions
Optional
By default, pressing Enter key starts the terminal
session.
Make terminal services
available
Optional
By default, terminal services are available in all user
interfaces
Set the maximum number
of lines the screen can
contain
Optional
By default, the screen can contain up to 24 lines.
Set history command
buffer size
Optional
By default, the history command buffer can contain
up to 10 commands.
Terminal
configuration
Set the timeout time of a
user interface
Optional
The default timeout time is 10 minutes.
Changing of Console port configuration terminates the connection to the Console port. To establish the
connection again, you need to modify the configuration of the termination emulation utility running on
your PC accordingly. Refer to
Setting Up the Connection to the Console Port for details.
Console Port Login Configurations for Different Authentication Modes
Table 2-3 lists Console port login configurations for different authentication modes.
Table 2-3 Console port login configurations for different authentication modes
Authentication
mode
Console port login configuration Description
None
Perform
common
configuration
Perform common
configuration for
Console port login
Optional
Refer to
Common Configuration for
details.
Configure the
password
Configure the
password for local
authentication
Required
Password
Perform
common
configuration
Perform common
configuration for
Console port login
Optional
Refer to
Common Configuration for
details.
2-5
Authentication
mode
Console port login configuration Description
Specify to
perform local
authentication
or RADIUS
authentication
AAA configuration
specifies whether
to perform local
authentication or
RADIUS
authentication
Optional
Local authentication is performed by
default.
Refer to the AAA Configuration for
details.
Configure user
name and
password
Configure user
names and
passwords for
local/remote users
Required
z The user name and password of
a local user are configured on the
switch.
z The user name and password of
a remote user are configured on
the RADIUS server. Refer to user
manual of RADIUS server for
details.
Manage AUX
users
Set service type for
AUX users
Required
Scheme
Perform
common
configuration
Perform common
configuration for
Console port login
Optional
Refer to
Common Configuration for
details.
Changes of the authentication mode of Console port login will not take effect unless you exit and enter
again the CLI.
Console Port Login Configuration with Authentication Mode Being
None
Configuration Procedure
Follow these steps to perform Console port login configuration (with authentication mode being none):
T o do… Use the command… Remarks
Enter system view
system-view
—
Enter AUX user interface view user-interface aux 0 —
Configure not to authenticate
users
authentication-mode none
Required
By default, users logging in through
the Console port are not
authenticated.
Configure
the Console
port
Set the baud
rate
speed speed-value
Optional
The default baud rate of an AUX
port (also the Console port) is 9,600
bps.
2-6
T o do… Use the command… Remarks
Set the check
mode
parity { even | mark | none |
odd | space }
Optional
By default, the check mode of a
Console port is set to none, that is,
no check bit.
Set the stop
bits
stopbits { 1 | 1.5 | 2 }
Optional
The stop bits of a Console port is 1.
Set the data
bits
databits { 5 | 6 | 7 | 8 }
Optional
The default data bits of a Console
port is 8.
Configure the command level
available to users logging in to
the user interface
user privilege level level
Optional
By default, commands of level 3 are
available to users logging in to the
AUX user interface.
Define a shortcut key for
starting terminal sessions
activation-key character
Optional
By default, pressing Enter key
starts the terminal session.
Define a shortcut key for
aborting tasks
escape-key { default |
character }
Optional
The default shortcut key
combination for aborting tasks is <
Ctrl + C >.
Make terminal services
available
shell
Optional
By default, terminal services are
available in all user interfaces.
Set the maximum number of
lines the screen can contain
screen-length
screen-length
Optional
By default, the screen can contain
up to 24 lines.
You can use the screen-length 0
command to disable the function to
display information in pages.
Set the history command
buffer size
history-command
max-size value
Optional
The default history command buffer
size is 10. That is, a history
command buffer can store up to 10
commands by default.
Set the timeout time for the
user interface
idle-timeout minutes
[ seconds ]
Optional
The default timeout time of a user
interface is 10 minutes.
With the timeout time being 10
minutes, the connection to a user
interface is terminated if no
operation is performed in the user
interface within 10 minutes.
You can use the idle-timeout 0
command to disable the timeout
function.
Note that if you configure not to authenticate the users, the command level available to users logging in
to a switch depends on both the authentication-mode none command and the user privilege level
level command, as listed in the following table.
2-7
Table 2-4 Determine the command level (A)
Scenario
Authentication
mode
User type Command
Command level
The user privilege level level
command not executed
Level 3
None
(authentication-mod
e none)
Users logging in
through
Console ports
The user privilege level level
command already executed
Determined by
the level
argument
Configuration Example
Network requirements
Assume the switch is configured to allow you to login through Telnet, and your user level is set to the
administrator level (level 3). After you telnet to the switch, you need to limit the console user at the
following aspects.
z The user is not authenticated when logging in through the Console port.
z Commands of level 2 are available to user logging in to the AUX user interface.
z The baud rate of the Console port is 19200 bps.
z The screen can contain up to 30 lines.
z The history command buffer can contain up to 20 commands.
z The timeout time of the AUX user interface is 6 minutes.
Network diagram
Figure 2-5 Network diagram for AUX user interface configuration (with the authentication mode being
none)
Configuration procedure
# Enter system view.
<Sysname> system-view
# Enter AUX user interface view.
[Sysname] user-interface aux 0
# Specify not to authenticate the user logging in through the Console port.
[Sysname-ui-aux0] authentication-mode none
2-8
# Specify commands of level 2 are avai lable to the user logging in to the AUX user interfa ce.
[Sysname-ui-aux0] user privilege level 2
# Set the baud rate of the Console port to 19200 bps.
[Sysname-ui-aux0] speed 19200
# Set the maximum number of lines the screen can contain to 30.
[Sysname-ui-aux0] screen-length 30
# Set the maximum number of commands the history command buff er can store to 20.
[Sysname-ui-aux0] history-command max-size 20
# Set the timeout time of the AUX user interface to 6 minutes.
[Sysname-ui-aux0] idle-timeout 6
After the above configuration, to ensure a successful login, the console user needs to change the
corresponding configuration of the terminal emulation program running on the PC, to make the
configuration consistent with that on the switch. Refer to
Setting Up the Connection to the Console Port
for details.
Console Port Login Configuration with Authentication Mode Being
Password
Configuration Procedure
Follow these steps to perform Console port login configuration (with authentication mode being
password):
T o do… Use the command… Remarks
Enter system view
system-view
—
Enter AUX user interface
view
user-interface aux 0 —
Configure to authenticate
users using the local
password
authentication-mode
password
Required
By default, users logging in through the
Console port are not authenticated, while
users logging in through the Telnet need
to pass the password authentication.
Set the local password
set authentication
password { cipher |
simple } password
Required
2-9
T o do… Use the command… Remarks
Set the
baud rate
speed speed-value
Optional
The default baud rate of an AUX port
(also the Console port) is 9,600 bps.
Set the
check
mode
parity { even | mark | none
| odd | space }
Optional
By default, the check mode of a Console
port is set to none, that is, no check bit.
Set the stop
bits
stopbits { 1 | 1.5 | 2 }
Optional
The default stop bits of a Console port is
1.
Configure
the
Console
port
Set the
data bits
databits { 5 | 6 | 7 | 8 }
Optional
The default data bits of a Console port is
8.
Configure the command
level available to users
logging in to the user
interface
user privilege level level
Optional
By default, commands of level 3 are
available to users logging in to the AUX
user interface.
Define a shortcut key for
starting terminal sessions
activation-key character
Optional
By default, pressing Enter key starts the
terminal session.
Define a shortcut key for
aborting tasks
escape-key { default |
character }
Optional
The default shortcut key combination for
aborting tasks is < Ctrl + C >.
Make terminal services
available to the user
interface
shell
Optional
By default, terminal services are
available in all user interfaces.
Set the maximum number
of lines the screen can
contain
screen-length
screen-length
Optional
By default, the screen can contain up to
24 lines.
You can use the screen-length 0
command to disable the function to
display information in pages.
Set history command
buffer size
history-command
max-size value
Optional
The default history command buffer size
is 10. That is, a history command buffer
can store up to 10 commands by default.
Set the timeout time for
the user interface
idle-timeout minutes
[ seconds ]
Optional
The default timeout time of a user
interface is 10 minutes.
With the timeout time being 10 minutes,
the connection to a user interface is
terminated if no operation is performed in
the user interface within 10 minutes.
You can use the idle-timeout 0
command to disable the timeout
function.
2-10
Note that if you configure to authenticate the users in the password mode, the command level available
to users logging in to a switch depends on both the authentication-mode password and the user
privilege level level command, as listed in the following table.
Table 2-5 Determine the command level (B)
Scenario
Authentication mode User type Command
Command level
The user privilege level level
command not executed
Level 3
Local authentication
(authentication-mode
password)
Users logging in to
the AUX user
interface
The user privilege level level
command already executed
Determined by
the level
argument
Configuration Example
Network requirements
Assume the switch is configured to allow you to login through Telnet, and your user level is set to the
administrator level (level 3). After you telnet to the switch, you need to limit the Console user at the
following aspects.
z The user is authenticated against the local password when logging in through the Console port.
z The local password is set to 123456 (in plain text).
z The commands of level 2 are available to users logging in to the AUX user interface.
z The baud rate of the Console port is 19,200 bps.
z The screen can contain up to 30 lines.
z The history command buffer can store up to 20 commands.
z The timeout time of the AUX user interface is 6 minutes.
Network diagram
Figure 2-6 Network diagram for AUX user interface configuration (with the authentication mode being
password)
Configuration procedure
# Enter system view.
<Sysname> system-view
# Enter AUX user interface view.
Loading...