HP A3100 v2 Switch Series
Fundamentals
Configuration Guide
HP A3100-8 v2 SI Switch (JG221A) HP A3100-16 v2 SI Switch (JG222A) HP A3100-24 v2 SI Switch (JG223A) HP A3100-8 v2 EI Switch (JD318B) HP A3100-16 v2 EI Switch (JD319B) HP A3100-24 v2 EI Switch (JD320B)
HP A3100-8-PoE v2 EI Switch (JD311B) HP A3100-16-PoE v2 EI Switch (JD312B) HP A3100-24-PoE v2 EI Switch (JD313B)
Part number: 5998-1963
Software version: Release 5103
Document version: 6W100-20110909
Legal and notice information
© Copyright 2011 Hewlett-Packard Development Company, L.P.
No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P.
The information contained herein is subject to change without notice.
HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.
The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
CLI configuration ·························································································································································· 1
What is CLI? ······································································································································································1
Entering the CLI ·································································································································································1
Command conventions ·····················································································································································1
Undo form of a command················································································································································2 CLI view description··························································································································································2 Entering system view················································································································································3 Exiting the current view············································································································································3 Returning to user view··············································································································································4 Using the CLI online help ·················································································································································4
Typing commands·····························································································································································5 Editing command lines·············································································································································5 Typing incomplete keywords···································································································································5 Configuring command aliases ································································································································6
Configuring CLI hotkeys···········································································································································6 Redisplaying input but not submitted commands··································································································8 Checking command-line errors········································································································································8 Using command history····················································································································································8 Accessing history commands ··································································································································9
Configuring the history buffer size ·························································································································9
Controlling the CLI display············································································································································ 10 Multi-screen display··············································································································································· 10 Filtering output information··································································································································· 10 Configuring user privilege and command levels ········································································································ 13 Introduction ···························································································································································· 13 Configuring a user privilege level ······················································································································· 14 Switching user privilege level······························································································································· 16 Modifying the level of a command ····················································································································· 19 Saving the current configuration ·································································································································· 20 Displaying and maintaining CLI ··································································································································· 20
Login methods ····························································································································································21
Login methods································································································································································· 21 User interface overview················································································································································· 22 Users and user interfaces······································································································································ 22 Numbering user interfaces ··································································································································· 22
CLI login······································································································································································24
Overview········································································································································································· 24 Logging in through the console port ···························································································································· 24 Introduction ···························································································································································· 24 Configuration requirements·································································································································· 24 Login procedure····················································································································································· 25 Console login authentication modes ··················································································································· 27 Configuring none authentication for console login ··························································································· 28 Configuring password authentication for console login ··················································································· 29 Configuring scheme authentication for console login ······················································································· 31 Configuring common settings for console login (optional) ··············································································· 34 Logging in through Telnet·············································································································································· 36 Introduction ···························································································································································· 36
i
Telnet login authentication modes ······················································································································· 37 Configuring none authentication for Telnet login ······························································································ 38 Configuring password authentication for Telnet login ······················································································ 39 Configuring scheme authentication for Telnet login ·························································································· 41 Configuring common settings for VTY user interfaces (optional)······································································ 45 Configuring the device to log in to a Telnet server as a Telnet client······························································ 46
Logging in through SSH ················································································································································ 47 Introduction ···························································································································································· 47 Configuring the SSH server·································································································································· 48 Configuring the SSH client to log in to the SSH server ····················································································· 51 Logging in through modems ········································································································································· 52 Introduction ···························································································································································· 52 Configuration requirements·································································································································· 52 Login procedure····················································································································································· 52 Modem login authentication modes···················································································································· 55 Configuring none authentication for modem login···························································································· 56 Configuring password authentication for modem login···················································································· 57 Configuring scheme authentication for modem login ······················································································· 58 Configuring common settings for modem login (optional)················································································ 62 Displaying and maintaining CLI login ························································································································· 64
Web login ··································································································································································66
Web login overview ······················································································································································ 66 Configuring HTTP login ················································································································································· 66 Configuring HTTPS login ··············································································································································· 67 Displaying and maintaining web login ······················································································································· 70 Web login example······················································································································································· 70
HTTP login example ·············································································································································· 70 HTTPS login example ············································································································································ 71
NMS login ··································································································································································74
NMS login overview······················································································································································ 74 Configuring NMS login················································································································································· 74 NMS login example······················································································································································· 75
User login control·······················································································································································78
User login control methods ··········································································································································· 78 Configuring login control over Telnet users················································································································· 78 Configuration preparation···································································································································· 78 Configuring source IP-based login control over Telnet users ············································································ 78 Configuring source and destination IP-based login control over Telnet users ················································ 79 Configuring source MAC-based login control over Telnet users······································································ 79 Source MAC-based login control configuration example················································································· 80 Configuring source IP-based login control over NMS users······················································································ 81 Configuration preparation···································································································································· 81 Configuring source IP-based login control over NMS users············································································· 81 Source IP-based login control over NMS users configuration example ·························································· 82 Configuring source IP-based login control over web users ······················································································· 83 Configuration preparation···································································································································· 83 Configuring source IP-based login control over web users··············································································· 83 Logging off online web users ······························································································································· 83 Source IP-based login control over web users configuration example ···························································· 84
FTP configuration························································································································································85
FTP overview··································································································································································· 85 Introduction to FTP················································································································································· 85
ii
FTP operation························································································································································· 85 Configuring the FTP client ············································································································································· 86 Establishing an FTP connection···························································································································· 86 Operating the directories on an FTP server········································································································ 87 Operating the files on an FTP server··················································································································· 88 Using another username to log in to an FTP server ··························································································· 89 Maintaining and debugging an FTP connection································································································ 89 Terminating an FTP connection ···························································································································· 89 FTP client configuration example························································································································· 90
Configuring the FTP server ············································································································································ 91 Configuring FTP server operating parameters···································································································· 91 Configuring authentication and authorization on the FTP server ····································································· 92 FTP server configuration example························································································································ 93
Displaying and maintaining FTP··································································································································· 95
TFTP configuration······················································································································································96
TFTP overview································································································································································· 96 Introduction to TFTP ··············································································································································· 96 TFTP operation ······················································································································································· 96 Configuring the TFTP client············································································································································ 97 Displaying and maintaining the TFTP client ················································································································ 98 TFTP client configuration example································································································································ 98
File management····················································································································································· 100
Managing files ·····························································································································································100
Filename formats ·················································································································································100
Performing directory operations ·································································································································100
Displaying directory information ·······················································································································101
Displaying the current working directory··········································································································101 Changing the current working directory···········································································································101 Creating a directory············································································································································101 Removing a directory··········································································································································101 Performing file operations ···········································································································································101
Displaying file information ·································································································································102
Displaying the contents of a file·························································································································102 Renaming a file····················································································································································102 Copying a file······················································································································································102 Moving a file························································································································································102 Deleting a file·······················································································································································102 Restoring a file from the recycle bin··················································································································103 Emptying the recycle bin ····································································································································103
Performing batch operations·······································································································································103 Performing storage medium operations·····················································································································104 Managing the space of a storage medium ······································································································104
Setting prompt modes··················································································································································104 Example for file operations ·········································································································································104
Configuration file management ····························································································································· 106
Configuration file overview·········································································································································106 Types of configuration ········································································································································106
Format and content of a configuration file ·······································································································106
Coexistence of multiple configuration files ·······································································································107
Startup with the configuration file······················································································································107 Saving the running configuration ·······························································································································107
Introduction ··························································································································································107
Modes in saving the configuration····················································································································107
iii
Setting configuration rollback·····································································································································108 Configuration rollback ········································································································································108
Configuration task list ·········································································································································109
Configuring parameters for saving the running configuration ·······································································109
Enabling automatic saving of the running configuration ················································································110
Manually saving the running configuration······································································································110 Setting configuration rollback ····························································································································111
Specifying a startup configuration file to be used at the next system startup························································111 Backing up the startup configuration file···················································································································112 Deleting a startup configuration file···························································································································112 Restoring a startup configuration file ·························································································································113
Displaying and maintaining a configuration file ······································································································113
Software upgrade configuration···························································································································· 115
Switch software overview············································································································································115 Software upgrade methods·········································································································································115 Upgrading the Boot ROM program through a system reboot·················································································116 Upgrading system software through a system reboot······························································································117 Software upgrade by installing hotfixes ····················································································································117
Basic concepts in hotfix ······································································································································117
Patch status···························································································································································118 Configuration prerequisites ································································································································120
One-step patch installation·································································································································121 Step-by-step patch installation····························································································································121 Step-by-step patch uninstallation························································································································122 Displaying and maintaining the software upgrade··································································································123 Software upgrade configuration examples ···············································································································123
Scheduled upgrade configuration example ·····································································································123
Hotfix configuration example·····························································································································125
Device management ··············································································································································· 126
Configuring the device name ·····································································································································126
Changing the system time ···········································································································································126
Configuration guidelines ····································································································································126
Configuration procedure ····································································································································129
Enabling displaying the copyright statement ············································································································129
Configuring banners····················································································································································130 Introduction to banners ·······································································································································130
Configuration procedure ····································································································································131
Banner configuration examples ·························································································································131
Configuring the exception handling method·············································································································131 Rebooting the device ···················································································································································132
Rebooting the device immediately at the CLI ···································································································132
Scheduling a device reboot ·······························································································································132
Scheduling jobs····························································································································································133 Job configuration approaches ···························································································································133
Configuration guidelines ····································································································································133
Scheduling a job in the non-modular approach ······························································································134
Scheduling a job in the modular approach ·····································································································134
Disabling Boot ROM access ·······································································································································134
Configuring the detection timer ··································································································································135
Configuring temperature alarm thresholds (available only on the A3100 v2 EI)·················································135 Clearing idle 16-bit interface indexes ·······················································································································136
Verifying and diagnosing transceiver modules·········································································································136 Verifying transceiver modules ····························································································································136
iv
Diagnosing transceiver modules························································································································137 Displaying and maintaining device management configuration ············································································137
Automatic configuration ········································································································································· 140
Automatic configuration overview······························································································································140 Typical automatic configuration network···················································································································140 How automatic configuration works ··························································································································141
Work flow of automatic configuration ··············································································································141
Using DHCP to obtain an IP address and other configuration information ··················································142
Obtaining the configuration file from the TFTP server ·····················································································143
Executing the configuration file··························································································································145
Support and other resources ·································································································································· 146
Contacting HP ······························································································································································146
Subscription service ············································································································································146
Related information······················································································································································146 Documents····························································································································································146 Websites·······························································································································································146 Conventions ··································································································································································147
Index ········································································································································································ 149
v
The command line interface (CLI) enables you to interact with your device by typing text commands. At the CLI, you can instruct your device to perform a given task by typing a text command and then pressing Enter. Compared with a graphical user interface (GUI) where you can use a mouse to perform configuration, the CLI allows you to input more information in one command line.
Figure 1 CLI example
HP devices provide multiple methods for entering the CLI, such as through the console port, through Telnet, or through SSH. For more information, see the chapter “Logging in to the switch configuration.”
Command conventions help you understand command meanings. Commands in HP product manuals comply with the conventions listed in Table 1.
Table 1 Command conventions
Convention |
Description |
Boldface |
Bold text represents commands and keywords that you enter literally as shown. |
|
|
Italic |
Italic text represents arguments that you replace with actual values. |
|
|
1
Convention |
Description |
|
[ ] |
Square brackets enclose syntax choices (keywords or arguments) that are |
|
optional. |
||
|
||
|
|
|
{ x | y | ... } |
Braces enclose a set of required syntax choices separated by vertical bars, from |
|
which you select one. |
||
|
||
|
|
|
[ x | y | ... ] |
Square brackets enclose a set of optional syntax choices separated by vertical |
|
bars, from which you select one or none. |
||
|
||
|
|
|
{ x | y | ... } * |
Asterisk marked braces enclose a set of required syntax choices separated by |
|
vertical bars, from which you select at least one. |
||
|
||
|
|
|
[ x | y | ... ] * |
Asterisk marked square brackets enclose optional syntax choices separated by |
|
vertical bars, from which you select one choice, multiple choices, or none. |
||
|
||
|
|
|
&<1-n> |
The argument or keyword and argument combination before the ampersand (&) |
|
sign can be entered 1 to n times. |
||
|
||
|
|
|
# |
A line that starts with a pound (#) sign is comments. |
|
|
|
|
|
|
NOTE:
The keywords of HP command lines are case insensitive.
Figure 2 shows how to read the clock datetime time date command by using Table 1 as a reference.
Figure 2 Read command line parameters
Following this example, you can type the following command line at the CLI of your device and press Enter to set the device system time to 10 o’clock 30 minutes 20 seconds, February 23, 2010.
<sysname> clock datetime 10:30:20 2/23/2010
More complicated commands can be understood using Table 1 as a reference.
The undo form of a command restores the default, disables a function, or removes a configuration.
Almost all configuration commands have an undo form. For example, the info-center enable command enables the information center, and the undo info-center enable command disables the information center.
Commands are grouped into different classes by function. To use a command, you must enter the class view of the command.
2
CLI views adopt a hierarchical structure. See Figure 3.
•After logging in to the switch, you are in user view. The user view prompt is <device name>. In user view, you can perform display, debugging, and file management operations, set the system time, restart your device, and perform FTP and Telnet operations.
•You can enter system view from user view. In system view, you can configure parameters such as daylight saving time, banners, and short-cut keys.
•From system view, you can enter different function views. For example, enter interface view to configure interface parameters, create a VLAN and enter its view, enter user interface view to configure login user attributes, create a local user and enter local user view to configure the password and level of the local user.
NOTE:
Enter ? in any view to display all the commands that can be executed in this view.
Figure 3 Command line views
……
When you log in to the device, you automatically enter user view, where <Device name> is displayed. You can perform limited operations in user view, for example, display operations, file operations, and Telnet operations. To perform further configuration on the device, enter system view.
Follow the step below to enter system view:
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
Required |
|
Available in user view |
|||
|
|
||
|
|
|
The CLI is divided into different command views. Each view has a set of specific commands and defines the effective scope of the commands. The commands available to you at any given time depend on the view you are in.
Follow the step below to exit the current view:
3
To do… |
Use the command… |
Remarks |
|
Return to the parent view from the |
quit |
Required |
|
current view |
Available in any view. |
||
|
|||
|
|
|
|
|
|
|
NOTE:
•The quit command in user view stops the current connection between the terminal and the device.
•In public key code view, use the public-key-code end command to return to the parent view (public key view). In public key view, use the peer-public-key end command to return to system view.
This feature allows you to return to user view from any other view, without using the quit command repeatedly. You can also press Ctrl+Z to return to user view from the current view.
Follow the step below to exit to user view:
To do… |
Use the command… |
Remarks |
|
|
Required |
Return to user view |
return |
Available in any view except user |
|
|
view |
|
|
|
Type a question mark (?) to obtain online help. See the following examples.
1.Type ? in any view to display all commands available in this view as well as brief descriptions of the commands. For example:
<sysname> ?
User view commands:
archive |
Specify archive settings |
backup |
Backup next startup-configuration file to TFTP server |
boot-loader |
Set boot loader |
bootrom |
Update/read/backup/restore bootrom |
cd |
Change current directory |
…Omitted…
2.Type part of a command and a ? separated by a space.
If ? is at the keyword position, the CLI displays all possible keywords with a brief description for each keyword. For example:
<sysname> terminal ?
debugging |
Send debug information to terminal |
logging |
Send log information to terminal |
monitor |
Send information output to current terminal |
trapping |
Send trap information to terminal |
If ? is at the argument position, the CLI displays a description about this argument. For example:
<sysname> system-view
[sysname] interface vlan-interface ?
4
<1-4094> VLAN interface
[sysname] interface vlan-interface 1 ? <cr>
[sysname] interface vlan-interface 1
The string <cr> indicates that the command is a complete command, and can be executed by pressing
Enter.
3.Type an incomplete character string followed by ?. The CLI displays all commands starting with the typed character(s).
<sysname> b? backup boot-loader bootrom
<sysname> display cl? clipboard
clock cluster
Table 2 Editing functions
Key |
Function |
|
Common keys |
If the edit buffer is not full, pressing a common key inserts the character at the |
|
position of the cursor and moves the cursor to the right. |
||
|
||
|
|
|
Backspace |
Deletes the character to the left of the cursor and moves the cursor back one |
|
character. |
||
|
||
|
|
|
Left arrow key or Ctrl+B |
The cursor moves one character space to the left. |
|
|
|
|
Right arrow key or Ctrl+F |
The cursor moves one character space to the right. |
|
|
|
|
|
If you press Tab after entering part of a keyword, the system automatically |
|
|
completes the keyword: |
|
|
• If there is a unique match, the system substitutes the complete keyword for |
|
Tab |
the incomplete one and displays it in the next line. |
|
• If there is more than one match, you can press Tab repeatedly to cycle |
||
|
||
|
through all the keywords starting with the character string that you typed. |
|
|
• If there is no match, the system does not modify the incomplete keyword |
|
|
and displays it again in the next line. |
|
|
|
You can input a command comprising incomplete keywords that uniquely identify the complete command.
In user view, for example, commands starting with an s include startup saved-configuration and system-view.
•To enter system view, type sy.
5
•To set the configuration file for next startup, type st s.
You can also press Tab to have an incomplete keyword automatically completed.
The command alias function allows you to replace the first keyword of a command with your preferred keyword. For example, if you configure show as the replacement for the display keyword, then to execute the display xx command, you can input the command alias show xx.
Note the following guidelines when configuring a command alias:
•You can define and use a command alias but the command is not restored in its alias format.
•When you define a command alias, the cmdkey and alias arguments must be in their complete form.
•When you input an incomplete keyword that partially matches both a defined alias and the keyword of a command, the alias takes precedence. To execute the command whose keyword partially matches your input, input the complete keyword. When you input a character string that partially matches multiple aliases, the system gives you prompts.
•If you press Tab after you input an alias keyword, the original format of the keyword is displayed.
•You can replace only the first keyword of a non-undo command instead of the complete command. You can replace only the second keyword of undo commands.
Follow these steps to configure command aliases:
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
|
|
|
|
|
|
Required |
|
Enable the command alias function |
command-alias enable |
Disabled by default, which means |
|
you cannot configure command |
|||
|
|
||
|
|
aliases. |
|
|
|
|
|
Configure a command alias |
command-alias mapping cmdkey |
Required |
|
alias |
Not configured by default. |
||
|
|||
|
|
|
Follow these steps to configure CLI hotkeys:
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
|
|
|
|
|
hotkey { CTRL_G | CTRL_L | |
Optional |
|
|
The Ctrl+G, Ctrl+L and Ctrl+O |
||
Configure CLI hotkeys |
CTRL_O | CTRL_T | CTRL_U } |
||
hotkeys are specified at the CLI by |
|||
|
command |
||
|
default. |
||
|
|
||
|
|
|
|
Display hotkeys |
display hotkey |
Available in any view. See Table 3 |
|
for hotkeys reserved by the system. |
|||
|
|
||
|
|
|
6
NOTE:
By default, the Ctrl+G, Ctrl+L and Ctrl+O hotkeys are associated with pre-defined commands as defined below, the Ctrl+T and Ctrl+U hotkeys are not.
•Ctrl+G corresponds to the display current-configuration command.
•Ctrl+L corresponds to the display ip routing-table command.
•Ctrl+O corresponds to the undo debugging all command.
Table 3 Hotkeys reserved by the system
Hotkey |
Function |
|
Ctrl+A |
Moves the cursor to the beginning of the current line. |
|
|
|
|
Ctrl+B |
Moves the cursor one character to the left. |
|
|
|
|
Ctrl+C |
Stops performing a command. |
|
|
|
|
Ctrl+D |
Deletes the character at the current cursor position. |
|
|
|
|
Ctrl+E |
Moves the cursor to the end of the current line. |
|
|
|
|
Ctrl+F |
Moves the cursor one character to the right. |
|
|
|
|
Ctrl+H |
Deletes the character to the left of the cursor. |
|
|
|
|
Ctrl+K |
Terminates an outgoing connection. |
|
|
|
|
Ctrl+N |
Displays the next command in the history command buffer. |
|
|
|
|
Ctrl+P |
Displays the previous command in the history command buffer. |
|
|
|
|
Ctrl+R |
Redisplays the current line information. |
|
|
|
|
Ctrl+V |
Pastes the content in the clipboard. |
|
|
|
|
Ctrl+W |
Deletes all the characters in a continuous string to the left of the |
|
cursor. |
||
|
||
|
|
|
Ctrl+X |
Deletes all characters to the left of the cursor. |
|
|
|
|
Ctrl+Y |
Deletes all characters to the right of the cursor. |
|
|
|
|
Ctrl+Z |
Exits to user view. |
|
|
|
|
Ctrl+] |
Terminates an incoming connection or a redirect connection. |
Esc+B
Esc+D
Esc+F
Esc+N
Moves the cursor to the leading character of the continuous string to the left.
Deletes all the characters of the continuous string at the current cursor position and to the right of the cursor.
Moves the cursor to the front of the next continuous string to the right.
Moves the cursor down by one line (available before you press
Enter)
Esc+P |
Moves the cursor up by one line (available before you press Enter) |
|
|
Esc+< |
Specifies the cursor as the beginning of the clipboard. |
|
|
Esc+> |
Specifies the cursor as the ending of the clipboard. |
|
|
7
NOTE:
The hotkeys in Table 3 are defined by the switch. If the same hotkeys are defined by the terminal software that you use to interact with the switch, the hotkeys defined by the terminal software take effect.
If your command input is interrupted by output system information, you can use this feature to redisplay the commands input previously but not submitted.
Follow these steps to enable redisplaying of commands previously input but not submitted:
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
|
|
|
|
Enable redisplaying of input but |
info-center synchronous |
Required |
|
not submitted commands |
Disabled by default |
||
|
|||
|
|
|
|
|
|
|
NOTE:
•If you have no input at the command line prompt and the system outputs system information such as logs, the system will not display the command line prompt after the output.
•If the system outputs system information when you are typing interactive information (not YES/NO for confirmation), the system does not redisplay the prompt information but a line break after the output and then display what you have typed.
•For more information about the info-center synchronous command, see the Network Management and Monitoring Configuration Guide.
If a command contains syntax errors, the CLI reports error information.
Table 4 Common command line errors
Error information |
Cause |
% Unrecognized command found at '^' position. |
The command was not found. |
|
|
% Incomplete command found at '^' position. |
Incomplete command |
|
|
% Ambiguous command found at '^' position. |
Ambiguous command |
|
|
Too many parameters |
Too many parameters |
|
|
% Wrong parameter found at '^' position. |
Wrong parameters |
|
|
The CLI automatically saves the commands recently used in the history command buffer. You can access these commands and execute them again.
8
Follow a step below to access history commands:
To do… |
Use the key/command… |
Result |
|
Display history commands |
display history-command |
Displays valid history commands you |
|
used |
|||
|
|
||
|
|
|
|
Display the previous history |
Up arrow key or Ctrl+P |
Displays the previous history command, if |
|
command |
any |
||
|
|||
|
|
|
|
Display the next history |
Down arrow key or Ctrl+N |
Displays the next history command, if any |
|
command |
|||
|
|
||
|
|
|
|
|
|
|
NOTE:
You can use arrow keys to access history commands in Windows 200X and XP Terminal or Telnet. However, the up and down arrow keys are invalid in Windows 9X HyperTerminal, because they are defined differently. You can use Ctrl+P or Ctrl+N instead.
•The commands saved in the history command buffer are in the same format in which you typed the commands. If you type an incomplete command, the command saved in the history command buffer is also incomplete.
•If you execute the same command repeatedly, the switch saves only the earliest record. However, if you execute the same command in different formats, the system saves them as different commands. For example, if you execute the display cu command repeatedly, the system saves only one command in the history command buffer. If you execute the command in the format of display cu and display current-configuration respectively, the system saves them as two separate commands.
•By default, the CLI can save up to 10 commands for each user. To set the capacity of the history command buffer for the current user interface, use the history-command max-size command. (For more information about the history-command max-size command, see the chapter “Logging in to the switch commands.”
Follow these steps to configure the history buffer size:
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
|
|
|
|
|
user-interface { first-num1 |
|
|
Enter user interface view |
[ last-num1 ] | { aux | vty } |
— |
|
|
first-num2 [ last-num2 ] } |
|
|
|
|
|
|
Set the maximum number of |
history-command max-size |
Optional |
|
commands that can be saved in the |
By default, the history buffer can |
||
size-value |
|||
history buffer |
save up to 10 commands. |
||
|
|||
|
|
|
|
|
|
|
NOTE:
For more information about the user-interface and history-command max-size commands, see the chapter “Logging in to the switch commands.”
9
If the output information spans multiple screens, each screen pauses after it is displayed. Perform one of the following operations to proceed.
Action |
Function |
Press Space |
Displays the next screen. |
|
|
Press Enter |
Displays the next line. |
|
|
Press Ctrl+C |
Stops the display and the command execution. |
|
|
Press <PageUp> |
Displays the previous page. |
|
|
Press <PageDown> |
Displays the next page. |
|
|
By default, each screen displays up to 24 lines. To change the maximum number of lines displayed on the next screen, use the screen-length command. For more information about the screen-length command, see the chapter “Logging in to the switch commands.”
You can use the following command to disable the multi-screen display function. All of the output information will be displayed at one time and the screen will refresh continuously until the last screen is displayed.
To do… |
Use the command… |
Remarks |
|
|
|
Required |
|
|
|
By default, a login user uses the |
|
|
|
settings of the screen-length |
|
|
|
command. The default settings of the |
|
|
|
screen-length command are: |
|
Disable the multi-screen display |
|
multiple-screen display is enabled |
|
screen-length disable |
and up to 24 lines are displayed on |
||
function |
|||
|
the next screen. |
||
|
|
||
|
|
This command is executed in user |
|
|
|
view, and takes effect for the current |
|
|
|
user only. When the user re-logs into |
|
|
|
the switch, the default configuration |
|
|
|
is restored. |
|
|
|
|
You can use regular expressions in display commands to filter output information. The following methods are available for filtering output information:
•Input the begin, exclude, or include keyword plus a regular expression in the display command to filter the output information.
10
•When the system displays the output information in multiple screens, use /, - or + plus a regular expression to filter subsequent output information. / equals the keyword begin, - equals the keyword exclude, and + equals the keyword include.
The following definitions apply to the begin, exclude, and include keywords:
•begin: Displays the first line that matches the specified regular expression and all lines that follow.
•exclude: Displays all lines that do not match the specified regular expression.
•include: Displays all lines that match the specified regular expression.
A regular expression is a case-sensitive string of 1 to 256 characters. It supports the following special characters.
Character |
Meaning |
Remarks |
|
|
Starting sign. string appears only at |
For example, regular expression “^user” only |
|
^string |
matches a string beginning with “user”, not |
||
the beginning of a line. |
|||
|
“Auser”. |
||
|
|
||
|
|
|
|
string$ |
Ending sign. string appears only at |
For example, regular expression "user$” only |
|
the end of a line. |
matches a string ending with “user”, not “userA”. |
||
|
|||
|
|
|
|
|
Matches any single character, such |
|
|
. |
as a single character, a special |
For example, “.s” matches “as” and “bs”. |
|
|
character, and a blank. |
|
|
|
|
|
|
|
Matches the preceding character or |
For example, “zo*” matches “z” and “zoo”; |
|
* |
character group zero or multiple |
||
“(zo)*” matches “zo” and “zozo”. |
|||
|
times. |
||
|
|
||
|
|
|
|
|
Matches the preceding character or |
For example, “zo+” matches “zo” and “zoo”, but |
|
+ |
character group one or multiple |
||
not “z”. |
|||
|
times |
||
|
|
||
|
|
|
|
| |
Matches the preceding or |
For example, “def|int” only matches a character |
|
succeeding character string |
string containing “def” or “int”. |
||
|
|||
|
|
|
|
|
If it is at the beginning or the end of a |
|
|
|
regular expression, it equals ^ or $. |
For example, “a_b” matches “a b” or “a(b”; “_ab” |
|
_ |
In other cases, it equals comma, |
only matches a line starting with “ab”; “ab_” only |
|
|
space, round bracket, or curly |
matches a line ending with “ab”. |
|
|
bracket. |
|
|
|
|
|
|
|
Connects two values (the smaller one |
For example, “1-9” means 1 to 9 (inclusive); “a-h” |
|
- |
before it and the bigger one after it) |
||
means a to h (inclusive). |
|||
|
to indicate a range together with [ ]. |
||
|
|
||
|
|
|
|
|
|
For example, [16A] matches a string containing |
|
|
|
any character among 1, 6, and A; [1-36A] matches |
|
|
|
a string containing any character among 1, 2, 3, 6, |
|
[ ] |
Matches a single character |
and A (- is a hyphen). |
|
contained within the brackets. |
“]” can be matched as a common character only |
||
|
|||
|
|
when it is put at the beginning of characters within |
|
|
|
the brackets, for example [ ]string]. There is no such |
|
|
|
limit on “[”. |
( ) |
A character group. It is usually used |
|
with “+” or “*”. |
||
|
For example, (123A) means a character group “123A”; “408(12)+” matches 40812 or 408121212. But it does not match 408.
11
Character |
Meaning |
Remarks |
|
|
Repeats the character string |
|
|
|
specified by the index. A character |
For example, (string)\1 repeats string, and a |
|
|
string refers to the string within () |
||
|
before \. index refers to the |
matching string must contain stringstring. |
|
|
sequence number (starting from 1 |
(string1)(string2)\2 repeats string2, and a |
|
\index |
from left to right) of the character |
matching string must contain string1string2string2. |
|
|
group before \. If only one character |
(string1)(string2)\1\2 repeats string1 and string2 |
|
|
group appears before \, index can |
respectively, and a matching string must contain |
|
|
only be 1; if n character groups |
string1string2string1string2. |
|
|
appear before index, index can be |
|
|
|
any integer from 1 to n. |
|
|
|
|
|
|
|
|
For example, [^16A] means to match a string |
|
|
Matches a single character not |
containing any character except 1, 6 or A, and the |
|
[^] |
matching string can also contain 1, 6 or A, but |
||
contained within the brackets. |
cannot contain these three characters only. For |
||
|
|||
|
|
example, [^16A] matches “abc” and “m16”, but |
|
|
|
not 1, 16, or 16A. |
|
|
|
|
|
\<string |
Matches a character string starting |
For example, “\<do” matches word “domain” and |
|
with string. |
string “doa”. |
||
|
|||
|
|
|
|
string\> |
Matches a character string ending |
For example, “do\>” matches word “undo” and |
|
with string. |
string “abcdo”. |
||
|
|||
|
|
|
|
|
Matches character1character2. |
For example, “\ba” matches “-a” with “-“ being |
|
|
character1 can be any character |
||
\bcharacter2 |
character1, and “a” being character2, but it does |
||
except number, letter or underline, |
|||
|
not match “2a” or “ba”. |
||
|
and \b equals [^A-Za-z0-9_]. |
||
|
|
||
|
|
|
|
|
Matches a string containing |
For example, “\Bt” matches “t” in “install”, but not |
|
\Bcharacter |
character, and no space is allowed |
||
“t” in “big top”. |
|||
|
before character. |
||
|
|
||
|
|
|
|
|
Matches character1character2. |
For example, “v\w” matches “vlan”, with “v” being |
|
|
character2 must be a number, letter, |
||
character1\w |
character1, and “l” being character2. v\w also |
||
or underline, and \w equals |
|||
|
matches “service”, with “i” being character2. |
||
|
[^A-Za-z0-9_]. |
||
|
|
||
|
|
|
|
|
|
For example, “\Wa” matches “-a”, with “-” being |
|
\W |
Equals \b. |
character1, and “a” being character2, but does not |
|
|
|
match “2a” or “ba”. |
Escape character. If a special
\ character listed in this table follows \, the specific meaning of the character is removed.
For example, “\\” matches a string containing “\”, “\^” matches a string containing “^”, and “\\b” matches a string containing “\b”.
1.Example of using the begin keyword
# Display the configuration from the line containing “user-interface” to the last line in the current configuration (the output information depends on the current configuration).
<Sysname> display current-configuration | begin user-interface user-interface aux 0
user-interface vty 0 15 authentication-mode none
12
user privilege level 3
#
return
2.Example of using the exclude keyword
# Display the non-direct routes in the routing table (the output depends on the current configuration).
<Sysname> display ip routing-table | exclude Direct Routing Tables: Public
Destination/Mask |
Proto |
Pre |
Cost |
NextHop |
Interface |
1.1.1.0/24 |
Static |
60 |
0 |
192.168.0.0 |
Vlan1 |
3.Example of using the include keyword
# Display the route entries that contain Vlan in the routing table (the output depends on the current configuration).
<Sysname> display ip routing-table | include Vlan Routing Tables: Public
Destination/Mask |
Proto |
Pre |
Cost |
NextHop |
Interface |
192.168.1.0/24 |
Direct |
0 |
0 |
192.168.1.42 |
Vlan999 |
To avoid unauthorized access, the switch defines user privilege levels and command levels. User privilege levels correspond to command levels. When a user at a specific privilege level logs in, the user can only use commands at that level or lower levels.
All the commands are categorized into four levels: visit, monitor, system, and manage, and are identified from low to high, respectively by 0 through 3. Table 5 describes the command levels.
Table 5 Default command levels
Level |
Privilege |
Description |
|
|
|
Involves commands for network diagnosis and accessing an external device. |
|
0 |
Visit |
Command configuration at this level cannot survive a device restart. Upon device |
|
restart, the commands at this level will be restored to the default settings. |
|||
|
|
||
|
|
Commands at this level include ping, tracert, telnet and ssh2. |
|
|
|
|
|
|
|
Involves commands for system maintenance and service fault diagnosis. |
|
|
|
Commands at this level are not allowed to be saved after being configured. After |
|
1 |
Monitor |
the switch is restarted, the commands at this level will be restored to the default |
|
|
|
settings. |
|
|
|
Commands at this level include debugging, terminal, refresh, reset, and send. |
|
|
|
|
|
|
|
Involves service configuration commands, such as routing configuration |
|
2 |
System |
commands and commands for configuring services at different network levels. |
|
By default, commands at this level include all configuration commands except for |
|||
|
|
those at the manage level.
13
Level |
Privilege |
Description |
|
|
|
Involves commands that influence the basic operation of the system and |
|
|
|
commands for configuring system support modules. |
|
3 |
Manage |
By default, commands at this level involve the configuration commands of file |
|
system, FTP, TFTP, Xmodem download, user management, level setting, and |
|||
|
|
||
|
|
parameter settings within a system (which are not defined by any protocols or |
|
|
|
RFCs). |
|
|
|
|
A user privilege level can be configured by using AAA authentication parameters or under a user interface.
If the user interface authentication mode is scheme, the user privilege level of users logging into the user interface is specified in AAA authentication configuration.
Follow these steps to configure the user privilege level by using AAA authentication parameters:
To do… |
|
Use the command… |
Remarks |
||
Enter system view |
|
system-view |
— |
||
|
|
|
|
|
|
|
|
|
user-interface { first-num1 |
|
|
Enter user interface view |
[ last-num1 ] | { aux | vty } |
— |
|||
|
|
|
first-num2 [ last-num2 ] } |
|
|
|
|
|
|
|
|
|
|
|
|
Required |
|
Specify the scheme authentication |
authentication-mode scheme |
By default, the authentication |
|||
mode for VTY users is password, |
|||||
mode |
|
||||
|
|
and no authentication is needed |
|||
|
|
|
|
||
|
|
|
|
for AUX login users. |
|
|
|
|
|
||
Return to system view |
quit |
— |
|||
|
|
|
|
|
|
Configure the authentication mode |
For more information about SSH, |
Required if users use SSH to log in, |
|||
see the Security Configuration |
and username and password are |
||||
for SSH users as password |
|||||
Guide. |
needed at authentication |
||||
|
|
|
|||
|
|
|
|
|
|
|
|
|
• Use the local-user command to |
Use either approach |
|
|
|
|
create a local user and enter |
||
|
|
|
• For local authentication, if you |
||
|
|
Using local |
local user view. |
||
Configure the |
• Use the level keyword in the |
do not configure the user |
|||
authentication |
|||||
user privilege |
authorization-attribute |
privilege level, the user |
|||
|
privilege level is 0. |
||||
level by using |
|
command to configure the user |
|||
|
• For remote authentication, if |
||||
AAA |
|
privilege level. |
|||
|
|
|
|
you do not configure the user |
|
authentication |
Using remote |
|
|||
|
privilege level, the user |
||||
parameters |
|
||||
authentication |
|
||||
Configure the user privilege level |
privilege level depends on the |
||||
|
|
||||
|
|
(RADIUS, |
|||
|
|
on the authentication server |
default configuration of the |
||
|
|
HWTACACS |
|||
|
|
|
authentication server. |
||
|
|
authentications) |
|
||
|
|
|
|
||
|
|
|
|
|
# You are required to authenticate the users that Telnet to the switch through VTY 1, verify their username and password, and specify the user privilege level as 3.
14
<Sysname> system-view [Sysname] user-interface vty 1
[Sysname-ui-vty1] authentication-mode scheme [Sysname-ui-vty1] quit
[Sysname] local-user test [Sysname-luser-test] password cipher 12345678 [Sysname-luser-test] service-type telnet
When users telnet to the switch through VTY 1, they need to input username test and password 12345678. After passing authentication, the users can only use level 0 commands. If the users want to use commands level 0, 1, 2 and 3 commands, the following configuration is required:
[Sysname-luser-test] authorization-attribute level 3
•If the user interface authentication mode is scheme, and SSH publickey authentication type (only a username is needed for this authentication type) is adopted, the user privilege level of users logging into the user interface is the user interface level.
•If the user interface authentication mode is none or password, the user privilege level of users logging into the user interface is the user interface level.
Follow these steps to configure the user privilege level under a user interface (SSH publickey authentication type):
To do… |
Use the command… |
Remarks |
Configure the authentication type |
For more information about SSH, |
|
see the Security Configuration |
||
for SSH users as publickey |
||
Guide. |
||
|
Required if the SSH login mode is adopted, and only username is needed during authentication.
After the configuration, the authentication mode of the corresponding user interface must be set to scheme.
Enter system view |
system-view |
— |
|
|
|
|
|
|
user-interface { first-num1 |
|
|
Enter user interface view |
[ last-num1 ] | vty first-num2 |
— |
|
|
[ last-num2 ] } |
|
|
|
|
|
|
|
|
Required |
|
Configure the authentication mode |
|
By default, the authentication |
|
for any user that uses the current |
authentication-mode scheme |
mode for VTY users is password, |
|
user interface to log in to the switch |
|
and no authentication is needed |
|
|
|
for AUX users. |
|
|
|
|
|
|
|
Optional |
|
Configure the privilege level for |
|
By default, the user privilege level |
|
|
for users logged in through the |
||
users that log in through the current |
user privilege level level |
||
AUX user interface is 3, and that |
|||
user interface |
|
||
|
for users logged in through the VTY |
||
|
|
||
|
|
interfaces is 0. |
|
|
|
|
Follow these steps to configure the user privilege level under a user interface (none or password authentication mode):
15
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
|
|
|
|
|
user-interface { first-num1 |
|
|
Enter user interface view |
[ last-num1 ] | { aux | vty } |
— |
|
|
first-num2 [ last-num2 ] } |
|
|
|
|
|
|
|
|
Optional |
|
Configure the authentication mode |
authentication-mode { none | |
By default, the authentication |
|
for any user that uses the current |
mode for VTY user interfaces is |
||
password } |
|||
user interface to log in to the switch |
password, and no authentication is |
||
|
|||
|
|
needed for AUX login users. |
|
|
|
|
|
|
|
Optional |
|
Configure the privilege level of |
|
By default, the user privilege level |
|
|
for users logged in through the |
||
users logged in through the current |
user privilege level level |
||
AUX user interface is 3, and that |
|||
user interface |
|
||
|
for users logged in through the VTY |
||
|
|
||
|
|
interfaces is 0. |
|
|
|
|
# Authenticate users logged in to the switch through Telnet, verify their password, and specify their user privilege level as 2.
<Sysname> system-view
[Sysname] user-interface vty 0 15 [Sysname-ui-vty0-15] authentication-mode password
[Sysname-ui-vty0-15] set authentication password cipher 123 [Sysname-ui-vty0-15] user privilege level 2
By default, Telnet users can use level 0 commands after passing authentication. After the configuration above is completed, when users log in to the switch through Telnet, they need to input password 123, and then they can use level 0, 1, and 2 commands.
NOTE:
•For more information about user interfaces, see the chapter “Logging in to the switch configuration.” For more information about the user-interface, authentication-mode, and user privilege level commands, see the chapter “Logging in to the switch commands.”
•For more information about AAA authentication, see the Security Configuration Guide. For more information about the local-user and authorization-attribute commands, see the Security Command Reference.
•For more information about SSH, see the Security Configuration Guide.
Users can switch to a different user privilege level temporarily without logging out and terminating the current connection. After the privilege level switch, users can continue to configure the switch without the need to logging back in, but the commands that they can execute have changed. For example, if the current user privilege level is 3, the user can configure system parameters. After switching to user privilege level 0, the user can only execute simple commands, like ping and tracert, and only a few
16
display commands. The switching operation is effective for the current login. After the user logs back in, the user privilege restores to the original level.
•To avoid problems, HP recommends that administrators log in to the switch by using a lower privilege level and view switch operating parameters. To maintain the switch, administrators can temporarily switch to a higher level.
•If the administrators need to leave or need to ask someone else to temporarily manage the switch, they can switch to a lower privilege level to restrict the operation by others.
•A user can switch to a privilege level equal to or lower than the current one unconditionally and is not required to input a password (if any).
•For security, a user is required to input the password (if any) to switch to a higher privilege level. The authentication falls into one of the following four categories:
Authentication |
Meaning |
Description |
|
mode |
|||
|
|
||
|
|
The switch authenticates a user by using the privilege level switch |
|
local |
Local password |
password input by the user. |
|
authentication |
When this mode is applied, you need to set the password for |
||
|
|||
|
|
privilege level switch with the super password command. |
|
|
|
|
|
|
|
The switch sends the username and password for privilege level |
|
|
|
switch to the HWTACACS or RADIUS server for remote |
|
|
Remote AAA |
authentication. |
|
|
When this mode is applied, you need to perform the following |
||
|
authentication |
||
|
configurations: |
||
scheme |
through |
||
• Configure HWTACACS or RADIUS scheme and reference the |
|||
|
HWTACACS or |
||
|
created scheme in the ISP domain. For more information, see the |
||
|
RADIUS |
||
|
Security Configuration Guide. |
||
|
|
||
|
|
• Create the corresponding user and configure password on the |
|
|
|
HWTACACS or RADIUS server. |
|
|
|
|
|
|
Performs the local |
The switch authenticates a user by using the local password first. If |
|
|
password |
||
|
no local password is set, the privilege level is switched directly for |
||
|
authentication first |
||
local scheme |
the users logged in from the AUX port, and remote AAA |
||
and then the |
|||
|
authentication is performed on the users logged in from VTY user |
||
|
remote AAA |
||
|
interfaces. |
||
|
authentication |
||
|
|
||
|
|
|
|
|
Performs remote |
|
|
|
AAA |
AAA authentication is performed first, and if the remote |
|
scheme local |
authentication first |
HWTACACS or RADIUS server does not respond or AAA |
|
and then the local |
configuration on the switch is invalid, the local password |
||
|
|||
|
password |
authentication is performed. |
|
|
authentication |
|
|
|
|
|
Follow these steps to set the authentication mode for user privilege level switch:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
— |
|
|
|
Set the authentication mode for user privilege level switch
super authentication-mode { local Optional | scheme } *
17
To do… |
Use the command… |
Remarks |
Configure the password for user privilege level switch
super password [ level user-level ] { simple | cipher } password
Required if the authentication mode is set to local.
By default, no privilege level switch password is configured.
CAUTION:
•If no user privilege level is specified when you configure the password for switching the user privilege level with the super password command, the user privilege level defaults to 3.
•Specifying the simple keyword saves the password in plain text, which is less secure than specifying the cipher keyword, which saves the password in cipher text.
•If the user logs in from the AUX user interface (the console port), the user can switch the privilege level to a higher level even if the authentication mode is local and no password for user privilege level switch is configured.
Follow the step to switch the user privilege level:
To do… |
Use the command… |
Remarks |
|
|
|
Required |
|
|
|
When logging in to the switch, a |
|
Switch the user privilege level |
super [ level ] |
user has a user privilege level, |
|
which depends on user interface or |
|||
|
|
||
|
|
authentication user level. |
|
|
|
Available in user view. |
|
|
|
|
When you switch the user privilege level, the information you need to provide varies with combinations of the user interface authentication mode and the super authentication mode.
Table 6 Information input for user privilege level switch
User interface |
User privilege level |
Information input for the |
Information input after the |
|
switch |
||||
authentication |
||||
authentication |
first authentication mode |
authentication mode changes |
||
mode |
||||
mode |
|
|
||
|
|
|
||
|
|
Local user privilege level |
|
|
|
local |
switch password (configured |
— |
|
|
|
on the switch) |
|
|
|
|
|
|
|
|
|
Local user privilege level |
Username and password for |
|
|
local scheme |
privilege level switch (configured |
||
|
switch password |
|||
none/password |
|
on the AAA server) |
||
|
|
|||
|
|
|
|
|
|
scheme |
Username and password for |
— |
|
|
privilege level switch |
|||
|
|
|
||
|
|
|
|
|
|
scheme local |
Username and password for |
Local user privilege level switch |
|
|
privilege level switch |
password |
||
|
|
|||
|
|
|
|
18
User interface |
User privilege level |
Information input for the |
Information input after the |
|
switch |
||||
authentication |
||||
authentication |
first authentication mode |
authentication mode changes |
||
mode |
||||
mode |
|
|
||
|
|
|
||
|
local |
Local user privilege level |
— |
|
|
switch password |
|||
|
|
|
||
|
|
|
|
|
|
|
|
Password for privilege level |
|
|
|
Local user privilege level |
switch (configured on the AAA |
|
|
local scheme |
server). The system uses the |
||
|
switch password |
username used for logging in as |
||
|
|
|||
|
|
|
the privilege level switch |
|
|
|
|
username. |
|
|
|
|
|
|
|
|
Password for privilege level |
|
|
scheme |
|
switch (configured on the |
|
|
|
scheme |
AAA server). The system uses |
— |
|
|
the username used for |
|||
|
|
|
||
|
|
logging in as the privilege |
|
|
|
|
level switch username. |
|
|
|
|
|
|
|
|
|
Password for privilege level |
|
|
|
|
switch (configured on the |
|
|
|
scheme local |
AAA server). The system uses |
Local user privilege level switch |
|
|
the username used for |
password |
||
|
|
|||
|
|
logging in as the privilege |
|
|
|
|
level switch username. |
|
|
|
|
|
|
|
|
|
|
|
CAUTION:
•When the authentication mode is set to local, configure the local password before switching to a higher user privilege level.
•When the authentication mode is set to scheme, configure AAA related parameters before switching to a higher user privilege level.
•The privilege level switch fails after three consecutive unsuccessful password attempts.
•For more information about user interface authentication, see the chapter “Logging in to the switch configuration.”
All the commands in a view default to different levels. The administrator can change the default level of a command to a different level as needed.
Follow these steps to modify the command level:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
— |
|
|
|
Configure the command level in a |
command-privilege level level view |
Required |
specified view |
view command |
See Table 5 for the default settings. |
|
|
|
19
CAUTION:
HP recommends that you use the default command level or modify the command level under the guidance of professional staff. An improper change of the command level may bring inconvenience to your maintenance and operation, or even potential security problems.
On the device, you can input the save command in any view to save all of the submitted and executed commands into the configuration file. Commands saved in the configuration file can survive a reboot. The save command does not take effect on one-time commands, such as display commands, which display specified information, and the reset commands, which clear specified information. One-time commands that are executed are never saved.
To do… |
Use the command… |
Remarks |
|
Display defined command aliases |
display command-alias [ | { begin |
|
|
| exclude | include } |
Available in any view |
||
and the corresponding commands |
|||
regular-expression ] |
|
||
|
|
||
|
|
|
|
|
display clipboard [ | { begin | |
|
|
Display the clipboard information |
exclude | include } |
Available in any view |
|
|
regular-expression ] |
|
|
|
|
|
20
You can log in to the switch by using the following methods.
Table 7 Login methods
Login method |
Default state |
|
|
Logging in |
By default, you can log in to a device through the console port, the |
|
through the |
authentication mode is None (no username or password required), |
|
console port |
and the user privilege level is 3. |
|
|
|
|
|
By default, you cannot log in to a device through Telnet. To do so, log |
|
|
in to the device through the console port, and complete the following |
|
|
configuration: |
|
|
• Enable the Telnet function. |
|
Logging in |
• Configure the IP address of the VLAN interface, and make sure that |
|
through |
your device and the Telnet client can reach each other (by default, |
|
|
the device does not have an IP address.). |
|
|
• Configure the authentication mode of VTY login users (password |
|
|
by default). |
CLI login |
• Configure the user privilege level of VTY login users (0 by default). |
|
|
|
By default, you cannot log in to a device through SSH. To do so, log |
|
|
in to the device through the console port, and complete the following |
|
|
configuration: |
|
|
• Enable the SSH function and configure SSH attributes. |
|
Logging in |
• Configure the IP address of the VLAN interface, and make sure that |
|
through SSH |
your device and the SSH client can reach each other (by default, |
|
|
your device does not have an IP address.). |
|
|
• Configure the authentication mode of VTY login users as scheme |
|
|
(password by default). |
|
|
• Configure the user privilege level of VTY login users (0 by default). |
|
|
|
|
Logging in |
By default, you can log in to a device through modems. The default |
|
through modems |
user privilege level of modem login users is 3. |
|
|
|
|
|
By default, you cannot log in to a device through web. To do so, log |
|
|
in to the device through the console port, and complete the following |
|
|
configuration: |
|
|
• Configure the IP address of the VLAN interface (by default, your |
|
|
device does not have an IP address.). |
Web login |
• Configure a username and password for web login (not configured |
|
|
|
by default). |
|
|
• Configure the user privilege level for web login (not configured by |
|
|
default). |
|
|
• Configure the Telnet service type for web login (not configured by |
|
|
default). |
|
|
|
21
Login method |
Default state |
|
By default, you cannot log in to a device through a network |
|
management system (NMS). To do so, log in to the device through the |
|
console port, and complete the following configuration: |
NMS login |
• Configure the IP address of the VLAN interface, and make sure the |
|
device and the NMS can reach each other (by default, your device |
|
does not have an IP address.). |
|
• Configure SNMP basic parameters. |
|
|
User interface, also called “line”, allows you to manage and monitor sessions between the terminal and device when you log in to the device through the console port directly, or through Telnet or SSH.
One user interface corresponds to one user interface view where you can configure a set of parameters, such as whether to authenticate users at login, whether to redirect the requests to another device, and the user privilege level after login. When the user logs in through a user interface, the parameters set for the user interface apply.
The system supports the following CLI configuration methods:
•Local configuration via the console port
•Local/Remote configuration through Telnet or SSH
The methods correspond to the following user interfaces.
•AUX user interface: Used to manage and monitor user that log in via the Console port. The type of the Console port is EIA/TIA-232 DCE.
•VTY (virtual type terminal) user interface: Used to manage and monitor users that log in via VTY. A VTY port used for Telnet or SSH access.
Only one user can use a user interface at a time. The configuration made in a user interface view applies to any login user. For example, if user A uses the console port to log in, the configuration in the AUX user interface view applies to user A; if user A logs in through VTY 1, the configuration in VTY 1 user interface view applies to user A.
A device can be equipped with one AUX user interface and 16 VTY user interfaces. These user interfaces are not associated with specific users. When a user initiates a connection request, the system automatically assigns the idle user interface with the smallest number to the user based on the login method. During the login, the configuration in the user interface view takes effect. The user interface varies depending on the login method and the login time.
User interfaces can be numbered by using absolute numbering or relative numbering.
Absolute numbering identifies a user interface or a group of different types of user interfaces. The specified user interfaces are numbered from number 0 with a step of 1 and in the sequence of AUX, and
22
VTY user interfaces. You can use the display user-interface command without any parameters to view supported user interfaces and their absolute numbers.
Relative numbering allows you to specify a user interface or a group of user interfaces of a specific type. The number format is “user interface type + number”. The following rules of relative numbering apply:
•AUX user interfaces are numbered from 0 in the ascending order, with a step of 1.
•VTY user interfaces are numbered from 0 in the ascending order, with a step of 1.
23