Some login management commands are available in both user line view and user line class view. For these commands, the device uses the following rules to determine the settings to be activated:

· A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class.

· A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.

· A setting in user line class view takes effect only for users who log in after the configuration is completed. It does not affect online users.

activation-key

Use activation-key to specify the shortcut key for starting a terminal session.

Use undo activation-key to restore the default.

Syntax

activation-key key-string

undo activation-key

Default

Pressing Enter starts a terminal session.

Views

User line view, user line class view

Predefined user roles

network-admin

Parameters

key-string: Specifies a shortcut key. It can be a string of 1 to 3 characters, or an ASCII code value in the range of 0 to 127. If you enter a number that is greater than 127, or enter a string that is not a number, the first character is used as the shortcut key. For example, if you configure activation-key 987, the shortcut key is 9. If you configure activation-key abc, the shortcut key is a.

Usage guidelines

This command is not supported in VTY line view or VTY line class view.

To display the current shortcut key, use the display current-configuration | include activation-key command.

Examples

# Configure character s as the shortcut key for starting a terminal session on AUX 0.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] activation-key s

To verify the configuration:

1. Exit the console session.

[Sysname-line-aux0] return

<Sysname> quit

2. Log in again through the AUX line.

The following message appears:

Press ENTER to get started.

3. Press Enter.

Pressing Enter does not start a session.

4. Enter s.

A terminal session is started.

authentication-mode

Use authentication-mode to set the authentication mode for a user line.

Use undo authentication-mode to restore the default.

Syntax

In non-FIPS mode:

authentication-mode { none | password | scheme }

undo authentication-mode

In FIPS mode:

authentication-mode scheme

undo authentication-mode

Default

In non-FIPS mode, the authentication mode is password for VTY lines, and none for AUX lines.

In FIPS mode, the authentication mode is scheme.

Views

User line view, user line class view

Predefined user roles

network-admin

Parameters

none: Disables authentication.

password: Performs local password authentication.

scheme: Performs AAA authentication. For more information about AAA, see Security Configuration Guide.

Usage guidelines

When the authentication mode is none, a user can log in without authentication. To improve device security, use the password or scheme authentication mode.

In VTY line view, this command is associated with the protocol inbound command. If you specify a non-default value for only one of the two commands in VTY line view, the other command uses the default setting, regardless of the setting in VTY line class view.

In user line view, the configuration takes effect only for users who log in through the line after the configuration is completed.

Examples

# Enable the none authentication mode for the user line VTY 0.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] authentication-mode none

# Enable password authentication for the user line VTY 0 and set the password to 321.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] authentication-mode password

[Sysname-line-vty0] set authentication password simple 321

# Enable scheme authentication for the user line VTY 0. Configure local user 123 and set the password to 321. Assign the Telnet service and the user role network-admin to the user.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] authentication-mode scheme

[Sysname-line-vty0] quit

[Sysname] local-user 123

[Sysname-luser-manage-123] password simple 321

[Sysname-luser-manage-123] service-type telnet

[Sysname-luser-manage-123] authorization-attribute user-role network-admin

Related commands

set authentication password

auto-execute command

CAUTION:

After configuring this command for a user line, you might be unable to access the CLI through the user line. Make sure you can access the CLI through a different user line before you configure this command and save the configuration.

Use auto-execute command to specify the command to be automatically executed for login users.

Use undo auto-execute command to delete the configuration.

Syntax

auto-execute command command

undo auto-execute command

Default

Command auto-execution is disabled.

Views

User line view, user line class view

Predefined user roles

network-admin

Parameters

command: Specifies the command to be automatically executed.

Usage guidelines

This command is not supported in AUX line view or AUX line class view.

This command is available in both user line view and user line class view. A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view. In user line view, the configuration takes effect only for users who log in through the line after the configuration is completed.

The device automatically executes the specified command when a user logs in through the user line, and closes the user connection after the command is executed. If the command triggers another task, the device does not close the user connection until the task is completed.

Typically, you configure the auto-execute command telnet X.X.X.X command on the device so the device redirects a Telnet user to the host at X.X.X.X. In this case, the connection to the current device is closed when the user terminates the Telnet connection to X.X.X.X.

Examples

# Configure the device to automatically Telnet to 192.168.1.41 after a user logs in through user line VTY 0.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] auto-execute command telnet 192.168.1.41

This action will lead to configuration failure through line-vty0. Are you sure?

[Y/N]:y

[Sysname-line-vty0]

# To verify the configuration, Telnet to 192.168.1.40.

The device automatically Telnets to 192.168.1.41, and the following output is displayed:

C:\> telnet 192.168.1.40

******************************************************************************

* Without the owner's prior written consent, *

* no decompiling or reverse-engineering shall be allowed. *

******************************************************************************

Trying 192.168.1.41 ...

Press CTRL+K to abort

Connected to 192.168.1.41 ...

******************************************************************************

* Without the owner's prior written consent, *

* no decompiling or reverse-engineering shall be allowed. *

******************************************************************************

<Sysname.41>

This operation is the same as directly logging in to the device at 192.168.1.41 through Telnet. When you close the Telnet connection to 192.168.1.41, the Telnet connection to 192.168.1.40 is closed at the same time.

command accounting

Use command accounting to enable command accounting.

Use undo command accounting to restore the default.

Syntax

command accounting

undo command accounting

Default

Command accounting is disabled, and the accounting server does not record executed commands.

Views

User line view, user line class view

Predefined user roles

network-admin

Usage guidelines

When command accounting is enabled but command authorization is not, every executed command is recorded on the HWTACACS server.

When both command accounting and command authorization are enabled, only authorized commands that are executed are recorded on the HWTACACS server.

Invalid commands are not recorded.

In user line view, the configuration takes effect only for users who log in through the line after the configuration is completed.

If you configure the command accounting command in user line class view, command accounting is enabled on all user lines in the class. You cannot configure the undo command accounting command in the view of a user line in the class.

Examples

# Enable command accounting for the user line VTY 0.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] command accounting

Related commands

· accounting command (Security Command Reference)

· command authorization

command authorization

Use command authorization to enable command authorization.

Use undo command authorization to restore the default.

Syntax

command authorization

undo command authorization

Default

Command authorization is disabled. Logged-in users can execute commands without authorization.

Views

User line view, user line class view

Predefined user roles

network-admin

Usage guidelines

When command authorization is enabled, a user can only use commands that are permitted by both the AAA scheme and user role.

In user line view, the configuration takes effect only for users who log in through the line after the configuration is completed.

If you configure the command authorization command in user line class view, command authorization is enabled on all user lines in the class. You cannot configure the undo command authorization command in the view of a user line in the class.

Examples

# Enable command authorization for VTY 0 so the VTY 0 user can execute only authorized commands that are permitted by the user role.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] command authorization

Related commands

· authorization command (Security Command Reference)

· command accounting

databits

Use databits to specify the number of data bits for a character.

Use undo databits to restore the default.

Syntax

databits { 5 | 6 | 7 | 8 }

undo databits

Default

Eight data bits are used for a character.

Views

User line view

Predefined user roles

network-admin

Parameters

5: Uses five data bits for a character.

6: Uses six data bits for a character.

7: Uses seven data bits for a character.

8: Uses eight data bits for a character.

Usage guidelines

This command is not supported in VTY line view.

This setting must be the same as the setting on the configuration terminal.

Examples

# Configure AUX 0 to use five data bits for a character.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] databits 5

display line

Use display line to display user line information.

Syntax

display line [ number1 | { aux | vty } number2 ] [ summary ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

number1: Specifies the absolute number of a user line, in the range of 0 to 192.

aux: Specifies the AUX line.

vty: Specifies the VTY line.

number2: Specifies the relative number of a user line. For AUX lines, the value range is 0 to 128. For VTY lines, the value range is 0 to 63.

summary: Displays summary information about user lines. If you do not specify this keyword, the detailed information is displayed.

Examples

# Display information about user line 0.

<Sysname> display line 0

Idx Type Tx/Rx Modem Auth Int Location

1 AUX 0 9600 - N - 1/0

+ : Line is active.

F : Line is active and in async mode.

Idx : Absolute index of line.

Type : Type and relative index of line.

Auth : Login authentication mode.

Int : Physical port of the line.

A : Authentication use AAA.

N : No authentication is required.

P : Password authentication.

Table 1 Command output

Field	Description
Modem	Whether the modem allows calling in or out. By default, this attribute is not configured and this field displays a hyphen (-). The device does not support this field.
Int	Physical port for the line. For AUX and VTY lines, this field displays a hyphen (-).
Location	Physical position of the line, in the form slot number/CPU number.

# Display summary information about all user lines.

<Sysname> display line summary

Line type : [AUX]

0:XXXX XXXX XXXX XXXX

16:XXXX XXXX XXXX XXXX

32:XXXX XXXX XXXX XXXX

48:XXXX XXXX XXXX XXXX

64:XXXX XXXX XXXX XXXX

80:XXXX XXXX XXXX XXXX

96:XXXX XXXX XXXX XXXX

112:XXXX XXXX XXXX XXXX

128:X

Line type : [VTY]

129:UUUX XXXX XXXX XXXX

145:XXXX XXXX XXXX XXXX

161:XXXX XXXX XXXX XXXX

177:XXXX XXXX XXXX XXXX

3 lines used. (U)

190 lines not used. (X)

Table 2 Command output

Fields	Description
number:status	number: Absolute number of the first user line in the user line class. status: User line status. X is for unused and U is for used. For example, if "0:UXXX XXXX XXXX XXXX" is displayed, there are 16 user lines of the user line class, which use the absolute numbers 0 through 15. User line 0 is in use, and the other user lines are not.

Fields

Description

number:status

number: Absolute number of the first user line in the user line class.

status: User line status. X is for unused and U is for used.

For example, if "0:UXXX XXXX XXXX XXXX" is displayed, there are 16 user lines of the user line class, which use the absolute numbers 0 through 15. User line 0 is in use, and the other user lines are not.

display telnet client

Use display telnet client to display the packet source setting for the Telnet client.

Syntax

display telnet client

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the packet source setting for the Telnet client.

<Sysname> display telnet client

The source IP address is 1.1.1.1.

Related commands

telnet client source

display user-interface

Use display user-interface to display user line information.

Syntax

display user-interface [ number1 | { aux | vty } number2 ] [ summary ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

number1: Specifies the absolute number of a user line, in the range of 0 to 192.

aux: Specifies the AUX line.

vty: Specifies the VTY line.

number2: Specifies the relative number of a user line. For AUX lines, the value range is 0 to 128. For VTY lines, the value range is 0 to 63.

summary: Displays summary information about user lines. If you do not specify this keyword, the detailed information is displayed.

Usage guidelines

This command is an older version reserved for backward compatibility purposes. It has the same functionality and output as the display line command. As a best practice, use the display line command.

Examples

# Display information about user line 0.

<Sysname> display user-interface 0

Idx Type Tx/Rx Modem Auth Int Location

0 AUX 0 9600 - N - 1/0

+ : Line is active.

F : Line is active and in async mode.

Idx : Absolute index of line.

Type : Type and relative index of line.

Auth : Login authentication mode.

Int : Physical port of the line.

A : Authentication use AAA.

N : No authentication is required.

P : Password authentication.

Table 3 Command output

Field	Description
Modem	Whether the modem allows calling in or out. By default, this attribute is not configured and this field displays a hyphen (-). The device does not support this field.
Int	Physical port for the line. For AUX and VTY lines, this field displays a hyphen (-).
Location	Physical position of the line, in the form slot number/CPU number.

# Display summary information about all user lines.

<Sysname> display user-interface summary

Line type : [AUX]

0:XXXX XXXX XXXX XXXX

16:XXXX XXXX XXXX XXXX

32:XXXX XXXX XXXX XXXX

48:XXXX XXXX XXXX XXXX

64:XXXX XXXX XXXX XXXX

80:XXXX XXXX XXXX XXXX

96:XXXX XXXX XXXX XXXX

112:XXXX XXXX XXXX XXXX

128:X

Line type : [VTY]

129:UUUX XXXX XXXX XXXX

145:XXXX XXXX XXXX XXXX

161:XXXX XXXX XXXX XXXX

177:XXXX XXXX XXXX XXXX

3 lines used. (U)

190 lines not used. (X)

Table 4 Command output

Fields	Description
number:status	number: Absolute number of the first user line in the user line class. status: User line status. X is for unused and U is for used. For example, if "0:UXXX XXXX XXXX XXXX" is displayed, there are 16 user lines of the user line class, which use the absolute numbers 0 through 15. User line 0 is in use, and the other user lines are not.

Fields

Description

number:status

number: Absolute number of the first user line in the user line class.

status: User line status. X is for unused and U is for used.

display users

Use display users to display online CLI user information.

Syntax

display users [ all ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Displays all user lines supported by the device.

Examples

# Display online user information.

<Sysname> display users

Idx Line Idle Time Pid Type

129 VTY 0 00:10:49 Jun 11 11:27:32 320 TEL

+ 130 VTY 1 00:00:00 Jun 11 11:39:40 334 TEL

Following are more details.

VTY 0 :

Location: 192.168.1.12

VTY 1 :

Location: 192.168.1.26

+ : Current operation user.

F : Current operation user works in async mode.

The output shows that two users have logged in to the device: one is using user line VTY 0 and the other (yourself) is using VTY 1. Your IP address is 192.168.1.26.

Table 5 Command output

Field	Description
Idx	Absolute number of the user line.
Line	Type and relative number of the user line.
Idle	Time elapsed after the user's most recent input, in the hh:mm:ss format.
Time	Login time of the user.
Pid	Process ID of the user session.
Type	User type, such as Telnet or SSH.
+	User line you are using.
Location	IP address of the user.

escape-key

Use escape-key to set the escape key.

Use undo escape-key to disable the escape key.

Syntax

escape-key { key-string | default }

undo escape-key

Default

Pressing Ctrl+C terminates a task.

Views

User line view, user line class view

Predefined user roles

network-admin

Parameters

key-string: Specifies a shortcut key. It can be a string of 1 to 3 characters, or an ASCII code value in the range of 0 to 127. If you enter a number that is greater than 127, or enter a string that is not a number, the first character is used as the shortcut key. For example, if you configure escape-key 987, the shortcut key is 9. If you configure escape-key abc, the shortcut key is a.

default: Restores the default escape key sequence Ctrl+C.

Usage guidelines

You can use this shortcut key to abort a command that is being executed. For example, you can press this shortcut key to abort a ping or tracert command.

Whether a command can be aborted by Ctrl+C by default depends on the software implementation of the command. For more information, see the usage guidelines for the command.

As a best practice, use a key sequence as the shortcut key. If you define a single character as the shortcut key, pressing the key while a command is being executed stops the command. If no command is being executed, the result depends on the following situations:

· If you are managing the local device, pressing the key enters the character as a common character.

· If you Telnet to another device and manage the remote device, pressing the key does not do anything.

If you execute this command multiple times, the most recent setting takes effect. To display the current escape key, use the display current-configuration command.

Examples

# Define character a as the escape key for AUX 0.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] escape-key a

To verify the configuration:

1. Ping IP address 192.168.1.49, specifying the -c keyword to set the number of ICMP echo request packets to 20.

<Sysname> ping -c 20 192.168.1.49

PING 192.168.1.49: 56 data bytes, press a to break

Reply from 192.168.1.49: bytes=56 Sequence=1 ttl=255 time=3 ms

Reply from 192.168.1.49: bytes=56 Sequence=2 ttl=255 time=3 ms

2. Press a.

The system aborts the command and returns to user view.

--- 192.168.1.49 ping statistics ---

2 packet(s) transmitted

2 packet(s) received

0.00% packet loss

round-trip min/avg/max = 3/3/3 ms

flow-control

Use flow-control to configure the flow control mode.

Use undo flow-control to restore the default.

Syntax

flow-control { hardware | none | software }

undo flow-control

Default

The flow control mode is none.

Views

User line view

Predefined user roles

network-admin

Parameters

hardware: Performs hardware flow control.

none: Disables flow control.

software: Performs software flow control.

Usage guidelines

This command is not supported in VTY line view.

The device supports flow control in both the inbound and outbound directions.

· For flow control in the inbound direction, the local device listens to flow control information from the remote device.

· For flow control in the outbound direction, the local device sends flow control information to the remote device.

The flow control setting takes effect in both directions.

To communicate, two devices must operate in the same flow control mode.

Examples

# Configure software flow control in the inbound and outbound directions for the user line AUX 0.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] flow-control software

free line

Use free line to release a user line.

Syntax

free line { number1 | { aux | vty } number2 }

Views

User view

Predefined user roles

network-admin

Parameters

number1: Specifies the absolute number of a user line, in the range of 0 to 192.

aux: Specifies the AUX line.

vty: Specifies the VTY line.

number2: Specifies the relative number of a user line. For AUX lines, the value range is 0 to 128. For VTY lines, the value range is 0 to 63.

Usage guidelines

This command does not release the line you are using.

Examples

# Release the user line VTY 1:

1. Display online users.

<Sysname> display users

Idx Line Idle Time Pid Type

129 VTY 0 00:10:49 Jun 11 11:27:32 320 TEL

+ 130 VTY 1 00:00:00 Jun 11 11:39:40 334 TEL

Following are more details.

VTY 0 :

Location: 192.168.1.12

VTY 1 :

Location: 192.168.1.26

+ : Current operation user.

F : Current operation user works in async mode.

2. If the operations of the user on VTY 1 impact your operations, log out the user.

<Sysname> free line vty 1

Are you sure to free line vty1? [Y/N]:y

[OK]

free user-interface

Use free user-interface to release a user line.

Syntax

free user-interface { number1 | { aux | vty } number2 }

Views

User view

Predefined user roles

network-admin

Parameters

number1: Specifies the absolute number of a user line, in the range of 0 to 192.

aux: Specifies the AUX line.

vty: Specifies the VTY line.

number2: Specifies the relative number of a user line. For AUX lines, the value range is 0 to 128. For VTY lines, the value range is 0 to 63.

Usage guidelines

This command does not release the line you are using.

This command is an older version reserved for backward compatibility purposes. It has the same functionality and output as the free line command. As a best practice, use the free line command.

Examples

# Release the user line VTY 1:

1. Display online users.

<Sysname> display users

Idx LINE Idle Time Pid Type

129 VTY 0 00:10:49 Jun 11 11:27:32 320 TEL

+ 130 VTY 1 00:00:00 Jun 11 11:39:40 334 TEL

Following are more details.

VTY 0 :

Location: 192.168.1.12

VTY 1 :

Location: 192.168.1.26

+ : Current operation user.

F : Current operation user works in async mode.

2. If the operations of the user on VTY 1 impact your operations, log out the user.

<Sysname> free user-interface vty 1

Are you sure to free line vty1? [Y/N]:y

[OK]

history-command max-size

Use history-command max-size to set the size of the command history buffer for a user line.

Use undo history-command max-size to restore the default.

Syntax

history-command max-size size-value

undo history-command max-size

Default

The buffer for a user line saves up to 10 history commands.

Views

User line view, user line class view

Predefined user roles

network-admin

Parameters

size-value: Specifies the maximum number of history commands the buffer can store, in the range of 0 to 256.

Usage guidelines

Each user line uses a separate command history buffer to save commands successfully executed by its user. The buffer size determines how many history commands the buffer can store.

To display history commands in the buffer for your session, press the up or down arrow key, or execute the display history-command command.

Terminating a CLI session clears the commands in the history buffer.

Examples

# Set the command history buffer size to 20 for the user line AUX 0.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] history-command max-size 20

idle-timeout

Use idle-timeout to set the CLI connection idle-timeout timer.

Use undo idle-timeout to restore the default.

Syntax

idle-timeout minutes [ seconds ]

undo idle-timeout

Default

The CLI connection idle-timeout timer is 10 minutes.

Views

User line view, user line class view

Predefined user roles

network-admin

Parameters

minutes: Specifies the number of minutes for the timer, in the range of 0 to 35791. The default is 10 minutes.

seconds: Specifies the number of seconds for the timer, in the range of 0 to 59. The default is 0 seconds.

Usage guidelines

The system automatically terminates a user connection if no information interaction occurs on the connection within the idle-timeout interval.

Setting the idle-timeout timer to 0 disables the idle-timeout feature.

Examples

# Set the CLI connection idle-timeout timer to 1 minute and 30 seconds for the user line AUX 0.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] idle-timeout 1 30

line

Use line to enter one or multiple user line views.

Syntax

line { first-number1 [ last-number1 ] | { aux | vty } first-number2 [ last-number2 ] }

Views

System view

Predefined user roles

network-admin

Parameters

first-number1: Specifies the absolute number of the first user line, in the range of 0 to 192.

last-number1: Specifies the absolute number of the last user line, in the range of 0 to 192. This number cannot be smaller than first-number1.

aux: Specifies the AUX line.

vty: Specifies the VTY line.

first-number2: Specifies the relative number of the first user line. For AUX lines, the value range is 0 to 128. For VTY lines, the value range is 0 to 63.

last-number2: Specifies the relative number of the last user line. For AUX lines, the value range is 0 to 128. For VTY lines, the value range is 0 to 63. This number cannot be smaller than first-number2.

Usage guidelines

To configure settings for a single user line, use this command to enter the user line view.

To configure the same settings for multiple user lines, use this command to enter multiple user line views.

Examples

# Enter the view of user line AUX 0.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0]

# Enter the views of user lines VTY 0 to VTY 4.

<Sysname> system-view

[Sysname] line vty 0 4

[Sysname-line-vty0-4]

Related commands

line class

Use line class to enter user line class view.

Syntax

line class { aux | vty }

Views

System view

Predefined user roles

network-admin

Parameters

aux: Specifies the AUX line class view.

vty: Specifies the VTY line class view.

Usage guidelines

To configure the same settings for all user lines of a line class, use this command to enter the user line class view.

For commands that are available in both user line view and user line class view, the device uses the following rules to determine the settings to be activated:

· A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class.

· A setting in user line class view takes effect only for users who log in after the configuration is completed. It does not affect online users.

Examples

# Set the CLI connection idle-timeout timer to 15 minutes in VTY line class view.

<Sysname> system-view

[Sysname] line class vty

[Sysname-line-class-vty] idle-timeout 15

# In AUX line class view, configure character s as the shortcut key for starting a terminal session.

<Sysname> system-view

[Sysname] line class aux

[Sysname-line-class-aux] activation-key s

[Sysname-line-class-aux] quit

# In AUX line view, restore the default shortcut key for starting a terminal session.

[Sysname] line aux 0

[Sysname-line-aux0] undo activation-key

Alternatively, you can use the following command:

[Sysname-line-aux0] activation-key 13

To verify the configuration:

1. Exit the console session.

[Sysname-line-aux0] return

<Sysname> quit

2. Log in again through the AUX line.

The following message appears:

Press ENTER to get started.

3. Press Enter.

Pressing Enter does not start a session.

4. Enter s.

A terminal session is started.

Related commands

line

lock

Use lock to lock the current user line. This method prevents unauthorized users from using the user line.

Syntax

lock

Default

By default, the system does not lock any user lines.

Views

User view

Predefined user roles

network-admin

Usage guidelines

This command is not supported in FIPS mode.

This command requires you to enter a password for unlocking the user line. The user line is locked after you enter a password and confirm the password.

To unlock the user line, press Enter and enter the correct password.

Examples

# Lock the current user line and then unlock it.

<Sysname> lock

Please input password<1 to 16> to lock current line:

Password:

Again:

locked !

// The user line is locked. To unlock it, press Enter and enter the password:

Password:

parity

Use parity to specify a parity check mode.

Use undo parity to restore the default.

Syntax

parity { even | mark | none | odd | space }

undo parity

Default

The setting is none, and no parity check is performed.

Views

User line view

Predefined user roles

network-admin

Parameters

even: Performs even parity check.

mark: Performs mark parity check.

none: Disables parity check.

odd: Performs odd parity check.

space: Performs space parity check.

Usage guidelines

This command is not supported in VTY line view.

The configuration terminal and the device must be configured with the same parity check mode to communicate.

Examples

# Configure user line AUX 0 to perform odd parity check.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] parity odd

protocol inbound

Use protocol inbound to enable a user line to support Telnet, SSH, or both protocols.

Use undo protocol inbound to restore the default.

Syntax

In non-FIPS mode:

protocol inbound { all | ssh | telnet }

undo protocol inbound

In FIPS mode:

protocol inbound ssh

undo protocol inbound

Default

In non-FIPS mode, both Telnet and SSH are supported.

In FIPS mode, SSH is supported.

Views

VTY line view, VTY line class view

Predefined user roles

network-admin

Parameters

all: Supports both Telnet and SSH.

ssh: Supports SSH only.

telnet: Supports Telnet only.

Usage guidelines

In VTY line view, the configuration takes effect only for users who log in through the user line after the configuration is completed.

Before configuring a user line to support SSH, set the authentication mode to scheme for the user line. For more information, see authentication-mode.

In VTY line view, this command is associated with the authentication-mode command. If you specify a non-default value for only one of the two commands in VTY line view, the other command uses the default setting, regardless of the setting in VTY line class view.

Examples

# Enable user lines VTY 0 through VTY 4 to support only SSH.

<Sysname> system-view

[Sysname] line vty 0 4

[Sysname-line-vty0-4] authentication-mode scheme

[Sysname-line-vty0-4] protocol inbound ssh

# Enable SSH support and set the authentication mode to scheme in VTY line class view. Enable user lines VTY 0 through VTY 4 to support all protocols and disable authentication for the user lines.

<Sysname> system-view

[Sysname] line class vty

[Sysname-line-class-vty] authentication-mode scheme

[Sysname-line-class-vty] protocol inbound ssh

[Sysname-line-class-vty] line vty 0 4

[Sysname-line-vty0-4] authentication-mode none

To verify the configuration:

1. Telnet to the device.

<Client> telnet 192.168.1.241

Trying 192.168.1.241 ...

Press CTRL+K to abort

Connected to 192.168.1.241 ...

******************************************************************************

* Without the owner's prior written consent, *

* no decompiling or reverse-engineering shall be allowed. *

******************************************************************************

You are logged in without authentication.

2. Display online CLI user information.

<Server> display users

Idx Line Idle Time Pid Type

+ 50 VTY 0 00:00:00 Jan 17 15:29:27 189 TEL

Following are more details.

VTY 0 :

Location: 192.168.1.186

+ : Current operation user.

F : Current operation user works in async mode.

The output shows that you are using VTY 0. The configuration in user line view is effective.

screen-length

Use screen-length to set the maximum number of lines to be displayed on a screen.

Use undo screen-length to restore the default.

Syntax

screen-length screen-length

undo screen-length

Default

Up to 24 lines are displayed on a screen.

Views

User line view, user line class view

Predefined user roles

network-admin

Parameters

screen-length: Specifies the maximum number of lines to be displayed on a screen, in the range of 0 to 512. Setting this argument to 0 disables pausing between screens of output.

Usage guidelines

This command sets the maximum number of lines that can be displayed on one screen when the screen pause feature is enabled. If the screen pause feature is disabled, the system displays command output without a pause.

The actual number of lines that can be displayed on a screen is restricted by the display specification of the configuration terminal. For example, if you set the maximum number of lines for a screen to 40, the device sends 40 lines to the screen at a time. If the display specification is 24 lines, only the last 24 lines are displayed on the screen. To view the previous 16 lines, you must press PgUp.

The screen pause feature is enabled by default. To disable this feature, execute the screen-length 0 command or the screen-length disable command.

Examples

# Set the maximum number of lines to be displayed on a screen to 30 for the user line AUX 0.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] screen-length 30

Related commands

screen-length disable

send

Use send to send messages to user lines.

Syntax

send { all | number1 | { aux | vty } number2 }

Views

User view

Predefined user roles

network-admin

Parameters

all: Specifies all user lines.

number1: Specifies the absolute number of a user line, in the range of 0 to 192.

aux: Specifies the AUX line.

vty: Specifies the VTY line.

number2: Specifies the relative number of a user line. For AUX lines, the value range is 0 to 128. For VTY lines, the value range is 0 to 63.

Usage guidelines

To end a message, press Enter. To cancel a message and return to user view, press Ctrl+C.

Examples

# Before you restart the device, send a notification to VTY 1 to inform the user.

<Sysname> send vty 1

Input message, end with Enter; abort with CTRL+C:

Your attention, please. I will reboot the system in 3 minutes.

Send message? [Y/N]:y

The message should appear on the screen of the user's configuration terminal, as shown in the following example:

[Sysname]

***

***Message from vty0 to vty1

***

Your attention, please. I will reboot the system in 3 minutes.

set authentication password

Use set authentication password to set a password for local password authentication.

Use undo set authentication password to delete the password.

Syntax

set authentication password { hash | simple } password

undo set authentication password

Default

No password is set for local password authentication.

Views

User line view, user line class view

Predefined user roles

network-admin

Parameters

hash: Sets a hashed password.

simple: Sets a plaintext password.

password: Specifies the password string. This argument is case sensitive. If simple is specified, it must be a string of 1 to 16 characters. If hash is specified, it must be a string of 1 to 110 characters.

Usage guidelines

This command is not supported in FIPS mode.

For security purposes, the password is hashed before being saved, whether you specify the hash or simple keyword.

In user line view, the configuration takes effect only for users who log in through the line after the configuration is completed.

Examples

# Set the password for local password authentication on user line AUX 0 to hello.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] authentication-mode password

[Sysname-line-aux0] set authentication password simple hello

When you log in again through user line, you must enter the password hello to pass authentication.

Related commands

authentication-mode

shell

Use shell to enable the terminal service for a user line.

Use undo shell to disable the terminal service for a user line.

Syntax

shell

undo shell

Default

The terminal service is enabled on all user lines.

Views

User line view, user line class view

Predefined user roles

network-admin

Usage guidelines

The undo shell command is not supported in AUX line view or AUX line class view.

You cannot disable the terminal service on the user line you are using.

When the device acts as a Telnet or SSH server, you cannot configure the undo shell command.

If the undo shell command is configured in user line class view, you cannot configure the shell command in the view of a user line in the class.

Examples

# Disable the terminal service for user lines VTY 0 through VTY 4 so no user can log in to the device through the user lines.

<Sysname> system-view

[Sysname] line vty 0 4

[Sysname-line-vty0-4] undo shell

Disable ui-vty0-4 , are you sure? [Y/N]:y

[Sysname-line-vty0-4]

speed

Use speed to set the transmission rate (also called the baud rate) on a user line.

Use undo speed to restore the default.

Syntax

speed speed-value

undo speed

Default

The transmission rate on a user line is 9600 bps.

Views

User line view

Predefined user roles

network-admin

Parameters

speed-value: Specifies the transmission rate in bps. Supported transmission rates depend on the configuration environment. The transmission rates for asynchronous serial interfaces might include:

· 300 bps.

· 600 bps.

· 1200 bps.

· 2400 bps.

· 4800 bps.

· 9600 bps.

· 19200 bps.

· 38400 bps.

· 57600 bps.

· 115200 bps.

Usage guidelines

This command is not supported in VTY line view.

The configuration terminal and the device must be configured with the same transmission rate to communicate.

Examples

# Set the transmission rate to 19200 bps for the user line AUX 0.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] speed 19200

stopbits

Use stopbits to specify the number of stop bits for a character.

Use undo stopbits to restore the default.

Syntax

stopbits { 1 | 1.5 | 2 }

undo stopbits

Default

One stop bit is used.

Views

User line view

Predefined user roles

network-admin

Parameters

1: Uses one stop bit.

1.5: Uses one and a half stop bits. The device does not support using one and a half stop bits. If you specify this keyword, two stop bits are used.

2: Uses two stop bits.

Usage guidelines

This command is not supported in VTY line view.

The configuration terminal and the device must be configured to use the same number of stop bits to communicate.

Examples

# Set the number of stop bits to 1 for the user line AUX 0.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] stopbits 1

telnet

Use telnet to Telnet to a host in an IPv4 network.

Syntax

telnet remote-host [ service-port ] [ vpn-instance vpn-instance-name ] [ source { interface interface-type interface-number | ip ip-address } ] [ dscp dscp-value ]

Views

User view

Predefined user roles

network-admin

Parameters

remote-host: Specifies the IPv4 address or host name of a remote host. A host name can be a case-insensitive string of 1 to 253 characters. Valid characters for a host name include letters, digits, hyphens (-), underscores (_), and dots (.).

service-port: Specifies the TCP port number for the Telnet service on the remote host. The value range is 0 to 65535 and the default is 23.

vpn-instance vpn-instance-name: Specifies the VPN instance to which the remote host belongs, where vpn-instance-name is a case-sensitive string of 1 to 31 characters. If the remote host belongs to the public network, do not specify this option.

source: Specifies a source IPv4 address or source interface for outgoing Telnet packets.

interface interface-type interface-number: Specifies the source interface. The primary IPv4 address of the interface will be used as the source IPv4 address for outgoing Telnet packets.

ip ip-address: Specifies the source IPv4 address for outgoing Telnet packets.

dscp dscp-value: Specifies the DSCP value for IP to use in outgoing Telnet packets to indicate the packet transmission priority. The value range is 0 to 63. The default is 48.

Usage guidelines

This command is not supported in FIPS mode.

To terminate the current Telnet connection, press Ctrl+K or execute the quit command.

The source address or interface specified by this command is applied only to the current Telnet connection.

Examples

# Telnet to host 1.1.1.2, using 1.1.1.1 as the source IP address for outgoing Telnet packets.

<Sysname> telnet 1.1.1.2 source ip 1.1.1.1

Related commands

telnet client source

Use telnet client source to specify a source IPv4 address or source interface for outgoing Telnet packets when the device acts as a Telnet client.

Use undo telnet client source to delete the configuration.

Syntax

telnet client source { interface interface-type interface-number | ip ip-address }

undo telnet client source

Default

No source IPv4 address or source interface is specified for outgoing Telnet packets. The source IPv4 address is the primary IPv4 address of the outbound interface.

Views

System view

Predefined user roles

network-admin

Parameters

interface interface-type interface-number: Specifies a source interface. The primary IPv4 address of the interface will be used as the source IPv4 address for outgoing Telnet packets.

ip ip-address: Specifies a source IPv4 address.

Usage guidelines

This command is not supported in FIPS mode.

The setting configured by this command applies to all Telnet connections but has a lower precedence than the source setting specified for the telnet command.

Examples

# Set the source IPv4 address for outgoing Telnet packets to 1.1.1.1 when the device acts as a Telnet client.

<Sysname> system-view

[Sysname] telnet client source ip 1.1.1.1

Related commands

display telnet client configuration

telnet ipv6

Use telnet ipv6 to Telnet to a host in an IPv6 network.

Syntax

telnet ipv6 remote-host [ -i interface-type interface-number ] [ port-number ] [ vpn-instance vpn-instance-name ] [ dscp dscp-value ]

Views

User view

Predefined user roles

network-admin

Parameters

remote-host: Specifies the IP address or host name of a remote host. A host name can be a case-insensitive string of 1 to 253 characters. Valid characters for a host name include letters, digits, hyphens (-), underscores (_), and dots (.).

-i interface-type interface-number: Specifies the outbound interface for sending Telnet packets. This option is required when the server address is a link-local address.

port-number: Specifies the TCP port number for the Telnet service on the remote host. The value range is 0 to 65535 and the default is 23.

dscp dscp-value: Specifies the DSCP value for IPv6 to use in outgoing Telnet packets to indicate the packet transmission priority. The value range is 0 to 63. The default is 48.

Usage guidelines

This command is not supported in FIPS mode.

To terminate the current Telnet connection, press Ctrl+K or execute the quit command.

Examples

# Telnet to the host at 5000::1.

<Sysname> telnet ipv6 5000::1

telnet server acl

Use telnet server acl to apply an ACL to filter Telnet logins.

Use undo telnet server acl to restore the default.

Syntax

telnet server acl acl-number

undo telnet server acl

Default

No ACL is used to filter Telnet logins.

Views

System view

Predefined user roles

network-admin

Parameters

acl-number: Specifies an ACL by its number. The following are the value ranges:

· Basic ACL—2000 to 2999.

· Advanced ACL—3000 to 3999.

· Ethernet frame header ACL—4000 to 4999.

Usage guidelines

This command is not supported in FIPS mode.

Only one ACL can be used to filter Telnet logins, and only users permitted by the ACL can Telnet to the device.

This command does not take effect on existing Telnet connections.

You can specify an ACL that has not been created yet in this command. The command takes effect after the ACL is created.

For more information about ACL, see ACL and QoS Configuration Guide.

Examples

# Permit only the user at 1.1.1.1 to Telnet to the device.

<Sysname> system-view

[Sysname] acl number 2001

[Sysname-acl-basic-2001] rule permit source 1.1.1.1 0

[Sysname-acl-basic-2001] quit

[Sysname] telnet server acl 2001

telnet server dscp

Use telnet server dscp to set the DSCP value for IPv4 to use for outgoing Telnet packets on a Telnet server.

Use undo telnet server dscp to restore the default.

Syntax

telnet server dscp dscp-value

undo telnet server dscp

Default

IPv4 uses the DSCP value 48 for outgoing Telnet packets on a Telnet server.

Views

System view

Predefined user roles

network-admin

Parameters

dscp-value: Specifies a DSCP value in the range of 0 to 63.

Usage guidelines

This command is not supported in FIPS mode.

The DSCP value is carried in the ToS field of an IP packet to indicate the transmission priority of the packet.

Examples

# Set the DSCP value for IPv4 to use for outgoing Telnet packets to 30 on a Telnet server.

<Sysname> system-view

[Sysname] telnet server dscp 30

telnet server ipv6 acl

Use telnet server ipv6 acl to apply an IPv6 ACL to filter IPv6 Telnet logins.

Use undo telnet server ipv6 acl to restore the default.

Syntax

telnet server ipv6 acl [ ipv6 ] acl-number

undo telnet server ipv6 acl

Default

No IPv6 ACL is used to filter IPv6 Telnet logins.

Views

System view

Predefined user roles

network-admin

Parameters

acl-number: Specifies an IPv6 ACL by its number. The following are the value ranges:

· Basic ACL—2000 to 2999. The ipv6 option is required.

· Advanced ACL—3000 to 3999. The ipv6 option is required.

· Ethernet frame header ACL—4000 to 4999. Do not specify the ipv6 option.

Usage guidelines

This command is not supported in FIPS mode.

If the ACL does not exist or does not have a rule, all users are permitted to Telnet to the device.

When the ACL exists and has rules, only users permitted by the ACL can Telnet to the device.

This command is not effective for existing Telnet connections.

If you execute this command multiple times, the most recent configuration takes effect.

For more information about ACL, see ACL and QoS Configuration Guide.

Examples

# Permit only the user at 2000::1 to Telnet to the device.

<Sysname> system-view

[Sysname] acl ipv6 number 2001

[Sysname-acl6-basic-2001] rule permit source 2000::1 128

[Sysname-acl6-basic-2001] quit

[Sysname] telnet server ipv6 acl ipv6 2001

telnet server ipv6 dscp

Use telnet server ipv6 dscp to set the DSCP value for IPv6 to use for outgoing Telnet packets on a Telnet server.

Use undo telnet server ipv6 dscp to restore the default.

Syntax

telnet server ipv6 dscp dscp-value

undo telnet server ipv6 dscp

Default

IPv6 uses the DSCP value 48 for outgoing Telnet packets on a Telnet server.

Views

System view

Predefined user roles

network-admin

Parameters

dscp-value: Specifies a DSCP value in the range of 0 to 63.

Usage guidelines

This command is not supported in FIPS mode.

The DSCP value is carried in the Traffic class field of an IPv6 packet to indicate the transmission priority of the packet.

Examples

# Set the DSCP value for IPv6 to use for outgoing Telnet packets to 30 on a Telnet server.

<Sysname> system-view

[Sysname] telnet server ipv6 dscp 30

telnet server enable

Use telnet server enable to enable the Telnet server feature.

Use undo telnet server enable to disable the Telnet server feature.

Syntax

telnet server enable

undo telnet server enable

Default

The Telnet server feature is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command is not supported in FIPS mode.

Administrators can Telnet to the device only when the Telnet server feature is enabled.

Examples

# Enable the Telnet server feature.

<Sysname> system-view

[Sysname] telnet server enable

terminal type

Use terminal type to specify the terminal display type.

Use undo terminal type to restore the default.

Syntax

terminal type { ansi | vt100 }

undo terminal type

Default

The terminal display type is ANSI.

Views

User line view, user line class view

Predefined user roles

network-admin

Parameters

ansi: Specifies the terminal display type ANSI.

vt100: Specifies the terminal display type VT100.

Usage guidelines

The device supports two terminal display types: ANSI and VT100. As a best practice, set the display type to VT100 on both the device and the configuration terminal. If either side uses the ANSI type, a display problem such as cursor positioning error might occur when a command line has more than 80 characters.

Examples

# Set the terminal display type to VT100.

<Sysname> system-view

[Sysname] line vty 1

[Sysname-line-vty1] terminal type vt100

user-interface

Use user-interface to enter one or multiple user line views.

Syntax

user-interface { first-number1 [ last-number1 ] | { aux | vty } first-number2 [ last-number2 ] }

Views

System view

Predefined user roles

network-admin

Parameters

first-number1: Specifies the absolute number of the first user line, in the range of 0 to 192.

last-number1: Specifies the absolute number of the last user line, in the range of 0 to 192. This number cannot be smaller than first-number1.

aux: Specifies the AUX line.

vty: Specifies the VTY line.

first-number2: Specifies the relative number of the first user line. For AUX lines, the value range is 0 to 128. For VTY lines, the value range is 0 to 63.

Usage guidelines

To configure settings for a single user line, use this command to enter the user line view.

To configure the same settings for multiple user lines, use this command to enter multiple user line views.

This command is an older version reserved for backward compatibility purposes. It has the same functionality and output as the line command. As a best practice, use the line command.

Examples

# Enter the view of user line AUX 0.

<Sysname> system-view

[Sysname] user-interface aux 0

[Sysname-line-aux0]

# Enter the views of user lines VTY 0 to VTY 4.

<Sysname> system-view

[Sysname] user-interface vty 0 4

[Sysname-line-vty0-4]

Related commands

user-interface class

Use user-interface class to enter user line class view.

Syntax

user-interface class { aux | vty }

Views

System view

Predefined user roles

network-admin

Parameters

aux: Specifies the AUX line class view.

vty: Specifies the VTY line class view.

Usage guidelines

This command is an older version reserved for backward compatibility purposes. It has the same functionality and output as the line class command. As a best practice, use the line class command.

To configure the same settings for all user lines of a line class, you can use this command to enter the user line class view.

For commands that are available in both user line view and user line class view, the device uses the following rules to determine the settings to be activated:

· A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class.

· A setting in user line class view takes effect only for users who log in after the configuration is completed. It does not affect online users.

Examples

# Set the CLI connection idle-timeout timer to 15 minutes in VTY line class view.

<Sysname> system-view

[Sysname] user-interface class vty

[Sysname-line-class-vty] idle-timeout 15

# In AUX line class view, configure character s as the shortcut key for starting a terminal session.

<Sysname> system-view

[Sysname] user-interface class aux

[Sysname-line-class-aux] activation-key s

[Sysname-line-class-aux] quit

# In AUX line view, restore the default shortcut key for starting a terminal session.

[Sysname] line aux 0

[Sysname-line-aux0] undo activation-key

Alternatively, you can use the following command:

[Sysname-line-aux0] activation-key 13

To verify the configuration:

1. Exit the console session.

[Sysname-line-aux0] return

<Sysname> quit

2. Log in again through the AUX line.

The following message appears:

Press ENTER to get started.

3. Press Enter.

Pressing Enter does not start a session.

4. Enter s.

A terminal session is started.

Related commands

user-interface

user-role

Use user-role to assign a user role to a user line so users logged in through the user line get the user role at login.

Use undo user-role to remove a user role or restore the default.

Syntax

user-role role-name

undo user-role [ role-name ]

Default

An AUX line user is assigned the user role network-admin. Users of other user lines are assigned the user role network-operator.

Views

User line view, user line class view

Predefined user roles

network-admin

Parameters

role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters. The user role can be user-defined or predefined (network-admin, network-operator, or level-0 to level-15). If you do not specify this argument, the undo user-role command restores the default user role.

Usage guidelines

This command is not supported in FIPS mode.

In user line view, the configuration takes effect only for users who log in through the line after the configuration is completed.

You can assign up to 64 user roles to a user line. A user logged in through the user line gets all the user roles.

The security-audit user role is available only in local user view. You cannot use this command to assign the user role.

For more information about user roles, see "Configuring RBAC."

Examples

# Assign user role network-admin through the user line AUX 0.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] user-role network-admin

01-Fundamentals Command Reference

auto-execute command

display line

free line

idle-timeout

line

screen-length

set authentication password

shell

speed

telnet server ipv6 dscp

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

News & Events

Contact Us