Login
- Table of Contents
-
- 01-Fundamentals
- 00-Preface
- 01-CLI commands
- 02-RBAC commands
- 03-Login management commands
- 04-FTP and TFTP commands
- 05-File system management commands
- 06-Configuration file management commands
- 07-Software upgrade commands
- 08-Device management commands
- 09-Tcl commands
- 10-Python commands
- 11-License management commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 03-Login management commands | 225.04 KB |
Login management commands
Some login management commands are available in both user line view and user line class view. For these commands, the device uses the following rules to determine the settings to be activated:
· A setting in user line view applies only to the user line. A setting in user line class view applies to all user lines of the class.
· A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.
activation-key
Use activation-key to set the terminal session activation key. Pressing this shortcut key starts a terminal session.
Use undo activation-key to restore the default.
Syntax
activation-key key-string
undo activation-key
Default
The terminal session activation key is Enter.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
key-string: Specifies a shortcut key. It can be a character (case sensitive), or an ASCII code value in the range of 0 to 127. For example, if you configure activation-key 1, the shortcut key is Ctrl+A. If you configure activation-key a, the shortcut key is a. For information about ASCII code values of individual characters, see the standard ASCII code chart. For information about ASCII code values of combined keys that use the Ctrl key, see Table 1.
Usage guidelines
This command is not supported in VTY line view or VTY line class view.
This command takes effect immediately.
To display the current terminal session activation key, use the display current-configuration | include activation-key command.
Table 1 ASCII code values for combined keys that use the Ctrl key
|
Combined key |
ASCII code value |
Examples
# Configure character s as the terminal session activation key for console line 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] activation-key s
To verify the configuration:
1. Exit the console session.
[Sysname-line-console0] return
<Sysname> quit
2. Log in again through the console line.
The following message appears:
Press ENTER to get started.
3. Press Enter.
Pressing Enter does not start a session.
4. Press s.
A terminal session is started.
<Sysname>
authentication-mode
Use authentication-mode to set the authentication mode for a user line.
Use undo authentication-mode to restore the default.
Syntax
authentication-mode { none | password | scheme }
undo authentication-mode
Default
The authentication mode is password for VTY lines, and none for console lines.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
none: Disables authentication.
password: Performs local password authentication.
scheme: Performs AAA authentication. For more information about AAA, see Security Configuration Guide.
Usage guidelines
Only users assigned the network-admin or level-15 user role can execute this command. Other users cannot execute this command, even if they are granted the right to execute this command.
When the authentication mode is none, a user can log in without authentication. To improve device security, use the password or scheme authentication mode.
In VTY line view, this command is associated with the protocol inbound command. If you specify a non-default value for one of the two commands, the other command uses the default setting, regardless of the setting in VTY line class view.
An authentication mode change does not take effect for the current session. It takes effect for subsequent login sessions.
Examples
# Enable the none authentication mode for the user line VTY 0.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] authentication-mode none
# Enable password authentication for the user line VTY 0 and set the password to 321.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] authentication-mode password
[Sysname-line-vty0] set authentication password simple 321
# Enable scheme authentication for the user line VTY 0. Configure the local user 123 and set the password to 321. Assign the Telnet service and the network-admin user role to the user.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] authentication-mode scheme
[Sysname-line-vty0] quit
[Sysname] local-user 123
[Sysname-luser-manage-123] password simple 321
[Sysname-luser-manage-123] service-type telnet
[Sysname-luser-manage-123] authorization-attribute user-role network-admin
Related commands
set authentication password
auto-execute command
|
|
CAUTION: After configuring this command for a user line, you might be unable to access the CLI through the user line. Make sure you can access the CLI through a different user line before you configure this command and save the configuration. |
Use auto-execute command to specify the command to be automatically executed for a login user.
Use undo auto-execute command to restore the default.
Syntax
auto-execute command command
undo auto-execute command
Default
No command is specified to be automatically executed for a login user.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
command: Specifies the command to be automatically executed.
Usage guidelines
This command is not supported in console line view or console line class view.
This command is available in both user line view and user line class view. A non-default setting in either view takes precedence over the default setting in the other view. A non-default setting in user line view takes precedence over the non-default setting in user line class view.
A configuration change made by this command does not take effect for the current session. It takes effect for subsequent login sessions.
The device automatically executes the specified command when a user logs in through the user line. If the command triggers another task, the device does not close the user connection until the task is completed. If the command does not trigger any other tasks, the device closes the user connection after the command is executed.
Typically, you configure the auto-execute command telnet X.X.X.X command so the device redirects a Telnet user to the host at X.X.X.X. The connection to the device is closed when the user terminates the Telnet connection to X.X.X.X.
Examples
# Configure the device to automatically execute the telnet 192.168.1.41 command when a user logs in through user line VTY 0.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] auto-execute command telnet 192.168.1.41
This action will lead to configuration failure through line-vty0. Are you sure?
[Y/N]:y
[Sysname-line-vty0]
# To verify the configuration, Telnet to the device (192.168.1.40).
The device automatically Telnets to 192.168.1.41, and the following output is displayed on the configuration terminal:
C:\> telnet 192.168.1.40
******************************************************************************
* Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
<Sysname>
Trying 192.168.1.41 ...
Press CTRL+K to abort
Connected to 192.168.1.41 ...
******************************************************************************
* Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
<Sysname.41>
This operation is the same as directly logging in to the device at 192.168.1.41 through Telnet. When you close the Telnet connection to 192.168.1.41, the Telnet connection to 192.168.1.40 is closed at the same time.
command accounting
Use command accounting to enable command accounting.
Use undo command accounting to disable command accounting.
Syntax
command accounting
undo command accounting
Default
Command accounting is disabled, and the accounting server does not record executed commands.
Views
User line view
User line class view
Predefined user roles
network-admin
Usage guidelines
When command accounting is enabled but command authorization is not, every executed command is recorded on the HWTACACS server.
When both command accounting and command authorization are enabled, only authorized commands that are executed are recorded on the HWTACACS server.
Invalid commands are not recorded.
A configuration change made by this command does not take effect for the current session. It takes effect for subsequent login sessions.
After you configure the command accounting command in user line class view, you cannot configure the undo command accounting command in any user line views in the class.
Examples
# Enable command accounting for the user line VTY 0.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] command accounting
Related commands
· accounting command (Security Command Reference)
· command authorization
command authorization
Use command authorization to enable command authorization.
Use undo command authorization to disable command authorization.
Syntax
command authorization
undo command authorization
Default
Command authorization is disabled. Logged-in users can execute commands without authorization.
Views
User line view
User line class view
Predefined user roles
network-admin
Usage guidelines
When command authorization is enabled, a user can only use commands that are permitted by both the AAA scheme and user role.
A configuration change made by this command does not take effect for the current session. It takes effect for subsequent login sessions.
If you configure the command authorization command in user line class view, command authorization is enabled for all user lines in the class. You cannot configure the undo command authorization command in the view of a user line in the class.
Examples
# Enable command authorization for VTY 0.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] command authorization
Related commands
· authorization command (Security Command Reference)
· command accounting
databits
Use databits to specify the number of data bits for a character.
Use undo databits to restore the default.
Syntax
databits { 5 | 6 | 7 | 8 }
undo databits
Default
Eight data bits are used for a character.
Views
User line view
Predefined user roles
network-admin
Parameters
5: Uses five data bits for a character. This keyword is available only for modem dial-in.
6: Uses six data bits for a character. This keyword is available only for modem dial-in.
7: Uses seven data bits for a character.
8: Uses eight data bits for a character.
Usage guidelines
This command is not supported in VTY line class view.
This setting must be the same as the setting on the configuration terminal.
Examples
# Configure Console 0 to use seven data bits for a character.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] databits 5
display ip http
Use display ip http to display HTTP service configuration and status information.
display ip http
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display HTTP service configuration and status information.
HTTP port: 80
Basic ACL: 2222
HTTP status: Enabled
Table 2 Command output
|
Field |
Description |
|
HTTP port |
HTTP service port number. |
|
Basic ACL |
ACL used to control HTTP access. If no ACL is used, this field displays 0. |
|
HTTP status |
Whether the HTTP service is enabled. |
Related commands
· ip http enable
· ip http port
display ip https
Use display ip https to display HTTPS service configuration and status information.
Syntax
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display HTTPS service configuration and status information.
HTTPS port: 443
SSL server policy: test
Certificate access control policy: Not configured
Basic ACL: 2222
HTTPS status: Enabled
Table 3 Command output
|
Field |
Description |
|
HTTPS port |
HTTPS service port number. |
|
SSL server policy applied to the HTTPS service. If no SSL server policy is applied, this field displays Not configured. |
|
|
Certificate-based access control policy used to control client access rights. If no certificate-based access control policy is used, this field displays Not configured. |
|
|
Basic ACL |
ACL used to control HTTPS access. If no ACL is used, this field displays 0. |
|
HTTPS status |
Whether the HTTPS service is enabled. |
Related commands
· ip https certificate access-control-policy
· ip https enable
· ip https port
display line
Use display line to display user line information.
Syntax
display line [ number1 | { console | vty } number2 ] [ summary ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
number1: Specifies the absolute number of a user line.
The following matrix shows the value ranges for the number1 argument:
|
Hardware series |
Model |
Value range |
|
WX1800H series |
WX1804H WX1810H WX1820H |
0 to 32: · WX1810H · WX1820H 0 to 33: WX1804H |
|
WX2500H series |
WX2510H WX2540H WX2560H |
0 to 32 |
|
WX3000H series |
WX3010H WX3010H-L WX3010H-X WX3024H WX3024H-L |
0 to 32 |
|
WX3500H series |
WX3508H WX3510H WX3520H WX3540H |
0 to 33 |
|
WX5500E series |
WX5510E WX5540E |
0 to 33 |
|
WX5500H series |
WX5540H WX5560H WX5580H |
0 to 35 |
|
Access controller modules |
EWPXM1MAC0F EWPXM1WCME0 EWPXM2WCMD0F LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT LSUM1WCME0 |
0 to 35: · EWPXM1WCME0 · LSUM1WCME0 0 to 39: · EWPXM1MAC0F · EWPXM2WCMD0F · LSQM1WCMX20 · LSUM1WCMX20RT · LSQM1WCMX40 · LSUM1WCMX40RT |
console number2: Specifies the relative number of a console line.
vty number2: Specifies the relative number of a VTY line. The value range is 0 to 31.
summary: Displays summary information about user lines. If you do not specify this keyword, the command displays detailed information.
Examples
# Display user line information.
<Sysname> display line 0
Idx Type Tx/Rx Modem Auth Int Location
+ 0 CON 0 9600 - N - 1/0
+ : Line is active.
F : Line is active and in async mode.
Idx : Absolute index of line.
Type : Type and relative index of line.
Auth : Login authentication mode.
Int : Physical port of the line.
A : Authentication use AAA.
N : No authentication is required.
P : Password authentication.
Table 4 Command output
|
Field |
Description |
|
Modem |
Whether the modem allows calling in or out. By default, this attribute is not configured and this field displays a hyphen (-). |
|
Int |
Physical port for the line. If there is no physical port for the line or the line is a console line, this field displays a hyphen (-). |
|
Location |
On an IRF-incapable device, this field displays the physical position of the line, in the slot number/CPU number format. On an IRF-capable device, this field displays the physical position of the line, in the chassis number/CPU number format. |
# Display summary information about all user lines.
<Sysname> display line summary
Line type : [CON]
0:XXXX
Line type : [VTY]
4:UUUU UXXX XXXX XXXX
20:XXXX XXXX XXXX XXXX
5 lines used. (U)
31 lines not used. (X)
Table 5 Command output
|
Fields |
Description |
|
number:status |
number: Absolute number of the first user line in the user line class. status: User line status. X is for unused and U is for used. For example, if "2:UXXX X" is displayed, there are five user lines of the user line class, which use the absolute numbers 2 through 6. User line 2 is in use, and the other user lines are not. |
display telnet client
Use display telnet client to display the packet source setting for the Telnet client.
Syntax
display telnet client
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the packet source setting for the Telnet client.
<Sysname> display telnet client
The source IP address is 1.1.1.1.
Related commands
telnet client source
display user-interface
Use display user-interface to display user line information.
Syntax
display user-interface [ number1 | { console | vty } number2 ] [ summary ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
number1: Specifies the absolute number of a user line.
The following matrix shows the value ranges for the number1 argument:
|
Hardware series |
Model |
Value range |
|
WX1800H series |
WX1804H WX1810H WX1820H |
0 to 32: · WX1810H · WX1820H 0 to 33: WX1804H |
|
WX2500H series |
WX2510H WX2540H WX2560H |
0 to 32 |
|
WX3000H series |
WX3010H WX3010H-L WX3010H-X WX3024H WX3024H-L |
0 to 32 |
|
WX3500H series |
WX3508H WX3510H WX3520H WX3540H |
0 to 33 |
|
WX5500E series |
WX5510E WX5540E |
0 to 33 |
|
WX5500H series |
WX5540H WX5560H WX5580H |
0 to 35 |
|
Access controller modules |
EWPXM1MAC0F EWPXM1WCME0 EWPXM2WCMD0F LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT LSUM1WCME0 |
0 to 35: · EWPXM1WCME0 · LSUM1WCME0 0 to 39: · EWPXM1MAC0F · EWPXM2WCMD0F · LSQM1WCMX20 · LSUM1WCMX20RT · LSQM1WCMX40 · LSUM1WCMX40RT |
console number2: Specifies the relative number of a console line.
vty number2: Specifies the relative number of a VTY line. The value range is 0 to 31.
summary: Displays summary information about user lines. If you do not specify this keyword, the detailed information is displayed.
Usage guidelines
This command is an older version reserved for backward compatibility purposes. It has the same functionality and output as the display line command. H3C recommends that you use the display line command.
Examples
# Display user line information.
<Sysname> display user-interface 0
Idx Type Tx/Rx Modem Auth Int Location
+ 0 CON 0 9600 - N - 0/0
+ : Line is active.
F : Line is active and in async mode.
Idx : Absolute index of line.
Type : Type and relative index of line.
Auth : Login authentication mode.
Int : Physical port of the line.
A : Authentication use AAA.
N : No authentication is required.
P : Password authentication.
Table 6 Command output
|
Field |
Description |
|
Modem |
Whether the modem allows calling in or out. By default, this attribute is not configured and this field displays a hyphen (-). |
|
Int |
Physical port for the line. If there is no physical port for the line or the line is a console line, this field displays a hyphen (-). |
|
Location |
On an IRF-incapable device, this field displays the physical position of the line, in the slot number/CPU number format. On an IRF-capable device, this field displays the physical position of the line, in the chassis number/CPU number format. |
# Display summary information about all user lines.
<Sysname> display user-interface summary
Line type : [CON]
0:XXXX
Line type : [VTY]
4:UUUU UXXX XXXX XXXX
20:XXXX XXXX XXXX XXXX
5 lines used. (U)
31 lines not used. (X)
Table 7 Command output
|
Fields |
Description |
|
number:status |
number: Absolute number of the first user line in the user line class. status: User line status. X is for unused and U is for used. For example, if "2:UXXX X" is displayed, there are five user lines of the user line class, which use the absolute numbers 2 through 6. User line 2 is in use, and the other user lines are not. |
display users
Use display users to display online CLI users.
Syntax
display users [ all ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Displays all user lines supported by the device.
Examples
# Display online user information.
<Sysname> display users
Idx Line Idle Time Pid Type
10 VTY 0 00:10:49 Jun 11 11:27:32 320 TEL
+ 11 VTY 1 00:00:00 Jun 11 11:39:40 334 TEL
Following are more details.
VTY 0 :
Location: 192.168.1.12
VTY 1 :
Location: 192.168.1.26
+ : Current operation user.
F : Current operation user works in async mode.
The output shows that two users have logged in to the device: one is using user line VTY 0 and the other (yourself) is using VTY 1. Your IP address is 192.168.1.26.
Table 8 Command output
|
Field |
Description |
|
Idx |
Absolute number of the user line. |
|
Line |
Type and relative number of the user line. |
|
Idle |
Time elapsed after the user's most recent input, in the hh:mm:ss format. |
|
Time |
Login time of the user. |
|
Pid |
Process ID of the user session. |
|
Type |
User type, such as Telnet or SSH. |
|
+ |
User line you are using. |
|
Location |
IP address of the user. |
display web menu
Use display web menu to display Web interface navigation tree information.
Syntax
display web menu [ chinese ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
chinese: Displays information about the Chinese Web interface navigation tree. If you do not specify this keyword, the command displays information about the English Web interface navigation tree.
Usage guidelines
This command displays all options on the Web interface navigation tree.
Examples
# Display Web interface navigation tree information.
<Sysname> display web menu
.
|--m_system: ID = m_system
| |--m_dashboard: ID = m_dashboard
| |--Network Configuration: ID = m_controller
| | |--Mobility Domain: ID = m_mobilitydomain
| | | `--Roam: ID = m_roamoutstation
| | |--Network Interfaces: ID = m_networkinterfaces
| | | |--m_interface: ID = m_interface
| | | |--m_lagg: ID = m_lagg
| | | `--m_stormconstrain: ID = m_stormconstrain
| | |--VLAN: ID = m_vlan
| | | |--m_vlan: ID = m_vlan
| | | |--m_mac: ID = m_mac
| | | `--m_stp: ID = m_stp
| | |--Network Routing: ID = m_networkrouting
| | | |--m_routingtable: ID = m_routingtable
| | | |--m_staticrouting: ID = m_staticrouting
| | | |--m_rip: ID = m_rip
| | | `--m_pbr: ID = m_pbr
| | |--Network Services: ID = m_networkservices
| | | |--IP Services: ID = m_ipservices
| | | | |--m_ip: ID = m_ip
| | | | `--m_ipv6: ID = m_ipv6
| | | |--DHCP/DNS: ID = m_dhcpdns
| | | | |--m_dhcp: ID = m_dhcp
| | | | |--m_dhcpsnooping: ID = m_dhcpsnooping
| | | | |--m_dns: ID = m_dns
| | | | |--m_ddns: ID = m_ddns
| | | | `--m_ipv6dns: ID = m_ipv6dns
| | | |--Multicast: ID = m_multicast
| | | | |--m_igmpsnooping: ID = m_igmpsnooping
| | | | `--m_mldsnooping: ID = m_mldsnooping
| | | |--ARP: ID = m_arp
| | | | `--m_arp: ID = m_arp
| | | `--ND: ID = m_nd
| | | `--m_nd: ID = m_nd
| | `--Management Protocols: ID = m_managementprotocols
| | |--m_http: ID = m_http
| | |--m_ftp: ID = m_ftp
| | |--m_telnet: ID = m_telnet
| | |--m_ntp: ID = m_ntp
| | |--m_lldp: ID = m_lldp
| | `--m_logsettings: ID = m_logsettings
| |--Network Security: ID = m_networksecurity
| | |--Packet Filter: ID = m_packetfilter
| | | `--m_packetfilter: ID = m_packetfilter
| | |--QoS: ID = m_trafficpolicy
| | | |--m_mqc: ID = m_mqc
| | | |--m_priority: ID = m_priority
| | | `--m_linerate: ID = m_linerate
| | |--Access Control: ID = m_accesscontrol
| | | `--m_8021x: ID = m_8021x
| | |--Authentication: ID = m_authentication
| | | |--m_ispdomain: ID = m_ispdomain
| | | `--m_radius: ID = m_radius
| | `--User Management: ID = m_usermanagement
| | `--m_localuser: ID = m_localuser
| |--System: ID = m_system
| | |--Event Logs: ID = m_syslogtop
| | | `--Event Logs: ID = m_syslog
| | |--Resource: ID = m_resource
| | | |--IPv4 ACL: ID = m_ipv4acl
| | | |--IPv6 ACL: ID = m_ipv6acl
| | | |--m_macacl: ID = m_macacl
| | | |--m_useracl: ID = m_useracl
| | | `--m_timerange: ID = m_timerange
| | |--Administrators: ID = m_administrator
| | | `--m_admin: ID = m_admin
| | `--Management: ID = m_management
| | |--m_devicesettings: ID = m_devicesettings
| | |--m_config: ID = m_config
| | |--m_upgrade: ID = m_upgrade
| | |--m_reboot: ID = m_reboot
| | `--m_about: ID = m_about
| `--Tools: ID = m_tools
| |--Port Mirroring: ID = m_portmirroring
| | `--m_portmirror: ID = m_portmirror
| `--Debug: ID = m_debug
| `--m_diagnostic: ID = m_diagnostic
|--m_global: ID = m_global
| |--m_dashboard: ID = m_dashboard
| |--Quick Start: ID = m_quickaction
| | |--Add New AP: ID = m_addaptop
| | | `--Add New AP: ID = m_addap
| | `--Add New SSID: ID = m_addssidtop
| | `--Add New SSID: ID = m_addssid
| |--Monitoring: ID = m_monitoring
| | |--Wireless Networks: ID = m_monwirelessnetworks
| | | `--Wireless Services: ID = m_monssid
| | |--Access Points: ID = m_monaccesspoints
| | | |--APs: ID = m_monaps
| | | `--AP Groups: ID = m_monapgroups
| | |--Clients: ID = m_monclients
| | | `--Clients: ID = m_monclients
| | |--Wireless Security: ID = m_wipssecurity
| | | `--WIPS: ID = m_wipsdashboard
| | |--RF Monitoring: ID = m_rfmonitoring
| | | |--RF Optimization: ID = m_monrfoptimization
| | | `--Spectrum Analysis: ID = m_monitoringspectrumanalysis
| | `--Application Monitoring: ID = m_appmonitoring
| | `--Bonjour: ID = m_monbonjour
| |--Wireless Configuration: ID = m_wsconfig
| | |--Wireless Networks: ID = m_wirelessnetworks
| | | `--Wireless Networks: ID = m_servicetemplate
| | |--AP Management: ID = m_apmanage
| | | |--AP Groups: ID = m_apgroups
| | | |--Access Points: ID = m_accesspoints
| | | |--AP Global Settings: ID = m_apsettings
| | | |--AP Provision: ID = m_approvision
| | | `--AP Group Provision: ID = m_apgroupprovision
| | |--Wireless QoS: ID = m_wlanqos
| | | |--Client Rate Limit: ID = m_clientratelimit
| | | |--Bandwidth Guarantee: ID = m_bandwidthguarantee
| | | `--Wi-Fi Multimedia: ID = m_wifimultimedia
| | |--Wireless Security: ID = m_wirelesssecurity
| | | |--WIPS: ID = m_wips
| | | `--Filter: ID = m_wuac
| | |--Radio Resource: ID = m_radiomanage
| | | |--Radio Management: ID = m_radio
| | | |--RF Optimization: ID = m_rfoptimization
| | | |--Spectrum Analysis: ID = m_spectrumanalysis
| | | |--Load Balancing: ID = m_loadbalancing
| | | `--Band Navigation: ID = m_bandnavigation
| | `--Applications: ID = m_applications
| | |--Mesh Services: ID = m_meshservices
| | |--Location Aware: ID = m_locationaware
| | `--Bonjour: ID = m_bonjour
| |--Network Security: ID = m_networksecurity
| | |--Packet Filter: ID = m_packetfilter
| | | `--m_packetfilter: ID = m_packetfilter
| | |--QoS: ID = m_trafficpolicy
| | | |--m_mqc: ID = m_mqc
| | | |--m_priority: ID = m_priority
| | | `--m_linerate: ID = m_linerate
| | |--Access Control: ID = m_accesscontrol
| | | `--m_8021x: ID = m_8021x
| | |--Authentication: ID = m_authentication
| | | |--m_ispdomain: ID = m_ispdomain
| | | `--m_radius: ID = m_radius
| | |--BYOD: ID = m_byod
| | | |--BYOD DB: ID = m_byod
| | | `--BYOD Authorization: ID = m_byodauth
| | |--User Management: ID = m_usermanage
| | | `--m_localuser: ID = m_localuser
| | `--Guest Management: ID = m_guestmanage
| | |--Guest User: ID = m_guestlist
| | |--Import Guest: ID = m_importguest
| | |--Generate Guest Account: ID = m_generateguest
| | |--Approve Guest: ID = m_approveguest
| | `--Guest Configuration: ID = m_guestsyscfg
| |--Tools: ID = m_tools
| | |--Wireless Capture: ID = m_wirelesscapture
| | | `--Wireless Capture: ID = m_wirelesscapture
| | |--RF Ping: ID = m_rfping
| | | `--RF Ping: ID = m_rfping
| | `--Debug: ID = m_debug
| | `--m_diagnostic: ID = m_diagnostic
| `--Reporting: ID = m_reporting
| |--Client Statistics: ID = m_clientreports
| | |--AC Frame: ID = m_acframe
| | |--AC Bytes: ID = m_acbyte
| | |--Total Frame: ID = m_totalframe
| | `--Total Bytes: ID = m_totalbyte
| |--AP Statistics: ID = m_apreports
| | `--AP Statistics: ID = m_apreports
| `--Wireless Service Statistics: ID = m_wsreport
| `--Wireless Service Statistics: ID = m_wsreport
`--m_apnode: ID = m_apnode
`--Wireless Configuration: ID = m_wsconfig
|--AP Management: ID = m_apmanage
| `--Access Points: ID = m_accesspoints
|--Applications: ID = m_applications
| `--Location Aware: ID = m_locationaware
`--Radio Resource: ID = m_radiomanage
|--Radio Management: ID = m_radio
`--RF Optimization: ID = m_rfoptimization
display web users
Use display web users to display online Web users.
Syntax
display web users
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display online Web users.
<Sysname> display web users
UserID Name Type Language JobCount LoginTime LastOperation
AB2039483271293 Administrator HTTP Chinese 3 12:00:23 14:10:05
F09382BA2014AC8 user HTTPS English 1 13:05:00 14:11:00
Table 9 Command output
|
Field |
Description |
|
UserID |
ID used to uniquely identify the online Web user. |
|
JobCount |
Number of connections established by the user. |
escape-key
Use escape-key to set the escape key.
Use undo escape-key to disable the escape key.
Syntax
escape-key { key-string | default }
undo escape-key
Default
The escape key is Ctrl+C.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
key-string: Specifies a shortcut key. It can be a case sensitive character except for d and D, or an ASCII code value in the range of 0 to 127. For example, if you configure escape-key 1, the shortcut key is Ctrl+A. If you configure escape-key a, the shortcut key is a. If you specify character d or D for this argument, the actual shortcut key is Ctrl+C. To use d or D as the shortcut key, you must specify the ASCII code value of the character for this argument. For information about ASCII code values of individual characters, see the standard ASCII code chart. For information about ASCII code values of combined keys that use the Ctrl key, see Table 1.
default: Restores the default escape key Ctrl+C.
Usage guidelines
You can use this shortcut key to abort a command that is being executed. For example, you can press this shortcut key to abort a ping or tracert command.
Whether a command can be aborted by Ctrl+C by default depends on the software implementation of the command. For more information, see the usage guidelines for the command.
As a best practice, use a key sequence as the shortcut key. If you define a single character as the shortcut key, pressing the key while a command is being executed stops the command. If no command is being executed, pressing the key enters the character as a common character. If you Telnet from the device to a remote device, pressing the key enters the character as a common character on the remote device. The key acts as the escape key on the remote device only when the following conditions are met:
· You define the same character as the escape key on the remote device.
· You press the key while a command is being executed on the remote device.
The undo escape-key command disables the current escape key. After you execute this command, no escape key is available.
This command is available in both user line view and user line class view. A non-default setting in either view takes precedence over the default setting in the other view. A non-default setting in user line view takes precedence over the non-default setting in user line class view.
The setting in user line view takes effect immediately for the current session. The setting in user line class view takes effect for login sessions that are established after the setting is configured. To display the current escape key, use the display current-configuration | include escape-key command.
Examples
# Define character a as the escape key for console line 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] escape-key a
To verify the configuration:
1. Ping IP address 192.168.1.49, specifying the -c keyword to set the number of ICMP echo request packets to 20.
<Sysname> ping -c 20 192.168.1.49
PING 192.168.1.49: 56 data bytes, press a to break
Reply from 192.168.1.49: bytes=56 Sequence=1 ttl=255 time=3 ms
Reply from 192.168.1.49: bytes=56 Sequence=2 ttl=255 time=3 ms
2. Press a.
The system aborts the command and returns to user view.
--- 192.168.1.49 ping statistics ---
2 packet(s) transmitted
2 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/3/3 ms
<Sysname>
flow-control
Use flow-control to configure the flow control mode.
Use undo flow-control to restore the default.
Syntax
flow-control { hardware | none | software }
undo flow-control
Default
Flow control is disabled on a user line.
Views
User line view
Predefined user roles
network-admin
Parameters
hardware: Performs hardware flow control.
none: Disables flow control.
software: Performs software flow control.
Usage guidelines
This command is not supported in VTY line view.
The device supports flow control in both the inbound and outbound directions.
· For flow control in the inbound direction, the local device listens to flow control information from the remote device.
· For flow control in the outbound direction, the local device sends flow control information to the remote device.
The flow control setting takes effect in both directions.
For two devices to communicate, make sure their flow control modes match.
Examples
# Configure software flow control for the user line Console 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] flow-control software
free line
Use free line to release a user line.
Syntax
free line { number1 | { console | vty } number2 }
Views
User view
Predefined user roles
network-admin
Parameters
number1: Specifies the absolute number of a user line.
The following matrix shows the value ranges for the number1 argument:
|
Hardware series |
Model |
Value range |
|
WX1800H series |
WX1804H WX1810H WX1820H |
0 to 32: · WX1810H · WX1820H 0 to 33: WX1804H |
|
WX2500 series |
WX2510H WX2540H WX2560H |
0 to 32 |
|
WX3000H series |
WX3010H WX3010H-L WX3010H-X WX3024H WX3024H-L |
0 to 32 |
|
WX3500H series |
WX3508H WX3510H WX3520H WX3540H |
0 to 33 |
|
WX5500E series |
WX5510E WX5540E |
0 to 33 |
|
WX5500H series |
WX5540H WX5560H WX5580H |
0 to 35 |
|
Access controller modules |
EWPXM1MAC0F EWPXM1WCME0 EWPXM2WCMD0F LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT LSUM1WCME0 |
0 to 35: · EWPXM1WCME0 · LSUM1WCME0 0 to 39: · EWPXM1MAC0F · EWPXM2WCMD0F · LSQM1WCMX20 · LSUM1WCMX20RT · LSQM1WCMX40 · LSUM1WCMX40RT |
console number2: Specifies the relative number of a console line.
vty number2: Specifies the relative number of a VTY line. The value range is 0 to 31.
Usage guidelines
This command does not release the line you are using.
Examples
# Display online users.
<Sysname> display users
Idx Line Idle Time Pid Type
10 VTY 0 00:10:49 Jun 11 11:27:32 320 TEL
+ 11 VTY 1 00:00:00 Jun 11 11:39:40 334 TEL
Following are more details.
VTY 0 :
Location: 192.168.1.12
VTY 1 :
Location: 192.168.1.26
+ : Current operation user.
F : Current operation user works in async mode.
# Release the user line VTY 1.
<Sysname> free line vty 1
Are you sure to free line vty1? [Y/N]:y
[OK]
free user-interface
Use free user-interface to release a user line.
Syntax
free user-interface { number1 | { console | vty } number2 }
Views
User view
Predefined user roles
network-admin
Parameters
number1: Specifies the absolute number of a user line.
The following matrix shows the value ranges for the number1 argument:
|
Hardware series |
Model |
Value range |
|
WX1800H series |
WX1804H WX1810H WX1820H |
0 to 32: · WX1810H · WX1820H 0 to 33: WX1804H |
|
WX2500 series |
WX2510H WX2540H WX2560H |
0 to 32 |
|
WX3000H series |
WX3010H WX3010H-L WX3010H-X WX3024H WX3024H-L |
0 to 32 |
|
WX3500H series |
WX3508H WX3510H WX3520H WX3540H |
0 to 33 |
|
WX5500E series |
WX5510E WX5540E |
0 to 33 |
|
WX5500H series |
WX5540H WX5560H WX5580H |
0 to 35 |
|
Access controller modules |
EWPXM1MAC0F EWPXM1WCME0 EWPXM2WCMD0F LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT LSUM1WCME0 |
0 to 35: · EWPXM1WCME0 · LSUM1WCME0 0 to 39: · EWPXM1MAC0F · EWPXM2WCMD0F · LSQM1WCMX20 · LSUM1WCMX20RT · LSQM1WCMX40 · LSUM1WCMX40RT |
console number2: Specifies the relative number of a console line.
vty number2: Specifies the relative number of a VTY line. The value range is 0 to 31.
Usage guidelines
This command does not release the line you are using.
This command is an older version reserved for backward compatibility purposes. It has the same functionality and output as the free line command. H3C recommends that you use the free line command.
Examples
# Display online users.
<Sysname> display users
Idx LINE Idle Time Pid Type
10 VTY 0 00:10:49 Jun 11 11:27:32 320 TEL
+ 11 VTY 1 00:00:00 Jun 11 11:39:40 334 TEL
Following are more details.
VTY 0 :
Location: 192.168.1.12
VTY 1 :
Location: 192.168.1.26
+ : Current operation user.
F : Current operation user works in async mode.
# Release the user line VTY 1.
<Sysname> free user-interface vty 1
Are you sure to free line vty1? [Y/N]:y
[OK]
free web users
Use free web users to log off online Web users.
Syntax
free web users { all | user-id user-id | user-name user-name }
Views
User view
Predefined user roles
network-admin
Parameters
all: Specifies all Web users.
user-id: Specifies a Web user by the ID, a hexadecimal number of 15 digits. The system assigns each Web user a unique ID at login to identify the user.
user-name: Specifies a Web user by the username, a case-sensitive string of 1 to 255 characters.
Examples
# Log off all online Web users.
<Sysname> free web users all
Related commands
display web users
history-command max-size
Use history-command max-size to set the size of the command history buffer for a user line.
Use undo history-command max-size to restore the default.
Syntax
history-command max-size size-value
undo history-command max-size
Default
The buffer for a user line saves up to 10 history commands.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
size-value: Specifies the maximum number of history commands the buffer can store, in the range of 0 to 256.
Usage guidelines
Each user line uses a separate command history buffer to save commands successfully executed by its user. The buffer size determines how many history commands the buffer can store.
To display history commands in the buffer for your session, press the up or down arrow key, or execute the display history-command command.
Terminating a CLI session clears the commands in the history buffer.
The setting in user line view takes effect immediately for the current session. The setting in user line class view takes effect for login sessions that are established after the setting is configured.
Examples
# Set the command history buffer size to 20 for the user line Console 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] history-command max-size 20
idle-timeout
Use idle-timeout to set the session idle timeout timer.
Use undo idle-timeout to restore the default.
Syntax
idle-timeout minutes [ seconds ]
undo idle-timeout
Default
The idle timeout timer is 10 minutes.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
minutes: Specifies the number of minutes, in the range of 0 to 35791. The default is 10 minutes.
seconds: Specifies the number of seconds, in the range of 0 to 59. The default is 0 seconds.
Usage guidelines
The system automatically terminates a user connection if no information interaction occurs on the connection within the idle timeout interval.
To disable the idle timeout feature, execute the idle-timeout 0 command.
The setting in user line view takes effect immediately for the current session. The setting in user line class view takes effect for login sessions that are established after the setting is configured.
Examples
# Set the idle timeout to 1 minute and 30 seconds for the user line Console 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] idle-timeout 1 30
ip http acl
Use ip http acl to apply an ACL to the HTTP service.
Use undo ip http acl to restore the default.
Syntax
ip http acl { acl-number | name acl-name }
undo ip http acl
Default
No ACL is applied to the HTTP service.
Views
System view
Predefined user roles
network-admin
Parameters
acl-number: Specifies an ACL by its number. The value range is 2000 to 2999.
name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter and to avoid confusion, it cannot be all. The specified ACL takes effect only when the ACL exists and is a basic ACL.
Usage guidelines
If you execute the ip http acl command multiple times, the most recent configuration takes effect.
Only clients permitted by the applied ACL can access the device through HTTP.
Examples
# Use ACL 2001 to allow only users from 10.10.0.0/16 to access the device through HTTP.
<Sysname> system-view
[Sysname] acl basic 2001
[Sysname-acl-ipv4-basic-2001] rule permit source 10.10.0.0 0.0.255.255
[Sysname-acl-ipv4-basic-2001] quit
[Sysname] ip http acl 2001
Related commands
acl (ACL and QoS Command Reference)
ip http enable
Use ip http enable to enable the HTTP service.
Use undo ip http enable to disable the HTTP service.
Syntax
ip http enable
undo ip http enable
Default
The HTTP service is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
To allow users to access the device through HTTP, you must enable the HTTP service.
Examples
# Enable the HTTP service.
<Sysname> system-view
[Sysname] ip http enable
Related commands
ip https enable
ip http port
Use ip http port to specify the HTTP service port number.
Use undo ip http port to restore the default.
Syntax
ip http port port-number
undo ip http port
Default
The HTTP service port number is 80.
Views
System view
Predefined user roles
network-admin
Parameters
port-number: Specifies a port number in the range of 1 to 65535.
Usage guidelines
When the HTTP service is enabled, changing the HTTP service port number re-enables the HTTP service and closes all HTTP connections. To log in again, users must enter the new URL in the Web browser's address bar.
Examples
# Set the HTTP service port number to 80.
<Sysname> system-view
[Sysname] ip http port 80
ip https acl
Use ip https acl to apply an ACL to the HTTPS service.
Use undo ip https acl to restore the default.
Syntax
ip https acl { acl-number | name acl-name }
undo ip https acl
Default
No ACL is applied to the HTTPS service.
Views
System view
Predefined user roles
network-admin
Parameters
acl-number: Specifies an ACL by its number. The value range is 2000 to 2999.
name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter and to avoid confusion, it cannot be all. The specified ACL takes effect only when the ACL exists and is a basic ACL.
Usage guidelines
Web login requests contain usernames and passwords. For security purposes, the device always uses HTTPS to transfer Web login requests.
The ACL applied to the HTTPS service controls both HTTPS and HTTP logins. To access the device, HTTPS clients must be permitted by the ACL applied to the HTTPS service. To access the device, HTTP clients must be permitted by the following ACLs:
· ACL applied to the HTTP service.
· ACL applied to the HTTPS service.
If you execute the ip https acl command multiple times, the most recent configuration takes effect.
Examples
# Use ACL 2001 to allow only users from 10.10.0.0/16 to access the device through HTTPS or HTTP.
<Sysname> system-view
[Sysname] acl basic 2001
[Sysname-acl-ipv4-basic-2001] rule permit source 10.10.0.0 0.0.255.255
[Sysname-acl-ipv4-basic-2001] quit
[Sysname] ip https acl 2001
Related commands
acl (ACL and QoS Command Reference)
ip https certificate access-control-policy
Use ip https certificate access-control-policy to apply a certificate-based access control policy to control HTTPS access.
Use undo ip https certificate access-control-policy to restore the default.
Syntax
ip https certificate access-control-policy policy-name
undo ip https certificate access-control-policy
Default
No certificate-based access control policy is applied for HTTPS access control.
Views
System view
Predefined user roles
network-admin
Parameters
policy-name: Specifies a certificate-based access control policy by its name, a case-sensitive string of 1 to 31 characters.
Usage guidelines
For more information about the certificate-based access control policy, see the chapter on PKI in Security Configuration Guide.
Examples
# Use the certificate-based access control policy myacl to control HTTPS access.
<Sysname> system-view
[Sysname] ip https certificate access-control-policy myacl
Related commands
pki certificate access-control-policy (Security Command Reference)
ip https enable
Use ip https enable to enable the HTTPS service.
Use undo ip https enable to disable the HTTPS service.
Syntax
ip https enable
undo ip https enable
Default
The HTTPS service is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
To allow users to access the device through HTTPS or HTTP, you must enable the HTTPS service.
Enabling the HTTPS service triggers the SSL handshake negotiation process.
· If the device has a local certificate, the SSL handshake negotiation succeeds and the HTTPS service starts up.
· If the device does not have a local certificate, the certificate application process starts. Because the certificate application process takes a long time, the SSL handshake negotiation might fail and the HTTPS service might not be started. To solve the problem, execute this command again until the HTTPS service is enabled.
Examples
# Enable the HTTPS service.
<Sysname> system-view
[Sysname] ip https enable
Related commands
· ip https certificate access-control-policy
· ip https ssl-server-policy
ip https port
Use ip https port to specify the HTTPS service port number.
Use undo ip https port to restore the default.
Syntax
ip https port port-number
undo ip https port
Default
The HTTPS service port number is 443.
Views
System view
Predefined user roles
network-admin
Parameters
port-number: Specifies a port number in the range of 1 to 65535.
Usage guidelines
When the HTTPS service is enabled, changing the HTTPS service port number re-enables the HTTPS service and closes all HTTPS and HTTP connections. To log in again, users must enter the new URL in the Web browser's address bar.
Examples
# Set the HTTPS service port number to 8080.
<Sysname> system-view
[Sysname] ip https port 8080
ip https ssl-server-policy
Use ip https ssl-server-policy to apply an SSL server policy to control HTTPS access.
Use undo ip https ssl-server-policy to restore the default.
Syntax
ip https ssl-server-policy policy-name
undo ip https ssl-server-policy
Default
No SSL server policy is applied. The HTTPS service uses a self-signed certificate.
Views
System view
Predefined user roles
network-admin
Parameters
policy-name: Specifies an SSL server policy name, a string of 1 to 31 characters.
Usage guidelines
If the HTTPS service is enabled, changes to the applied SSL server policy do not take effect. For the changes to take effect, you must disable HTTP and HTTPS, and then apply the policy and enable HTTP and HTTPS again.
To restore the default, you must disable HTTP and HTTPS, execute the undo ip https ssl-server-policy command, and then enable HTTP and HTTPS again.
Examples
# Apply SSL server policy myssl to the HTTPS service.
<Sysname> system-view
[Sysname] ip https ssl-server-policy myssl
Related commands
ssl server-policy (Security Command Reference)
line
Use line to enter one or multiple user line views.
Syntax
line { first-number1 [ last-number1 ] | { console | vty } first-number2 [ last-number2 ] }
Views
System view
Predefined user roles
network-admin
Parameters
first-number1: Specifies the absolute number of the first user line.
last-number1: Specifies the absolute number of the last user line. This number cannot be smaller than first-number1.
The following matrix shows the value ranges for the first-number1 and last-number1 arguments:
|
Hardware series |
Model |
Value range |
|
WX1800H series |
WX1804H WX1810H WX1820H |
0 to 32: · WX1810H · WX1820H 0 to 33: WX1804H |
|
WX2500 series |
WX2510H WX2540H WX2560H |
0 to 32 |
|
WX3000H series |
WX3010H WX3010H-L WX3010H-X WX3024H WX3024H-L |
0 to 32 |
|
WX3500H series |
WX3508H WX3510H WX3520H WX3540H |
0 to 33 |
|
WX5500E series |
WX5510E WX5540E |
0 to 33 |
|
WX5500H series |
WX5540H WX5560H WX5580H |
0 to 35 |
|
Access controller modules |
EWPXM1MAC0F EWPXM1WCME0 EWPXM2WCMD0F LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT LSUM1WCME0 |
0 to 35: · EWPXM1WCME0 · LSUM1WCME0 0 to 39: · EWPXM1MAC0F · EWPXM2WCMD0F · LSQM1WCMX20 · LSUM1WCMX20RT · LSQM1WCMX40 · LSUM1WCMX40RT |
console first-number2: Specifies the relative number of the first console line.
vty first-number2: Specifies the relative number of the first VTY line. The value range is 0 to 31.
vty last-number2: Specifies the relative number of the last VTY user line. The value range is 0 to 31. This number cannot be smaller than first-number2.
Usage guidelines
To configure settings for a single user line, use this command to enter the user line view.
To configure the same settings for multiple user lines, use this command to enter multiple user line views.
Examples
# Enter the view of user line Console 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0]
# Enter the views of user lines VTY 0 to VTY 4.
<Sysname> system-view
[Sysname] line vty 0 4
[Sysname-line-vty0-4]
Related commands
line class
line class
Use line class to enter user line class view.
Syntax
line class { console | vty }
Views
System view
Predefined user roles
network-admin
Parameters
console: Specifies the console line class view.
vty: Specifies the VTY line class view.
Usage guidelines
To configure the same settings for all user lines of a line class, use this command to enter the user line class view.
In user line class view, you can execute the following commands:
· activation-key
· auto-execute command
· authentication-mode
· command accounting
· command authorization
· escape-key
· history-command max-size
· idle-timeout
· protocol inbound
· screen-length
· set authentication password
· shell
· terminal type
· user-role
For commands that are available in both user line view and user line class view, the device uses the following rules to determine the settings to be activated:
· A setting in user line view applies only to the user line. A setting in user line class view applies to all user lines of the class.
· A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.
· A setting in user line class view does not take effect for current online users. It takes effect only for new login users.
Examples
# Set the user connection timeout to 15 minutes in VTY line class view.
<Sysname> system-view
[Sysname] line class vty
[Sysname-line-class-vty] idle-timeout 15
# In console line class view, configure character s as the shortcut key for starting a terminal session.
<Sysname> system-view
[Sysname] line class console
[Sysname-line-class-console] activation-key s
[Sysname-line-class-console] quit
# In console line view, restore the default shortcut key for starting a terminal session.
[Sysname] line console 0
[Sysname-line-console0] undo activation-key
Alternatively, you can use the following command:
[Sysname-line-console0] activation-key 13
To verify the configuration:
1. Exit the console session.
[Sysname-line-console0] return
<Sysname> quit
2. Log in again through the console line.
The following message appears:
Press ENTER to get started.
3. Press Enter.
Pressing Enter does not start a session.
4. Enter s.
A terminal session is started.
<Sysname>
Related commands
line
lock
Use lock to lock the current user line and set the password for unlocking the line.
Syntax
lock
Default
The system does not lock any user lines.
Views
User view
Predefined user roles
network-admin
Usage guidelines
This command locks the current user line to prevent unauthorized users from using the line. You must set the password for unlocking the line as prompted. The user line is locked after you enter the password and confirm the password.
To unlock the user line, press Enter and enter the password you set.
Examples
# Lock the current user line and set the password for unlocking the line.
<Sysname> lock
Please input password<1 to 16> to lock current line:
Password:
Again:
locked !
// The user line is locked. To unlock it, press Enter and enter the password:
Password:
<Sysname>
lock-key
Use lock-key to set the user line locking key. Pressing this shortcut key locks the current user line and enables unlocking authentication.
Use undo lock-key to restore the default.
Syntax
lock-key key-string
undo lock-key
Default
No user line locking key is set.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
key-string: Specifies a shortcut key. It can be a character (case sensitive), or an ASCII code value in the range of 0 to 127. For example, if you configure lock-key 1, the shortcut key is Ctrl+A. If you configure lock-key a, the shortcut key is a. For information about ASCII code values of individual characters, see the standard ASCII code chart. For information about ASCII code values of combined keys that use the Ctrl key, see Table 1.
Usage guidelines
H3C recommends that you specify a combined key as the user line locking key. If you specify a single character as the key, the character acts only as the user line locking key. You cannot type the character for any commands, keywords, or arguments.
Pressing this shortcut key is equivalent to executing the lock reauthentication command.
This command takes effect immediately.
To display the current user line locking key, use the display current-configuration | include lock-key command.
Examples
# Set the user line locking key to Ctrl+A for the user line console 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] lock-key 1
[Sysname-line-console0] quit
To verify the configuration:
1. Press Ctrl+A.
[Sysname]
Please press Enter to unlock the screen.
2. Press Enter and enter the login password.
Password:
[Sysname]
Related commands
lock reauthentication
lock reauthentication
Use lock reauthentication to lock the current user line and enable unlocking authentication.
Syntax
lock reauthentication
Default
The system does not lock any user lines or initiate reauthentication.
Views
Any view
Predefined user roles
network-admin
Usage guidelines
This command locks the current user line. To unlock the user line, you must press Enter and provide the login password to pass reauthentication. If you have changed the login password after login, you must provide the new password. If no login password is set, the system unlocks the user line after you press Enter.
Examples
# Lock the current user line and enable unlocking authentication.
<Sysname> lock reauthentication
Please press Enter to unlock the screen.
// The user line is locked. To unlock it, press Enter and enter the login password:
Password:
<Sysname>
Related commands
lock-key
parity
Use parity to specify the parity.
Use undo parity to restore the default.
Syntax
parity { even | mark | none | odd | space }
undo parity
Default
The setting is none, and no parity is used.
Views
User line view
Predefined user roles
network-admin
Parameters
even: Uses even parity.
mark: Uses mark parity.
none: Uses no parity.
odd: Uses odd parity.
space: Uses space parity.
Usage guidelines
This command is not supported in VTY line view.
The configuration terminal and the device must use the same parity.
Examples
# Configure the user line Console 0 to use odd parity.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] parity odd
protocol inbound
Use protocol inbound to specify the supported protocols.
Use undo protocol inbound to restore the default.
Syntax
protocol inbound { all | ssh | telnet }
undo protocol inbound
Default
Both SSH and Telnet are supported.
Views
VTY line view
VTY line class view
Predefined user roles
network-admin
Parameters
all: Supports both SSH and Telnet.
ssh: Supports SSH only.
telnet: Supports Telnet only.
Usage guidelines
Only users assigned the network-admin or level-15 user role can execute this command. Other users cannot execute this command, even if they are granted the right to execute this command.
A configuration change in user line view does not take effect for the current session. It takes effect for subsequent login sessions.
Before configuring a user line to support SSH, set the authentication mode to scheme for the user line. For more information, see authentication-mode.
In VTY line view, this command is associated with the authentication-mode command. If you specify a non-default value for one of the two commands, the other command uses the default setting, regardless of the setting in VTY line class view.
Examples
# Enable user lines VTY 0 through VTY 4 to support only SSH.
<Sysname> system-view
[Sysname] line vty 0 4
[Sysname-line-vty0-4] authentication-mode scheme
[Sysname-line-vty0-4] protocol inbound ssh
# Enable SSH support and set the authentication mode to scheme in VTY line class view. Enable user lines VTY 0 through VTY 4 to support all protocols and disable authentication for the user lines.
[Sysname] line class vty
[Sysname-line-class-vty] authentication-mode scheme
[Sysname-line-class-vty] protocol inbound ssh
[Sysname-line-class-vty] line vty 0 4
[Sysname-line-vty0-4] authentication-mode none
To verify the configuration:
1. Telnet to the device.
Trying 192.168.1.241 ...
Press CTRL+K to abort
Connected to 192.168.1.241 ...
******************************************************************************
* Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
<Server>
You are logged in without authentication.
2. Display online CLI user information.
Idx Line Idle Time Pid Type
+ 50 VTY 0 00:00:00 Jan 17 15:29:27 189 TEL
Following are more details.
VTY 0 :
Location: 192.168.1.186
+ : Current operation user.
F : Current operation user works in async mode.
The output shows that you are using VTY 0. The configuration in user line view is effective.
restful http enable
Use restful http enable to enable RESTful access over HTTP.
Use undo restful http enable to disable RESTful access over HTTP.
Syntax
restful http enable
undo restful http enable
Default
RESTful access over HTTP is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
For users to access the device through the HTTP-based RESTful API, you must enable RESTful access over HTTP.
Examples
# Enable RESTful access over HTTP.
<Sysname> system-view
[Sysname] restful http enable
restful https enable
Use restful https enable to enable RESTful access over HTTPS.
Use undo restful https enable to disable RESTful access over HTTPS.
Syntax
restful https enable
undo restful https enable
Default
RESTful access over HTTPS is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
For users to access the device through the HTTPS-based RESTful API, you must enable RESTful access over HTTPS.
Examples
# Enable RESTful access over HTTPS.
<Sysname> system-view
[Sysname] restful https enable
screen-length
Use screen-length to set the maximum number of lines of command output to send to the terminal at a time when the screen pausing feature is enabled.
Use undo screen-length to restore the default.
Syntax
screen-length screen-length
undo screen-length
Default
A maximum of 24 lines are sent.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
screen-length: Specifies the maximum number of lines to send, in the range of 0 to 512. To send command output without pausing, set the number to 0 or execute the screen-length disable command.
Usage guidelines
The number of lines that can be displayed on the terminal screen is restricted by both this setting and the display specification of the terminal. For example, if this setting is 40, the device sends 40 lines to the terminal at a time. If the terminal display specification is 24 lines, only the last 24 lines are displayed on the terminal screen. To view the previous 16 lines, you must press PgUp.
To continue to display command output after a pause, press the space bar.
The setting in user line view takes effect immediately for the current session. The setting in user line class view takes effect for login sessions that are established after the setting is configured.
Examples
# Set the maximum number of lines to send at a time to 30 for the user line Console 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] screen-length 30
screen-length disable
send
Use send to send messages to online login users.
Syntax
send { all | number1 | { console | vty } number2 }
Views
User view
Predefined user roles
network-admin
Parameters
all: Specifies all user lines.
number1: Specifies the absolute number of a user line.
The following matrix shows the value ranges for the number1 argument:
|
Hardware series |
Model |
Value range |
|
WX1800H series |
WX1804H WX1810H WX1820H |
0 to 32: · WX1810H · WX1820H 0 to 33: WX1804H |
|
WX2500 series |
WX2510H WX2540H WX2560H |
0 to 32 |
|
WX3000H series |
WX3010H WX3010H-L WX3010H-X WX3024H WX3024H-L |
0 to 32 |
|
WX3500H series |
WX3508H WX3510H WX3520H WX3540H |
0 to 33 |
|
WX5500E series |
WX5510E WX5540E |
0 to 33 |
|
WX5500H series |
WX5540H WX5560H WX5580H |
0 to 35 |
|
Access controller modules |
EWPXM1MAC0F EWPXM1WCME0 EWPXM2WCMD0F LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT LSUM1WCME0 |
0 to 35: · EWPXM1WCME0 · LSUM1WCME0 0 to 39: · EWPXM1MAC0F · EWPXM2WCMD0F · LSQM1WCMX20 · LSUM1WCMX20RT · LSQM1WCMX40 · LSUM1WCMX40RT |
console number2: Specifies the relative number of a console line.
vty number2: Specifies the relative number of a VTY line. The number2 argument is in the range of 0 to 31.
Usage guidelines
To end a message, press Enter. To abort the send operation, press Ctrl+C.
You can use this command to send notifications to online users before performing an operation that might affect other online users, for example, before rebooting the device.
Examples
# Send a notification to the user on VTY 1.
<Sysname> send vty 1
Input message, end with Enter; abort with CTRL+C:
Your attention, please. I will reboot the system in 3 minutes.
Send message? [Y/N]:y
The message should appear on the user's terminal screen as follows:
[Sysname]
***
***
***Message from vty0 to vty1
***
Your attention, please. I will reboot the system in 3 minutes.
set authentication password
Use set authentication password to set a password for local password authentication.
Use undo set authentication password to delete the password.
Syntax
set authentication password { hash | simple } password
undo set authentication password
Default
No password is set for local password authentication.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
hash: Sets a hashed password.
simple: Sets a plaintext password.
password: Specifies the password string. This argument is case sensitive. If simple is specified, it must be a string of 1 to 16 characters. If hash is specified, it must be a string of 1 to 110 characters.
Usage guidelines
Only users assigned the network-admin or level-15 user role can execute this command. Other users cannot execute this command, even if they are granted the right to execute this command.
For security purposes, the password is hashed before being saved, whether you specify the hash or simple keyword.
This command is available in both user line view and user line class view. A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.
A password change does not take effect for the current session. It takes effect for subsequent login sessions.
Examples
# Set the password to hello for local password authentication on the user line Console 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] authentication-mode password
[Sysname-line-console0] set authentication password simple hello
Related commands
authentication-mode
shell
Use shell to enable the terminal service for user lines.
Use undo shell to disable the terminal service for user lines.
Syntax
shell
undo shell
Default
The terminal service is enabled on all user lines.
Views
User line view
User line class view
Predefined user roles
network-admin
Usage guidelines
The undo shell command is not supported in console line view or console line class view.
You cannot disable the terminal service on the user line you are using.
When the device acts as a Telnet or SSH server, you cannot configure the undo shell command.
If the undo shell command is configured in user line class view, you cannot configure the shell command in the view of a user line in the class.
When terminal service is enabled, a user line can be used for device login. If the device is acting as the redirect server, the user line can also be used for the redirect service. However, the user line can be used for only one purpose at a time.
Examples
# Disable the terminal service for user lines VTY 0 through VTY 4 so no user can log in to the device through the user lines.
<Sysname> system-view
[Sysname] line vty 0 4
[Sysname-line-vty0-4] undo shell
Disable ui-vty0-4 , are you sure? [Y/N]:y
[Sysname-line-vty0-4]
speed
Use speed to set the transmission rate (also called the baud rate) on a user line.
Use undo speed to restore the default.
Syntax
speed speed-value
undo speed
Default
The transmission rate on a user line is 9600 bps.
Views
User line view
Predefined user roles
network-admin
Parameters
speed-value: Specifies the transmission rate in bps. Supported transmission rates depend on the device model and configuration environment. The transmission rates for asynchronous serial interfaces might include:
· 300 bps.
· 600 bps.
· 1200 bps.
· 2400 bps.
· 4800 bps.
· 9600 bps.
· 19200 bps.
· 38400 bps.
· 57600 bps.
· 115200 bps.
Usage guidelines
This command is not supported in VTY line view.
The configuration terminal and the device must be configured with the same transmission rate to communicate.
Examples
# Set the transmission rate to 19200 bps for user line Console 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] speed 19200
stopbits
Use stopbits to specify the number of stop bits for a character.
Use undo stopbits to restore the default.
Syntax
stopbits { 1 | 1.5 | 2 }
undo stopbits
Default
One stop bit is used.
Views
User line view
Predefined user roles
network-admin
Parameters
1: Uses one stop bit.
1.5: Uses one and a half stop bits. The device does not support using one and a half stop bits. If you specify this keyword, two stop bits are used.
2: Uses two stop bits.
Usage guidelines
This command is not supported in VTY line view.
The configuration terminal and the device must be configured to use the same number of stop bits to communicate.
Examples
# Set the number of stop bits to 1 for user line Console 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] stopbits 1
telnet
Use telnet to Telnet to a host in an IPv4 network.
Syntax
telnet remote-host [ service-port ] [ source { interface interface-type interface-number | ip ip-address } ] [ dscp dscp-value ]
Views
User view
Predefined user roles
network-admin
Parameters
remote-host: Specifies the IPv4 address or host name of a remote host. A host name can be a case-insensitive string of 1 to 253 characters. Valid characters include letters, digits, hyphens (-), underscores (_), and dots (.).
service-port: Specifies the TCP port number for the Telnet service on the remote host. The value range is 0 to 65535 and the default is 23.
source: Specifies a source IPv4 address or source interface for outgoing Telnet packets. If you do not specify this option, the device uses the primary IPv4 address of the output interface for the route to the server as the source address.
interface interface-type interface-number: Specifies the source interface. The primary IPv4 address of the interface will be used as the source IPv4 address for outgoing Telnet packets.
ip ip-address: Specifies the source IPv4 address for outgoing Telnet packets.
dscp dscp-value: Specifies a DSCP value for outgoing Telnet packets. The value range is 0 to 63. The default is 48.
Usage guidelines
To terminate the current Telnet connection, press Ctrl+K or execute the quit command.
The source address or interface specified by this command is applied only to the Telnet connection that is being established.
Examples
# Telnet to host 1.1.1.2, using 1.1.1.1 as the source IP address for outgoing Telnet packets.
<Sysname> telnet 1.1.1.2 source ip 1.1.1.1
Related commands
telnet client source
telnet client source
Use telnet client source to specify a source IPv4 address or source interface for the Telnet client to use for outgoing Telnet packets.
Use undo telnet client source to delete the configuration.
Syntax
telnet client source { interface interface-type interface-number | ip ip-address }
undo telnet client source
Default
No source IPv4 address or source interface is specified. The Telnet client uses the primary IPv4 address of the output interface for the route to the server as the source IPv4 address.
Views
System view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Specifies a source interface. The primary IPv4 address of the interface will be used as the source IPv4 address for outgoing Telnet packets.
ip ip-address: Specifies a source IPv4 address.
Usage guidelines
The setting configured by this command applies to all Telnet connections but has a lower precedence than the source setting specified for the telnet command.
Examples
# Set the source IPv4 address to 1.1.1.1 for outgoing Telnet packets.
<Sysname> system-view
[Sysname] telnet client source ip 1.1.1.1
Related commands
display telnet client configuration
telnet ipv6
Use telnet ipv6 to Telnet to a host in an IPv6 network.
Syntax
telnet ipv6 remote-host [ -i interface-type interface-number ] [ port-number ] [ source { interface interface-type interface-number | ipv6 ipv6-address } ] [ dscp dscp-value ]
Views
User view
Predefined user roles
network-admin
Parameters
remote-host: Specifies the IPv6 address or host name of a remote host. A host name can be a case-insensitive string of 1 to 253 characters. Valid characters include letters, digits, hyphens (-), underscores (_), and dots (.).
-i interface-type interface-number: Specifies the interface for sending Telnet packets. This option is required when the remote host address is a link-local address. When the server address is a global unicast address, you cannot specify this option.
port-number: Specifies the TCP port number for the Telnet service on the remote host. The value range is 0 to 65535 and the default is 23.
source: Specifies a source IPv6 address or source interface for outgoing Telnet packets. If you do not specify this option, the device uses the primary IPv6 address of the output interface for the route to the server as the source address.
interface interface-type interface-number: Specifies the source interface. The primary IPv6 address of the interface will be used as the source IPv6 address for outgoing Telnet packets.
ipv6 ipv6-address: Specifies the source IPv6 address for outgoing Telnet packets.
dscp dscp-value: Specifies a DSCP value for outgoing Telnet packets. The value range is 0 to 63. The default is 48.
Usage guidelines
To terminate the current Telnet connection, press Ctrl+K or execute the quit command.
Examples
# Telnet to the host at 5000::1.
<Sysname> telnet ipv6 5000::1
# Telnet to the host at 2000::1. Use 1000::1 as the source address for outgoing Telnet packets.
<Sysname> telnet ipv6 2000::1 source ipv6 1000::1
telnet server acl
Use telnet server acl to apply an ACL to filter Telnet logins.
Use undo telnet server acl to restore the default.
Syntax
telnet server acl [ mac ] acl-number
undo telnet server acl
Default
No ACL is used to filter Telnet logins.
Views
System view
Predefined user roles
network-admin
Parameters
mac: Specifies a Layer 2 ACL. To specify an ACL of a different type, do not specify this keyword.
acl-number: Specifies an ACL by its number. If you specify the mac keyword, the value range of this argument is 4000 to 4999. If you do not specify the mac keyword, the value range of this argument is 2000 to 3999.
Usage guidelines
This command does not take effect on existing Telnet connections.
You can specify an ACL that does not exist for this command. However, this command takes effect only after you create the ACL and configure rules for the ACL.
If you execute this command multiple times, the most recent configuration takes effect.
For more information about ACL, see ACL and QoS Configuration Guide.
Examples
# Permit only the user at 1.1.1.1 to Telnet to the device.
<Sysname> system-view
[Sysname] acl basic 2001
[Sysname-acl-ipv4-basic-2001] rule permit source 1.1.1.1 0
[Sysname-acl-ipv4-basic-2001] quit
[Sysname] telnet server acl 2001
telnet server dscp
Use telnet server dscp to specify the DSCP value for IPv4 to use for outgoing Telnet packets on a Telnet server.
Use undo telnet server dscp to restore the default.
Syntax
telnet server dscp dscp-value
undo telnet server dscp
Default
IPv4 uses the DSCP value 48 for outgoing Telnet packets on a Telnet server.
Views
System view
Predefined user roles
network-admin
Parameters
dscp-value: Specifies a DSCP value in the range of 0 to 63.
Usage guidelines
The DSCP value is carried in the ToS field of an IPv4 packet to indicate the packet transmission priority.
Examples
# Set the DSCP value for IPv4 to use for outgoing Telnet packets to 30 on a Telnet server.
<Sysname> system-view
[Sysname] telnet server dscp 30
telnet server ipv6 acl
Use telnet server ipv6 acl to apply an IPv6 ACL to filter IPv6 Telnet logins.
Use undo telnet server ipv6 acl to restore the default.
Syntax
telnet server ipv6 acl { ipv6 | mac } acl-number
undo telnet server ipv6 acl
Default
No IPv6 ACL is used to filter IPv6 Telnet logins.
Views
System view
Predefined user roles
network-admin
Parameters
ipv6: Specifies an IPv6 ACL.
mac: Specifies a Layer 2 ACL. To specify an ACL of a different type, do not specify this keyword.
acl-number: Specifies an ACL by its number. If you specify the ipv6 keyword, the value range of this argument is 2000 to 3999. If you specify the mac keyword, the value range of this argument is 4000 to 4999.
Usage guidelines
This command does not take effect on existing Telnet connections.
You can specify an ACL that does not exist for this command. However, this command takes effect only after you create the ACL and configure rules for the ACL.
If you execute this command multiple times, the most recent configuration takes effect.
For more information about ACL, see ACL and QoS Configuration Guide.
Examples
# Permit only the user at 2000::1 to Telnet to the device.
<Sysname> system-view
[Sysname] acl ipv6 basic 2001
[Sysname-acl6-ipv6-basic-2001] rule permit source 2000::1 128
[Sysname-acl6-ipv6-basic-2001] quit
[Sysname] telnet server ipv6 acl ipv6 2001
telnet server ipv6 dscp
Use telnet server ipv6 dscp to specify the DSCP value for IPv6 to use for outgoing Telnet packets on a Telnet server.
Use undo telnet server ipv6 dscp to restore the default.
Syntax
telnet server ipv6 dscp dscp-value
undo telnet server ipv6 dscp
Default
IPv6 uses the DSCP value 48 for outgoing Telnet packets on a Telnet server.
Views
System view
Predefined user roles
network-admin
Parameters
dscp-value: Specifies a DSCP value in the range of 0 to 63.
Usage guidelines
The DSCP value is carried in the Traffic class field of an IPv6 packet to indicate the packet transmission priority.
Examples
# Set the DSCP value for IPv6 to use for outgoing Telnet packets to 30 on a Telnet server.
<Sysname> system-view
[Sysname] telnet server ipv6 dscp 30
telnet server enable
Use telnet server enable to enable the Telnet server.
Use undo telnet server enable to disable the Telnet server.
Syntax
telnet server enable
undo telnet server enable
Default
The Telnet server is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Users can Telnet to the device only when the Telnet server feature is enabled.
Examples
# Enable the Telnet server.
<Sysname> system-view
[Sysname] telnet server enable
telnet server ipv6 port
Use telnet server ipv6 port to specify the IPv6 Telnet service port number.
Use undo telnet server ipv6 port to restore the default.
Syntax
telnet server ipv6 port port-number
undo telnet server ipv6 port
Default
The IPv6 Telnet service port number is 23.
Views
System view
Predefined user roles
network-admin
Parameters
port-number: Specifies a port number. The value can be 23 or in the range of 1025 to 65535.
Usage guidelines
This command terminates all Telnet connections to the IPv6 Telnet server. To use the Telnet service, you must reestablish Telnet connections.
Examples
# Set the IPv6 Telnet service port number to 1026.
<Sysname> system-view
[Sysname] telnet server ipv6 port 1026
telnet server port
Use telnet server port to specify the IPv4 Telnet service port number.
Use undo telnet server port to restore the default.
Syntax
telnet server port port-number
undo telnet server port
Default
The IPv4 Telnet service port number is 23.
Views
System view
Predefined user roles
network-admin
Parameters
port-number: Specifies a port number. The value can be 23 or in the range of 1025 to 65535.
Usage guidelines
This command terminates all Telnet connections to the IPv4 Telnet server. To use the Telnet service, you must reestablish Telnet connections.
Examples
# Set the IPv4 Telnet service port number to 1025.
<Sysname> system-view
[Sysname] telnet server port 1025
terminal type
Use terminal type to specify the terminal display type.
Use undo terminal type to restore the default.
Syntax
terminal type { ansi | vt100 }
undo terminal type
Default
The terminal display type is ANSI.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
ansi: Specifies the ANSI type.
vt100: Specifies the VT100 type.
Usage guidelines
The device supports two terminal display types: ANSI and VT100. H3C recommends that you specify the VT100 type on both the device and the configuration terminal. If either side uses the ANSI type, a display problem might occur when a command line has more than 80 characters. For example, a cursor positioning error might occur.
This command is available in both user line view and user line class view. A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.
A terminal display type change does not take effect for the current session. It takes effect for subsequent login sessions.
Examples
# Set the terminal display type to VT100.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] terminal type vt100
user-interface
Use user-interface to enter one or multiple user line views.
Syntax
user-interface { first-number1 [ last-number1 ] | { console | vty } first-number2 [ last-number2 ] }
Views
System view
Predefined user roles
network-admin
Parameters
first-number1: Specifies the absolute number of the first user line.
last-number1: Specifies the absolute number of the last user line. This number cannot be smaller than first-number1.
The following matrix shows the value ranges for the first-number1 and last-number1 arguments:
|
Hardware series |
Model |
Value range |
|
WX1800H series |
WX1804H WX1810H WX1820H |
0 to 32: · WX1810H · WX1820H 0 to 33: WX1804H |
|
WX2500 series |
WX2510H WX2540H WX2560H |
0 to 32 |
|
WX3000H series |
WX3010H WX3010H-L WX3010H-X WX3024H WX3024H-L |
0 to 32 |
|
WX3500H series |
WX3508H WX3510H WX3520H WX3540H |
0 to 33 |
|
WX5500E series |
WX5510E WX5540E |
0 to 33 |
|
WX5500H series |
WX5540H WX5560H WX5580H |
0 to 35 |
|
Access controller modules |
EWPXM1MAC0F EWPXM1WCME0 EWPXM2WCMD0F LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT LSUM1WCME0 |
0 to 35: · EWPXM1WCME0 · LSUM1WCME0 0 to 39: · EWPXM1MAC0F · EWPXM2WCMD0F · LSQM1WCMX20 · LSUM1WCMX20RT · LSQM1WCMX40 · LSUM1WCMX40RT |
console first-number2: Specifies the relative number of the first console line.
vty first-number2: Specifies the relative number of the first VTY line. The value range is 0 to 31.
vty last-number2: Specifies the relative number of the last VTY user line. The value range is 0 to 31. This number cannot be smaller than first-number2.
Usage guidelines
To configure settings for a single user line, use this command to enter the user line view.
To configure the same settings for multiple user lines, use this command to enter multiple user line views.
This command is an older version reserved for backward compatibility purposes. It has the same functionality and output as the line command. H3C recommends that you use the line command.
Examples
# Enter the view of user line Console 0.
<Sysname> system-view
[Sysname] user-interface console 0
[Sysname-line-console0]
# Enter the views of user lines VTY 0 to VTY 4.
<Sysname> system-view
[Sysname] user-interface vty 0 4
[Sysname-line-vty0-4]
user-interface class
user-interface class
Use user-interface class to enter user line class view.
Syntax
user-interface class { console | vty }
Views
System view
Predefined user roles
network-admin
Parameters
console: Specifies the console line class view.
vty: Specifies the VTY line class view.
Usage guidelines
This command is an older version reserved for backward compatibility purposes. It has the same functionality and output as the line class command. H3C recommends that you use the line class command.
To configure the same settings for all user lines of a line class, you can use this command to enter the user line class view.
The following commands are available in user line class view:
· activation-key
· auto-execute command
· authentication-mode
· command accounting
· command authorization
· escape-key
· history-command max-size
· idle-timeout
· protocol inbound
· screen-length
· set authentication password
· shell
· terminal type
· user-role
For commands that are available in both user line view and user line class view, the device uses the following rules to determine the settings to be activated:
· A setting in user line view applies only to the user line. A setting in user line class view applies to all user lines of the class.
· A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.
· A setting in user line class view does not take effect for current online users. It takes effect only for new login users.
Examples
# Set the user connection timeout to 15 minutes in VTY line class view.
<Sysname> system-view
[Sysname] user-interface class vty
[Sysname-line-class-vty] idle-timeout 15
# In console line class view, configure character s as the shortcut key for starting a terminal session.
<Sysname> system-view
[Sysname] user-interface class console
[Sysname-line-class-console] activation-key s
[Sysname-line-class-console] quit
# In console line view, restore the default shortcut key for starting a terminal session.
[Sysname] user-interface console 0
[Sysname-line-console0] undo activation-key
Alternatively, you can use the following command:
[Sysname-line-console0] activation-key 13
To verify the configuration:
1. Exit the console session.
[Sysname-line-console0] return
<Sysname> quit
2. Log in again through the console line.
The following message appears:
Press ENTER to get started.
3. Press Enter.
Pressing Enter does not start a session.
4. Enter s.
A terminal session is started.
<Sysname>
Related commands
user-interface
user-role
Use user-role to assign a user role to a user line. The device assigns the user role to a user of the line when the user logs in.
Use undo user-role to remove a user role or restore the default.
Syntax
user-role role-name
undo user-role [ role-name ]
Default
A console line user is assigned the network-admin user role. Users of other user lines are assigned the network-operator user role.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters. The user role can be user-defined or predefined (network-admin, network-operator, or level-0 to level-15). If you do not specify this argument, the undo user-role command restores the default user role.
Usage guidelines
Only users assigned the network-admin or level-15 user role can execute this command. Other users cannot execute this command, even if they are granted the right to execute this command.
This command is available in both user line view and user line class view. A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.
A user role change does not take effect for the current session. It takes effect for subsequent login sessions.
You can assign up to 64 user roles to a user line.
The security-audit and guest-manager user roles are not available in user line view or user line class view. You cannot use this command to assign the user roles.
For more information about user roles, see RBAC in Fundamentals Configuration Guide.
Examples
# Assign user role network-admin to user line Console 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] user-role network-admin
web captcha
Use web captcha to specify a fixed verification code for Web login.
Use undo web captcha to restore the default.
Syntax
web captcha verification-code
undo web captcha
Default
No fixed verification code is configured for Web login. A Web user must enter the verification code displayed on the login page.
Views
User view
Predefined user roles
network-admin
Parameters
verification-code: Specifies the fixed verification code, a case-sensitive 4-character string.
Usage guidelines
In test environments where a script is used for Web function tests, you can configure a fixed verification code to improve test efficiency.
For Web access security purposes, do not use this feature in production environments.
If you configure the web captcha command multiple times, the most recent configuration takes effect.
This command is not saved to the configuration file and will not take effect after a reboot.
Examples
# Set the fixed verification code to test for Web login.
<Sysname> web captcha test
web https-authorization mode
Use web https-authorization mode to set the authentication mode for HTTPS login.
Use undo web https-authorization mode to restore the default.
Syntax
web https-authorization mode { auto | manual }
undo web https-authorization mode
Default
Manual authentication mode is used for HTTPS login.
Views
System view
Predefined user roles
network-admin
Parameters
auto: Uses the PKI certificate of an HTTPS client to authenticate the client automatically.
manual: Sends the login page to the HTTPS client, and uses the username and password entered on the page to authenticate the client.
Usage guidelines
In auto authentication mode, the device uses the PKI certificate of an HTTPS client to authenticate the client automatically.
· If the certificate is valid, the value of the CN field is used as the username for AAA authentication.
¡ If the authentication succeeds, the Web interface appears on the client.
¡ If the authentication fails, the login page appears on the client. The user can log in to the Web interface after entering the correct username and password.
· If the certificate is invalid (for example, expired), the device closes the HTTPS connection.
Examples
# Set the HTTPS login authentication mode to auto.
<Sysname> system-view
[Sysname] web https-authorization mode auto
web idle-timeout
Use web idle-timeout to set the Web connection idle timeout timer.
Use undo web idle-timeout to restore the default.
Syntax
web idle-timeout idle-time
undo web idle-timeout
Default
The Web connection idle timeout timer is 10 minutes.
Views
System view
Predefined user roles
network-admin
Parameters
idle-time: Specifies the Web connection idle timeout timer in minutes. The value range is 1 to 999.
Usage guidelines
The system automatically terminates a user connection if no mouse or keyboard operation occurs within the idle timeout interval.
This command takes effect immediately for current Web connections.
Examples
# Set the Web connection idle timeout timer to 100 minutes.
<Sysname> system-view
[Sysname] web idle-timeout 100
webui log
Use webui log enable to enable Web operation logging.
Use undo webui log enable to restore the default.
Syntax
webui log enable
undo webui log enable
Default
Web operation logging is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
When Web operation logging is enabled, the device generates logs for important Web operations, for example, system time change. The device outputs logs as indicated by information center settings.
Web operations that can trigger Web operation logging depend on the device model.
Web operation logs include the following information:
· Module name WEB.
· Mnemonic prefix WEBOPT_.
· Web client IP address.
· Web user's username.
The following is a sample log message:
%Mar 25 14:32:38:802 2013 H3C WEB/6/WEBOPT_SET_TIME: -HostIP=192.168.100.235-User=Admin; Set the system date and time to 2013-05-27T10:00:00.
Examples
# Enable Web operation logging.
<Sysname> system-view
[Sysname] webui log enable
