HP A-MSR Router Series Fundamentals. Command Reference. Abstract

Transcription

1 HP A-MSR Router Series Fundamentals Command Reference Abstract This document describes the commands and command syntax options available for the HP A Series products. This document is intended for network planners, field technical support and servicing engineers, and network administrators who work with HP A Series products. Part number: Software version: CMW520-R2207P02 Document version: 6PW

2 Legal and notice information Copyright 2011 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

3 Contents CLI configuration commands 1 command-alias enable 1 command-alias mapping 1 command-privilege level 2 display clipboard 3 display command-alias 4 display history-command 4 display hotkey 5 hotkey 6 quit 7 return 8 screen-length disable 8 super 9 super authentication-mode 9 super password 10 system-view 11 Login management commands 13 acl (user interface view) 13 activation-key 14 auto-execute command 16 authentication-mode 17 command accounting 18 command authorization 19 databits 19 display ip http 20 display ip https 21 display telnet client configuration 22 display user-interface 23 display users 25 escape-key 26 flow-control 28 free user-interface 29 history-command max-size 30 idle-timeout 30 ip http acl 31 ip http enable 32 ip http port 33 ip https acl 34 ip https certificate access-control-policy 35 ip https enable 35 ip https port 36 ip https ssl-server-policy 37 lock 37 parity 38 protocol inbound 39 redirect disconnect 39 redirect enable 40 redirect listen-port 41 redirect refuse-negotiation 41 redirect refuse-teltransfer 42 iii

4 redirect return-deal from-telnet 43 redirect return-deal from-terminal 43 redirect timeout 44 screen-length 45 send 45 set authentication password 47 shell 48 speed (user interface view) 49 stopbit-error intolerance 49 stopbits 50 telnet 51 telnet client source 52 telnet ipv6 52 telnet server enable 53 terminal type 53 user privilege level 54 user-interface 55 Device management commands 57 card-mode 57 clock datetime 58 clock summer-time one-off 59 clock summer-time repeating 59 clock timezone 61 configure-user count 61 copyright-info enable 62 display clock 63 display configure-user 64 display cpu-usage 65 display cpu-usage history 67 display device 69 display device manuinfo 71 display diagnostic-information 72 display environment 73 display fan 74 display job 75 display memory 76 display power 77 display reboot-type 77 display rps 78 display schedule job 79 display schedule reboot 80 display system-failure 80 display transceiver 81 display transceiver alarm 82 display transceiver diagnosis 86 display transceiver manuinfo 87 display version 88 header 88 job 90 nms monitor-interface 91 reboot 92 reset unused porttag 92 schedule job 93 schedule reboot at 94 schedule reboot delay 95 iv

5 shutdown-interval 96 sysname 97 system-failure 98 temperature-limit 98 time at 99 time delay 101 view 102 Configuration file management commands 104 archive configuration 104 archive configuration interval 104 archive configuration location 105 archive configuration max 106 backup startup-configuration 107 configuration encrypt 107 configuration replace file 108 display archive configuration 109 display current-configuration 110 display saved-configuration 112 display startup 114 display this 114 reset saved-configuration 116 restore startup-configuration 116 save 117 startup saved-configuration 119 File management commands 120 cd 120 copy 121 delete 121 dir 122 display nandflash file-location 124 display nandflash badblock-location 125 display nandflash page-data 126 execute 127 file prompt 128 fixdisk 128 format 129 mkdir 129 more 130 mount 131 move 132 pwd 132 rename 133 reset recycle-bin 133 rmdir 135 umount 136 undelete 136 FTP configuration commands 138 FTP server configuration commands 138 display ftp-server 138 display ftp-user 139 free ftp user 140 ftp server acl 140 ftp server enable 141 ftp timeout 141 v

6 ftp update 142 FTP client configuration commands 143 ascii 143 binary 143 bye 144 cd 145 cdup 145 close 146 debugging 147 delete 148 dir 149 disconnect 150 display ftp client configuration 150 ftp 151 ftp client source 152 ftp ipv6 153 get 154 lcd 155 ls 155 mkdir 156 open 157 open ipv6 158 passive 159 put 159 pwd 160 quit 160 remotehelp 161 rmdir 163 user 163 verbose 164 TFTP configuration commands 166 TFTP client configuration commands 166 display tftp client configuration 166 tftp-server acl 166 tftp 167 tftp client source 168 tftp ipv6 169 License management commands 171 display license 171 license register 172 Software upgrade commands 173 boot-loader 173 bootrom 173 display boot-loader 176 display patch 177 display patch information 177 patch active 178 patch deactive 179 patch delete 180 patch install 180 patch load 182 patch location 182 patch run 183 vi

7 Support and other resources 185 Contacting HP 185 Subscription service 185 Related information 185 Documents 185 Websites 185 Conventions 186 Index 188 vii

8 CLI configuration commands command-alias enable Use command-alias enable to enable the command keyword alias function. Use undo command-alias enable to disable the command keyword alias function. By default, the command keyword alias function is disabled. Disabling the command keyword alias function does not delete the configured aliases, but the aliases do not take effect anymore. command-alias enable undo command-alias enable System view 2: System level None # Enable the command keyword alias function. [Sysname] command-alias enable # Disable the command keyword alias function. [Sysname] undo command-alias enable command-alias mapping Use command-alias mapping to configure a command keyword alias. Use undo command-alias mapping to delete a command keyword alias. By default, a command keyword has no alias. Command keyword aliases take effect only after enabling the command keyword alias function. command-alias mapping cmdkey alias undo command-alias mapping cmdkey 1

9 System view 2: System level cmdkey: Complete form of the first keyword of a command. alias: Alias for the keyword, which must be different from the first keyword of any command. # Define show as the alias of the display keyword. [Sysname] command-alias mapping display show After you configure the alias, you can enter show instead of display to execute a display command. For example, you can enter show clock to execute the display clock command to view the system time and date. # Delete the alias show. [Sysname] undo command-alias mapping display command-privilege level Use command-privilege to assign a level for the specified command in the specified view. Use undo command-privilege view to restore the default. By default, each command in a view has a specified level. Command levels include four privileges: visit (0), monitor (1), system (2), and manage (3). You can assign a privilege level according to the user s need. When logging in to the switch, the user can access the assigned level and all levels below it. Level changes can cause maintenance, operation, and security problems. HP recommends using the default command level or modifying the command level under the guidance of professional staff. The command specified in the command-privilege command must be complete, and has valid arguments. For example, the default level of the tftp server-address { get put sget } sourcefilename [ destination-filename ] [ source { interface interface-type interface-number ip source-ipaddress } ] command is 3. After the command-privilege level 0 view shell tftp put a.cfg command is executed, when users with the user privilege level of 0 log in to the switch, they can execute the tftp server-address put source-filename command (such as the tftp put syslog.txt command), but cannot execute the command with the get, sget or source keyword, and cannot specify the destination-filename argument. The command specified in the undo command-privilege view command can be incomplete. For example, after the undo command-privilege view system ftp command is executed, all commands starting with the keyword ftp (such as ftp server acl, ftp server enable, and ftp timeout) are restored to their default level. If you modified the level of commands ftp server enable and ftp timeout, and you want to restore only ftp server enable to its default level, use undo command-privilege view system ftp server. 2

10 If you modify the command level of a command in a specified view from the default command level to a lower level, you must modify the command levels of quit and the corresponding command used to enter this view. For example, the default command level of commands interface and system-view is 2 (system level). If you want to make the interface command available to the level 1 users, you must execute the following three commands: command-privilege level 1 view shell system-view, command-privilege level 1 view system interface GigabitEthernet 3/0/1, and command-privilege level 1 view system quit. Then, the level 1 users can enter system view, execute the interface ethernet command, and return to user view. command-privilege level level view view command undo command-privilege view view command System view level level: Command level, which ranges from 0 to 3. view view: Specifies a view. command: Command to be set in the specified view. # Set the command level of the interface command to 0 in system view. [Sysname] command-privilege level 0 view system interface display clipboard Use display clipboard to view the contents of the clipboard. To copy the specified content to the clipboard: Move the cursor to the starting position of the content and press the <Esc+Shift+,> combination. Move the cursor to the ending position of the content and press the <Esc+Shift+.> combination. display clipboard [ { begin exclude include } regular-expression ] Any view 1: Monitor level : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line matching the specified regular expression and all following lines. 3

11 exclude: Displays all lines not matching the specified regular expression. include: Displays all lines matching the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # the content of the clipboard. <Sysname> display clipboard CLIPBOARD display current-configuration display command-alias Use display command-alias to display defined command keyword aliases and the corresponding keywords. display command-alias [ { begin exclude include } regular-expression ] Any view 1: Monitor level : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line matching the specified regular expression and all following lines. exclude: Displays all lines not matching the specified regular expression. include: Displays all lines matching the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the defined command keyword aliases and the keywords. <Sysname> display command-alias Command alias is enabled index alias command key 1 show display display history-command Use display history-command to display commands saved in the history command buffer. By default, the system saves the last 10 executed commands in the history command buffer. To set the size of the history command buffer, use history-command max-size. 4

12 display history-command [ { begin exclude include } regular-expression ] Any view 1: Monitor level : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line matching the specified regular expression and all following lines. exclude: Displays all lines not matching the specified regular expression. include: Displays all lines matching the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display history commands in current user view. <Sysname> display history-command display history-command system-view vlan 2 quit display hotkey Use display hotkey to display hotkey information. display hotkey [ { begin exclude include } regular-expression ] Any view 1: Monitor level : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line matching the specified regular expression and all following lines. exclude: Displays all lines not matching the specified regular expression. include: Displays all lines matching the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display hotkey information. 5

13 <Sysname> display hotkey HOTKEY =Defined hotkeys= Hotkeys Command CTRL_G display current-configuration CTRL_L display ip routing-table CTRL_O undo debug all =Undefined hotkeys= Hotkeys Command CTRL_T NULL CTRL_U NULL hotkey =System hotkeys= Hotkeys Function CTRL_A Move the cursor to the beginning of the current line. CTRL_B Move the cursor one character left. CTRL_C Stop current command function. CTRL_D Erase current character. CTRL_E Move the cursor to the end of the current line. CTRL_F Move the cursor one character right. CTRL_H Erase the character left of the cursor. CTRL_K Kill outgoing connection. CTRL_N Display the next command from the history buffer. CTRL_P Display the previous command from the history buffer. CTRL_R Redisplay the current line. CTRL_V Paste text from the clipboard. CTRL_W Delete the word left of the cursor. CTRL_X Delete all characters up to the cursor. CTRL_Y Delete all characters after the cursor. CTRL_Z Return to the User. CTRL_] Kill incoming connection or redirect connection. ESC_B Move the cursor one word back. ESC_D Delete remainder of word. ESC_F Move the cursor forward one word. ESC_N Move the cursor down a line. ESC_P Move the cursor up a line. ESC_< Specify the beginning of clipboard. ESC_> Specify the end of clipboard. Use hotkey to associate a hot key to a command. Use undo hotkey to restore the default. By default, Ctrl+G, Ctrl+L, and Ctrl+O have these corresponding commands: Ctrl+G corresponds to display current-configuration. 6

14 Ctrl+L corresponds to display ip routing-table. Ctrl+O corresponds to undo debugging all. You can modify the associations as needed. hotkey { CTRL_G CTRL_L CTRL_O CTRL_T CTRL_U } command undo hotkey { CTRL_G CTRL_L CTRL_O CTRL_T CTRL_U } System view 2: System level CTRL_G: Associates hot key Ctrl+G to the specified command. CTRL_L: Associates hot key Ctrl+L to the specified command. CTRL_O: Associates hot key Ctrl+O to the specified command. CTRL_T: Associates hot key Ctrl+T to the specified command. CTRL_U: Associates hot key Ctrl+U to the specified command. command: The command line associated with the hot key. # Associate the hot key Ctrl+T to the display tcp status command. [Sysname] hotkey ctrl_t display tcp status quit Use quit command to return to a lower-level view. In user view, quit terminates the connection and reconnects to the switch. quit Any view 0: Visit level (in user view) 2: System level (in other views) None # Switch from GigabitEthernet 3/0/18 interface view to system view, and then to user view. [Sysname-GigabitEthernet3/0/18] quit 7

15 return [Sysname] quit <Sysname> Use return to return to user view from any other view in one operation, instead of using quit repeatedly. Pressing Ctrl+Z has the same effect. Related commands: quit. return Any view except user view 2: System level None # Return to user view from GigabitEthernet 3/0/18 interface view. [Sysname-GigabitEthernet3/0/18] return <Sysname> screen-length disable Use screen-length disable to disable pausing between screens of output for the current session. Use undo screen-length disable to enable pausing between screens of output for the current session. By default, a login user uses the settings of screen-length. The default settings of screen-length are: pausing between screens of output is enabled and 24 lines are displayed on a screen. When you log out, the settings restore to their default values. screen-length disable undo screen-length disable User view 1: Monitor level None 8

16 super # Disable pausing between screens of output for the current session. <Sysname> screen-length disable Use super to switch from the current user privilege level to a specified user privilege level. If a level is not specified, the command switches the user privilege level to 3. Command levels include four privileges: visit (0), monitor (1), system (2), and manage (3). You can assign a privilege level according to the user s need. When logging in to the switch, the user can access the assigned level and all levels below it. Related commands: super password. super [ level ] User view 0: Visit level level: User level, which ranges from 0 to 3 and defaults to 3. # Switch to user privilege level 2 (The current user privilege level is 3.). <Sysname> super 2 User privilege level is 2, and only those commands can be used whose level is equal or less than this. Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE # Switch the user privilege level back to 3 (switching password 123 has been set. If no password is set, the user privilege level cannot be switched to 3.). <Sysname> super 3 Password: User privilege level is 3, and only those commands can be used whose level is equal or less than this. Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE super authentication-mode Use super authentication-mode to set the authentication mode for user privilege level switching. Use undo super authentication-mode to restore the default. By default, the authentication mode for the user privilege level switching is local. Related commands: super password. 9

17 super authentication-mode { local scheme } * undo super authentication-mode System view 2: System level local: Authenticates a user by using the local password set with the super password command. When no password is set with the super password command, two results can occur: The privilege level switching succeeds if the user is logged in through the console port, or the AUX port used as the console port. The switch fails if the user logs in through any of the AUX, TTY, or VTY user interfaces or enters an incorrect switch password. scheme: AAA authentication. For more information about AAA, see Security Configuration Guide. local scheme: First local and then scheme, which means to authenticate a user by using the local password first. If no password is set for the user logged in through the console port, the privilege level switching succeeds. If no password is set for the user logged in through any of the AUX, TTY, or VTY user interfaces, the AAA authentication is performed. scheme local: First scheme and then local, which means AAA authentication is performed first. If the AAA configuration is invalid (the domain parameters or authentication scheme are not configured) or the server does not respond, the local password authentication is performed. # Set the authentication mode for the user privilege level switching to local. [Sysname] super authentication-mode local # Set the authentication mode for the user privilege level switching to scheme local. [Sysname] super authentication-mode scheme local super password Use super password to set the password used to switch from the current user privilege level to a higher one. Use undo super password to restore the default. By default, no password is set for switching to a higher privilege level. Use the simple keyword to set a simple-text password. Use the cipher keyword to set a cipher-text password. HP recommends a cipher-text password, because a simple-text password easily gets cracked. During authentication, you must enter a simple-text password regardless of the password type you set. 10

18 super password [ level user-level ] { simple cipher } password undo super password [ level user-level ] System view 2: System level level user-level: User privilege level, which ranges from 1 to 3 and defaults to 3. simple: Plain text password. cipher: Cipher text password. password: Password, a case-sensitive string of characters. A simple password is a string of 1 to 16 characters. A cipher password is a string of 1 to 16 characters in plain text or 24 characters in cipher text. For example, the simple text corresponds to the cipher text (TT8F]Y\5SQ=^Q`MAF4<1!!. # Set simple-text password abc for switching to user privilege level 3. [Sysname] super password level 3 simple abc Display the configured password for level switching. [Sysname] display current-configuration # super password level 3 simple abc # Set cipher-text password abc for switching to user privilege level 3. [Sysname] super password level 3 cipher abc Display the configured password for level switching. [Sysname] display current-configuration include super # system-view super password level 3 cipher ;)<01%^&;YGQ=^Q`MAF4<1!! Use system-view to enter system view from the current user view. Related commands: quit, return. system-view User view 11

19 2: System level None # Enter system view from the current user view. System : return to User with Ctrl+Z. [Sysname] 12

20 Login management commands acl (user interface view) Use acl to reference ACLs to control access to the VTY user interface. Use undo acl to cancel the ACL application. For more information about ACL, see ACL and QoS Command Reference. By default, access to the VTY user interface is not restricted. If no ACL is referenced in VTY user interface view, the VTY user interface has no access control over establishing a Telnet or SSH connection. If an ACL is referenced in VTY user interface view, the connection is permitted to be established only when packets for establishing a Telnet or SSH connection match a permit statement in the ACL. The system regards the basic/advanced ACL with the inbound keyword, the basic/advanced ACL with the outbound keyword, WLAN ACL, and Ethernet frame header ACL as four different types of ACLs, which can coexist in one VTY user interface. The match order is WLAN ACL, basic/advanced ACL, Ethernet frame header ACL. At most, one ACL of each type can be referenced in the same VTY user interface, and the last configured one takes effect. The MPU-G2 on the A-MSR50 does not support WLAN ACL. To use a basic or advanced ACL: acl [ ipv6 ] acl-number { inbound outbound } undo acl [ ipv6 ] acl-number { inbound outbound } To use a WLAN or Ethernet frame header ACL: acl acl-number inbound undo acl acl-number inbound VTY user interface view 2: System level ipv6: When this keyword is present, the command supports IPv6; otherwise, it supports IPv4. acl-number: Number of the ACL, which takes the following values: WLAN ACL: 100 to 199 Basic ACL: 2000 to 2999 Advanced ACL: 3000 to 3999 Ethernet frame header ACL: 4000 to

21 inbound: Restricts Telnet or SSH connections established in the inbound direction through the VTY user interface. If the received packets for establishing a Telnet or SSH connection are permitted by an ACL rule, the connection is allowed to be established. When the device functions as a Telnet server or SSH server, this keyword is used to control access of Telnet clients or SSH clients. outbound: Restricts Telnet connections established in the outbound direction through the VTY user interface. If the packets sent for establishing a Telnet connection are permitted by an ACL rule, the connection is allowed to be established. When the device functions as a Telnet client, this keyword is used to define Telnet servers accessible to the client. # Allow only the user with the IP address of to access the device through Telnet or SSH. [Sysname] acl number 2001 [Sysname-acl-basic-2001] rule permit source [Sysname-acl-basic-2001] quit [Sysname] user-interface vty 0 [Sysname-ui-vty0] acl 2001 inbound After your configuration, user A (with IP address ) can telnet to the device while user B (with IP address ) cannot telnet to the device. Upon a connection failure, a message appears, saying "%connection closed by remote host!" # Allow the device to only telnet to the Telnet server with IP address [Sysname] acl number 3001 [Sysname-acl-adv-3001] rule permit tcp destination [Sysname-acl-adv-3001] quit [Sysname] user-interface vty 0 4 [Sysname-ui-vty0-4] acl 3001 outbound [Sysname-ui-vty0-4] return <Sysname> After your configuration, if you telnet to , your operation fails. <Sysname> telnet %Can't access the host from this terminal! But you can telnet to <Sysname> telnet Trying Press CTRL+K to abort Connected to # Allow only the WLAN client with the SSID of Admin to access the device through VTY 0. [Sysname] acl number 100 [Sysname-acl-wlan-100] rule permit ssid Admin [Sysname-acl-wlan-100] quit [Sysname] user-interface vty 0 [Sysname-ui-vty0] acl 100 inbound activation-key 14

22 Use activation-key to define a shortcut key for starting a terminal session. Use undo activation-key to restore the default. By default, pressing the Enter key starts a terminal session. However, if a new shortcut key is defined with the activation-key command, the Enter key no longer functions. To display the shortcut key you have defined, use display current-configuration. The activation-key command is not supported by the VTY user interface. activation-key character undo activation-key User interface view character: Shortcut key for starting a terminal session, a single character (or its corresponding ASCII code value that ranges from 0 to 127) or a string of 1 to 3 characters. However, only the first character functions as the shortcut key. For example, if you enter an ASCII code value of 97, the system uses its corresponding character a as the shortcut key. If you enter string b@c, the system uses the first character b as the shortcut key. # Configure character s as the shortcut key for starting a terminal session on the console port. [Sysname] user-interface console 0 [Sysname-ui-console0] activation-key s # Verify the configuration. 1. Exit the terminal session on the console port. [Sysname-ui-console0] return <Sysname> quit 2. Log in to the console port again. The following message appears: ****************************************************************************** * Copyright (c) Hewlett-Packard Development Company, L.P. * * Without the owner's prior written consent, * * no decompiling or reverse-engineering shall be allowed. * ****************************************************************************** User interface con0 is available. Please press ENTER. 15

23 3. Press Enter. Pressing Enter does not start a session. 4. Enter s. A terminal session is started. <Sysname> %Mar 2 18:40:27: Sysname SHELL/5/LOGIN: Console login from con0 auto-execute command CAUTION: The auto-execute command command may disable you from configuring the system through the user interface to which the command is applied. Before configuring the command and saving the configuration (by using the save command), ensure you can access the device through VTY, TTY, console, or AUX interfaces to remove the configuration when a problem occurs. Use auto-execute command to specify a command to be automatically executed when a user logs in to the current user interface. Use undo auto-execute command to remove the configuration. By default, command auto-execution is disabled. The auto-execute command command is not supported by the console port, or the AUX port when the device has only one AUX port and no console port. The system automatically executes the specified command when a user logs in to the user interface, and tears down the user connection after the command is executed. If the command triggers another task, the system does not tear down the user connection until the task is completed. Typically, you can use auto-execute command telnet in user interface view to enable a user to automatically telnet to the specified host when the user logs in to the device. After the user terminates the connection with the host, the user s connection with the device is automatically terminated. auto-execute command command undo auto-execute command User interface view command: Specifies a command to be automatically executed. # Configure the device to automatically telnet to after a user logs in to interface VTY 0. 16

24 [Sysname] user-interface vty 0 [Sysname -ui-vty0] auto-execute command telnet % This action will lead to configuration failure through ui-vty0. Are you sure? [Y/N]:y [Sysname-ui-vty0] To verify the configuration: Telnet to The device automatically telnets to The following output is displayed: C:\> telnet ****************************************************************************** * Copyright (c) Hewlett-Packard Development Company, L.P. * * Without the owner's prior written consent, * * no decompiling or reverse-engineering shall be allowed. * ****************************************************************************** <Sysname> Trying Press CTRL+K to abort Connected to ****************************************************************************** * Copyright (c) Hewlett-Packard Development Company, L.P. * * Without the owner's prior written consent, * * no decompiling or reverse-engineering shall be allowed. * ****************************************************************************** <Sysname.41> This operation is the same as directly logging in to the device at If the telnet connection to is broken down, the telnet connection to breaks down at the same time. authentication-mode Use authentication-mode to set the authentication mode for the user interface. Use undo authentication-mode to restore the default. By default, the authentication mode for VTY and AUX user interfaces is password, and for console and TTY user interfaces is none. Related commands: set authentication password. authentication-mode { none password scheme } undo authentication-mode User interface view 17

25 none: Performs no authentication. password: Performs local password authentication. scheme: Performs AAA authentication. For more information about AAA, see Security Configuration Guide. # Specify that no authentication is needed for VTY 0. (This mode is insecure.) [Sysname] user-interface vty 0 [Sysname-ui-vty0] authentication-mode none # Use password authentication when users log in to the device through VTY 0, and set the authentication password to 321. [Sysname] user-interface vty 0 [Sysname-ui-vty0] authentication-mode password [Sysname-ui-vty0] set authentication password cipher 321 # Authenticate users by username and password for VTY 0. Set the username to 123 and the password to 321. [Sysname] user-interface vty 0 [Sysname-ui-vty0] authentication-mode scheme [Sysname-ui-vty0] quit [Sysname] local-user 123 [Sysname-luser-123] password cipher 321 [Sysname-luser-123] service-type telnet [Sysname-luser-123] authorization-attribute level 3 command accounting Use command accounting to enable command accounting. Use undo command accounting to restore the default. By default, command accounting is disabled. The accounting server does not record the commands that users have executed. When command accounting is enabled and command authorization is not, every executed command is recorded on the HWTACACS server. When both command accounting and command authorization are enabled, only the authorized and executed commands are recorded on the HWTACACS server. command accounting undo command accounting User interface view 18

26 None # Enable command accounting on VTY 0. Then the HWTACACS server records the commands executed by users logged in through VTY 0. [Sysname] user-interface vty 0 [Sysname-ui-vty0] command accounting command authorization Use command authorization to enable command authorization. Use undo command authorization to restore the default. By default, command authorization is disabled. Logged-in users can execute commands without authorization. With command authorization enabled, users can perform only commands authorized by the server. command authorization undo command authorization User interface view None databits # Enable command accounting for VTY 0 so users logging in from VTY 0 can perform only the commands authorized by the HWTACACS server. [Sysname] user-interface vty 0 [Sysname-ui-vty0] command authorization Use databits to set data bits for each character. Use undo databits to restore the default. By default, 8 data bits are set for each character. 19

27 This command is only applicable to asynchronous serial interfaces (including AUX and console ports). The data bits setting must be the same for the user interfaces of the connecting ports on the device and the terminal device for communication. databits { } undo databits User interface view 2: System level 5: Sets 5 data bits for each character. 6: Sets 6 data bits for each character. 7: Sets 7 data bits for each character. 8: Sets 8 data bits for each character. # Specify 5 data bits for each character. [Sysname] user-interface aux 0 [Sysname-ui-aux0] databits 5 display ip http Use display ip http to display HTTP information. display ip http [ { begin exclude include } regular-expression ] Any view 1: Monitor level : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line matching the specified regular expression and all following lines. exclude: Displays all lines not matching the specified regular expression. include: Displays all lines matching the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. 20

28 # Display information about HTTP. <Sysname> display ip http HTTP port: 80 WLAN ACL: 100 Basic ACL: 2222 Current connection: 0 Operation status: Running Table 1 Command output Field HTTP port WLAN ACL Basic ACL Current connection Operation status Port number used by the HTTP service WLAN ACL associated with the HTTP service Basic ACL number associated with the HTTP service Number of current connections Operation status, which takes the following values: Running the HTTP service is enabled Stopped the HTTP service is disabled display ip https Use display ip https to display information about HTTPS. display ip https [ { begin exclude include } regular-expression ] Any view 1: Monitor level : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line matching the specified regular expression and all following lines. exclude: Displays all lines not matching the specified regular expression. include: Displays all lines matching the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display information about HTTPS. <Sysname> display ip https 21

29 HTTPS port: 443 SSL server policy: test Certificate access-control-policy: WLAN ACL: 100 Basic ACL: 2222 Current connection: 0 Operation status: Running Table 2 Command output Field HTTPS port SSL server policy Certificate access-control-policy WLAN ACL Basic ACL Current connection Operation status Port number used by the HTTPS service The SSL server policy associated with the HTTPS service The certificate attribute access control policy associated with the HTTPS service WLAN ACL number associated with the HTTPS service The basic ACL number associated with the HTTPS service Number of current connections Operation status, which takes the following values: Running the HTTPS service is enabled Stopped the HTTPS service is disabled display telnet client configuration Use display telnet client configuration to display the configuration of the device when it serves as a telnet client. display telnet client configuration [ { begin exclude include } regular-expression ] Any view 1: Monitor level : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line matching the specified regular expression and all following lines. exclude: Displays all lines not matching the specified regular expression. 22

30 include: Displays all lines matching the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the configuration of the device when it serves as a telnet client. <Sysname> display telnet client configuration The source IP address is The output shows that when the device serves as a client, the source IPv4 address for sending telnet packets is display user-interface Use display user-interface to display information about the specified or all user interfaces. If the summary keyword is not included, the command displays the type of the user interface, the absolute or relative number, the transmission rate, the user privilege level, the authentication mode, and the access port. If the summary keyword is included, the command displays all user interface numbers and types. display user-interface [ num1 { aux console tty vty } num2 ] [ summary ] [ { begin exclude include } regular-expression ] Any view 1: Monitor level num1: Absolute number of a user interface, which typically starts from 0. aux: Specifies the AUX user interface. console: Specifies the console user interface. tty: Specifies the TTY user interface. vty: Specifies the VTY user interfaces. num2: Relative number of a user interface. summary: Displays summary about user interfaces. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line matching the specified regular expression and all following lines. exclude: Displays all lines not matching the specified regular expression. include: Displays all lines matching the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. 23

31 # Display information about user interface 0. <Sysname> display user-interface 0 Idx Type Tx/Rx Modem Privi Auth Int + 0 CON N - + : Current user-interface is active. F : Current user-interface is active and work in async mode. Idx : Absolute index of user-interface. Type : Type and relative index of user-interface. Privi: The privilege of user-interface. Auth : The authentication mode of user-interface. Int : The physical location of UIs. A : Authentication use AAA. L : Authentication use local database. N : Current UI need not authentication. P : Authentication use current UI's password. Table 3 Command output Field + The current user interface is active. F Idx Type Tx/Rx Modem Privi The current user interface is active and works in asynchronous mode. Absolute number of the user interface. Type and relative number of the user interface. Transmission/receive rate of the user interface. Whether the modem is allowed to dial in (in), dial out (out), or both (inout). By default, the character - is displayed to indicate that this function is disabled. Indicates the command level of a user under that user interface. Auth Authentication mode for the users, such as A, P, L, and N. Int A L N P The physical port that corresponds to the user interface. (The detailed port information is available for TTY user interfaces. For user interfaces of console ports, AUX ports, and VTY interfaces, - is displayed.) AAA authentication. Local authentication (not supported). No authentication. Password authentication. # Display summary about all user interfaces. <Sysname> display user-interface summary User interface type : [CON] 0:X User interface type : [TTY] 1:XXXX XXXX XXXX XXXX 17:XXXX XXXX XXXX XXXX 24

32 33:XXXX XXXX XXXX XXXX 49:XXXX XXXX XXXX XXXX 65:XXXX XXXX XXXX XXXX User interface type : [AUX] 81:X User interface type : [VTY] 82:XUXU U 3 character mode users. (U) 83 UI never used. (X) 3 total UI in use Table 4 Command output Field User interface type 0:X Type of user interface (CON/TTY/AUX/VTY). 0 represents the absolute number of the user interface. X means this user interface is not used; U means this user interface is in use. For example, 9:UXXX X shows the absolute number of the first user interface is 9, and the user interface is in use. User interfaces 10, 11, 12, and 13 are not in use. character mode users. (U) Number of users, or, the total number of character U. UI never used. total UI in use (X) Number of user interfaces not used, or the total number of character X. Total number of user interfaces in use. display users Use display users to display information about the user interfaces being used. Use display users all to display information about all user interfaces supported by the device. display users [ all ] [ { begin exclude include } regular-expression ] Any view 1: Monitor level all: Displays information about all user interfaces the device supports. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line matching the specified regular expression and all following lines. exclude: Displays all lines not matching the specified regular expression. 25

33 include: Displays all lines matching the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display information about the user interfaces being used. <Sysname> display users The user application information of the user interface(s): Idx UI Delay Type Userlevel VTY 0 00:00:00 TEL VTY 1 00:02:34 TEL 3 Following are more details. VTY 0 : VTY 1 : Location: Location: : Current operation user. F : Current operation user work in async mode. The output shows two users have logged in to the device. The one with IP address uses VTY 0, and the other with IP address uses VTY 1. Table 5 Command output Field Idx UI Delay Type Userlevel Absolute number of the user interface. Relative number of the user interface. For example, with VTY, the first column represents user interface type, and the second column represents the relative number of the user interface. Time elapsed since the user's last input, in the format of hh:mm:ss. User type, such as Telnet, SSH, or PAD. User level: 0 for visit, 1 for monitor, 2 for system, and 3 for manage. + Current user. Location F IP address of the user. The current user works in asynchronous mode. escape-key Use escape-key to define a shortcut key for terminating a task. Use undo escape-key to disable the shortcut key for terminating tasks. By default, a task is terminated by pressing Ctrl+C. After defining a new shortcut key by using the escape-key command, the new shortcut key is used to terminate a task. To display the shortcut key you have defined, use display current-configuration. 26

34 If you set the character argument in a user interface of a device, when you use the user interface to log in to the device and then telnet to another device, the character argument can be used as a control character to terminate a task rather than used as a common character. For example, if you specify character e in VTY 0 user interface of Device A, when you log in to Device A by using VTY 0 from a PC (Hyper Terminal), you can enter e as a common character on the PC, and you can also use e to terminate the task running on Device A. If you telnet to Device B from Device A, you can only use e to terminate the task running on Device B, rather than use e as a common character, so specify character as a key combination. escape-key { default character } undo escape-key User interface view character: Specifies the shortcut key for terminating a task, a single character (or its corresponding ASCII code value in the range of 0 to 127) or a string of 1 to 3 characters. Only the first character of a string functions as the shortcut key. For example, if you enter an ASCII code value of 113, the system uses its corresponding character q as the shortcut key. If you enter the string q@c, the system uses the first character q as the shortcut key. default: Restores the default escape key combination of Ctrl+C. # Define key a as the shortcut key for terminating a task. [Sysname] user-interface console 0 [Sysname-ui-console0] escape-key a To verify the configuration: # Ping the IP address of and use the -c keyword to specify the number of ICMP echo packets to be sent as 20. <Sysname> ping -c PING : 56 data bytes, press a to break Reply from : bytes=56 Sequence=1 ttl=255 time=3 ms Reply from : bytes=56 Sequence=2 ttl=255 time=3 ms # Enter a. The task terminates immediately and the system returns to system view ping statistics packet(s) transmitted 2 packet(s) received 0.00% packet loss round-trip min/avg/max = 3/3/3 ms <Sysname> 27

35 flow-control Use flow-control to configure the flow control mode. Use undo flow-control to restore the default. By default, an independent AUX port performs hardware flow control, and an AUX/console port or independent console port does not perform any flow control. A flow control mode takes effect on both inbound and outbound directions. In inbound flow control, the local device listens to the remote device for flow control information, while in the outbound flow control, the local device sends flow control information to the remote device. Two ends must be configured with the same flow control mode. To set the same flow control mode for the inbound and outbound directions, use flow-control { hardware software none }. To set different flow control modes for the inbound and outbound directions, use flow-control hardware flow-control-type1 [ software flow-control-type2 ] or flow-control software flow-controltype1 [ hardware flow-control-type2 ]. If a direction is not specified, flow control is disabled in that direction. For example, flow-control hardware in automatically disables flow control in the outbound direction. The flow control mode setting on one end in the inbound/outbound direction must be the same as in the outbound/inbound direction on the other end. The command is only applicable to asynchronous serial interfaces (including AUX and console ports). flow-control { hardware none software } flow-control hardware flow-control-type1 [ software flow-control-type2 ] flow-control software flow-control-type1 [ hardware flow-control-type2 ] undo flow-control User interface view 2: System level hardware: Performs hardware flow control. none: Disables flow control. software: Performs software flow control. flow-control-type1, flow-control-type2: Sets the direction of flow control, in or out. If in is specified, the local device receives flow information from the remote device. If out is specified, the local device sends flow control information to the remote device. # Configure software flow control in the inbound and outbound directions for port console 0. 28

36 [Sysname] user-interface console 0 [Sysname-ui-console0] flow-control software # Configure hardware flow control in the inbound direction and disable flow control in the outbound direction for port console 0. [Sysname] user-interface console 0 [Sysname-ui-console0] flow-control hardware in # Configure hardware flow control in the inbound direction and software flow control in the outbound direction for port console 0. [Sysname] user-interface console 0 [Sysname-ui-console0] flow-control hardware in software out free user-interface Use free user-interface to release the connections established on the specified user interface. This command cannot release the connection you are using. free user-interface { num1 { aux console tty vty } num2 } User view num1: Absolute number of a user interface. The value range varies with devices and typically starts from 0. aux: Specifies the AUX user interface. console: Specifies the console user interface. tty: Specifies the TTY user interface. vty: Specifies the VTY user interfaces. num2: Relative number of a user interface. # Display the connection established on user interface VTY 1. <Sysname> display users The user application information of the user interface(s): Idx UI Delay Type Userlevel + 82 VTY 0 00:00:00 TEL 3 83 VTY 1 00:00:03 TEL 3 Following are more details. VTY 0 : Location: