No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CX11x, CX31x, CX710 (Earlier Than V6.03), and CX91x Series Switch Modules V100R001C10 Configuration Guide 12

The documents describe the configuration of various services supported by the CX11x&CX31x&CX91x series switch modules The description covers configuration examples and function configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Logging In to the Device

Logging In to the Device

A user can log in to the device through a console port, Telnet, or STelnet. After login, the user can perform common operations to manage and maintain the device.

Logging In to the Device Through a Console Port

Pre-configuration Tasks

Before logging in to the device through a console port, complete the following tasks:

  • Preparing the console cable
  • Installing the terminal emulation software on the PC
    NOTE:

    You can use the built-in terminal emulation software on the PC. If no built-in terminal emulation software is available, use the third-party terminal emulation software. For details, see the software user guide or online help.

Default Configuration
Table 1-26 Default configuration of the device console port

Parameter

Default Setting

Transmission rate

115200 bit/s

Flow control mode

None

Parity bit

None

Stop bit

1

Data bit

8

Procedure

  1. Use the terminal simulation software to log in to the device through a console port.
    1. Insert the DB9 connector of the console cable delivered with the product to the 9-pin serial port on the PC, and insert the RJ45 connector to the console port of the device.

    2. Start the terminal simulation software on the PC. Establish a connection, and set the connected port and communication parameters.

      NOTE:

      A PC may have multiple connection ports; therefore, the port connected through the console cable is selected in this example. Generally, COM1 is selected.

      If the serial port communication parameters of the device are modified, modify the communication parameters on the PC accordingly (ensure that the parameter values are the same) and re-establish the connection.

    3. Press Enter until the system prompts you to enter the password. (The system will prompt you to enter the user name and password in AAA authentication. The following information is only for reference.)

      Login authentication
      
      
      Password:

      You can run commands to configure the device. Enter a question mark (?) whenever you need help.

Checking the Configuration
  • Run the display users [ all ] command to check the user log information on the user interface.
  • Run the display user-interface console 0 command to check the user interface information.
  • Run the display aaa local-user command to check the local user attributes.
  • Run the display aaa access-user command to check the online user information.

Logging In to the Device Through Telnet

Pre-configuration Tasks

Before logging in to the device through Telnet, complete the following task:

  • Configuring routes between a terminal and the device
Configuration Process
NOTE:

The Telnet protocol poses a security risk, and therefore the STelnet V2 mode is recommended.

Table 1-27 describes the tasks in the configuration process for login through Telnet.

Table 1-27 Tasks in the configuration process for login through Telnet

No.

Task

Description

Remarks

1

Configuring the Telnet server functions and parameters

Enable Telnet server functions and configure the server parameters.

Tasks 1, 2, and 3 can be performed in any sequence.

2

Configuring the Telnet user login interface

Configure the user level, authentication mode, call-in and call-out permission, and other basic attributes for the VTY user interface.

3

Configuring a local Telnet user (AAA authentication mode)

Configure the user name and password when the AAA authentication mode is used.

4

Logging in to the device through Telnet from a terminal

Use the Telnet client software to log in to the device from a terminal.

-

Default Configuration
Table 1-28 Default settings of the parameters for logging in to the device through Telnet

Parameter

Default Setting

Telnet service

Enabled

Disabled

Telnet server port number

23

VTY user interface authentication mode

no authentication mode is configured

NOTE:

The authentication mode must be configured for logging in to the user interface. Otherwise, users cannot log in to the device.

Protocol supported by the VTY user interface

Telnet protocol

User level

The default command access level for the VTY user interface is 0

Procedure

  • Configuring the Telnet server functions and parameters

    Before connecting to the device through Telnet from a user terminal, make sure that the Telnet service is enabled on the device.

    Table 1-29 Configuring the Telnet server functions and parameters

    Operation

    Command

    Description

    Enter the system view.

    system-view

    -

    Enable the Telnet service.

    undo telnet [ ipv6 ] server disable

    Upon factory delivery, the Telnet server is disabled.

    (Optional) Configuring the listening port of the Telnet server

    telnet ipv6 server port port-number

    The default listening port number is 23.

    After the listening port number of the Telnet server is changed, attackers do not know the new listening port number. This effectively prevents attackers from accessing the listening port.

    (Optional) Configure an ACL.

    telnet server acl [ ipv6 ] { acl-number | acl-name }

    By default, no ACL is configured for the Telnet server.

    An ACL is configured to determine which clients can log in to the current device through Telnet.

    (Optional) Configuring the source IP address of the Telnet server

    telnet server-source -i loopback interface-number

    By default, the source interface of a Telnet server is not specified.

    NOTE:

    Before specifying the source interface of the Telnet server, ensure that the loopback interface to be specified as the source interface has been created. If the loopback interface is not created, the telnet server-source command cannot be correctly executed.

    Commit the configuration.

    commit

    -

  • Configuring the Telnet user login interface

    Configure the user level, call-in and call-out permission, and other basic attributes for the VTY user interface.

    Table 1-30 Configuring the Telnet user login interface

    Operation

    Command

    Description

    Enter the system view.

    system-view

    -

    Enter the VTY user interface view.

    user-interface vty first-ui-number [ last-ui-number ]

    -

    Configure the user level for the user interface.

    user privilege level level

    The default user level for the VTY user interface is 0.

    To run the commands of a higher level, configure a higher user level.

    If the user level configured for the user interface conflicts with the user's operation permission, the user permission takes precedence.

    Configure the user authentication mode.

    authentication-mode { password | aaa }

    The password and AAA authentication modes are supported. Configure either authentication mode as required.

    For details on the password authentication mode, see Configuring a user authentication mode for the VTY user interface. The AAA authentication mode is recommended.

    Configure the VTY user interface to support the Telnet protocol.

    protocol inbound { all | telnet }

    By default, the VTY user interface supports the SSH protocol.

    If the VTY user interface does not support the Telnet protocol, you cannot log in to the device through Telnet.

    (Optional) Configure restrictions on ACL-based logins on the user interface.

    For details, see (Optional) Configuring Restrictions on ACL-based Logins on the VTY User Interface.

    By default, login permissions are not restricted.

    Configure this action to prevent a user with a certain address or address segment from logging in to the device or prevent a user who has logged in to the device from logging in to another device.

    (Optional) Configure other attributes of the user interface.

    For details, see Configuring the Maximum Number of VTY User Interfaces and Configuring Terminal Attributes for the VTY User Interface.

    Use the default settings for other attributes of the VTY user interface. You can configure attributes based on the usage requirements.

    Commit the configuration.

    commit

    -

  • Configuring a local Telnet user (AAA authentication mode)

    Configure the administrator's user name and password to ensure that only the administrator can log in to the device.

    Table 1-31 Configuring a local Telnet user (AAA authentication mode)

    Operation

    Command

    Description

    Enter the system view.

    system-view

    -

    Enter the AAA view.

    aaa

    -

    Configure the local user name and password.

    local-user user-name password irreversible-cipher irreversible-cipher-password

    -

    Configure the service type for the local user.

    local-user user-name service-type telnet

    -

    Configure the level for the local user.

    local-user user-name level level

    After login, a user can only run the commands at levels equal to or lower than the user level, which ensures the device security.

    If the user level configured for the user interface conflicts with the user's operation permission, the user permission takes precedence.

    Commit the configuration.

    commit

    -

  • Logging in to the device through Telnet from a terminal

    You can use Windows command line prompts or third-party software to log in to the device through Telnet from a terminal. Windows command line prompts are used as an example.

    Perform the following operations on the terminal:

    1. Access the command line window.

    2. Run the telnet ip-address port command to log in to the device through Telnet.

      C:\Documents and Settings\Administrator> telnet 10.137.217.177 1025
    3. Press Enter and enter the password and the user name configured for the AAA authentication mode in the login window. If authentication is successful, the command-line prompt of the user view is displayed and you have successfully logged in to the device. (The following information is only for reference.)

      Username:admin1234
      Password:
      Info: The max number of VTY users is 8, the number of current VTY users online is 1, and total number of terminal users online is 1.
            The current login time is 2012-08-04 19:49:11.
            First login successfully.
      <Telnet Server>

Checking the Configuration
  • Run the display users [ all ] command to check the connections on the user interface.
  • Run the display tcp status command to check all TCP connections.
  • Run the display telnet server status command to check the current connections of the Telnet server.

Logging In to the Device Through STelnet

Pre-configuration Tasks

Before logging in to the device through STelnet, complete the following tasks:

  • Configuring routes between a terminal and the device
  • Installing the SSH client software on the terminal
Configuration Process
NOTE:

The STelnet V1 protocol poses a security risk, and therefore the STelnet V2 mode is recommended.

Table 1-32 describes the tasks in the configuration process for login through STelnet.

Table 1-32 Tasks in the configuration process for login through STelnet

No.

Task

Description

Remarks

1

Configuring the STelnet server functions and parameters

Generate the local server key pair, enable the STelnet server function, and set the server parameters including the listening port, key pair updating interval, and SSH authentication timeout interval and retries.

Tasks 1, 2, and 3 can be performed in any sequence.

2

Configuring the SSH user login interface

Configure the user level, authentication mode, whether to support the SSH protocol, and other basic attributes for the VTY user interface.

3

Configuring an SSH user

Configure the SSH user name, password, authentication mode, and service type.

4

Logging in to the device through STelnet

Use the SSH client software to log in to the device from a terminal.

-

Default Configuration
Table 1-33 Default settings of the parameters for logging in to the device through STelnet

Parameter

Default Setting

STelnet service

Disabled

SSH server port number

22

Interval for updating the SSH server key pair

0 hours, indicating that the key pair is never updated

Timeout interval for SSH authentication

60 seconds

Maximum number of SSH authentication retries

3

SSH server's compatibility with earlier versions

Disabled

VTY user interface authentication mode

No authentication mode

NOTE:

The authentication mode must be configured for logging in to the user interface. Otherwise, users cannot log in to the device.

Protocol supported by the VTY user interface

Telnet protocol

SSH user authentication mode

No authentication mode supported

SSH user service type

No service type supported

Whether the SSH server assigns a public key to a user

No public key assigned

User level

The default command access level for the VTY user interface is 0

Procedure

  • Configuring the STelnet server functions and parameters

    Table 1-34 Configuring the STelnet server functions and parameters

    Operation

    Command

    Description

    Enter the system view.

    system-view

    -

    Generate a local key pair.

    Method 1:

    Run the rsa local-key-pair create, dsa local-key-pair create, or ecc local-key-pair create command to generate a local RSA, DSA, or ECC key pair.

    Method 2:
    1. Run the rsa key-pair label label-name [ modulus modulus-bits ], dsa key-pair label label-name [ modulus modulus-bits ], or ecc key-pair label label-name [ modulus modulus-bits ] command to generate an RSA, a DSA, or a ECC key pair with a specific label name.

    2. Run the ssh server assign { rsa-host-key | rsa-server-key | dsa-host-key | ecc-host-key } label-name command to assign the generated RSA host key, RSA server key, DSA host key, or ECC host key to the SSH server.
    NOTE:

    The device can generate a maximum of 20 key pairs in method 2. You can use different key pairs in different periods to ensure a higher communication security. The maximum number of key pairs the device can generate is specified by the rsa key-pair maximum, dsa key-pair maximum, and ecc key-pair maximum command.

    In method 1:

    After the key pair is generated, you can run the display rsa local-key-pair public, display dsa local-key-pair public, or display ecc local-key-pair public command to view the public key in the local RSA, DSA, or ECC key pair.

    In method 2:

    After the key pair is generated, you can run the display rsa key-pair [ brief | label label-name ], display dsa key-pair [ brief | label label-name ], or display ecc key-pair [ brief | label label-name ] command to view the RSA, DSA, or ECC key pair with a specific label.
    NOTE:

    A longer key pair provides higher security. The key pair of the maximum length is recommended.

    Enable the STelnet service.

    stelnet server enable

    By default, the STelnet service is disabled.

    After you disable the STelnet service on the SSH server, all clients that have logged in through STelnet are disconnected.

    (Optional) Set the listening port of the SSH server.

    ssh server port port-number

    The default listening port number is 22.

    If a new listening port number is set, the SSH server terminates all established STelnet connections, and uses the new port number to listen on new requests for Stelnet connections. This prevents attackers from accessing the standard SSH service port and ensures security.

    (Optional) Set the interval for updating a key pair.

    ssh server rekey-interval hours

    The default interval for updating the SSH server key pair is 0, indicating that the key pair is never updated.

    The server key pair is automatically updated at the configured interval, which ensures security.

    (Optional) Set the SSH authentication timeout interval.

    ssh server timeout seconds

    The default timeout interval for SSH authentication is 60 seconds.

    If you have not logged in successfully within the timeout interval for SSH authentication, the current connection is terminated to ensure security.

    (Optional) Set the number of SSH authentication retries.

    ssh server authentication-retries times

    The default number of SSH authentication retries is 3.

    The number of SSH authentication retries is set to prevent access from unauthorized users.

    (Optional) Enable the compatibility with SSH protocols of earlier versions.

    ssh server compatible-ssh1x enable

    By default, the server's compatibility with earlier versions is disabled.

    (Optional) Configure an ACL.

    ssh [ ipv6 ] server acl { acl-number | acl-name }

    By default, no ACL is configured for the SSH server.

    An ACL is configured to determine which clients can log in to the current device through SSH.

    (Optional) Enable the keepalive function on the SSH server.

    undo ssh server keepalive disable

    By default, the keepalive function is enabled on the SSH server.

    After the keepalive function is enabled on the SSH server, the server responds to keepalive packets received from the SSH client. If the keepalive function is disabled on the SSH server, the server will disconnect from the SSH client when there is no data exchange, which causes server resource waste due to reconnections.

    (Optional) Configure the source IP address of the SSH server.

    ssh server-source -i loopback interface-number

    By default, the source interface of an SSH server is not specified.

    NOTE:

    Before specifying the source interface of the SSH server, ensure that the loopback interface to be specified as the source interface has been created. If the loopback interface is not created, the ssh server-source command cannot be correctly executed.

    Commit the configuration.

    commit

    -

    NOTE:
    • When the local RSA key pair is generated, two key pairs (a server key pair and a host key pair) are generated at the same time. Each key pair contains a public key and a private key. The length of the two key pairs ranges from 512 bits to 2048 bits. The default length is 2048 bits.
    • When the local DSA key pair is generated, only the host key pair is generated. The length of the host key pair can be 512, 1024, or 2048 bits. The default length is 2048 bits.
    • When the local ECC key pair is generated, only the host key pair is generated. The length of the host key pair can be 256, 384, or 521 bits. The default length is 521 bits.

  • Configuring the SSH user login interface

    Configure the VTY user interface for login to support the SSH protocol before logging in to the device through SSH.

    Table 1-35 Configuring the SSH user login interface

    Operation

    Command

    Description

    Enter the system view.

    system-view

    -

    Enter the VTY user interface view.

    user-interface vty first-ui-number [ last-ui-number ]

    -

    Configure the AAA authentication mode for the VTY user interface.

    authentication-mode aaa

    By default, no authentication mode is used on the VTY user interface.

    To configure the VTY user interface to support SSH, configure the AAA authentication mode for the VTY user interface. If the AAA authentication mode is not set, the protocol inbound ssh command does not take effect.

    Configure the VTY user interface to support the SSH protocol.

    protocol inbound { all | ssh }

    By default, the VTY user interface supports the SSH protocol.

    (Optional) Configure other attributes of the VTY user interface.

    For details, see Configuring VTY User Interfaces.

    Other user interface attributes include the maximum number of user interfaces, terminal attributes, and user level. These attributes have default values, and you do not need to set them. You can configure attributes based on the usage requirements.

    Commit the configuration.

    commit

    -

  • Configuring SSH user information

    Configure SSH user information including the authentication mode. Authentication modes including RSA, password, password-rsa, DSA, password-dsa, ECC, password-ecc, and all are supported.
    • The password-rsa authentication mode consists of the password and RSA authentication modes.
    • The password-dsa authentication mode consists of the password and DSA authentication modes.
    • The password-ecc authentication mode consists of the password and ECC authentication modes.
    • The all authentication mode indicates that SSH users only need to authenticated by DSA, ECC, password, or RSA.
    Table 1-36 Configuring SSH user information

    Operation

    Command

    Description

    Enter the system view.

    system-view

    -

    Create an SSH user.

    ssh user user-name

    -

    Configure an authentication mode for the SSH user.

    ssh user user-name authentication-type { password | rsa | password-rsa | all | dsa | password-dsa | ecc | password-ecc }

    If SSH users are not created using the ssh user command, directly run the ssh authentication-type default password command to configure the default password authentication mode for users. This mode simplifies the configurations if a large number of users exist, because you need to configure only AAA users.

    Configure the SSH user service type.

    ssh user user-name service-type { stelnet | all }

    By default, no service type is configured for an SSH user.

    Commit the configuration.

    commit

    -

    NOTE:
    • The password authentication mode is implemented based on the AAA. To log in to the device in the password-dsa, password-ecc, password, or password-rsa authentication mode, create a local user with the same user name in the AAA view.
    • If the SSH user uses the password authentication mode, only the SSH server needs to generate the RSA, DSA, or ECC key. If the SSH user uses the RSA, DSA, or ECC authentication mode, both the SSH server and client need to generate the RSA, DSA, or ECC key and save and configure the public key of the peer end locally.
    Perform any of the following configurations according to authentication mode you select:
    • To configure password authentication for the SSH user, see Table 1-37.

    • To configure RSA , DSA, or ECC authentication for the SSH user, see Table 1-38.

    • To configure password-rsa , password-dsa, or password-ecc authentication for the SSH user, configure an AAA user and set the RSA , DSA, or ECC public key. See Table 1-37 and Table 1-38.

    Table 1-37 Configuring password, password-dsa, password-ecc, or password-rsa authentication for the SSH user

    Operation

    Command

    Description

    Enter the system view.

    system-view

    -

    Enter the AAA view.

    aaa

    -

    Configure the local user name and password.

    local-user user-name password irreversible-cipher irreversible-cipher-password

    -

    Configure the service type for the local user.

    local-user user-name service-type ssh

    -

    Configure the level for the local user.

    local-user user-name level level

    -

    Return to the system view.

    quit

    -

    Commit the configuration.

    commit

    -

    Table 1-38 Configuring DSA, ECC, RSA, password-dsa, password-ecc, or password-rsa authentication for the SSH user

    Operation

    Command

    Description

    Enter the system view.

    system-view

    -

    Display the RSA, DSA, or ECC public key view.

    rsa peer-public-key key-name [ encoding-type { der | openssh | pem } ]

    or

    dsa peer-public-key key-name encoding-type { der | openssh | pem }

    or

    ecc peer-public-key key-name

    -

    Display the public key editing view.

    public-key-code begin

    -

    Edit the public key.

    hex-data

    • The public key must be a hexadecimal character string in the public key encoding format, and generated by the client software that supports SSH. For detailed operations, see the SSH client software help.
    • You must enter the RSA, DSA, or ECC public key on the device that works as the SSH server.

    Exit the public key editing view.

    public-key-code end

    • If no key public code hex-data is entered, the public key cannot be generated after you run this command.
    • If the specified key key-name has been deleted in another view, the system displays a message indicating that the key does not exist and returns to the system view directly when you run this command.

    Return to the system view from the public key view.

    peer-public-key end

    -

    Assign an RSA, DSA, or ECC public key to an SSH user.

    ssh user user-name assign { rsa-key | dsa-key | ecc-key } key-name

    -

    Commit the configuration.

    commit

    -

  • Logging in to the device through STelnet

    Use the SSH client software to log in to the device through STelnet from a terminal. The third-party software PuTTY is used as an example here.

    # Use the PuTTY software to log in to the device, enter the device IP address, and select the SSH protocol type.
    Figure 1-11 PuTTY Configuration page - password authentication mode

    # Click Open. Enter the user name and password at the prompt, and press Enter. You have logged in to the SSH server. (The following information is only for reference.)

    login as: client001
    Sent username "client001"
    client001@10.137.217.203's password:
     Warning: The initial password poses security risks. The password needs to be changed. Change now? [Y/N]:n
    Info: The max number of VTY users is 21, the number of current VTY users online is 2, and total number of terminal users online is 2.
          The current login time is 2012-08-04 20:09:11+00:00.
          First login successfully.
    <SSH Server>

Checking the Configuration
  • Run the display ssh user-information [ username ] command to check information about an SSH user on the SSH server. If no SSH user is specified, this command displays information about all SSH users on the SSH server.
  • Run the display ssh server status command to check the global SSH server configuration.
  • Run the display ssh server session command to check the sessions connected to the SSH client on the SSH server.

Logging In to the Device Through SOL

Pre-configuration Tasks

Before logging in to the device through SOL, complete the following tasks:

  • The MM910 is powered on.
  • IP address of the MM910 to be connected.
  • User name and password for logging in to the MM910 to be connected.
  • PuTTY.exe is free software. You can download it from the Internet. The PuTTY used to log in over a serial port must be 0.60 or later.
Default Configuration
Table 1-39 Default configuration of the MM910

Parameter

Default Setting

Transmission rate

115200 bit/s

Flow control mode

None

Parity bit

None

Stop bit

1

Data bit

8

Procedure

  1. Connect the Ethernet port on the PC to the MGMT ports on the active and standby MM910 over the local area network (LAN).

    • If the MGMT port on the active MM910 is already connected with a network cable, do not remove the network cable from the MGMT port. Otherwise, an active/standby switchover of the MM910s will be triggered, which may cause network interruption.
    • If you want to connect your local PC directly to the MM910 using a network cable but the MGMT port on the active MM910 is already connected with a network cable, connect the network cable from the local PC to the STACK port of the active MM910 in the chassis. If the STACK port on the active MM910 is also used, connect the network cable to an idle STACK port on an active MM910 in a chassis cascaded with the E9000 chassis.

  2. Set an IP address and a subnet mask or add route information for the PC, and ensure that the PC can properly communicate with the MM910.
  3. Open an SSH connection tool and enter the floating IP address of the MM910 to visit the MM910 CLI.
    1. Double-click PuTTY.exe.

      The PuTTY Configuration window is displayed, as shown in Figure 1-12.

      Figure 1-12 PuTTY Configuration window

    2. Set login parameters.

      The following describes the parameters:
      • Host Name (or IP address): Enter the IP address of the server to be logged in to. For example, 191.100.34.32.
      • Port: Retain the default value 22.
      • Connection type: Retain the default value SSH.
      • Close window on exit: Retain the default value Only on clean exit.
      NOTE:

      Configure Host Name and Saved Sessions, and click Save. In the future use, double-click the saved record in Saved Sessions to log in to the server.

    3. Click Open.

      The PuTTY window and login as: are displayed, waiting you to enter a user name.

      NOTE:
      • If you log in to the target server for the first time, the PuTTY Security Alert window is displayed. If you trust this site, click Yes. Then the PuTTY window is displayed.
      • If the entered user name is incorrect during server login, the PuTTY must be connected to again.

    4. Enter a user name and password by following instructions.

      After login, the server host name is displayed on the left of the prompt.

  4. Log in to the CLI of a switching plane over MM910 SOL.
    1. Log in to the SOL CLI.

      telnet 0 1101

      The command output is as follows:

      *=====================================================================*
      *             Welcome to SMM SOL Server                               *
      *     Please log in with SMM account and password.                    *
      *=====================================================================*
      
      
      user name:

    2. Enter the user name and password.

      The CLI for selecting a slot is displayed.

      Log in Success!
      
      *===========================================================================================================
            please input the SOL Blade1~Blade16(1 ~ 16), Blade1A~Blade16A(17 ~ 32), Swi1~Swi4(33 ~ 36) and COM#(n)
            press Ctrl+R to return
      *===========================================================================================================
      
      
      Blade1~Blade16(1 ~ 16)
      Blade1A~Blade16A(17 ~ 32)
      Swi1~Swi4(33 ~ 36)
      Please input your choice:
      The sequence numbers in the preceding information are described as follows:
      • 1-32 indicate the compute nodes in slots 1 to 32 respectively.
      • 33-36 indicate the switch modules in slots 1E, 2X, 3X, and 4E respectively.

    3. Enter the slot number of the switch module to be connected, and press Enter.

      • The secreen for selecting the serial port is displayed.

        If you enter the slot number of a switch module, the following serial ports are displayed:

        1 BMCcom
        2 fabriccom
        3 basecom
        4 FCcom
        
        COM#(1 ~ 4):
        
      • If an SOL connection has been connected through the serial port, a message will be displayed asking you whether to forcibly disconnect the existing SOL connection.
        • Press Y to forcibly disconnect the existing SOL connection.
        • Press N to not disconnect the existing SOL connection. The system stays at the current screen.

    4. Enter the number of a serial port to be connected, and press Enter.

      • The serial port CLI is displayed. On this CLI, you can perform operations such as configuring the serial port and querying parameters of the serial port.
      • If another user has logged in to the serial port, a message will be displayed asking you whether to forcibly log out the user.
        • Press Y to forcibly log out the user.
        • Press N to not forcibly log out the user. The system stays at the current screen.
      NOTE:
      • Only one serial port connection can be set up at a time. Exit the SOL interface after the operation.
      • You can press Ctrl+R to return to the CLI for selecting a slot in the chassis, as shown in 4.b. And you can press ctrl+r twice to log out of the SOL CLI.

Checking the Configuration
  • Run the display users [ all ] command to check the user log information on the user interface.
  • Run the display user-interface console 0 command to check the user interface information.
  • Run the display aaa local-user command to check the local user attributes.
  • Run the display aaa access-user command to check the online user information.

Common Operations After Login

After logging in to the device, you can configure services and functions on the device and and set login user information.

  • Displaying online users

    After login, you can check the information about online users.

    • Run the display users [ all ] command to check the online user information.

  • Releasing an online user

    To disconnect a login user from the device, you can release the user.

    • Run the kill user-interface { ui-number | ui-type ui-number1 } command to release the online user.

    You can run the display users command to check the login user information on the current devices.

  • Locking the user configuration permission

    When multiple users log in to the system to perform configuration, the configurations may conflict. To avoid service exceptions, you can lock the user configuration permission to ensure that only one user can perform configuration at the same time.

    1. Run the configuration exclusive command to assign the configuration permission to the current user.

      After you lock the user configuration permission, the user who is assigned the permission can have the exclusive configuration permission.

      NOTE:
      • This command applies to all views.

      • You can run the display configuration exclusive user command to check the users for whom the configuration permission has been locked.

      • If the configuration permission has been locked, a message is displayed when you attempt to lock the permission set again.

    2. Run the system-view command to display the system view.

    3. (Optional) Run the configuration exclusive timeout timeout-value command to set the unlocking interval.

      This command specifies the maximum interval for locking the configuration permission when no configuration command is issued. After the specified period, the system automatically unlocks the configuration permission and other users can perform configuration.

      The default locking interval is 30 seconds.

    4. Run the commit command to commit the configuration.

  • Locking a user interface

    When you leave the operation terminal temporarily, you can lock the user interface to prevent unauthorized users from logging in to the terminal.

    1. Run the lock command to lock the user interface.
    2. Enter the lock password and confirm password.
      <HUAWEI> lock
      Enter Password:
      Confirm Password:
      Info: The terminal is locked.

      After you run the lock command, the system prompts you to enter the lock password and confirm password. If the two passwords are the same, the current interface is locked successfully.

      To unlock the user interface, you must press Enter and enter the correct login password as prompted.

Translation
Download
Updated: 2019-08-09

Document ID: EDOC1000041694

Views: 59619

Downloads: 3623

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next