Configuring the Console User Interface
Before logging in to the device using the console user interface to maintain the device locally, a user can configure the attributes of the user interface to ensure device security.
Pre-configuration Tasks
Before configuring a console user interface, complete the following tasks:
- Logging in to the device using a terminal
NOTE: To log in to the device through the console interface to maintain the device locally, configure the console user interface including the physical attributes, terminal attributes, user level, and user authentication mode. Users can set these parameters based on the site requirements or retain the default values.
Configuring the Physical Attributes of the Console User Interface
Context
The physical attributes of the console user interface include the transmission rate, flow control mode, parity bit, stop bit, and data bit of the console interface. To log in to the device using the console interface, ensure that the attributes of the HyperTerminal are consistent with the physical attributes of the device.
Procedure
- Run:
system-viewThe system view is displayed.
- Run:
user-interface console interface-number
The console user interface view is displayed.
- Run:
speed speed-value
The transmission rate is set.
By default, the transmission rate is 115200 bit/s.
- Run:
flow-control { hardware | none | software }
The flow control mode is set.
By default, the flow control mode is None.
- Run:
parity { even | mark | none | odd | space }
The parity bit is set.
By default, the parity bit is None.
- Run:
stopbits { 1.5 | 1 | 2 }
The stop bit is set.
By default, the stop bit is 1.
- Run:
databits { 5 | 6 | 7 | 8 }
The data bit is set.
By default, the data bit is 8.
- Run:
commitThe configuration is committed.
Configuring Terminal Attributes on the Console User Interface
Context
Users can configure terminal attributes including the timeout disconnection function, number of lines or columns on the terminal screen, and size of the history command buffer on the console user interface.
Procedure
- Run:
system-viewThe system view is displayed.
- Run:
user-interface console interface-number
The console user interface view is displayed.
- Run:
idle-timeout minutes [ seconds ]
The timeout disconnection function is set.
If no operation is performed on the device before the end of the timeout period, the terminal disconnects from the device automatically.
By default, the timeout duration is 10 minutes.![]()
NOTE: If the idle timeout interval is set to 0 or a large value, the terminal will remain in the login state, resulting in security risks. You are advised to run the lockcommand to lock the current connection.
- Run:
screen-length screen-length [ temporary ]
The number of lines displayed on the terminal screen is set.
The temporary parameter specifies the temporary number of lines displayed on the terminal screen.
The default number of lines displayed on the terminal screen is 24.
- Run:
screen-width screen-width
The number of columns displayed on the terminal screen is set.
The default number of columns displayed on the terminal screen is 80. Each character is a column.
- Run:
history-command max-size size-value
The history command buffer is set.
By default, the history command buffer can store up to 10 commands.
- Run:
commitThe configuration is committed.
Configuring the User Level on the Console User Interface
Context
- Users can be configured with different user levels to control the device access permission, improving device security.
- There are 16 user levels numbered from 0 to 15, in ascending order of priorities.
- User levels map command levels. A user can only run commands at the same or lower level.
Procedure
- Run:
system-viewThe system view is displayed.
- Run:
user-interface console interface-number
The console user interface view is displayed.
- Run:
user privilege level level
The user level is set.
Table 1-23 describes the mapping between user levels and command levels.
Table 1-23 Mapping between user levels and command levelsUser Level
Command Level
Permission
Description
0
0
Visit
Commands at this level are network diagnosis commands, such as ping and tracert commands, and commands used to access remote devices such as Telnet clients.
1
0 and 1
Monitoring
Commands at this level are system maintenance commands such as display commands.
NOTE:Some display commands are not at this level. For example, the display current-configuration and display saved-configuration commands are at level 3. For details about command levels, see the CX11x&CX31x&CX91x Series Switch Modules Command Reference.
2
0, 1, and 2
Configuration
Commands at this level are used for service configuration. These commands include routing commands and commands at each network layer to provide network services to users.
3-15
0, 1, 2, and 3
Management
Commands at these levels are system basic operation commands that support services, including file system, FTP, TFTP, user management commands, command level configuration commands, and debugging commands.
![]()
NOTE: By default, users that log in to the device using the console interface can run commands at level 15.
If the command access level configured in the user interface view and user priority are inconsistent, user priority takes precedence.
- Run:
commitThe configuration is committed.
Configuring the User Authentication Mode on the Console User Interface
Context
The system provides AAA and password authentication modes to ensure device security.
The console user interface provides AAA authentication, password authentication, and non-authentication for login users. The non-authentication mode allows users to log in from the control port without authentication and cannot ensure system security. It is recommended that AAA or password authentication be used to enhance system security.
Procedure
- Configuring AAA authentication
- Configuring password authentication
- Run:
set authentication password [ cipher password ]
The authentication password is configured. You can enter a password in plain text or cipher text.
You can run the set authentication password [ cipher password ] command to change the user interface authentication password configured by the authentication-mode password command.
![]()
NOTE: The password can be in plain text or cipher text. When the cipher password parameter is not specified, enter the plain text password in interactive mode. When the cipher password parameter is specified, enter either plain or cipher password. No matter which type of password you enter, the password is saved in the configuration file in cipher text.
The method of entering passwords in plain text has security risks. The interaction method is recommended.
- Run:
- Configuring non-authentication
Checking the Configurations
Context
After configurations for the console user interface are complete, run the commands to check the configurations.
Procedure
- Run the display users [ all ] command to view user information for the user interface.
- Run the display user-interface console ui-number [ summary ] command to view the information about the user interface.
- Run the display aaa local-user command to view the local user list.
- Run the display aaa access-user command to view online users.
Previous
