No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Basic Configuration

S7700 and S9700 V200R010C00

This document describes methods to use command line interface and to log in to the device, file operations, and system startup configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
User Interface Overview

User Interface Overview

When a user logs in to a device through CLI, the system assigns a user interface to manage and monitor the session between the device and user. Each user interface has a user interface view, where you can set parameters, such as the authentication mode and user level. Users logging in through the user interface are restricted by these parameters. Through the parameter configuration, uniform management of various user sessions can be implemented.

The device supports two types of user interfaces:
  • Console user interface: manages and monitors users who log in through the console port. A device provides the EIA/TIA-232 DCE console port. The serial port of a user terminal can be directly connected to the console port of the device for local access.When user logs in CSS system through the non-master switche console port ,the format is LTT 0.
  • Virtual type terminal (VTY) user interface: manages and monitors users who log in using VTY. A VTY connection is set up when a user uses Telnet or STelnet to log in to a device. Currently, a device supports concurrent access of a maximum of 15 VTY users.

Relationship Between a User and a User Interface

A user interface is not exclusive to a specific user. User interfaces are used to manage and monitor users who have logged in to the device using a specific method. Although a user interface can be used by only one user at a time, the user interface is not specific to the user.

When a user logs in, the system allocates the idle user interface with the smallest number to the user based on the user's login mode. The login process is restricted by the configuration in the user interface view. For example, when user A logs in through the console port, the login process depends on the configuration in the console user interface view. However, when it logs in through VTY 1, the login process depends on the configuration in the VTY 1 user interface view. If a user logs in to a device using different methods, the user will be allocated different user interfaces. If a user logs in to a device at different time, the user may be allocated different user interfaces.

NOTE:

If the device does not respond to commands on a VTY user interface for two consecutive times, the VTY user interface is locked. In this case, users can log in through another VTY user interface. The locked VTY user interface will become unlocked after the device is restarted.

User Interface Numbering

User interfaces are numbered in either of the following modes:

  • Relative numbering

    The numbering format is user interface type + number.

    This mode uniquely specifies a user interface or a group of user interfaces of the same type. Relative numbering adheres to the following rules:

    • Console user interface numbering: CON 0. When user logs in CSS system through the non-master switche console port ,the format is LTT 0.

    • VTY user interface numbering: The first VTY user interface is VTY 0, the second VTY user interface is VTY 1, and so on.

  • Absolute numbering

    This mode uniquely specifies a user interface or a group of user interfaces. You can run the display user-interface command to view user interfaces and their absolute numbers supported by the device.

    Each MPU supports only one console user interface and 20 VTY user interfaces. You can run the user-interface maximum-vty command in the system view to set the maximum number of VTY user interfaces. The default value is 5. By default, numbers VTY 16 to VTY 20 are reserved by the system and are unaffected by the user-interface maximum-vty command.

    Table 5-2 lists the default absolute numbers of the console and VTY user interfaces.

Table 5-2  Default absolute numbers of the console and VTY user interfaces

User Interface

Description

Absolute Number

Relative Number

Console user interface

Manages and controls users who log in through the console port.

0

0

VTY user interface

Manages and controls users who log in using Telnet or STelnet.

34 to 48, 50 to 54.

Number 49 is reserved. Numbers 50 to 54 are reserved for the network management system.

The first VTY user interface is VTY 0, the second VTY user interface is VTY 1, and so on. By default, VTY 0 to VTY 4 are available.
  • Absolute numbers 34 to 48 map relative numbers VTY 0 to VTY 14, respectively.
  • Absolute numbers 50 to 54 map relative numbers VTY 16 to VTY 20, respectively.

Number 15 is reserved. Numbers 16 to 20 are reserved for the network management system.

VTY 16 to VTY 20 can be used only when VTY 0 to VTY 14 are occupied and AAA authentication is configured.

Authentication Modes for User Interfaces

After you configure an authentication mode for a user interface, the system authenticates users before they access the user interface.

Three authentication modes are available: Authentication, Authorization, and Accounting (AAA) authentication, password authentication, and none authentication.

  • AAA authentication: Users must enter both user names and passwords for login. If either a user name or a password is incorrect, the login fails.

  • Password authentication: Users must enter passwords for login. The device allows a user to log in only after the user enters the correct password.

  • None authentication: Users can directly log in without entering any information.

    If non-authentication is used, any user can be successfully authenticated without the need of entering the user name and password. Therefore, you are not advised to use non-authentication for device or network security purposes.

    Regardless of the authentication mode, the system starts the delayed login mechanism in the case of a device login failure. If the first login fails, the user can log in again 5 seconds later. The delay time is increased by 5 seconds every time a login failure occurs. For example, the second login is delayed to 10 seconds, and the third login is delayed to 15 seconds.

User Levels for User Interfaces

You can manage login users based on their levels. The levels of commands accessible to a user depend on the user level.

  • If password authentication or none authentication is configured, the levels of commands accessible to a user depend on the level of the user interface through which the user logs in.
  • If AAA authentication is configured, the levels of commands accessible to a user depend on the level of the local user specified in AAA configuration.
Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000141895

Views: 54827

Downloads: 210

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next