No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Command Reference

S1720, S2700, S5700, and S6720 V200R011C10

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
UI Configuration Commands

UI Configuration Commands

Command Support

Commands provided in this section and all the parameters in the commands are supported by all switch models by default, unless otherwise specified. For details, see specific commands.

acl (user interface view)

Function

The acl command uses an ACL to restrict login rights of users on a terminal.

The undo acl command cancels the configuration.

By default, login rights are not restricted.

Format

acl [ ipv6 ] { acl-number | acl-name } { inbound | outbound }

undo acl [ ipv6 ] [ acl-number | acl-name] { inbound | outbound }

Parameters

Parameter Description Value
ipv6

Indicates an ACL6 number.

-
acl-number

Specifies the number of an ACL.

The value is an integer ranging from 2000 to 3999.
  • 2000-2999: restricts the source address using the basic ACL.
  • 3000-3999: restricts the source and destination addresses using the advanced ACL.
acl-name

Specifies the name of an ACL.

The value is a string of 1 to 64 case-sensitive characters without spaces. The value must start with a letter.
inbound

Restricts users with an address or within an address segment from logging in to a device.

-
outbound

Restricts users who have logged in to a device from logging in to other devices.

-

Views

User interface view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

This command restricts the login rights of a user interface based on the source IP address, destination IP address, source port, or destination port. You can use this command to permit or deny access to a destination or from a source.

Prerequisites

An ACL has been configured using the acl (system view) and rule (basic ACL view) commands or using acl (system view) and rule (advanced ACL view) commands.

If no rule is configured, login rights on the user interface are not restricted when the acl command is run.

Precautions

After the configurations of the ACL take effect, all users on the user interface are restricted by the ACL.

You can configure all of the following ACL types: IPv4 inbound, IPv4 outbound, IPv6 inbound, and IPv6 outbound on a user interface. Only one ACL of each type can be configured on a user interface, and only the latest configuration of an ACL takes effect.

Console interface does not support this command.

Example

# Restrict the Telnet login rights on user interface VTY 0 using an ACL.

<HUAWEI> system-view
[HUAWEI] acl 3001
[HUAWEI-acl-adv-3001] rule deny tcp destination-port eq telnet
[HUAWEI-acl-adv-3001] quit
[HUAWEI] user-interface vty 0
[HUAWEI-ui-vty0] acl 3001 outbound

# Remove the restriction on the Telnet login rights on user interface VTY 0.

<HUAWEI> system-view
[HUAWEI] user-interface vty 0
[HUAWEI-ui-vty0] undo acl outbound
Related Topics

authentication-mode (user interface view)

Function

The authentication-mode command configures an authentication mode for accessing the user interface.

The undo authentication-mode command deletes the authentication mode for accessing the user interface.

The default authentication mode for console port login users is AAA authentication. By default, the authentication mode for users using other login modes is not configured using this command. You must configure an authentication mode for accessing the user interface; otherwise, users cannot log in to the device.

Format

authentication-mode { aaa | password | none }

undo authentication-mode

Parameters

Parameter Description Value
aaa Indicates the AAA authentication mode. -
password Indicates the password authentication mode. -
none Indicates the non-authentication mode. -

Views

User interface view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

When you log in to the device through the console port for the first time, the system asks you to enter the user name and login password. The default user name is admin and the default password is admin@huawei.com. After entering the default user name and password, you must reconfigure the login password and then can log in to the device. After logging in to the device, you can run this command to reconfigure the authentication mode.

Before Telnet or SSH users log in to the device using VTY user interface, they must run the authentication-mode command to configure the authentication mode.

Precautions

To ensure that users can log in to the device successfully, configure an authentication mode.

Before setting the Telnet login authentication mode to password authentication, run the protocol inbound { all | telnet } command to configure the VTY user interface to support Telnet. Otherwise, the user authentication mode configuration will fail.

If non-authentication is used, any user can be successfully authenticated without the need of entering the user name and password. Therefore, you are not advised to use non-authentication for device or network security purposes.

  • After you set the authentication mode to password, run the set authentication password command to configure an authentication password. Keep the password safe. You need to enter the password when logging in to the device. The levels of commands accessible to a user depend on the level configured for the user interface to which the user logs in.

  • After login, the level of the commands the user can run depends on the level of the local user specified in AAA configuration.

  • When you run the undo authentication-mode command to delete the authentication mode, the device asks you whether to delete the authentication mode.

  • For devices running V200R009C00 and earlier versions, no default authentication mode is configured for console port login users. For devices running V200R010C00 and later versions, the default authentication mode is AAA authentication.

  • If a device runs a version earlier than V200R010C00 and the authentication mode for accessing the user interface is not configured using this command, the default authentication mode is still non-authentication after the system software is upgraded to V200R010C00 or a later version. The system asks you whether to change the password. To ensure the console port usage security, it is recommended that you configure the login password or set the authentication mode to AAA or password authentication after logging in to the device.

  • If a device runs a version earlier than V200R010C00 and the authentication mode for accessing the user interface has been configured using this command, the default authentication mode is still the originally configured authentication mode after the system software is upgraded to V200R010C00 or a later version.

Example

# Configure password authentication for users to access the user interface.

<HUAWEI> system-view
[HUAWEI] user-interface vty 0
[HUAWEI-ui-vty0] protocol inbound all
[HUAWEI-ui-vty0] authentication-mode password
Warning: The "password" authentication mode is not secure, and it is strongly re
commended to use "aaa" authentication mode.
[HUAWEI-ui-vty0] set authentication password cipher helloworld@6789
Warning: The "password" authentication mode is not secure, and it is strongly re
commended to use "aaa" authentication mode.

auto-execute command

Function

The auto-execute command command configures auto-run commands.

The undo auto-execute command command cancels auto-run commands.

By default, the auto-run function is disabled.

Format

auto-execute command command

undo auto-execute command

Parameters

Parameter Description Value
command Specifies an auto-run command. -

Views

User interface view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the auto-execute command command to make a device run a command automatically on the corresponding user interface.

You can run the auto-execute command command to enable automatic execution of the Telnet command.

Precautions

  • The auto-execute command command applies to the VTY user interface.

  • When you log in to a device, the device automatically runs the commands that are configured by the auto-execute command command. After command execution, the user's terminal disconnects from the device.

  • Before saving the configuration of the auto-execute command command, ensure that you can log in to the device to cancel the command configuration.

  • If you use the auto-execute command command, you cannot configure the device in the user interface view. Therefore, use this command with caution.

Example

# Configure the telnet 10.110.100.1 command to automatically run after a user logs in to the device using the VTY0 interface.

<HUAWEI> system-view
[HUAWEI] user-interface vty 0
[HUAWEI-ui-vty0] auto-execute command telnet 10.110.100.1
Warning: The system will not be configured through ui-vty0.
Continue? [Y/N]: y

databits

Function

The databits command sets the number of data bits of the user interface.

The undo databits command restores the default number of data bits.

By default, the user interface has 8 data bits.

Format

databits { 5 | 6 | 7 | 8 }

undo databits

Parameters

Parameter Description Value
5 Indicates that the number of data bits is 5. -
6 Indicates that the number of data bits is 6. -
7 Indicates that the number of data bits is 7. -
8 Indicates that the number of data bits is 8. -

Views

User interface view

Default Level

3: Management level

Usage Guidelines

Use this command only when necessary. If the number of data bits of a device's user interface is changed, ensure that the same number of data bits is set on the HyperTerminal used for login.

The setting is valid only when the serial port is configured to work in asynchronous mode.

Example

# Set the number of data bits to 5.

<HUAWEI> system-view
[HUAWEI] user-interface console 0
[HUAWEI-ui-console0] databits 5

display user-interface

Function

The display user-interface command displays information about a user interface.

Format

display user-interface [ ui-type ui-number1 | ui-number ] [ summary ]

Parameters

Parameter Description Value
ui-type Displays information about a specified user interface. The value can be Console or VTY.
ui-number1 Displays information about a user interface with a specified relative number. The minimum value is 0. The maximum value is the number of user interfaces that the system supports minus 1.
ui-number Displays information about a user interface with a specified absolute number.

The value is an integer ranging from 0 to 54, 67 to 83. The value varies according to the device type.

summary Displays the summary of a user interface. -

Views

All views

Default Level

3: Management level

Usage Guidelines

To check detailed configuration information about all user interfaces or a specified user interface, run the display user-interface command.

Example

# Display detailed information about the user interface with the absolute number 0.

<HUAWEI> display user-interface 0
  Idx  Type     Tx/Rx      Modem Privi ActualPrivi      Auth  Int
  0    CON 0    9600       -     3     -                 P     -
  +    : Current UI is active.
  F    : Current UI is active and work in async mode.
  Idx  : Absolute index of UIs.
  Type : Type and relative index of UIs.
  Privi: The privilege of UIs.
  ActualPrivi: The actual privilege of user-interface.
  Auth : The authentication mode of UIs.
      A: Authenticate use AAA.
      N: Current UI need not authentication.
      P: Authenticate use current UI's password.
  Int  : The physical location of UIs.

# Display detailed information about all user interfaces.

<HUAWEI> display user-interface
  Idx  Type     Tx/Rx      Modem Privi ActualPrivi       Auth  Int
  0    CON 0    9600          -     3     -              P     -
+ 34   VTY 0                  -     3     3              A     -
+ 35   VTY 1                  -     1     2              A     -
+ 36   VTY 2                  -     3     2              A     -
  37   VTY 3                  -     1     -              P     -
  38   VTY 4                  -     1     -              A     -
...
UI(s) not in async mode -or- with no hardware support:
1-32
  +    : Current UI is active.
  F    : Current UI is active and work in async mode.
  Idx  : Absolute index of UIs.
  Type : Type and relative index of UIs.
  Privi: The privilege of UIs.
  ActualPrivi: The actual privilege of user-interface.
  Auth : The authentication mode of UIs.
      A: Authenticate use AAA.
      N: Current UI need not authentication.
      P: Authenticate use current UI's password.
  Int  : The physical location of UIs.
Table 2-26  Description of the display user-interface command output

Parameter

Description

+

Active user interface.

F

Active user interface in asynchronous mode.

Idx

Absolute number of a user interface.

Type

Type and relative number of a user interface.

Tx/Rx

Data transfer rate of the user interface.

Modem

Type of the modem.

Privi

Authority configured on a user interface.

ActualPrivi

Actual permission of a user interface. In AAA authentication mode, the level of a local user in AAA configuration is the actual permission.

Auth

Authentication mode on a user interface.

Int

User interface.

A

AAA authentication.

N

No authentication on the current user interface.

P

Password authentication.

display user-interface maximum-vty

Function

The display user-interface maximum-vty command displays the maximum number of VTY users.

Format

display user-interface maximum-vty

Parameters

None

Views

All views

Default Level

3: Management level

Usage Guidelines

To check the maximum number of users who are allowed to log in to a device using Telnet or SSH, run the display user-interface maximum-vty command. By default, the maximum number of total Telnet and SSH users is five.

Example

# Display the maximum number of VTY users.

<HUAWEI> display user-interface maximum-vty
Maximum of VTY user : 5
Table 2-27  Description of the display user-interface maximum-vty command output

Parameter

Description

Maximum of VTY user

Maximum number of VTY users.

The maximum number of VTY users can be configured using the user-interface maximum-vty command.

display users

Function

The display users command displays login information of each user interface.

Format

display users [ all ]

Parameters

Parameter Description Value
all Displays information about all users who log in to a device through user interfaces, including information about user interfaces that are not connected. If the all parameter is not used, the command displays information only about user interfaces that have been connected. -

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run this command to view information about users who are connected to a device. The information includes the user name, IP address, and authentication and authorization information.

NOTE:

The user with a level of 0, 1, or 2 can only view related information about users of the same or a lower level. A user with a level of 3 or above can view login information of all users.

Example

# Display information about users who log in to the device through user interfaces.

<HUAWEI> display users
  User-Intf   Delay     Type   Network Address     AuthenStatus    AuthorcmdFlag
  34 VTY 0   00:00:00  TEL    10.164.6.10            pass            no
  Username : user1
+ 35 VTY 1   00:00:00  TEL    10.164.6.15            pass            no
  Username : user2
Table 2-28  Description of the display users command output

Item

Description

+

User interface in use.

User-Intf

The number in the first column under User-Intf indicates the absolute number of the user interface, and the number in the second column under User-Intf indicates the relative number of the user interface.

User Interface type.
  • Console: Users who log in through the console port
  • VTY: Users who log in using VTY
  • LTT: User logs in stack system through the non-master switch console port
  • WEB: Users who log in through Web system

Delay

Interval from the user's latest input to the current time, in seconds.

Type

Connection type.
  • Console
  • Telnet
  • SSH
  • Web

Network Address

IP address of the login user.

Username

User name for logging in to the device. If the user name is not specified, Unspecified is displayed.

AuthenStatus

Whether the authentication succeeds.

AuthorcmdFlag

Command line authorization status.
  • yes: Command line authentication is enabled.
  • no: Command line authentication is disabled.

display vty mode

Function

The display vty mode command displays the current VTY mode.

Format

display vty mode

Parameters

None

Views

All views

Default Level

3: Management level

Usage Guidelines

VTY modes are classified into the man-to-machine mode and machine-to-machine mode.

Example

# Display the VTY mode.

<HUAWEI> display vty mode
Current user-interface mode is Human-Machine interface.  
Related Topics

display vty lines

Function

The display vty lines command displays the number of rows that are displayed on the VTY screen.

Format

display vty lines

Parameters

None

Views

All views

Default Level

3: Management level

Usage Guidelines

You can run this command to view the number of rows (configured using screen-length command) that are displayed on the VTY screen.

Example

# Display the number of rows that are displayed on the VTY screen.

<HUAWEI> display vty lines
Current user-interface lines is 24
Related Topics

display web welcome-message

Function

The display web welcome-message command displays greetings of the web system.

Format

display web welcome-message

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display web welcome-message command to view greetings of the web system.

Example

# Display greetings of the web system.

<HUAWEI> display web welcome-message
huawei

flow-control

Function

The flow-control command configures a flow control mode.

The undo flow-control command restores the default flow control mode.

The default flow control mode is none, that is, flow control is disabled.

Format

flow-control { hardware | none | software }

undo flow-control

NOTE:

Currently, the flow control mode of the device cannot be set to hardware.

Parameters

Parameter Description Value
hardware Specifies hardware flow control. -
none Specifies no flow control. -
software Specifies software flow control. -

Views

User interface view

Default Level

3: Management level

Usage Guidelines

  • The configuration is effective only when the serial interface works in asynchronous interaction mode.
  • If the flow control configuration is implemented on the S6720SI and S5730SI using the flow-control command, the rate limit for outbound traffic of the GE electrical interface is 200 Mbit/s, and a congestion occurs, the inbound traffic rate cannot be reduced to be the same as the outbound traffic rate on the GE electrical interface. (The inbound traffic rate is about 200 Mbit/s.)

Example

# Set the flow control mode to hardware flow control in the user interface view.

<HUAWEI> system-view
[HUAWEI] user-interface console 0
[HUAWEI-ui-console0] flow-control hardware

free user-interface

Function

The free user-interface command disconnects a user from a specified user interface.

Format

free user-interface { ui-number | ui-type ui-number1 }

Parameters

Parameter Description Value
ui-number Specifies the absolute number of a user interface.

The value is an integer ranging from 0 to 54 and 67 to 83. The value varies according to the device type.

ui-type Specifies the type of a user interface. The value can be console or VTY.
ui-number1 Specifies the relative number of a user interface. The minimum value is 0. The maximum value is the number of user interfaces that the system supports minus 1.

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

If a login user does not perform any operation for a long time or needs to be prohibited from configuring the device, run the free user-interface command to disconnect the user from the user interface. The device then logs out the user.

Precautions

The free user-interface command does not take effect for the current user interface. For example, if the current user interface is VTY 2, the free user-interface vty 2 command does not take effect, and an error message is displayed.

This command provides the same function as the kill user-interface command.

Example

# Disconnect the user from user-interface 0.

<HUAWEI> free user-interface 0
Warning: User interface Console1 will be freed. Continue? [Y/N]:y
Related Topics

kill user-interface

Function

The kill user-interface command disconnects a user from a user interface.

Format

kill user-interface { ui-number | ui-type ui-number1 }

Parameters

Parameter Description Value
ui-number Specifies the absolute number of a user interface.

The value is an integer ranging from 0 to 54 and 67 to 83. The value varies according to the device type.

ui-type Specifies the type of a user interface. The value can be console or VTY.
ui-number1 Specifies the relative number of a specified user interface.

The minimum value is 0. The maximum value is the number of user interfaces that the system supports minus 1.

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

If a login user does not perform any operation for a long time or needs to be prohibited from configuring the device, run the kill user-interface command to disconnect the user from the user interface. The device then logs out the user.

Precautions

The kill user-interface command does not take effect for the current user interface. For example, if the current user interface is VTY 2, the kill user-interface vty 2 command does not take effect, and an error message is displayed.

This command provides the same function as the free user-interface command.

Example

# Disconnect user VTY3 from the device.

<HUAWEI> kill user-interface vty 3
Warning: User interface VTY3 will be freed. Continue? [Y/N]:y
Info: User interface VTY3 is free.

history-command max-size

Function

The history-command max-size command sets the size of the historical command buffer.

The undo history-command max-size command restores the default size of the historical command buffer.

By default, a maximum of 10 previously-used commands can be saved in the buffer.

Format

history-command max-size size-value

undo history-command max-size

Parameters

Parameter Description Value
size-value Specifies the size of the historical command buffer. The value is an integer ranging from 0 to 256.

Views

User interface view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The CLI can automatically save the historical commands that you enter. This function is similar to that of Doskey. You can invoke and run the historical commands at any time.

Precautions

  • If the historical command buffer is used up and a new command is entered, the command line interface deletes the earliest command in the buffer in the sequence the commands were entered.
  • The formats of the saved historical commands are the same as those of the commands entered by users. If the commands entered by a user are incomplete, the saved historical commands are also incomplete.
  • If a user runs the same command several times, only the earliest command is saved as a historical command. However, if the same command is entered with different formats, they are saved as different commands.

Example

# Set the size of the historical command buffer to 20.

<HUAWEI> system-view
[HUAWEI] user-interface console 0
[HUAWEI-ui-console0] history-command max-size 20

idle-timeout

Function

The idle-timeout command sets a timeout period for users to disconnect from a user interface.

The undo idle-timeout command restores the default timeout period.

By default, the timeout period is 10 minutes.

Format

idle-timeout minutes [ seconds ]

undo idle-timeout

Parameters

Parameter Description Value
minutes Specifies the idle timeout period, in minutes. The value is an integer ranging from 0 to 35791.
seconds Specifies the idle timeout period, in seconds. The value is an integer ranging from 0 to 59.

Views

User interface view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

If an online user does not perform any operation, the user interface where the user logs in is wasted. To resolve this problem, run the idle-timeout command to set a timeout period. If the user does not perform any operation before the timeout period expires, the user is disconnected from the user interface.

Precautions

  • If you set the timeout period to zero, the user connection remains alive until it is manually cut.
  • If the user interface disconnection function is not configured, other users may fail to log in to the device.
  • If the timeout period is set to 0 or a large value, the user will remain in the login state, resulting in security risks. You are advised to run the lock command to lock the current connection.
  • You are advised to set the timeout period to 10-15 minutes.
NOTE:

If AAA authentication and the local-user idle-timeout command are configured for login users, the timeout period configured using this command takes effect. If no timeout period is configured or the undo local-user idle-timeout command is run in the AAA view, the timeout period configured using the idle-timeout command on the user interface takes effect.

Example

# Set the timeout period to 1 minute and 30 seconds.

<HUAWEI> system-view
[HUAWEI] user-interface console 0
[HUAWEI-ui-console0] idle-timeout 1 30

mmi-mode enable

Function

The mmi-mode enable command enters the machine-to-machine mode.

The undo mmi-mode enable command enters the man-to-machine mode.

By default, a VTY user is in man-to-machine mode.

Format

mmi-mode enable

undo mmi-mode enable

Parameters

None

Views

User view, system view

Default Level

0: Visit level

Usage Guidelines

The machine-to-machine mode is used on the NMS. After you enter the machine-to-machine mode using the mmi-mode enable command, some important commands that you need to use with caution can be used directly. Therefore, in man-to-machine mode, do not use this command unless necessary.

After you enter the machine-to-machine mode, the maximum number of lines in the screen of the current user interface is restored to the default value (512). You can run the screen-length command to change the default value.

Example

# Enter the machine-to-machine mode.

<HUAWEI> system-view
[HUAWEI] mmi-mode enable
Related Topics

parity

Function

The parity command sets a parity bit for a user interface.

The undo parity command disables the parity check.

By default, no parity check is configured.

Format

parity { even | mark | none | odd | space }

undo parity

Parameters

Parameter

Description

Value

even Specifies even parity check. -
mark Specifies Mark parity check. -
none Specifies no parity check. -
odd Specifies odd parity check. -
space Specifies Space parity check. -

Views

User interface view

Default Level

3: Management level

Usage Guidelines

The setting is valid only when the serial port is configured to work in asynchronous mode.

Example

# Set the transmission parity bit on the console port to odd parity.

<HUAWEI> system-view
[HUAWEI] user-interface console 0
[HUAWEI-ui-console0] parity odd

protocol inbound

Function

The protocol inbound command specifies the protocols that VTY user interfaces support.

The undo protocol inbound command restores the default protocols that VTY user interfaces support.

By default, VTY user interfaces support SSH.

Format

protocol inbound { all | ssh | telnet }

undo protocol inbound

Parameters

Parameter Description Value
all Indicates that all protocols including SSH and Telnet are supported. -
ssh Indicates that only SSH is supported. -
telnet Indicates that only Telnet is supported. -

Views

User interface view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To manage and monitor login users, configure VTY user interfaces for login users and run the protocol inbound command to configure the protocols that the VTY user interfaces support.

Prerequisites

If SSH is configured for a user interface using the protocol inbound ssh command, you must run the authentication-mode aaa command to configure AAA authentication. This ensures that a user can successfully log in to the user interface. If password authentication is configured, the protocol inbound ssh command does not take effect.

Precautions

  • The configuration takes effect at the next login.

  • When SSH is specified for the VTY user interface, if the SSH server function is enabled but the RSA, DSA, or ECC key is not configured, a user cannot log in to the SSH server using SSH.

  • Telnet is an insecure protocol. Using SSH is recommended.

Example

# Configure SSH for user interfaces VTY0 to VTY4.

<HUAWEI> system-view
[HUAWEI] user-interface vty 0 4
[HUAWEI-ui-vty0-4] authentication-mode aaa
[HUAWEI-ui-vty0-4] protocol inbound ssh

screen-length

Function

The screen-length command sets the number of lines on each terminal screen.

The undo screen-length command restores the default configuration.

By default, the number of lines displayed on a terminal screen is 24.

Format

In the user interface view:

screen-length screen-length [ temporary ]

undo screen-length [ temporary ]

In the user view:

screen-length screen-length temporary

undo screen-length temporary

Parameters

Parameter Description Value
screen-length Specifies the number of lines displayed on a terminal screen. The value is an integer that ranges from 0 to 512. The value 0 indicates that all command output is displayed on one screen.
temporary Specifies the number of lines temporarily displayed on a terminal screen. -

Views

User interface view, user view

Default Level

3: Management level in the user interface view

1: Monitoring level in the user view

Usage Guidelines

If a command output is displayed in more lines than you can see on one screen, run the screen-length command to reduce the number of lines displayed on each screen.

In general, you do not need to change the number of lines displayed on each screen. Setting the number of lines to 0 is not recommended. The configuration takes effect after you log in to the system again.

NOTE:

In the user view, the temporary parameter is mandatory, and this command is at the Monitoring level.

Example

# Set the number of lines on each screen of the terminal to 30.

<HUAWEI> system-view
[HUAWEI] user-interface console 0
[HUAWEI-ui-console0] screen-length 30

screen-width

Function

The screen-width command sets the number of columns displayed on a terminal screen.

The undo screen-width command restores the default configuration.

By default, 80 columns are displayed on a terminal screen.

Format

screen-width screen-width

undo screen-width

Parameters

Parameter Description Value
screen-width Specifies the width of a terminal screen. The value is an integer ranging from 60 to 512.

Views

All views

Default Level

3: Management level

Usage Guidelines

Usage Scenario

When you log in to the device from a console interface and run the display interface description [ interface-type [ interface-number ] ] command to view the interface information, output information does not automatically change to another line, resulting in wrong format of the output information.

To resolve this problem, run the screen-width command to adjust the information format. In general, you do not need to adjust the number of columns displayed on the terminal screen. Setting the number of columns displayed on a screen is not recommended.

Precautions

The number of columns set using the screen-width command is valid only for the current interface. The setting is not saved after you log out. When you log in to the device from the console interface and configure this command, the number of columns displayed on the terminal screen is valid only for the current console interface, which has no impact on other users who log in to the device from the VTY interface or other interfaces. If you log out of the console interface and log in to the device again, the default width is used for the terminal screen.

This command is valid only for information displayed by the display interface description [ interface-type [ interface-number ] ] command.

Example

# Configure each line displayed on a terminal screen to have 60 characters.

<HUAWEI> screen-width 60
Warning: This command will change the default screen width. Continue? [Y/N]: y
Info: Succeeded to set the screen width to 60.

set authentication password

Function

The set authentication password command configures a local authentication password.

The undo set authentication password command cancels the local authentication password.

By default, no local authentication password is configured for devices.

Format

set authentication password [ cipher password ]

undo set authentication password

Parameters

Parameter Description Value
cipher Indicates a password in cipher text. -
password Specifies the password.
The value is a string of 8 to 16 characters or a string of 56 or 68 characters. The password can be in plain or cipher text.
  • The password in plain text is a string of 8 to 16 characters. The password must contain at least two types of the following characters: upper-case characters, lower-case characters, digits, and special characters. Special characters do not include the question mark (?) and space.
  • The password in cipher text is a string of 56 or 68 characters. The password in cipher text must start with $1a$ and end with $, or start with %^%# and end with %^%#.
    NOTE:

    If the source version supports a ciphertext password that is a string of 24 characters, the target version also supports this type of password.

The password is displayed in cipher text in the configuration file regardless of whether it is input in plain text or cipher text.

Views

User interface view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

If password authentication is configured for users, you can run the set authentication password command to change the password or set a password in cipher text.

If cipher password is not specified, the password is entered in interactive mode and can contain 8 to 16 characters. The requirements for the password are the same as the requirements for the password in plain text that is specified using the cipher parameter. The password you enter will not be displayed on the screen.
NOTE:

If you enter the plain text password when specifying cipher password, security risks exist. The interactive mode is recommended when users enter the password.

Pre-configuration Tasks

Password authentication has been configured for the user interface.

Precautions

  • If a password in cipher text is configured, users must obtain the password in plain text that is required for login authentication.
  • You cannot run the undo set authentication password command to delete a password. The undo set authentication password command is retained for compatibility with other versions.

  • If the password authentication is configured but the password is not configured for the user interface, the user cannot log in to the device.

  • If the set authentication password command is executed multiple times, the latest configuration overrides the previous ones. You can run the set authentication password command to change the local authentication password. After the password is changed, a user who wants to log in to the device must enter the latest password for login authentication.

  • Users can press CTRL_C to cancel password modification in the interaction mode.

  • You are advised to change the password periodically to improve device security.

Example

# Set a local authentication password for the user interfaces VTY 0-4 in interactive mode.

<HUAWEI> system-view
[HUAWEI] user-interface vty 0 4
[HUAWEI-ui-vty0-4] set authentication password
Warning: The "password" authentication mode is not secure, and it is strongly recommended to use "aaa" authentication mode.
Please configure the login password (8-16)
Enter Password:
Confirm Password:
[HUAWEI-ui-vty0-4]
# Set a local authentication password for the user interfaces VTY 0-4.
<HUAWEI> system-view
[HUAWEI] user-interface vty 0 4
[HUAWEI-ui-vty0-4] set authentication password cipher Huawei@123
Warning: The "password" authentication mode is not secure, and it is strongly recommended to use "aaa" authentication mode.

set password min-length

Function

The set password min-length command sets the minimum length of passwords in plain text allowed by a device.

The undo set password min-length command restores the default minimum length of passwords in plain text allowed by a device.

By default, the minimum length of passwords in plain text allowed by a device is 8 characters.

Format

set password min-length length

undo set password min-length

Parameters

Parameter Description Value
length Specifies the minimum length of passwords in plain text allowed by a device. The value is an integer ranging from 6 to 16.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

This command can change the limit on the password length. A longer password length makes the password more complex and improves device security.

Precautions

  • The set password min-length command limits the length of all passwords in plain text. Only the passwords longer than or equal to the minimum length take effect. The minimum length does not take effect for the following passwords:

    • Passwords configured during configuration restoration
    • Passwords that have taken effect before the minimum length is configured
  • This command limits the minimum length of only the passwords in plain text configured using the following commands:

    The set password min-length command does not limit the minimum length of other types of passwords.

NOTE:

If password complexity check has been disabled using the undo user-password complexity-check command, the set password min-length command does not limit the minimum length of passwords in plain text of local users.

For device security purposes, do not disable the password complexity check function and change the password periodically.

Example

# Set the minimum length of passwords in plain text allowed by the local device to 10 characters.

<HUAWEI> system-view
[HUAWEI] set password min-length 10

shell

Function

The shell command enables terminal services on a user interface.

The undo shell command disables terminal services on a user interface.

By default, terminal services are enabled on all user interfaces.

Format

shell

undo shell

Parameters

None

Views

User interface view

Default Level

3: Management level

Usage Guidelines

You can use the shell command on a user interface to enable terminal services. This command enables users to enter commands through this interface to query device information and configure the device.

You can use the undo shell command on the user interface to disable terminal services. This command does not allow users to perform any operations through this interface. After using the undo shell command in the VTY view, this user interface does not provide Telnet, STelnet, and SFTP access.

NOTE:

The console interface does not support this command.

Example

# Disable terminal services on VTY 0 to VTY 4.

<HUAWEI> system-view
[HUAWEI] user-interface vty 0 4
[HUAWEI-ui-vty0-4] undo shell
Warning: ui-vty0-4 will be disabled. Continue? [Y/N]:y

speed (user interface view)

Function

The speed command sets the data transfer rate of a user interface.

The undo speed command restores the default data transfer rate of a user interface.

By default, the data transfer rate is 9600 bit/s.

Format

speed speed-value

undo speed

Parameters

Parameter Description Value
speed-value Specifies the data transfer rate of a user interface.

The value is expressed in bit/s.

The asynchronous serial interface supports the following data transfer rates:

  • 300 bit/s

  • 600 bit/s

  • 1200 bit/s

  • 4800 bit/s

  • 9600 bit/s

  • 19200 bit/s

  • 38400 bit/s

  • 57600 bit/s

  • 115200 bit/s

Views

User interface view

Default Level

3: Management level

Usage Guidelines

The setting is valid only when the serial port is configured to work in asynchronous mode.

Example

# Set the data transfer rate of a user interface to 115200 bit/s.

<HUAWEI> system-view
[HUAWEI] user-interface console 0
[HUAWEI-ui-console0] speed 115200

stopbits

Function

The stopbits command sets a stop bit for a user interface.

The undo stopbits command restores the default stop bit of a user interface.

The default stop bit is 1.

Format

stopbits { 1.5 | 1 | 2 }

undo stopbits

Parameters

Parameter Description Value
1.5 Sets the stop bit to 1.5. -
1 Sets the stop bit to 1. -
2 Sets the stop bit to 2. -

Views

User interface view

Default Level

3: Management level

Usage Guidelines

If the stop bit is 1, the corresponding data bit is 7 or 8.

If the stop bit is 1.5, the corresponding data bit is 5.

If the stop bit is 2, the corresponding data bit is 6, 7, or 8.

The setting is valid only when the serial port is configured to work in asynchronous mode.

Example

# Set the stop bit of a user interface to 2.

<HUAWEI> system-view
[HUAWEI] user-interface console 0
[HUAWEI-ui-console0] stopbits 2

user privilege

Function

The user privilege command configures a user level.

The undo user privilege command restores the default user level.

By default, users who log in to a device using the console interface are at level 15, and other users are at level 0.

Format

user privilege level level

undo user privilege level

Parameters

Parameter Description Value
level level Specifies a user level.
NOTE:

A larger value indicates a higher priority.

The value is an integer ranging from 0 to 15.

Views

User interface view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To limit users' access permissions to a device, the device manages users by level. Users of a specified level can run only commands whose levels are lower than or equal to the user level.

Commands are classified into the visit level, monitoring level, configuration level, and management level that map levels 0, 1, 2, and 3, respectively. Table 2-29 describes these command levels.

Table 2-29  Command levels

User Level

Command Level

Permission

Description

0

0

Visit

Diagnostic commands, such as ping and tracert commands, and commands that are used to access a remote device such as a Telnet client

1

0 and 1

Monitoring

System maintenance commands, such as display commands

NOTE:

Some display commands are not at this level. For example, the display current-configuration and display saved-configuration commands are at level 3.

2

0, 1, and 2

Configuration

Service configuration commands

3-15

0, 1, 2, and 3

Management

System basic operation commands that are used to support services, including file system, FTP, TFTP, user management commands, command-level configuration commands, and debugging commands.

Precautions

If refined permission management is required, run the command-privilege level command to upgrade command levels.

Example

# Set the user level on the VTY0 user interface to 2.

<HUAWEI> system-view
[HUAWEI] user-interface vty 0
[HUAWEI-ui-vty0] user privilege level 2

# Log in to the device using Telnet and view detailed information about the VTY0 user interface.

<HUAWEI> display user-interface vty 0
  Idx  Type     Tx/Rx      Modem Privi ActualPrivi Auth  Int     
+ 34    VTY 0               -     2     15           N     -       
  +    : Current UI is active.
  F    : Current UI is active and work in async mode.
  Idx  : Absolute index of UIs.
  Type : Type and relative index of UIs.
  Privi: The privilege of UIs.
  ActualPrivi: The actual privilege of user-interface.
  Auth : The authentication mode of UIs.
      A: Authenticate use AAA.
      N: Current UI need not authentication.
      P: Authenticate use current UI's password.
  Int  : The physical location of UIs.
Table 2-30  Description of the user privilege level command output.

Item

Description

+

Current user interface is active.

F

Current user interface is active and is working in asynchronous mode.

Idx

Absolute index of the user interface.

Type

Type and relative index of the user interface.

Privi

Privilege of the user interface.

ActualPrivi

Actual privilege of the user interface.

Auth

Authentication mode of the user interface.

Int

Physical location of UIs.

A

AAA authentication.

N

None authentication

P

Password authentication

user-interface

Function

The user-interface command displays one or multiple user interface views.

Format

user-interface [ ui-type ] first-ui-number [ last-ui-number ]

Parameters

Parameter Description Value
ui-type
Specifies the type of a user interface.
  • If the user interface is specified, the relative number is used.
  • If the user interface is not specified, the absolute number is used.
The value can be console or VTY.
first-ui-number Specifies the number of the first user interface.
  • If ui-type is set to console, the first-ui-number value is 0.
  • If ui-type is set to vty, the first-ui-number value ranges from 0 to the maximum number of VTY user interfaces.
last-ui-number

Specifies the number of the last user interface. When you select this parameter, you enter multiple user interface views at the same time.

This parameter is valid only when ui-type is set to VTY. The last-ui-number value must be larger than the first-ui-number number.

If the maximum number of VTY users has been set using the user-interface maximum-vty command in the system view before ui-type is selected, the last-ui-number value is smaller than or equal to the maximum number of VTY user interfaces minus one.

-

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

When a network administrator logs in to a device using the console interface, Telnet, or SSH, the network administrator can set parameters, such as an authentication more and user level, on the user interface to allow the device to centrally manage user sessions.

Precautions

Only users at level 15 can use this command.

The user interface varies according to the login mode. The user interface views can be numbered using absolute numbers or relative numbers. Table 2-31 describes absolute and relative numbers of user interfaces.

NOTE:
  • The relative numbering uniquely specifies a user interface or a group of user interfaces of the same type.
  • The absolute numbering specifies a user interface or a group of user interfaces.
Table 2-31  Absolute and relative numbers of user interfaces

User Interface

Description

Absolute Number

Relative Number

Console user interface

Manages and controls users who log in to the device using the console interface.

0

0

VTY user interface

Manages and controls users who log in to the device using Telnet or SSH.

34 to 48 and 50 to 54

The first one is VTY 0, the second one is VTY 1, and so forth.
  • Absolute numbers 34 to 48 map relative numbers VTY 0 to VTY 14.
  • Absolute numbers 50 to 54 map relative numbers VTY 16 to VTY 20.

VTY 15 is reserved for the system. VTY 16 to VTY 20 are reserved for the NMS.

Only when VTY 0 to VTY 14 are all used, AAA authentication is configured for users, VTY 16 to VTY 20 can be used.

After you log in to the device, you can run the display user-interface command to view the supported user interfaces and the corresponding relative and absolute numbers.

Example

# Enter the Console 0 user interface.

<HUAWEI> system-view
[HUAWEI] user-interface console 0
[HUAWEI-ui-console0]

# Enter the VTY 1 user interface.

<HUAWEI> system-view
[HUAWEI] user-interface vty 1
[HUAWEI-ui-vty1]

# Enter the VTY 1 to VTY 3 user interfaces.

<HUAWEI> system-view
[HUAWEI] user-interface vty 1 3
[HUAWEI-ui-vty1-3]

user-interface current

Function

The user-interface current command displays the current user interface view.

Format

user-interface current

Parameters

None

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To enter the current user interface view, run the user-interface current command, without the need to run the display user-interface command to check the user interface number.

Precautions

Only users at level 15 can use this command.

The user interface varies according to the login mode. The user interface views can be numbered using absolute numbers or relative numbers. Table 2-31 describes absolute and relative numbers of user interfaces.

NOTE:
  • The relative numbering uniquely specifies a user interface or a group of user interfaces of the same type.
  • The absolute numbering specifies a user interface or a group of user interfaces.

Example

# Enter the current user view.

<HUAWEI> system-view
[HUAWEI] user-interface current
[HUAWEI-ui-vty1]

user-interface maximum-vty

Function

The user-interface maximum-vty command configures the maximum number of login users.

The undo user-interface maximum-vty command restores the default maximum number of login users.

By default, the maximum number of Telnet and SSH users is 5.

Format

user-interface maximum-vty number

undo user-interface maximum-vty

Parameters

Parameter Description Value
number Specifies the maximum number of Telnet and SSH users. The value is an integer ranging from 0 to 15.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To configure the maximum number of login users, run the user-interface maximum-vty command.

Precautions

  • If the maximum number that you set is smaller than the number of current online users, a device displays a configuration failure message.

  • The maximum number of login users set by the user-interface maximum-vty command is the total number of Telnet and SSH users.

  • If the maximum number of login users is set to 0, users are not allowed to log in to the device using Telnet or SSH.

Example

# Set the maximum number of Telnet users to 7.

<HUAWEI> system-view
[HUAWEI] user-interface maximum-vty 7

user-interface password complexity-check disable

Function

The user-interface password complexity-check disable command disables the password complexity check function.

The undo user-interface password complexity-check disable command enables the password complexity check function.

By default, the password complexity check function is enabled.

Format

user-interface password complexity-check disable

undo user-interface password complexity-check disable

Parameters

None

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

Passwords configured in the interface view must meet the following complexity requirements:

  • A password must contain at least 8 characters. If the minimum length set using the set password min-length command exceeds 8 characters, the command configuration takes effect.

  • A password must contain at least two types of characters: uppercase characters, lowercase characters, digits, and special characters, excluding question marks (?) and spaces.

To disable the password complexity check function, run the user-interface password complexity-check disable command. To enable the password complexity check function, run the undo user-interface password complexity-check disable command.

Precautions

If the configured password does not meet complexity requirements, it is prone to attacks and cracks from unauthorized users, which affects device security. Therefore, keeping the password complexity check function enabled is recommended.

Example

# Disable the password complexity check function.

<HUAWEI> system-view
[HUAWEI] user-interface password complexity-check disable

web welcome-message

Function

The web welcome-message command configures greetings for the web system.

The undo web welcome-message command cancels the configuration of greetings for the web system.

By defaults, greetings are not configured for the web system.

Format

web welcome-message message

undo web welcome-message

Parameters

Parameter Description Value
message Configures greetings for the web system.

The value is a string of 1 to 242 case-sensitive characters without question mark (?). Spaces are supported.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

You can run the web welcome-message command to configure greetings for the web system. After the undo web welcome-message command is run, no greetings will be displayed on the web system.

Example

# Configure greetings of the web system to huawei.

<HUAWEI> system-view
[HUAWEI] web welcome-message huawei
Translation
Download
Updated: 2019-10-09

Document ID: EDOC1000178165

Views: 48513

Downloads: 1163

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next