manual 4500
TRANSCRIPT
-
3Com Switch 4500G Family Configuration Guide
4500G 24-Port (3CR17761-91)4500G 48-Port (3CR17762-91)4500G 24-Port PWR (3CR17771-91)4500G 48-Port PWR (3CR17772-91)www.3Com.com Part Number: 10014900 Rev. ACPublished: February 2008
-
3Com Corporation 350 Campus Drive Marlborough, MA USA 01752-3064
Copyright 2006, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation.
3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.
3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied or expressed, including, but not limited to, the implied warranties, terms or conditions of merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may make improvements or changes in the product(s) and/or the program(s) described in this documentation at any time.
If there is any software on removable media described in this documentation, it is furnished under a license agreement included with the product as a separate document, in the hard copy documentation, or on the removable media in a directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy, please contact 3Com and a copy will be provided to you.
UNITED STATES GOVERNMENT LEGEND
If you are a United States government agency, then this documentation and the software described herein are provided to you subject to the following:
All technical data and computer software are commercial in nature and developed solely at private expense. Software is delivered as Commercial Computer Software as defined in DFARS 252.227-7014 (June 1995) or as a commercial item as defined in FAR 2.101(a) and as such is provided with only such rights as are provided in 3Coms standard commercial license for the Software. Technical data is provided with limited rights only as provided in DFAR 252.227-7015 (Nov 1995) or FAR 52.227-14 (June 1987), whichever is applicable. You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in, or delivered to you in conjunction with, this User Guide.
Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may not be registered in other countries.
3Com and the 3Com logo are registered trademarks of 3Com Corporation.
Cisco is a registered trademark of Cisco Systems, Inc.
Funk RADIUS is a registered trademark of Funk Software, Inc.
Aegis is a registered trademark of Aegis Group PLC.
Intel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Novell and NetWare are registered trademarks of Novell, Inc. UNIX is a registered trademark in the United States and other countries, licensed exclusively through X/Open Company, Ltd.
IEEE and 802 are registered trademarks of the Institute of Electrical and Electronics Engineers, Inc.
All other company and product names may be trademarks of the respective companies with which they are associated.
ENVIRONMENTAL STATEMENT
It is the policy of 3Com Corporation to be environmentally-friendly in all operations. To uphold our policy, we are committed to:
Establishing environmental performance standards that comply with national legislation and regulations.
Conserving energy, materials and natural resources in all operations.
Reducing the waste generated by all operations. Ensuring that all waste conforms to recognized environmental standards. Maximizing the recyclable and reusable content of all products.
Ensuring that all products can be recycled, reused and disposed of safely.
Ensuring that all products are labelled according to recognized environmental standards.
Improving our environmental record on a continual basis.
End of Life Statement
3Com processes allow for the recovery, reclamation and safe disposal of all end-of-life electronic components.
Regulated Materials Statement
3Com products do not contain any hazardous or ozone-depleting material.
-
CONTENTS
ABOUT THIS GUIDEOrganization of the Manual 15Intended Readership 16Conventions 16Related Documentation 17
1 LOGGING INTO AN ETHERNET SWITCHLogging into an Ethernet Switch 19Introduction to the User Interface 19
2 LOGGING IN THROUGH THE CONSOLE PORTIntroduction 23Setting up the Connection to the Console Port 23Console Port Login Configuration 26Console Port Login Configuration with Authentication Mode Being None 28Console Port Login Configuration with Authentication Mode Being Password 31Console Port Login Configuration with Authentication Mode Being Scheme 34
3 LOGGING IN THROUGH TELNETIntroduction 39Telnet Configuration with Authentication Mode Being None 41Telnet Configuration with Authentication Mode Being Password 44Telnet Configuration with Authentication Mode Being Scheme 47Telnet Connection Establishment 51
4 LOGGING IN USING MODEMIntroduction 55Configuration on the Administrator Side 55Configuration on the Switch Side 55Modem Connection Establishment 56
5 LOGGING IN THROUGH WEB-BASED NETWORK MANAGEMENT SYSTEMIntroduction 59
HTTP Connection Establishment 59Web Server Shutdown/Startup 61
-
4 CONTENTS
6 LOGGING IN THROUGH NMSIntroduction 63Connection Establishment Using NMS 63
7 CONTROLLING LOGIN USERSIntroduction 65Controlling Telnet Users 65Controlling Network Management Users by Source IP Addresses 68Controlling Web Users by Source IP Address 70
8 BASIC SYSTEM CONFIGURATION AND MAINTENANCECommand Line Feature 73Basic System Configuration 80Displaying the System Status 85
9 SYSTEM MAINTENANCE AND DEBUGGINGSystem Maintenance and Debugging Overview 87System Maintenance and Debugging Configuration 89System Maintenance Example 90
10 DEVICE MANAGEMENTIntroduction to Device Management 91BootROM and Host Software Loading 91Device Management Configuration 104Displaying the Device Management Configuration 106Remote Switch Update Configuration Example 106
11 FILE SYSTEM MANAGEMENTFile System Management 109Configuration File Management 111FTP Configuration 116TFTP Configuration 122
12 VLAN CONFIGURATIONVLAN Overview 125Basic VLAN Configuration 126Basic VLAN Interface Configuration 127Port-Based VLAN Configuration 127Displaying VLAN Configuration 131VLAN Configuration Example 132
13 VOICE VLAN CONFIGURATION
Voice VLAN Overview 133
-
CONTENTS 5
Voice VLAN Configuration 135Displaying and Maintaining Voice VLAN 137Voice VLAN Configuration Example 138
14 GVRP CONFIGURATIONIntroduction to GARP 141Configuring GVRP 144Displaying and Maintaining GVRP 145GVRP Configuration Example 145
15 ETHERNET INTERFACE CONFIGURATIONGeneral Ethernet Interface Configuration 151Maintaining and Displaying an Ethernet Interface 159
16 LINK AGGREGATION CONFIGURATIONLink Aggregation Overview 161Approaches to Link Aggregation 163Configuring Link Aggregation 166Displaying and Maintaining Link Aggregation 168Link Aggregation Configuration Example 169
17 PORT ISOLATION CONFIGURATIONPort Isolation Overview 171Port Isolation Configuration 171Displaying Port Isolation Configuration 171Port Isolation Configuration Example 172
18 MAC ADDRESS TABLE MANAGEMENTIntroduction to Managing MAC Address Table 173Configuring the MAC Address Table 174Displaying and Maintaining the MAC Address Table 176MAC Address Table Management Configuration Example 176
19 MSTP CONFIGURATIONMSTP Overview 179Configuring the Root Bridge 192Configuring Leaf Nodes 204Performing mCheck 208MSTP Configuration Example 212
20 IP ADDRESSING CONFIGURATIONConfiguring IP Addresses 219
Displaying IP Addressing 220
-
6 CONTENTS
21 IP PERFORMANCE CONFIGURATIONIntroduction to IP performance 221Configuring TCP attributes 221Configuring sending ICMP error packets 222Permitting Receiving and Forwarding of Directed Broadcast Packets 224Displaying and maintaining IP performance 226
22 IPV4 ROUTING OVERVIEWIP Routing and Routing Table 227Routing Protocol Overview 229Displaying and Maintaining a Routing Table 231
23 CONFIGURING IPV6IPv6 Overview 233Configuring Basic IPv6 Functions 242Configuring IPv6 NDP 243Configuring PMTU Discovery 246Configuring IPv6 TCP Properties 247Configuring the Maximum Number of IPv6 ICMP Error Packets Sent within a Specified Time 248Configuring IPv6 DNS 248Displaying and Maintaining IPv6 249IPv6 Configuration Example 250
24 CONFIGURING IPV6 APPLICATIONSIntroduction to IPv6 Application 255Ping IPv6 255Traceroute IPv6 255FTP Configuration 256TFTP Configuration 256IPv6 Telnet 257Examples of Typical IPv6 Application Configurations 258Troubleshooting IPv6 Application 260
25 STATIC ROUTING CONFIGURATIONIntroduction 263Configuring Static Route 264Displaying and Maintaining Static Routes 265Example of Static Routes Configuration 265
26 RIP CONFIGURATIONRIP Overview 269RIP Basic Configuration 273RIP Route Control 275
RIP Configuration Optimization 278
-
CONTENTS 7
Displaying and Maintaining RIP 280RIP Configuration Example 281Troubleshooting RIP Configuration 282
27 ROUTING POLICY CONFIGURATIONIntroduction to Routing Policy 285Defining Filtering Lists 287Configuring a Routing Policy 287Displaying and Maintaining the Routing Policy 290Routing Policy Configuration Example 290Troubleshooting Routing Policy Configuration 292
28 802.1X CONFIGURATION802.1x Overview 293Configuring 802.1x 302Configuring GuestVlan 304Displaying and Maintaining 802.1x 304802.1x Configuration Example 305Typical GuestVlan Configuration Example 307
29 HABP CONFIGURATIONIntroduction to HABP 311HABP Server Configuration 311HABP Client Configuration 312Displaying HABP 312
30 MAC AUTHENTICATION CONFIGURATIONMAC Authentication Overview 313Configuring MAC Authentication 313Displaying and Maintaining MAC Authentication 314MAC Authentication Configuration Example 315
31 AAA, RADIUS, AND TACACS+ CONFIGURATIONOverview 317Configuration Tasks 326AAA Configuration 328RADIUS Configuration 335TACACS+ Configuration 342Displaying and Maintaining AAA & RADIUS & TACACS+ Information 346AAA & RADIUS & TACACS+ Configuration Example 347Troubleshooting AAA & RADIUS & TACACS+ Configuration 353
32 IGMP SNOOPING CONFIGURATION
IGMP Snooping Overview 355
-
8 CONTENTS
IGMP Snooping Configuration Tasks 358Configuring Basic Functions of IGMP Snooping 359Configuring Port Functions 361Configuring IGMP-Related Functions 364Configuring a Multicast Group Policy 367Displaying and Maintaining IGMP Snooping 370IGMP Snooping Configuration Examples 371Troubleshooting IGMP Snooping Configuration 374
33 MULTICAST VLAN CONFIGURATIONMulticast VLAN 377
34 ARP CONFIGURATIONARP Overview 381Configuring ARP 382Configuring Gratuitous ARP 384Displaying and Maintaining ARP 385
35 PROXY ARP CONFIGURATIONProxy ARP Overview 387Enabling Proxy ARP 387Displaying and Maintaining Proxy ARP 388
36 DHCP OVERVIEWIntroduction to DHCP 389DHCP Address Allocation 389DHCP Message Format 391Protocols and Standards 392
37 DHCP RELAY AGENT CONFIGURATIONIntroduction to DHCP Relay Agent 393Configuring the DHCP Relay Agent 394Displaying and Maintaining the DHCP Relay Agent Configuration 400DHCP Relay Agent Configuration Example 401Troubleshooting DHCP Relay Agent Configuration 402
38 DHCP CLIENT CONFIGURATIONIntroduction to DHCP Client 403Enabling the DHCP Client on an Interface 403Displaying the DHCP Client 404DHCP Client Configuration Example 404
-
CONTENTS 9
39 DHCP SNOOPING CONFIGURATIONDHCP Snooping Overview 405Configuring DHCP Snooping 406Displaying DHCP Snooping 406DHCP Snooping Configuration Example 406
40 BOOTP CLIENT CONFIGURATIONIntroduction to BOOTP Client 409Configuring an Interface to Dynamically Obtain an IP Address through BOOTP 410Displaying BOOTP Client Configuration 410
41 ACL OVERVIEWACL Overview 411Time-Based ACL 411IPv4 ACL 411
42 IPV4 ACL CONFIGURATIONCreating a Time Range 415Configuring a Basic IPv4 ACL 417Configuring an Advanced IPv4 ACL 418Configuring an Ethernet Frame Header ACL 420Displaying and Maintaining IPv4 ACLs 422IPv4 ACL Configuration Example 422
43 QOS OVERVIEWIntroduction 425Traditional Packet Delivery Service 425New Requirements Brought forth by New Services 425Occurrence and Influence of Congestion and the Countermeasures 426Major Traffic Management Techniques 427LR Configuration 432
44 QOS POLICY CONFIGURATIONOverview 435Configuring QoS Policy 435Introducing Each QoS Policy 436Configuring QoS Policy 436Displaying QoS Policy 441
45 CONGESTION MANAGEMENTOverview 443Congestion Management Policy 443
Configuring SP Queue Scheduling 445
-
10 CONTENTS
Configuring WRR Queue Scheduling 446Configuring SP+WRR Queue Scheduling 447
46 PRIORITY MAPPINGOverview 449Configuring Port Priority 450Displaying Priority Mapping Table 451
47 VLAN POLICY CONFIGURATIONOverview 453Applying VLAN Policies 453Displaying and Maintaining VLAN Policy 454VLAN Policy Configuration Example 454
48 TRAFFIC MIRRORING CONFIGURATIONOverview 455Configuring Traffic Mirroring to Port 455Displaying Traffic Mirroring Configuration 456Traffic Mirroring Configuration Example 456
49 PORT MIRRORING CONFIGURATIONIntroduction to Port Mirroring 459Configuring Local Port Mirroring 460Displaying Port Mirroring 460Examples of Typical Port Mirroring Configuration 461
50 GMP V2 CONFIGURATIONIntroduction to GMP V2 463GMP V2 Configuration Task Overview 468Management Device Configuration 469Configuring Member Devices 476Displaying and Maintaining a Cluster 477GMP V2 Configuration Example 478
51 SNMP CONFIGURATIONSNMP Overview 481Configuring Basic SNMP Functions 483Trap Configuration 485Displaying and Maintaining SNMP 486SNMP Configuration Example 486
52 RMON CONFIGURATIONRMON Overview 489
-
CONTENTS 11
Configuring RMON 492Displaying and Maintaining RMON 493RMON Configuration 493
53 NTP CONFIGURATIONNTP Overview 495Configuring the Operation Modes of NTP 499Configuring Optional Parameters of NTP 502Configuring Access-Control Rights 503Configuring NTP Authentication 504Displaying and Maintaining NTP 506NTP Configuration Examples 506
54 DNS CONFIGURATIONDNS Overview 519Configuring Static Domain Name Resolution 521Configuring Dynamic Domain Name Resolution 521Displaying and Maintaining DNS 522Troubleshooting DNS Configuration 522
55 INFORMATION CENTERInformation Center Overview 523Configuring Information Center 524Displaying and Maintaining Information Center 530Information Center Configuration Example 531
56 NQA CONFIGURATIONNQA Overview 537Configuring NQA Tests 538Configuring Optional Parameters for NQA Tests 555Displaying and Maintaining NQA 558
57 SSH TERMINAL SERVICESSH Overview 559Configuring the SSH Server 562Configuring the SSH Client 567Configuring the Device as an SSH Client 572Displaying and Maintaining the SSH Protocol 573SSH Configuration Example 573SSH Client Configuration Example 576
58 SFTP SERVICESFTP Overview 579
Configuring the SFTP Server 579
-
12 CONTENTS
Configuring the SFTP Client 580SFTP Configuration Example 584
59 UDP HELPER CONFIGURATIONIntroduction to UDP Helper 587Configuring UDP Helper 588Displaying and Maintaining UDP Helper 588UDP Helper Configuration Example 589
60 SSL CONFIGURATIONSSL Overview 591Configuring an SSL Server Policy 592Configuring an SSL Client Policy 594Displaying and Maintaining SSL 594Troubleshooting SSL Configuration 595
61 HTTPS SERVER CONFIGURATIONHTTPS Server Overview 597Enabling the Functions of HTTPS Server 598Associating HTTPS Server with Certificate Access Control Policy 599Associating HTTPS Server with ACL 599Displaying and Maintaining HTTPS Server 599Configuration Examples for HTTPS Server 600
62 PKI CONFIGURATIONIntroduction to PKI 603Introduction to PKI Configuration Task 605Configuring PKI Certificate Request 605Configuring PKI Certificate Validation 612Configuring a Certificate Attribute Access Control Policy 613Displaying and Maintaining PKI 614Typical Configuration Examples 614Troubleshooting 617
63 POE CONFIGURATIONPoE Overview 619PoE Configuration Tasks 620Configuring the PoE Interface 620Configuring PD Power Management 623Configuring a Power Alarm Threshold for the PSE 624Upgrading PSE Processing Software Online 624Configuring a PD Disconnection Detection Mode 625Enabling the PSE to Detect Nonstandard PDs 625Displaying and Maintaining PoE 626
PoE Configuration Example 626
-
CONTENTS 13
Troubleshooting PoE 628
-
14 CONTENTS
-
DHCPDetails dynamic host configuration protocol. ACL ConfigurationDetails ACL configuration.
QoSDetails quality of service configuration.
Port MirroringDetails local and remote port mirroring configuration.
ClusteringDetails clustering configuration.
SNMPDetails simple network management protocol configuration.
RMONDetails remote monitoring configuration.ABOUT THIS GUIDE
This guide provides information about configuring your network using the commands supported on the 3Com Switch 4500G Family.
The descriptions in this guide applies to the Switch 4500G.
Organization of the Manual
The Switch 4500G Family Configuration Guide consists of the following chapters:
Logging InProvides information on the different ways to log into the switch.
Basic System Configuration and Maintenance OperationDetails the basic configuration and maintenance of a switch.
File System ManagementDetails how to manage storage devices.
VLAN OperationDetails VLAN, including Voice VLANS and GVRP configuration.
Port Correlation ConfigurationDetails Ethernet interface, link aggregation and port isolation configuration.
MAC Address Table ManagementDetails MAC address table configuration.
MSTPDetails multiple spanning tree protocol configuration.
IP Address and Performance OperationDetails how to assign IP addresses to interfaces and to adjust the parameters for the best IP performance.
IPV4 Routing OperationDetails IPV4 routing operation, static routing and policy configuration and RIP configuration
802.1x HABP MAC Authorization OperationDetails HABP, 802.1x and MAC Authentication Configuration.
AAA &RADIUSDetails AAA and RADIUS configuration.
Multicast ProtocolDetails multicast protocol configuration.
ARPDetails address resolution protocol table configuration. NTPDetails network time protocol configuration.
-
16 ABOUT THIS GUIDE
DNSDetails domain name system configuration.
Information CenterDetails information center configuration.
NQADetails network quality analyzer configuration.
SSHDetails secure shell authentication.
UDPDetails UDP helper configuration.
SSLDetails secure socket layer configuration.
PKIDetails public key infrastructure configuration.
PoEDetails power over Ethernet configuration.
Intended Readership The manual is intended for the following readers:
Network administrators
Network engineers
Users who are familiar with the basics of networking
Conventions This manual uses the following conventions:
Table 1 Icons
Icon Notice Type Description
Information note Information that describes important features or instructions.
Caution Information that alerts you to potential loss of data or potential damage to an application, system, or device.
Warning Information that alerts you to potential personal injury.
Table 2 Text conventions
Convention Description
Screen displays
This typeface represents text as it appears on the screen.
Keyboard key names
If you must press two or more keys simultaneously, the key names are linked with a plus sign (+), for example:
Press Ctrl+Alt+Del
The words enter and type
When you see the word enter in this guide, you must type something, and then press Return or Enter. Do not press Return or Enter when an instruction simply says type.
Fixed command text
This typeface indicates the fixed part of a command text. You must type the command, or this part of the command, exactly as shown, and press Return or Enter when you are ready to enter the command.
Example: The command display history-command must be entered exactly as shown.
Variable command text
This typeface indicates the variable part of a command text. You must type a value here, and press Return or Enter when you are ready to enter the command.
Example: in the command super level, a value in the range 0 to 3 must
be entered in the position indicated by level.
-
Related Documentation 17
Related Documentation
In addition to this guide, the Switch 4500G documentation set includes the following:
3Com Switch 4500G Family Quick Reference Guide
This guide contains:
a list of the features supported by the switch.
a summary of the command line interface commands for the switch. This guide is also available under the Help button on the web interface.
3Com Switch 4500G Family Command Reference Guide
This guide provides detailed information about the web interface and command line interface that enable you to manage the switch. It is supplied in PDF format on the CD-ROM that accompanies the switch.
3Com Switch 4500G Family Getting Started Guide
This guide provides preliminary information about hardware installation and communication interfaces.
Release notes
These notes provide information about the current software release, including new features, modifications, and known problems. The release notes are supplied in hard copy with the switch.
{ x | y | } Alternative items, one of which must be entered, are grouped in braces and separated by vertical bars. You must select and enter one of the items.
Example: in the command flow-control { hardware | none | software }, the braces and the vertical bars combined indicate that you must enter one of the parameters. Enter either hardware, or none, or software.
[ ] Items shown in square brackets [ ] are optional.
Example 1: in the command display users [ all ], the square brackets indicate that the parameter all is optional. You can enter the command with or without this parameter.
Example 2: in the command user-interface [ type ] first-number [ last-number ] the square brackets indicate that the parameters [ type] and [ last-number ] are both optional. You can enter a value in place of one, both or neither of these parameters.
Alternative items, one of which can optionally be entered, are grouped in square brackets and separated by vertical bars.
Example 3: in the command header [ shell | incoming | login ] text, the square brackets indicate that the parameters shell, incoming and login are all optional. The vertical bars indicate that only one of the parameters is allowed.
Table 2 Text conventions (Continued)
Convention Description
-
18 ABOUT THIS GUIDE
-
2 A relative user interface index can be obtained by appending a number to the identifier of a user interface type. It is generated by user interface type. The relative user interface indexes are as follows:
AUX user interface: AUX 0
VTY user interfaces: VTY 0, VTY 1, VTY 2, and so on.1 LOGGING INTO AN ETHERNET SWITCH
Logging into an Ethernet Switch
You can log into a Switch 4500G Ethernet switch in one of the following ways:
Log in locally through the Console port
Telnet locally or remotely to an Ethernet port
Telnet to the Console port using a modem
Log into the Web-based network management system
Log in through NMS (network management station)
Introduction to the User Interface
Supported User Interfaces
Switch 4500G Family Ethernet switch supports two types of user interfaces: AUX and VTY.
As the AUX port and the Console port of a 3Com Switch 4500G Family series switch are the same one, you will be in the AUX user interface if you log in through this port.
User Interface Number
Two kinds of user interface index exist: absolute user interface index and relative user interface index.
1 The absolute user interface indexes are as follows:
AUX user interface: 0
VTY user interfaces: Numbered after AUX user interfaces and increases in the step of 1
Table 3 Description on user interface
User interface Applicable user Port used Description
AUX Users logging in through the Console port
Console port Each switch can accommodate one AUX user.
VTY Telnet users and SSH users
Ethernet port Each switch can accommodate up to five VTY users.
-
20 CHAPTER 1: LOGGING INTO AN ETHERNET SWITCHCommon User Interface
Configuration
Table 4 Common User Interface Configuration
To do Use the command Remarks
Lock the current user interface
lock OptionalExecute this command in user view.
A user interface is not locked by default.
Specify to send messages to all user interfaces/a specified user interface
send { all | number | type number }
Optional
Execute this command in user view.
Disconnect a specified user interface
free user-interface [ type ] number
Optional
Execute this command in user view.
Enter system view system-view Set the banner header { incoming |
legal | login | shell | motd } text
Optional
Set a system name for the switch
sysname string Optional
Enter user interface view user-interface [ type ] first-number [ last-number ]
Define a shortcut key for aborting tasks
escape-key { default | character }
Optional
The default shortcut key combination for aborting tasks is < Ctrl+C >.
Set the history command buffer size
history-command max-size value
Optional
The default history command buffer size is 10. That is, a history command buffer can store up to 10 commands by default.
Set the timeout time for the user interface
idle-timeout minutes [ seconds ]
Optional
The default timeout time of a user interface is 10 minutes.
With the timeout time being 10 minutes, the connection to a user interface is terminated if no operation is performed in the user interface within 10 minutes.
You can use the idle-timeout 0 command to disable the timeout function.
Set the maximum number of lines the screen can contain
screen-length screen-length
Optional
By default, the screen can contain up to 24 lines.
You can use the screen-length 0 command to disable the function to display information in pages.
Make terminal services available
shell OptionalBy default, terminal services are available in all user interfaces.
-
Introduction to the User Interface 21Set the display type of a terminal
terminal type { ansi | vt100 }
Optional
By default, the terminal display type is ANSI. The device must use the same type of display as the terminal. If the terminal uses VT 100, the device should also use VT 100.
Display the information about the current user interface/all user interfaces
display users [ all ] You can execute this command in any view.
Display the physical attributes and configuration of the current/a specified user interface
display user-interface [ type number | number ] [ summary ]
You can execute this command in any view.
Display the information about the current web users
display web users You can execute this command in any view.
Table 4 Common User Interface Configuration (continued)
To do Use the command Remarks
-
22 CHAPTER 1: LOGGING INTO AN ETHERNET SWITCH
-
If you use a PC to connect to the Console port, launch a terminal emulation utility (such as Terminal in Windows 3.X or HyperTerminal in Windows 9X/Windows 2000/Windows XP) and perform the configuration shown in Figure 2 through Figure 4 for the connection to be created. Normally, the parameters of a terminal are configured as those listed in Table 5.2 LOGGING IN THROUGH THE CONSOLE PORT
Introduction To log in through the Console port is the most common way to log into a switch. It is also the prerequisite to configure other login methods. By default, you can log into a Switch 4500G Family Ethernet switch through its Console port only.
To log into an Ethernet switch through its Console port, the related configuration of the user terminal must be in accordance with that of the Console port.
Table 5 lists the default settings of a Console port.
After logging into a switch, you can perform configuration for AUX users. Refer to Console Port Login Configuration for more.
Setting up the Connection to the Console Port
Connect the serial port of your PC/terminal to the Console port of the switch, as shown in Figure 1.
Figure 1 Diagram for setting the connection to the Console port
Table 5 The default settings of a Console port
Setting Default
Baud rate 19,200 bps
Flow control Off
Check mode No check bit
Stop bits 1
Data bits 8
Console port
RS-232 port
Configuration cable
Console port
RS-232 port
Configuration cableConsole cable
-
24 CHAPTER 2: LOGGING IN THROUGH THE CONSOLE PORTFigure 2 Create a connection
Figure 3 Specify the port used to establish the connection
-
Setting up the Connection to the Console Port 25Figure 4 Set port parameters terminal window
Turn on the switch. The user will be prompted to press the Enter key if the switch successfully completes POST (power-on self test). The prompt (such as ) appears after the user presses the Enter key, as shown in Figure 5.
Figure 5 The terminal window
You can then configure the switch or check the information about the switch by executing commands. You can also acquire help by type the ? character. Refer to the following chapters for information about the commands.
-
26 CHAPTER 2: LOGGING IN THROUGH THE CONSOLE PORTConsole Port Login Configuration
Common Configuration
Table 6 lists the common configuration of Console port login.
CAUTION: Changing of Console port configuration terminates the connection to the Console port. To establish the connection again, you need to modify the configuration of the termination emulation utility running on your PC accordingly. Refer to Setting up the Connection to the Console Port for more information.
Table 6 Common configuration of Console port login
Configuration Description
Console port configuration
Baud rate Optional
The default baud rate is 19200 bps.
Check mode Optional
By default, the check mode of the Console port is set to none, which means no check bit.
Stop bits Optional
The default stop bits of a Console port is 1.
Data bits Optional
The default data bits of a Console port is 8.
AUX user interface configuration
Define a shortcut key for starting terminal sessions
Optional
By default, pressing Enter key starts the terminal session.
Configure the command level available to the users logging into the AUX user interface
Optional
By default, commands of level 3 are available to the users logging into the AUX user interface.
Terminal configuration
Define a shortcut key for aborting tasks
Optional
The default shortcut key combination for aborting tasks is < Ctrl+C >.
Make terminal services available
Optional
By default, terminal services are available in all user interfaces
Set the maximum number of lines the screen can contain
Optional
By default, the screen can contain up to 24 lines.
Set history command buffer size
Optional
By default, the history command buffer can contain up to 10 commands.
Set the timeout time of a user interface
Optional
The default timeout time is 10 minutes.
-
Console Port Login Configuration 27Console Port Login Configurations for
Different Authentication
Modes
Table 7 lists Console port login configurations for different authentication modes.
Changes of the authentication mode of Console port login will not take effect unless you exit and enter again the CLI.
Table 7 Console port login configurations for different authentication modes
Authentication mode Console port login configuration Description
None Perform common configuration
Perform common configuration for Console port login
Optional
Refer to Common Configuration for more.
Password Configure the password
Configure the password for local authentication
Required
Perform common configuration
Perform common configuration for Console port login
Optional
Refer to Common Configuration for more.
Scheme Specify to perform local authentication or RADIUS authentication
AAA configuration specifies whether to perform local authentication or RADIUS authentication
Optional
Local authentication is performed by default.
Refer to the AAA, RADIUS, and TACACS+ Configuration chapter for more.
Configure user name and password
Configure user names and passwords for local/remote users
Required
The user name and password of a local user are configured on the switch.
The user name and password of a remote user are configured on the DADIUS server. Refer to user manual of RADIUS server for more.
Manage AUX users
Set service type for AUX users
Required
Perform common configuration
Perform common configuration for Console port login
Optional
Refer to Common Configuration for more.
-
28 CHAPTER 2: LOGGING IN THROUGH THE CONSOLE PORTConsole Port Login Configuration with Authentication Mode Being None
Configuration Procedure Table 8 Configuration Procedure
To Use the command Remarks
Enter system view system-view Enter AUX user interface view user-interface aux
0
Configure not to authenticate users
authentication-mode none
Required
By default, users logging in through the Console port are not authenticated.
Configure the Console port
Set the baud rate
speed speed-value OptionalThe default baud rate of an AUX port (also the Console port) is 9,600 bps.
Set the check mode
parity { even | mark | none | odd | space }
Optional
By default, the check mode of a Console port is set to none, that is, no check bit.
Set the stop bits stopbits { 1 | 1.5 | 2 } OptionalThe stop bits of a Console port is 1.
Set the data bits databits { 5 | 6 | 7 | 8 } OptionalThe default data bits of a Console port is 8.
Configure the command level available to users logging into the user interface
user privilege level level
Optional
By default, commands of level 3 are available to users logging into the AUX user interface.
Define a shortcut key for starting terminal sessions
activation-key character
Optional
By default, pressing Enter key starts the terminal session.
Define a shortcut key for aborting tasks
escape-key { default | character }
Optional
The default shortcut key combination for aborting tasks is < Ctrl+C >.
Make terminal services available shell OptionalBy default, terminal services are available in all user interfaces.
-
Console Port Login Configuration with Authentication Mode Being None 29Note that the command level available to users logging into a switch depends on both the authentication-mode none command and the user privilege level level command, as listed in the following table.
Configuration Example
Network requirements
Perform the following configuration for users logging in through the Console port:
Do not authenticate users logging in through the Console port.
Commands of level 2 are available to users logging into the AUX user interface.
The baud rate of the Console port is 19,200 bps.
The screen can contain up to 30 lines.
The history command buffer can contain up to 20 commands.
The timeout time of the AUX user interface is 6 minutes.
Set the maximum number of lines the screen can contain
screen-length screen-length
Optional
By default, the screen can contain up to 24 lines.
You can use the screen-length 0 command to disable the function to display information in pages.
Set the history command buffer size
history-command max-size value
Optional
The default history command buffer size is 10. That is, a history command buffer can store up to 10 commands by default.
Set the timeout time for the user interface
idle-timeout minutes [ seconds ]
Optional
The default timeout time of a user interface is 10 minutes.
With the timeout time being 10 minutes, the connection to a user interface is terminated if no operation is performed in the user interface within 10 minutes.
You can use the idle-timeout 0 command to disable the timeout function.
Table 9 Determine the command level (A)
Scenario
Command levelAuthentication mode User type Command
None (authentication- mode none)
Users logging in through Console ports
The user privilege level level command not executed
Level 3
The user privilege level level command already executed
Determined by the level argument
Table 8 Configuration Procedure (continued)
To Use the command Remarks
-
30 CHAPTER 2: LOGGING IN THROUGH THE CONSOLE PORTNetwork diagram
Figure 6 Network diagram for AUX user interface configuration (with the authentication mode being none)
Configuration procedure
1 Enter system view.
system-view2 Enter AUX user interface view.
[3Com] user-interface aux 03 Specify not to authenticate users logging in through the Console port.
[3Com-ui-aux0] authentication-mode none4 Specify commands of level 2 are available to users logging into the AUX user interface.
[3Com-ui-aux0] user privilege level 25 Set the baud rate of the Console port to 19,200 bps.
[3Com-ui-aux0] speed 192006 Set the maximum number of lines the screen can contain to 30.
[3Com-ui-aux0] screen-length 307 Set the maximum number of commands the history command buffer can store to 20.
[3Com-ui-aux0] history-command max-size 208 Set the timeout time of the AUX user interface to 6 minutes.
[3Com-ui-aux0] idle-timeout 6
Console port
Console cable
RS-232
Console port
Console cable
RS-232
-
Console Port Login Configuration with Authentication Mode Being Password 31Console Port Login Configuration with Authentication Mode Being Password
Table 10 Configuration Procedure
To Use the command Remarks
Enter system view system-view Enter AUX user interface view
user-interface aux 0
Configure to authenticate users using the local password
authentication-mode password
Required
By default, users logging in through the Console port are not authenticated.
Set the local password set authentication password { cipher | simple } password
Required
Configure the Console port
Set the baud rate
speed speed-value OptionalThe default baud rate of an AUX port (also the Console port) is 9,600 bps.
Set the check mode
parity { even | mark | none | odd | space }
Optional
By default, the check mode of a Console port is set to none, that is, no check bit.
Set the stop bits
stopbits { 1 | 1.5 | 2 }
Optional
The default stop bits of a Console port is 1.
Set the data bits
databits { 5 | 6 | 7 | 8 }
Optional
The default data bits of a Console port is 8.
Configure the command level available to users logging into the user interface
user privilege level level
Optional
By default, commands of level 3 are available to users logging into the AUX user interface.
Define a shortcut key for starting terminal sessions
activation-key character
Optional
By default, pressing Enter key starts the terminal session.
Define a shortcut key for aborting tasks
escape-key { default | character }
Optional
The default shortcut key combination for aborting tasks is < Ctrl+C >.
Make terminal services available to the user interface
shell OptionalBy default, terminal services are available in all user interfaces.
-
32 CHAPTER 2: LOGGING IN THROUGH THE CONSOLE PORTConfiguration Procedure
Note that the level the commands of which are available to users logging into a switch depends on both the authentication-mode password and the user privilege level level command, as listed in the following table.
Configuration Example
Network requirements
Perform the following configuration for users logging in through the Console port:
Authenticate users logging in through the Console port using the local password.
Set the local password to 123456 (in plain text).
The commands of level 2 are available to users logging into the AUX user interface.
The baud rate of the Console port is 19,200 bps.
The screen can contain up to 30 lines.
The history command buffer can store up to 20 commands.
The timeout time of the AUX user interface is 6 minutes.
Set the maximum number of lines the screen can contain
screen-length screen-length
Optional
By default, the screen can contain up to 24 lines.
You can use the screen-length 0 command to disable the function to display information in pages.
Set history command buffer size
history-command max-size value
Optional
The default history command buffer size is 10. That is, a history command buffer can store up to 10 commands by default.
Set the timeout time for the user interface
idle-timeout minutes [ seconds ]
Optional
The default timeout time of a user interface is 10 minutes.
With the timeout time being 10 minutes, the connection to a user interface is terminated if no operation is performed in the user interface within 10 minutes.
You can use the idle-timeout 0 command to disable the timeout function.
Table 10 Configuration Procedure (continued)
To Use the command Remarks
Table 11 Determine the command level (B)
Scenario
Command levelAuthentication mode User type Command
Local authentication (authentication-mode password)
Users logging into the AUX user interface
The user privilege level level command not executed
Level 3
The user privilege level level command already executed
Determined by the level argument
-
Console Port Login Configuration with Authentication Mode Being Password 33Network diagram
Figure 7 Network diagram for AUX user interface configuration (with the authentication mode being password)
Configuration procedure
1 Enter system view.
system-view2 Enter AUX user interface view.
[3Com] user-interface aux 03 Specify to authenticate users logging in through the Console port using the local
password.
[3Com-ui-aux0] authentication-mode password4 Set the local password to 123456 (in plain text).
[3Com-ui-aux0] set authentication password simple 1234565 Specify commands of level 2 are available to users logging into the AUX user interface.
[3Com-ui-aux0] user privilege level 26 Set the baud rate of the Console port to 19,200 bps.
[3Com-ui-aux0] speed 192007 Set the maximum number of lines the screen can contain to 30.
[3Com-ui-aux0] screen-length 308 Set the maximum number of commands the history command buffer can store to 20.
[3Com-ui-aux0] history-command max-size 209 Set the timeout time of the AUX user interface to 6 minutes.
[3Com-ui-aux0] idle-timeout 6
Console port
Console cable
RS-232
Console port
Console cable
RS-232
-
34 CHAPTER 2: LOGGING IN THROUGH THE CONSOLE PORTConsole Port Login Configuration with Authentication Mode Being Scheme
Configuration Procedure Table 12 Configuration Procedure
To Use the command Remarks
Enter system view system-view Configure the authentication mode
Enter the default ISP domain view
domain Domain name OptionalBy default, the local AAA scheme is applied. If you specify to apply the local AAA scheme, you need to perform the configuration concerning local user as well.
If you specify to apply an existing scheme by providing the radius-scheme-name argument, you need to perform the following configuration as well:
Perform AAA & RADIUS configuration on the switch. (Refer to the AAA, RADIUS, and TACACS+ Configuration chapter for more.)
Configure the user name and password accordingly on the AAA server. (Refer to the user manual of AAA server.)
Specify the AAA scheme to be applied to the domain
authentication default { hwtacacs- scheme hwtacacs-scheme-name [ local ] | local | none | radius-scheme radius-scheme-name [ local ] }
Quit to system view
quit
Create a local user (Enter local user view.)
local-user user-name
Required
No local user exists by default.
Set the authentication password for the local user
password { simple | cipher } password
Required
Specify the service type for AUX users
service-type terminal [ level level ]
Required
Quit to system view quit Enter AUX user interface view
user-interface aux 0
Configure to authenticate users locally or remotely
authentication-mode scheme [ command- authorization ]
Required
The specified AAA scheme determines whether to authenticate users locally or remotely.
Users are authenticated locally by default.
-
Console Port Login Configuration with Authentication Mode Being Scheme 35Note that the level the commands of which are available to users logging into a switch depends on the authentication-mode scheme [ command-authorization ] command, the user privilege level level command, and the service-type terminal [ level level ] command, as listed in Table 13.
Configure the Console port
Set the baud rate
speed speed-value OptionalThe default baud rate of the AUX port (also the Console port) is 9,600 bps.
Set the check mode
parity { even | mark | none | odd | space }
Optional
By default, the check mode of a Console port is set to none, that is, no check bit.
Set the stop bits
stopbits { 1 | 1.5 | 2 } OptionalThe default stop bits of a Console port is 1.
Set the data bits
databits { 5 | 6 | 7 | 8 }
Optional
The default data bits of a Console port is 8.
Configure the command level available to users logging into the user interface
user privilege level level
Optional
By default, commands of level 3 are available to users logging into the AUX user interface.
Define a shortcut key for starting terminal sessions
activation-key character
Optional
By default, pressing Enter key starts the terminal session.
Define a shortcut key for aborting tasks
escape-key { default | character }
Optional
The default shortcut key combination for aborting tasks is < Ctrl+C >.
Make terminal services available to the user interface
shell OptionalBy default, terminal services are available in all user interfaces.
Set the maximum number of lines the screen can contain
screen-length screen-length
Optional
By default, the screen can contain up to 24 lines.
You can use the screen-length 0 command to disable the function to display information in pages.
Set history command buffer size
history-command max-size value
Optional
The default history command buffer size is 10. That is, a history command buffer can store up to 10 commands by default.
Set the timeout time for the user interface
idle-timeout minutes [ seconds ]
Optional
The default timeout time of a user interface is 10 minutes.
With the timeout time being 10 minutes, the connection to a user interface is terminated if no operation is performed in the user interface within 10 minutes.
You can use the idle-timeout 0 command to disable the timeout function.
Table 12 Configuration Procedure (continued)
To Use the command Remarks
-
36 CHAPTER 2: LOGGING IN THROUGH THE CONSOLE PORTConfiguration Example
Network requirements
Perform the following configuration for users logging in through the Console port:
Configure the name of the local user to be guest.
Set the authentication password of the local user to 123456 (in plain text).
Set the service type of the local user to Terminal.
Configure to authenticate users logging in through the Console port in the scheme mode.
The commands of level 2 are available to users logging into the AUX user interface.
The baud rate of the Console port is 19,200 bps.
The screen can contain up to 30 lines.
The history command buffer can store up to 20 commands.
The timeout time of the AUX user interface is 6 minutes.
Table 13 Determine the command level
Scenario
Command levelAuthentication mode User type Command
authentication-mode scheme [ command- authorization ]
Users logging into the Console port and pass AAA&RADIUS or local authentication
The user privilege level level command is not executed, and the service-type terminal [ level level ] command does not specify the available command level.
Level 0
The user privilege level level command is not executed, and the service-type terminal [ level level ] command specifies the available command level.
Determined by the service-type terminal [ level level ] command
The user privilege level level command is executed, and the service-type terminal [ level level ] command does not specify the available command level.
Level 0
The user privilege level level command is executed, and the service-type terminal [ level level ] command specifies the available command level.
Determined by the service-type terminal [ level level ] command
-
Console Port Login Configuration with Authentication Mode Being Scheme 37Network diagram
Figure 8 Network diagram for AUX user interface configuration (with the authentication mode being scheme)
Configuration procedure
1 Enter system view.
system-view2 Create a local user named guest and enter local user view.
[3Com] local-user guest3 Set the authentication password to 123456 (in plain text).
[3Com-luser-guest] password simple 1234564 Set the service type to Terminal, Specify commands of level 2 are available to users
logging into the AUX user interface.
[3Com-luser-guest] service-type terminal level 2[3Com-luser-guest] quit
5 Enter AUX user interface view.
[3Com] user-interface aux 06 Configure to authenticate users logging in through the Console port in the scheme
mode.
[3Com-ui-aux0] authentication-mode scheme7 Set the baud rate of the Console port to 19,200 bps.
[3Com-ui-aux0] speed 192008 Set the maximum number of lines the screen can contain to 30.
[3Com-ui-aux0] screen-length 309 Set the maximum number of commands the history command buffer can store to 20.
[3Com-ui-aux0] history-command max-size 2010 Set the timeout time of the AUX user interface to 6 minutes.
[3Com-ui-aux0] idle-timeout 6
Console port
Console cable
RS-232
Console port
Console cable
RS-232
-
38 CHAPTER 2: LOGGING IN THROUGH THE CONSOLE PORT
-
user interfaces
Set the maximum number of lines the screen can contain
Optional
By default, the screen can contain up to 24 lines.
Set history command buffer size Optional
By default, the history command buffer can contain up to 10 commands.
Set the timeout time of a user Optional3 LOGGING IN THROUGH TELNET
Introduction You can telnet to a remote switch to manage and maintain the switch. To achieve this, you need to configure both the switch and the Telnet terminal properly.
Common Configuration
Table 15 lists the common Telnet configuration.
Table 14 Requirements for Telnet to a switch
Item Requirement
Switch The management VLAN of the switch is created and the route between the switch and the Telnet terminal is available. (Refer to the VLAN module for more.)
The authentication mode and other settings are configured. Refer to Table 15 and Table 16.
Telnet terminal Telnet is running.
The IP address of the management VLAN of the switch is available.
Table 15 Common Telnet configuration
Configuration Description
VTY user interface configuration
Configure the command level available to users logging into the VTY user interface
Optional
By default, commands of level 0 is available to users logging into a VTY user interface.
Configure the protocols the user interface supports
Optional
By default, Telnet and SSH protocol are supported.
Set the command that is automatically executed when a user logs into the user interface
Optional
By default, no command is automatically executed when a user logs into a user interface.
VTY terminal configuration
Define a shortcut key for aborting tasks
Optional
The default shortcut key combination for aborting tasks is < Ctrl+C >.
Make terminal services available Optional
By default, terminal services are available in all interface The default timeout time is 10 minutes.
-
40 CHAPTER 3: LOGGING IN THROUGH TELNETCAUTION:
The auto-execute command command may cause you unable to perform common configuration in the user interface, so use it with caution.
Before executing the auto-execute command command and save your configuration, make sure you can log into the switch in other modes and cancel the configuration.
Telnet Configurations for Different
Authentication Modes
Table 16 lists Telnet configurations for different authentication modes.
Table 16 Telnet configurations for different authentication modes
Authentication mode Telnet configuration Description
None Perform common configuration
Perform common Telnet configuration
Optional
Refer to Table 15.
Password Configure the password
Configure the password for local authentication
Required
Perform common configuration
Perform common Telnet configuration
Optional
Refer to Table 15.
Scheme Specify to perform local authentication or RADIUS authentication
AAA configuration specifies whether to perform local authentication or RADIUS authentication
Optional
Local authentication is performed by default.
Refer to the AAA, RADIUS, and TACACS+ Configuration chapter for more information.
Configure user name and password
Configure user names and passwords for local/remote users
Required
z The user name and password of a local user are configured on the switch.
z The user name and password of a remote user are configured on the DADIUS server. Refer to user manual of RADIUS server for more.
Manage VTY users Set service type for VTY users
Required
Perform common configuration
Perform common Telnet configuration
Optional
Refer to Table 15.
-
Telnet Configuration with Authentication Mode Being None 41Telnet Configuration with Authentication Mode Being None
Configuration Procedure Table 17 Configuration Procedure
To Use the command Remarks
Enter system view system-view Enter one or more VTY user interface views
user-interface vty first-number [ last-number ]
Configure not to authenticate users logging into VTY user interfaces
authentication-mode none
Required
By default, VTY users are authenticated after logging in.
Configure the command level available to users logging into VTY user interface
user privilege level level
Optional
By default, commands of level 0 are available to users logging into VTY user interfaces.
Configure the protocols to be supported by the VTY user interface
protocol inbound { all | ssh | telnet }
Optional
By default, both Telnet protocol and SSH protocol are supported.
Set the command that is automatically executed when a user logs into the user interface
auto-execute command text
Optional
By default, no command is automatically executed when a user logs into a user interface.
Define a shortcut key for aborting tasks
escape-key { default | character }
Optional
The default shortcut key combination for aborting tasks is < Ctrl+C >.
Make terminal services available
shell OptionalBy default, terminal services are available in all user interfaces.
Set the maximum number of lines the screen can contain
screen-length screen-length
Optional
By default, the screen can contain up to 24 lines.
You can use the screen-length 0 command to disable the function to display information in pages.
Set the history command buffer size
history-command max-size value
Optional
The default history command buffer size is 10. That is, a history command buffer can store up to 10 commands by default.
-
42 CHAPTER 3: LOGGING IN THROUGH TELNETNote that if you configure not to authenticate the users, the command level available to users logging into a switch depends on both the authentication-mode none command and the user privilege level level command, as listed in Table 18.
Configuration Example
Network requirements
Perform the following configuration for Telnet users logging into VTY 0:
Do not authenticate users logging into VTY 0.
Commands of level 2 are available to users logging into VTY 0.
Telnet protocol is supported.
The screen can contain up to 30 lines.
The history command buffer can contain up to 20 commands.
The timeout time of VTY 0 is 6 minutes.
Set the timeout time of the VTY user interface
idle-timeout minutes [ seconds ]
Optional
The default timeout time of a user interface is 10 minutes.
With the timeout time being 10 minutes, the connection to a user interface is terminated if no operation is performed in the user interface within 10 minutes.
You can use the idle-timeout 0 command to disable the timeout function.
Table 18 Determine the command level when users logging into switches are not authenticated
Scenario
Command levelAuthentication mode User type Command
None (authentica-tion-mode none)
VTY users The user privilege level level command not executed
Level 0
The user privilege level level command already executed
Determined by the level argument
Table 17 Configuration Procedure (continued)
To Use the command Remarks
-
Telnet Configuration with Authentication Mode Being None 43Network diagram
Figure 9 Network diagram for Telnet configuration (with the authentication mode being none)
Configuration procedure
1 Enter system view.
system-view2 Enter VTY 0 user interface view.
[3Com] user-interface vty 03 Configure not to authenticate Telnet users logging into VTY 0.
[3Com-ui-vty0] authentication-mode none4 Specify commands of level 2 are available to users logging into VTY 0.
[3Com-ui-vty0] user privilege level 25 Configure Telnet protocol is supported.
[3Com-ui-vty0] protocol inbound telnet6 Set the maximum number of lines the screen can contain to 30.
[3Com-ui-vty0] screen-length 307 Set the maximum number of commands the history command buffer can store to 20.
[3Com-ui-vty0] history-command max-size 208 Set the timeout time to 6 minutes.
[3Com-ui-vty0] idle-timeout 6
User PC running Telnet
Ethernet
User PC running Telnet
GigabitEthernet1/0/1Ethernet
User PC running Telnet
Ethernet
User PC running Telnet
GigabitEthernet1/0/1Ethernet
-
44 CHAPTER 3: LOGGING IN THROUGH TELNETTelnet Configuration with Authentication Mode Being Password
Configuration Procedure Table 19 Configuration Procedure
To Use the command Remarks
Enter system view system-view Enter one or more VTY user interface views
user-interface vty first-number [ last-number ]
Configure to authenticate users logging into VTY user interfaces using the local password
authentication-mode password
Required
Set the local password set authentication password { cipher | simple } password
Required
Configure the command level available to users logging into the user interface
user privilege level level
Optional
By default, commands of level 0 are available to users logging into VTY user interface.
Configure the protocol to be supported by the user interface
protocol inbound { all | ssh | telnet }
Optional
By default, both Telnet protocol and SSH protocol are supported.
Set the command that is automatically executed when a user logs into the user interface
auto-execute command text
Optional
By default, no command is automatically executed when a user logs into a user interface.
Define a shortcut key for aborting tasks
escape-key { default | character }
Optional
The default shortcut key combination for aborting tasks is < Ctrl+C >.
Make terminal services available
shell OptionalBy default, terminal services are available in all user interfaces.
-
Telnet Configuration with Authentication Mode Being Password 45Note that if you configure to authenticate the users in the password mode, the command level available to users logging into a switch depends on both the authentication-mode password command and the user privilege level level command, as listed in Table 20.
Configuration Example
Network requirements
Perform the following configuration for Telnet users logging into VTY 0:
Authenticate users logging into VTY 0 using the local password.
Set the local password to 123456 (in plain text).
Commands of level 2 are available to users logging into VTY 0.
Telnet protocol is supported.
The screen can contain up to 30 lines.
The history command buffer can contain up to 20 commands.
The timeout time of VTY 0 is 6 minutes.
Set the maximum number of lines the screen can contain
screen-length screen-length
Optional
By default, the screen can contain up to 24 lines.
You can use the screen-length 0 command to disable the function to display information in pages.
Set the history command buffer size
history-command max-size value
Optional
The default history command buffer size is 10. That is, a history command buffer can store up to 10 commands by default.
Set the timeout time of the user interface
idle-timeout minutes [ seconds ]
Optional
The default timeout time of a user interface is 10 minutes.
With the timeout time being 10 minutes, the connection to a user interface is terminated if no operation is performed in the user interface within 10 minutes.
You can use the idle-timeout 0 command to disable the timeout function.
Table 20 Determine the command level when users logging into switches are authenticated in the password mode
Scenario
Command levelAuthentication mode User type Command
Password (authentica-tion-mode password)
VTY users The user privilege level level command not executed
Level 0
The user privilege level level command already executed
Determined by the level argument
Table 19 Configuration Procedure (continued)
To Use the command Remarks
-
46 CHAPTER 3: LOGGING IN THROUGH TELNETNetwork diagram
Figure 10 Network diagram for Telnet configuration (with the authentication mode being password)
Configuration procedure
1 Enter system view.
system-view2 Enter VTY 0 user interface view.
[3Com] user-interface vty 03 Configure to authenticate users logging into VTY 0 using the local password.
[3Com-ui-vty0] authentication-mode password4 Set the local password to 123456 (in plain text).
[3Com-ui-vty0] set authentication password simple 1234565 Specify commands of level 2 are available to users logging into VTY 0.
[3Com-ui-vty0] user privilege level 26 Configure Telnet protocol is supported.
[3Com-ui-vty0] protocol inbound telnet7 Set the maximum number of lines the screen can contain to 30.
[3Com-ui-vty0] screen-length 308 Set the maximum number of commands the history command buffer can store to 20.
[3Com-ui-vty0] history-command max-size 209 Set the timeout time to 6 minutes.
[3Com-ui-vty0] idle-timeout 6
User PC running Telnet
Ethernet
User PC running Telnet
GigabitEthernet1/0/1Ethernet
User PC running Telnet
Ethernet
User PC running Telnet
GigabitEthernet1/0/1Ethernet
-
Telnet Configuration with Authentication Mode Being Scheme 47Telnet Configuration with Authentication Mode Being Scheme
Configuration Procedure Table 21 Configuration Procedure
To Use the command Remarks
Enter system view system-view Configure the authentication scheme
Enter the default ISP domain view
domain Domain name OptionalBy default, the local AAA scheme is applied. If you specify to apply the local AAA scheme, you need to perform the configuration concerning local user as well.
If you specify to apply an existing scheme by providing the radius-scheme-name argument, you need to perform the following configuration as well:
Perform AAA & RADIUS configuration on the switch. (Refer to the AAA, RADIUS, and TACACS+ Configuration chapter for more information.
Configure the user name and password accordingly on the AAA server. (Refer to the user manual of the AAA server.)
Configure the AAA scheme to be applied to the domain
authentication default { hwtacacs-scheme hwtacacs-scheme- name [ local ] | local | none | radius-scheme radius-scheme-name [ local ] }
Quit to system view
quit
Create a local user and enter local user view
local-user user-name
The admin, manager, and monitor users exist by default.
Set the authentication password for the local user
password { simple | cipher } password
Required
Specify the service type for VTY users
service-type telnet [ level level ]
Required
Quit to system view quit Enter one or more VTY user interface views
user-interface vty first-number [ last-number ]
Configure to authenticate users locally or remotely
authentication-mode scheme
Required
The specified AAA scheme determines whether to authenticate users locally or remotely.
Users are authenticated locally by default.
Configure the command level available to users logging into the user interface
user privilege level level
Optional
By default, commands of level 0 are available to users logging into the VTY user interfaces.
Configure the supported protocol
protocol inbound { all | ssh | telnet }
Optional
Both Telnet protocol and SSH protocol are supported by default.
-
48 CHAPTER 3: LOGGING IN THROUGH TELNETNote that if you configure to authenticate the users in the scheme mode, the command level available to users logging into a switch depends on the authentication-mode scheme [ command-authorization ] command, the user privilege level level command, and the service-type { ftp [ ftp-directory directory ] | lan-access | { ssh | telnet | terminal }* [ level level ] } command, as listed in Table 22.
Set the command that is automatically executed when a user logs into the user interface
auto-execute command text
Optional
By default, no command is automatically executed when a user logs into a user interface.
Define a shortcut key for aborting tasks
escape-key { default | character }
Optional
The default shortcut key combination for aborting tasks is < Ctrl+C >.
Make terminal services available
shell OptionalTerminal services are available in all use interfaces by default.
Set the maximum number of lines the screen can contain
screen-length screen-length
Optional
By default, the screen can contain up to 24 lines.
You can use the screen-length 0 command to disable the function to display information in pages.
Set history command buffer size
history-command max-size value
Optional
The default history command buffer size is 10. That is, a history command buffer can store up to 10 commands by default.
Set the timeout time for the user interface
idle-timeout minutes [ seconds ]
Optional
The default timeout time of a user interface is 10 minutes.
With the timeout time being 10 minutes, the connection to a user interface is terminated if no operation is performed in the user interface within 10 minutes.
You can use the idle-timeout 0 command to disable the timeout function.
Table 21 Configuration Procedure (continued)
To Use the command Remarks
-
Telnet Configuration with Authentication Mode Being Scheme 49Refer to the corresponding chapters in this guide for information about AAA, RADIUS, TACACS+, and SSH.
Table 22 Determine the command level when users logging into switches are authenticated in the scheme mode
Scenario
Command levelAuthentication mode User type Command
Scheme (authentication-mode scheme [ command-authorization ])
VTY users that are AAA&RADIUS authenticated or locally authenticated
The user privilege level level command is not executed, and the service-type command does not specify the available command level.
Level 0
The user privilege level level command is not executed, and the service-type command specifies the available command level.
Determined by the service-type command
The user privilege level level command is executed, and the service-type command does not specify the available command level.
Level 0
The user privilege level level command is executed, and the service-type command specifies the available command level.
Determined by the service-type command
VTY users that are authenticated in the RSA mode of SSH
The user privilege level level command is not executed, and the service-type command does not specify the available command level.
Level 0
The user privilege level level command is not executed, and the service-type command specifies the available command level.
The user privilege level level command is executed, and the service-type command does not specify the available command level.
Determined by the user privilege level level commandThe user privilege level level
command is executed, and the service-type command specifies the available command level.
VTY users that are authenticated in the password mode of SSH
The user privilege level level command is not executed, and the service-type command does not specify the available command level.
Level 0
The user privilege level level command is not executed, and the service-type command specifies the available command level.
Determined by the service-type command
The user privilege level level command is executed, and the service-type command does not specify the available command level.
Level 0
The user privilege level level command is executed, and the service-type command specifies the available command level.
Determined by the service-type command
-
50 CHAPTER 3: LOGGING IN THROUGH TELNETConfiguration Example
Network requirements
Perform the following configuration for Telnet users logging into VTY 0:
Configure the name of the local user to be guest.
Set the authentication password of the local user to 123456 (in plain text).
Set the service type of VTY users to Telnet.
Configure to authenticate users logging into VTY 0 in scheme mode.
The commands of level 2 are available to users logging into VTY 0.
Telnet protocol is supported in VTY 0.
The screen can contain up to 30 lines.
The history command buffer can store up to 20 commands.
The timeout time of VTY 0 is 6 minutes.
Network diagram
Figure 11 Network diagram for Telnet configuration (with the authentication mode being scheme)
Configuration procedure
1 Enter system view.
system-view2 Create a local user named guest and enter local user view.
[3Com] local-user guest3 Set the authentication password of the local user to 123456 (in plain text).
[3Com-luser-guest] password simple 1234564 Set the service type to Telnet, Specify commands of level 2 are available to users logging
into VTY 0.
[3Com-luser-guest] service-type telnet level 25 Enter VTY 0 user interface view.
[3Com] user-interface vty 06 Configure to authenticate users logging into VTY 0 in the scheme mode.
[3Com-ui-vty0] authentication-mode scheme
User PC running Telnet
Ethernet
User PC running Telnet
GigabitEthernet1/0/1Ethernet
User PC running Telnet
Ethernet
User PC running Telnet
GigabitEthernet1/0/1Ethernet
-
Telnet Connection Establishment 517 Configure Telnet protocol is supported.
[3Com-ui-vty0] protocol inbound telnet8 Set the maximum number of lines the screen can contain to 30.
[3Com-ui-vty0] screen-length 309 Set the maximum number of commands the history command buffer can store to 20.
[3Com-ui-vty0] history-command max-size 2010 Set the timeout time to 6 minutes.
[3Com-ui-vty0] idle-timeout 6
Telnet Connection Establishment
Telneting to a Switch from a Terminal
In order to Telnet to the switch, you need to configure an IP address on a VLAN interface. Use the following procedure to establish a Telnet connection to a switch through the management VLAN:
1 Log into the switch through the Console port and assign an IP address to the management VLAN interface of the switch.
Connect to the Console port. Refer to the chapter Setting up the Connection to the Console Port.
Execute the following commands in the terminal window to assign an IP address to the management VLAN interface of the switch.
systema Enter management VLAN interface view.
[3Com] interface Vlan-interface 1b Remove the existing IP address of the management VLAN interface.
[3Com-Vlan-interface1] undo ip addressc Configure the IP address of the management VLAN interface to be 202.38.160.92.
[3Com-Vlan-interface1] ip address 202.38.160.92 255.255.255.02 Configure the user name and password for Telnet on the switch. See the sections entitled
Telnet Configuration with Authentication Mode Being None,Telnet Configuration with Authentication Mode Being Password, and Telnet Configuration with Authentication Mode Being Scheme for additional information.
3 Connect your PC to the Switch, as shown in Figure 12. Make sure the Ethernet port to which your PC is connected belongs to the management VLAN of the switch and the route between your PC and the switch is available.
-
52 CHAPTER 3: LOGGING IN THROUGH TELNETFigure 12 Network diagram for Telnet connection establishment
4 Launch Telnet on your PC, with the IP address of the management VLAN interface of the switch as the parameter, as shown in the following figure.
Figure 13 Launch Telnet
5 Enter the password when the Telnet window displays Login authentication and prompts for login password. The CLI prompt (such as ) appears if the password is correct. If all VTY user interfaces of the switch are in use, you will fail to establish the connection and receive the message that says All user interfaces are used, please try later!. A 3Com Switch 4500G Family Ethernet switch can accommodate up to five Telnet connections at same time.
6 After successfully Telneting to a switch, you can configure the switch or display the information about the switch by executing corresponding commands. You can also type ? at any time for help. Refer to the following chapters for the information about the commands.
A Telnet connection will be terminated if you delete or modify the IP address of the VLAN interface in the Telnet session.
By default, commands of level 0 are available to Telnet users authenticated by password. Refer to the Basic System Configuration and Maintenance module for information about command hierarchy.
Workstation
WorkstationServer PC w ith Telnet running on it (used to configure the switch)
Ethernet portEthernet
Workstation
WorkstationServer PC w ith Telnet running on it (used to configure the switch)
Ethernet portEthernet
-
Telnet Connection Establishment 53Telneting to Another Switch from the Current Switch
You can Telnet to another switch from the current switch. In this case, the current switch operates as the client, and the other operates as the server. If the interconnected Ethernet ports of the two switches are in the same LAN segment, make sure the IP addresses of the two management VLAN interfaces to which the two Ethernet ports belong to are of the same network segment, or the route between the two VLAN interfaces is available.
As shown in Figure 14, after Telneting to a switch (labeled as Telnet client), you can Telnet to another switch (labeled as Telnet server) by executing the telnet command and then to configure the later.
Figure 14 Network diagram for Telneting to another switch from the current switch
1 Configure the user name and password for Telnet on the switch operating as the Telnet server. Refer to the sections entitled Telnet Configuration with Authentication Mode Being None, Telnet Configuration with Authentication Mode Being Password, and Telnet Configuration with Authentication Mode Being Scheme for more information.
2 Telnet to the switch operating as the Telnet client.
3 Execute the following command on the switch operating as the Telnet client:
telnet xxxx
Where xxxx is the IP address or the host name of the switch operating as the Telnet server. You can use the ip host to assign a host name to a switch.
4 Enter the password. If the password is correct, the CLI prompt (such as ) appears. If all VTY user interfaces of the switch are in use, you will fail to establish the connection and receive the message that says All user interfaces are used, please try later!.
5 After successfully Telneting to the switch, you can configure the switch or display the information about the switch by executing corresponding commands. You can also type ? at any time for help. Refer to the following chapters for the information about the commands.
Telnet clientPC Telnet serverTelnet clientPC Telnet server
-
54 CHAPTER 3: LOGGING IN THROUGH TELNET
-
Configuration AT&F ----------------------- Restore the factory settingsATS0=1-----------------------Configure to answer automatically after the first ringAT&D ----------------------- Ignore DTR signalAT&K0 ----------------------- Disable flow controlAT&R1 ----------------------- Ignore RTS signalAT&S0 ----------------------- Set DSR to high level by forceATEQ1&W----------------------- Disable the modem from returning command 4 LOGGING IN USING MODEM
Introduction The administrator can log into the Console port of a remote switch using a modem through PSTN (public switched telephone network) if the remote switch is connected to the PSTN through a modem to configure and maintain the switch remotely. When a network operates improperly or is inaccessible, you can log into the switches in the network in this way to configure these switches, to query logs and warning messages, and to locate problems.
To log into a switch in this way, you need to configure the terminal and the switch properly, as listed in the following table.
Configuration on the Administrator Side
The PC can communicate with the modem connected to it. The modem is properly connected to PSTN. And the telephone number of the switch side is available.
Configuration on the Switch Side
Modem Perform the following configuration on the modem directly connected to the switch:
Table 23 Requirements for logging into a switch using a modem
Item Requirement
Administrator side The PC can communicate with the modem connected to it.
The modem is properly connected to PSTN.
The telephone number of the switch side is available.
Switch side The modem is connected to the Console port of the switch properly.
The modem is properly configured.
The modem is properly connected to PSTN and a telephone set.
The authentication mode and other related settings are configured on the switch. Refer to Table 7.response and the result, save the changes
-
56 CHAPTER 4: LOGGING IN USING MODEMYou can verify your configuration by executing the AT&V command.
The above configuration is unnecessary to the modem on the administrator side.
The configuration commands and the output of different modems may differ. Refer to the user manual of the modem when performing the above configuration.
Switch Configuration
After logging into a switch through its Console port by using a modem, you will enter the AUX user interface. The corresponding configuration on the switch is the same as those when logging into the switch locally through its Console port except that:
When you log in through the Console port using a modem, the baud rate of the Console port is usually set to a value lower than the transmission speed of the modem. Otherwise, packets may get lost.
Other settings of the Console port, such as the check mode, the stop bits, and the data bits, remain the default.
The configuration on the switch depends on the authentication mode the user is in. Refer to Table 7 for the information about authentication mode configuration.
Configuration on switch when the authentication mode is noneRefer to Console Port Login Configuration with Authentication Mode Being None.
Configuration on switch when the authentication mode is password
Refer to Console Port Login Configuration with Authentication Mode Being Password.
Configuration on switch when the authentication mode is scheme
Refer to Console Port Login Configuration with Authentication Mode Being Scheme.
Modem Connection Establishment
1 Configure the user name and password on the switch. Refer to Console Port Login Configuration with Authentication Mode Being None, Console Port Login Configuration with Authentication Mode Being Password, and Console Port Login Configuration with Authentication Mode Being Scheme for more information.
2 Perform the following configuration on the modem directly connected to the switch.
AT&F ----------------------- Restore the factory settingsATS0=1------------------- Configure to answer automatically after the first ringAT&D ----------------------- Ignore DTR signalAT&K0 ----------------------- Disable flow controlAT&R1 ----------------------- Ignore RTS signalAT&S0 ----------------------- Set DSR to high level by forceATEQ1&W----------------------- Disable the modem from returning command response and the result, save the changes
You can verify your configuration by executing the AT&V command.
-
Modem Connection Establishment 57 The configuration commands and the output of different modems may differ. Refer to the user manual of the modem when performing the above configuration.
Set the baud rate of the AUX port (also the Console port) to a value lower than the transmission speed of the modem. Otherwise, packets may get lost.
3 Connect your PC, the modems, and the switch, as shown in the following figure.
Figure 15 Establish the connection by using modems
4 Launch a terminal emulation utility on the PC and set the telephone number to call the modem directly connected to the switch, as shown in Figure 16 and Figure 17. Note that you need to set the telephone number to that of the modem directly connected to the switch.
Figure 16 Set the telephone number
Modem
Telephone lineModem
Serial cable
Telephone number: 82882285Console port
PSTN
PC
Modem
Telephone lineModem
Serial cable
Telephone number: 82882285Console port
PSTN
PC
-
58 CHAPTER 4: LOGGING IN USING MODEMFigure 17 Call the modem
5 Provide the password when prompted. If the password is correct, the prompt (such as ) appears. You can then configure or manage the switch. You can also enter the character ? at anytime for help. Refer to the following chapters for information about the configuration commands.
If you perform no AUX user-related configuration on the switch, the commands of level 3 are available to modem users. Refer to the Basic System Configuration and Maintenance module for information about command level.
-
[3Com] interface Vlan-interface 1b Remove the existing IP address of the management VLAN interface.
[3Com-Vlan-interface1] undo ip addressc Configure the IP address of the management VLAN interface to be 10.153.17.82.
[3Com-Vlan-interface1] ip address 10.153.17.82 255.255.255.05 LOGGING IN THROUGH WEB-BASED NETWORK MANAGEMENT SYSTEM
Introduction A Switch 4500G Series switch has a Web server built in. You can log into a Switch 4500G series switch through a Web browser and manage and maintain the switch intuitively by interacting with the built-in Web server.
To log into an Switch 4500G through the built-in Web-based network management system, you need to perform the related configuration on both the switch and the PC operating as the network manag