Commands For Telnet Configuration

1.2 Commands for Telnet

1.2.1 aaa authorization config-commands

Command: aaa authorization config-commands
no aaa authorization config-commands
Function: Enable the command authorization function for the login user with VTY (login with Telnet and SSH). The no command disables this function. Enabling this command and configuring command authorization will result in a request to authorize when executing a command to display.
Parameters: None.
Command mode: Global Mode
Default: Disable.
Usage guide: After configuring this command and configuring command authorization, authorization selection priority of the login user with VTY can be authorized.
Example: Enable the VTY command authorization function.

active500EM(config)#aaa authorization config-commands

 

1.2.2 accounting exec

Command: accounting line {console | vty} exec {start-stop | stop-only | none} method1 [method2?] no accounting line {console | vty} exec
Function: Configure the accounting method list for the login user with VTY (login with Telnet and SSH) and Console. The no command restores the default accounting method.
Parameters:

  • line: selects the accounting line, including Console and VTY (telnet and ssh).
  • start-stop: sends the accounting start or the accounting stop when the user is logging in or logging off the switch.
  • stop-only: sends the accounting stop when the user logoffs.
  • none: does not send the accounting start or the accounting stop.
  • method: the list of the accounting method. It only supports the TACACS keyword. TACACS uses the remote TACACS+ server to count.

Command mode: Global Mode
Default: There is no accounting.
Usage guide: Use the Console or VTY login method to set the corresponding accounting method. The accounting method supports TACACS+.
Example: Configure login accounting using telnet.

active500EM(config)#accounting line vty exec start-stop tacacs

 

1.2.3 accounting command

Command: accounting line {console | vty} command <1-15> {start-stop | stop-only | none} method1 [method2?] no accounting line {console | vty} command <1-15>
Function: Configure the list of command accounting with VTY (login with Telnet and SSH) and Console. The no command restores the accounting default.
Parameters:

  • line: selects the accounting line, including Console, VTY (telnet and ssh).
  • command <1-15>: the accounting command level.
  • start-stop: sends the accounting start or stop when the user is logging into or exiting the login.
  • stop-only: sends the accounting stop when the user exits the login.
  • none: does not send the accounting start or stop.
  • method: the accounting method list. Only TACAS keywords are suupported.
  • tacacs: uses the remote TACACS+ server to count.

Command mode: Global Mode
Default: There is no accounting method.
Usage guide: Use the Console and VTY login method to set the corresponding command accounting method. The accounting method supports TACACS+. Whether command accounting configures start-stop or stop-only, the stop accounting information is recorded.
Example: Configure the command accounting with telnet.

active500EM(config)#authorization line vty command 15 start-stop tacacs

 

1.2.4 authentication enable

Command: authentication enable method1 [method2?] no authentication enable
Function: Configure the list to enable authentication. The no command restores the default authentication method.
Parameter:

  • method: the list of the authentication method. Valid values include local, tacacs and radius keywords. Local uses the local database to authenticate. Tacacs uses the remote TACACS+ authentication server to authenticate. Radius uses the remote RADIUS authentication server to authenticate.

Command mode: Global Mode
Default: Local authentication is enabled.
Usage guide: The enable authentication method can be any one, or combination of, Local, RADIUS and TACACS. When the login method is configured with a combination of keywords, the preference goes from left to right. If the user has passed the authentication method, the authentication method for the lower preferences will be ignored. If the user receives a corresponding protocol?s answer (refuse or accept), it will not attempt the next authentication method. If the local authentication method fails, it will attempt the next authentication method. It will attempt the next authentication method if it receives no response. An AAA function RADIUS server should be configured before the RADIUS configuration is used. A TACACS server should be configured before the TACACS configuration is used.
Example: Configure enable authentication to be tacacs and local.

active500EM(config)#authentication enable tacacs local

 

1.2.5 authentication ip access-class

Command: authentication ip access-class {<num-std>|<name>}
no authentication ip access-class
Function: Binding standard IP ACL protocol to login with Telnet/SSH/Web. The no command cancels the binding ACL.
Parameters:

  • <num-std>: access-class number for standard numeric ACL. Valid values are between 1 and 99.
  • <name>: access-class name for the standard ACL. The character string length is between 1 and 32.

Command mode: Global Mode
Default: The binding ACL to Telnet/SSH/Web function is closed.
Usage guide: Bind the standard IP ACL protocol to login with Telnet/SSH/Web.
Example: Bind the standard IP ACL protocol to access-class 1.

active500EM(config)#authentication ip access-class 1 in

 

1.2.6 authentication ipv6 access-class

Command: authentication ipv6 access-class {<num-std>|<name>}
no authentication ipv6 access-class
Function: Binds standard IPv6 ACL protocol to login with Telnet/SSH/Web. The no command cancels the binding of the ACL.
Parameter:

  • <num-std>: access-class number for the standard numeric ACL. Valid values are between 500 and 599.
  • <name>: access-class name for the standard ACL. The character string length is between 1 and 32.

Command mode: Global Mode
Default: The binding ACL to Telnet/SSH/Web function is closed.
Usage guide: Binds standard IPv6 ACL protocol to login with Telnet/SSH/Web.
Example: Bind standard IP ACL protocol to access-class 500.

active500EM(config)#authentication ipv6 access-class 500 in

 

1.2.7 authentication line login

Command: authentication line {console | vty | web} login method1 [method2?] no authentication line {console | vty | web} login
Function: Configure VTY (login with Telnet and SSH), Web and Console, to select the authentication method list for the user logging in. The no command restores the default authentication method.
Parameters:

  • line: selects the login line; includes Console, VTY (telnet and ssh) and Web.
  • method: authentication method list. Valid values include local, tacacs and radius keywords.
  • local: uses the local database to authenticate.
  • tacacs: uses the remote TACACS+ authentication server to authenticate.
  • radius: uses the remote RADIUS authentication server to authenticate.

Command mode: Global Mode
Default: No configuration is enabled for the console login method. Local authentication is enabled for VTY and Web login.
Usage guide: The authentication for Console, VTY, and Web login can be configured. The authentication used can be any one, or combination of, Local, RADIUS and TACACS. When the login method is configured with a combination of keywords, the preference goes from left to right. If the user has passed the authentication method, the authentication method for the lower preferences will be ignored. If the user receives a corresponding protocol?s answer (refuse or accept), it will not attempt the next authentication method. If the local authentication method fails, it will attempt the next authentication method. It will attempt the next authentication method if it receives no response. An AAA function RADIUS server should be configured before the RADIUS configuration method can be used. And TACACS server should be configured before the TACACS configuration method can be used. The authentication line console login command is exclusive to the ?login? command. The authentication line Console login command configures the switch to use the Console to login. The login command uses the Console login and uses passwords configured by the password command for authentication. If local authentication is configured and no local users are configured, users will be able to login to the switch via the Console method.
Example: Configure the telnet and ssh login with the remote RADIUS authentication.

active500EM(config)#authentication line vty login radius

Related Commands: aaa enable, radius-server authentication host, tacacs-server, authentication host, tacacs-server key
 

1.2.8 authentication securityip

Command: authentication securityip <ip-addr>
no authentication securityip <ip-addr>
Function: Configures the trusted IP address for login via Telnet and HTTP. The no command removes the trusted IP address configuration.
Parameter:

  • <ip-addr>: the trusted IP address of the client in dotted decimal format which can login to the switch.

Command mode: Global Mode
Default: No trusted IP address is configured.
Usage guide: IP address of the client which can login to the switch is not restricted if the trusted IP address is not configured. After the trusted IP address is configured, only clients with trusted IP addresses are able to login to the switch. Up to 32 trusted IP addresses can be configured on the switch.
Example: Configure 192.168.1.21 as the trusted IP address.

active500EM(config)#authentication securityip 192.168.1.21

 

1.2.9 authentication securityipv6

Command: authentication securityipv6 <ipv6-addr>
no authentication securityipv6 <ipv6-addr>
Function: Configure the security IPv6 address via Telnet and HTTP. The no command removes the specified configuration.
Parameter:

  • <ipv6-addr>: the security IPv6 address which can login to the switch.

Command mode: Global Mode
Default: No security IPv6 addresses are configured.
Usage guide: The IPv6 address of the client which can login to the switch is not restricted if the security IPv6 address is not configured. After the security IPv6 address is configured, only clients with security IPv6 addresses are able to login to the switch. Up to 32 security IPv6 addresses can be configured on the switch.
Example: Configure the security IPv6 address as 2001:da8:123:1::1.

active500EM(config)#authentication securityipv6 2001:da8:123:1::1

 

1.2.10 authorization

Command: authorization line {console | vty | web} exec method [method?] no authorization line {console | vty | web} exec
Function: Configure the authorization list for the user that logs in via
VTY (login with Telnet and SSH), Web, and Console. The no command restores the default authorization method.

Parameters:

  • line: selects the authorization line, including Console, VTY (telnet and ssh), and Web.
  • method: the authorization method list. Valid keywords are local, tacacs, and radius.
  • local: uses the local database for authorization.
  • tacacs: uses the remote TACACS+ server for authorization.
  • radius: uses the remote RADIUS server for authorization.

Command mode: Global Mode
Default: No authorization mode.
Usage guide: The authorization via Console, VTY and Web login can be configured respectively. The authorization method can be any one, or combination of, Local, RADIUS, or TACACS. When the login method is configured as a combination, the preference goes from left to right. If the user has passed authorization, the lower preferences for authorization will be ignored. If the user receives a corresponding protocol?s answer (refuse or accept), it will not attempt the next authorization method. The next authorization method will be tried if there is no response. An AAA RADIUS server should be configured before RADIUS configuration can be used. A TACACS server should be configured before TACACS configuration can be used. Users login to the switch via RADIUS/TACACS and operate under the common mode.
Example: Configure telnet authorization as RADIUS.

active500EM(config)#authorization line vty exec radius

 

1.2.11 authorization line vty command

Command: authorization line vty command <1-15> {local | radius | tacacs} (none|)
no authorization line vty command <1-15>
Function: Configure command authorization and authorization selection priority for the user that logs in via VTY (login with Telnet and SSH). The no command recovers to default.
Parameters: None.
Command mode: Global Mode
Default: The authorization selection priority is not configured.
Usage guide: Configure authorization of the VTY login user to configure commands. The valid parameters include any combination of Local, RADIUS, and TACACS. A value of none reverts to the previous parameter. When using a combination of authorization parameters, priority is given to the first authorization parameter with priority given to the others in descending order. If the highest authorization priority passes, configuration can begin and lower priority authorizations will not be used. If one authorization parameter receives a successful response, configuration can commence and the next authorization parameter will not be attempted. If a response is not received, the next parameter will be used. When using RADIUS authorization, the AAA function must be enabled and the RADIUS server should be configured. If using TACACS authorization, the TACACS server must be configured.
Example: Configure telnet login user level 1 command authorization as TACACS.

active500EM(config)#authorization line vty command 1 tacacs

 

1.2.12 clear line vty <0-31>

Command: clear line vty <0-31>
Function:: To clear a specified virtual terminal (VTY) session of telnet or ssh.
Parameters: None.
Command mode: Admin Mode
Default : None.
Usage guide: After entering this command, the confirmation message appears ?Confirm[Y/N]:?, when the user enters ?Y? or ?y?, the active500EM executes the command to delete the VTY session. When the user enters ???, the active500EM does not execute the command to delete the VTY session, but displays the information. When the user enters any other characters, the active500EM does not execute the command to delete.
Example: Use this command is to clear a specified virtual terminal (VTY) session of telnet or ssh being used by a specific user.

active500EM#clear line vty 4
Confirm[Y/N]:Y
[OK]

 

1.2.13 crypto key clear rsa

Command: crypto key clear rsa
Function: Clear the ssh encrypted key.
Parameters: None.
Command mode: Admin Mode
Default: None.
Usage guide: Clear the ssh encrypted key.
Example :This command is used to clear the ssh encrypted key.

active500EM#crypto key clear rsa

 

1.2.14 terminal length

Command: terminal length <0-512>
terminal no length
Function: Set the number of lines of output to be displayed on each terminal?s screen. The no command cancels the terminal?s screen limitation on the number of characters and displays all content.
Parameter:

  • terminal length: number of lines of output displayed on each screen. Valid values are between 0 and 512 (0 refers to display of all).

Command mode: Admin Mode.
Default: Default length is 25.
Usage guide: Sets the number of lines of output to be displayed on each terminal?s screen, so that ?More messages? will be shown when displayed information exceeds the screen size. Press any key to show information in the next screen.
Example: Configure the number of lines of output in each display to 20.

active500EM#terminal length 20

 

1.2.15 terminal monitor

Command: terminal monitor
terminal no monitor
Function: Copy debugging messages to the current display terminal. The no command restores to the default value.
Parameters: None.
Command mode: Admin Mode
Default: None.
Usage guide: Configures the current debugging messages to display on this terminal. If this command is configured on Telnet or SSH clients, debug messages will be sent to that client. The debug message is displayed on the Console.
Example: Copy debugging messages to the current display terminal.

active500EM#terminal monitor

 

1.2.16 telnet

Command: telnet [vrf <vrf-name>] {<ip-addr> | <ipv6-addr> | host <hostname>} [<port>] Function: Login to the remote host via Telnet.
Parameters:

  • <vrf-name>: specific VRF name.
  • <ip-addr>: IP address of the remote host; shown in dotted decimal notation.
  • <ipv6-addr>: IPv6 address of the remote host.
  • <hostname>: name of the remote host; max of 64 characters.
  • <port>: port number. Valid values are between 0 and 65535.

Command mode: Admin Mode
Default: None.
Usage guide: This command is used when the switch is identified as a Telnet client when logging into the remote host for configuration. When a switch is identified as a Telnet client, it can only establish one TCP connection with the remote host. To connect to another remote host, the current TCP connection must be disconnected with a hotkey ?CTRL+ ?. To Telnet a host name, mapping relationships between the host name and the IP/IPv6 address should be previously configured. For required commands please refer to the IP host and IPv6 host. In case a host corresponds to both an IPv4 and an IPv6 addresses, the IPv6 address would have priority when Telneting this host name.
Example: The active500EM Telnets to a remote host whose IP address is 20.1.1.1.

active500EM#telnet 20.1.1.1 23
Connecting Host 20.1.1.1 Port 23...
Service port is 23
Connected to 20.1.1.1
login:123
password:***
router>

 

1.2.17 telnet server enable

Command: telnet server enable
no telnet server enable
Function: Enable the Telnet server function in the switch. The no command disables the Telnet function in the switch.
Parameters: None.
Command mode: Global Mode
Default: Telnet server function is enabled.
Usage guide: This command is available on the Console only. The administrator can use this command to enable or disable the Telnet client to login to the switch.
Example: Disable the Telnet server function on the switch.

active500EM(config)#no telnet server enable

 

1.2.18 telnet-server max-connection

Command: telnet-server max-connection {<max-connection-number> | default}
Function: Configure the maximum connections supported by the Telnet service of the switch.
Parameter:

  • <max-connection-number>: maximum connections supported by the Telnet service. Valid values are from 5 to 16. The default option will restore the default configuration.

Command mode: Global Mode
Default: Maximum connections are 5.
Usage guide: None.
Example: Set the maximum connections supported by the Telnet service to 10.

active500EM(config)#telnet-server max-connection 10

 

1.2.19 ssh-server authentication-retries

Command: ssh-server authentication-retries <authentication-retries>
no ssh-server authentication-retries
Function: Configure the number of retry times for SSH authentication. The no command restores the default number of times for retrying SSH authentication.
Parameter:

  • < authentication-retries >: the number of retry times for authentication. Valid values are from 1 to 10.

Command mode: Global Mode
Default: The number of times to retry SSH authentication is 3.
Usage guide: None.
Example: Set the retry times for SSH authentication to 5.

active500EM(config)#ssh-server authentication-retries 5

 

1.2.20 ssh-server enable

Command: ssh-server enable
no ssh-server enable
Function: Enable SSH on the switch. The no command disables SSH.
Parameters: None.
Command mode: Global Mode
Default: SSH s disabled.
Usage guide: For the SSH client to log on to the switch, the user needs to configure the SSH user and enable SSH on the switch.
Example: Enable SSH on the switch.

active500EM(config)#ssh-server enable

 

1.2.21 ssh-server host-key create rsa

Command: ssh-server host-key create rsa [modulus < modulus >] Function: Generate a new RSA host key.
Parameter:

  • modulus: the modulus which is used to compute the host key. The valid range is 768 to 2048. The default value is 1024.

Command mode: Global Mode
Default: The system uses the key generated when the ssh-server is first started.
Usage guide: This command is used to generate the new host key. When the SSH client logs onto the server, the new host key is used for authentication. After the new host key is generated and the ?write? command is used to save the configuration, the system uses this key for authentication.
Example: Generate a new host key.

active500EM(config)#ssh-server host-key create rsa

 

1.2.22 ssh-server max-connection

Command: ssh-server max-connection {<max-connection-number>|default}
Function: Configure the maximum number of connections supported by the
SSH service on the switch.

Parameter:

  • <max-connection-number>: max number of connections supported by the SSH service. The valid range is from 5 to 16. The default option will restore the default configuration.

Command mode: Global Mode
Default: 5.
Usage guide: Configures the maximum number of connections supported by the SSH service on the switch.
Example: Set the maximum number of connections supported by the SSH service to 10.

active500EM(config)#ssh-server max-connection 10

 

1.2.23 ssh-server timeout

Command: ssh-server timeout <timeout>
no ssh-server timeout
Function: Configure the timeout value for SSH authentication. The no command restores the default timeout value for SSH authentication.
Parameter:

  • <timeout>: timeout value. The valid range is 10 to 600 seconds.

Command mode: Global Mode
Default: 180 seconds.
Usage guide: This command is used to set the SSH authentication timeout period.
Example: Set the SSH authentication timeout to 240 seconds.

active500EM(config)#ssh-server timeout 240

 

1.2.24 show crypto key

Command: show crypto key
Function: Display the ssh crypto key.
Parameters: None.
Command mode: Admin Mode
Default: None.
Usage guide: Displays the SSH crypto key.
Example: Display the SSH crypto key.

active500EM#show crypto key

 

1.2.25 show ssh-server

Command: show ssh-server
Function: Display the SSH state and the listing of users currently logged on.
Parameters: None.
Command mode: Admin Mode
Default: None.
Usage guide: Display the SSH state and the listing of users currently logged on.
Example: Display the SSH state and the listing of users currently logged on.

active500EM#show ssh-server
ssh server is enabled
ssh-server timeout 180s
ssh-server authentication-retries 3
ssh-server max-connection number 6
ssh-server login user number 2

 

1.2.26 show telnet login

Command: show telnet login
Function: Display the information of the Telnet client with a Telnet connection to the switch.
Parameters: None.
Command mode: Admin and Configuration Mode
Default: None.
Usage guide: Displays Telnet client information with a Telnet connection to the switch.
Example: Display the information of the Telnet client with a Telnet connection to the switch.

active500EM#show telnet login
Authenticate login by local
Login user: aa

 

1.2.27 show users

Command: show users
Function: Display the information of the user who logs in through Telnet or SSH. The information displayed includes line number, username, and IP address.
Parameters: None.
Command mode: Admin Mode
Default: None.
Usage guide: When inputting this command, the information for the user who logs in through Telnet or SSH will be displayed. The displayed information includes the line number, username, and IP address. A maximum of 16 Telnet users and 16 SSH users are supported. VTY 0-15 are used for Telnet and VTY 16-31 are used for SSH.
Example: Display the information of the user who logs in through Telnet or SSH.

active500EM#show users

 

1.2.28 who

Command: who
Function: Display currently logged in users using VTY.
Parameters: None.
Command mode: All configuration modes
Default: None.
Usage guide: Display current logged in users using VTY.
Example: Display currently logged in users using VTY.

active500EM#who
Telnet user a login from 192.168.1.20

 


Return to Controller Wired CLI Table of Contents