Managing interface access and System Information |
Managing interface access
Listing the current console/serial link configuration
Use the show console command
to list the current console/serial link configuration.
Use of show console command
This example demonstrates the use of the show console command.
switch (config)# show console Console/Serial Link Inbound Telnet Enabled [Yes] : Yes Web Agent Enabled [Yes] : Yes Terminal Type [VT100] : VT100 Screen Refresh Interval (sec) [3] : 3 Displayed Events [All] : All Baud Rate [speed-sense] : speed-sense Flow Control [XON/XOFF] : XON/XOFF Global Session Idle Timeout (sec) [0] : 0 Serial/USB Console Idle Timeout (sec) [not set] : not set Current Session Idle Timeout (sec) : 0
Enabling and disabling inbound Telnet access
In the default configuration, inbound Telnet access is enabled.
Prerequisites
Before you enable or disable inbound Telnet access on a switch, you must insure that the switch has a separate out-of-band management port if you want to use an out-of-band management port for Telnet access. See Appendix I, "Network Out-of-Band Management" in this guide for more information about out-of-band management.
Enabling and disabling inbound Telnet access
To enable inbound Telnet access, do one of the following:
Use the
telnet-servercommand to enable inbound Telnet access through the data ports.Use the following command to enable inbound Telnet access through specific ports:
telnet-server [ listen < oobm | data | both > ]Data ports (listen data option), out-of-band management ports (listen oobm option), or both data and out-of-band management ports (listen both) can be specified.
To disable inbound Telnet access, do one of the following:
Use the
no telnet-servercommand to disable inbound Telnet access through the data ports.Use the following command to disable inbound Telnet access through specific ports:
no telnet-server [ listen < oobm | data | both > ]Data ports (listen data option), out-of-band management ports (listen oobm option), or both data and out-of-band management ports (listen both) can be specified.
Examples
To disable inbound Telnet access:
switch(config)# no telnet-server
To re-enable inbound Telnet access:
switch(config)# telnet-server
Initiating an outbound Telnet session to another device
Prerequisites
Before you initiate an outbound Telnet session to another network device, you must insure that:
The switch has a separate out-of-band management port, if you want to use an out-of-band management port for the outbound Telnet traffic. See Appendix I, "Network Out-of-Band Management" in this guide for more information about out-of-band management.
Stacking is enabled, if you want to initiate an outbound Telnet session to a member switch that is a commander in a stack.
Initiating an outbound Telnet session to another network device
To initiate an outbound Telnet session, do one of the following:
Use the following command to initiate an outbound Telnet session through a data port:
telnet <ipv4-addr | ipv6-addr | hostname | switch-num>Use the following command to initiate an outbound Telnet session through an out-of-band management port:
telnet < ipv4-addr | ipv6-addr | hostname | switch-num > oobm
In these commands, the destination device for the outbound Telnet session is specified as an IPv4 address, IPv6 address, hostname, or stack number (1-16) of a member switch.
Examples
If the host "Labswitch" is in the domain abc.com, you can enter the following command and the destination is resolved to "Labswitch.abc.com":
switch(config)# telnet Labswitch
You can also enter the full domain name of the host in the command:
switch(config)# telnet Labswitch.abc.com
You can use the show telnet command to display the resolved IP address.
The show telnet command displaying resolved IP addresses
switch(config)# show telnet Telnet Activity ------------------------------------------------------- Session : ** 1 Privilege: Manager From : Console To : ------------------------------------------------------- Session : ** 2 Privilege: Manager From : 12.13.14.10 To : 15.33.66.20 ------------------------------------------------------- Session : ** 3 Privilege: Operator From : 2001:db7:5:0:203:4ff:fe0a:251 To : 2001:db7:5:0:203:4ff1:fddd:12
Configuring the Web-management interface for idle timeout
An administrator sets the idle timeout for the WebUI management interface and specifies a session timeout page that is displayed to the user when the WebUI management session ends.
Use the following command to configure the Web-management interface for idle timeout:
web-management [management-url <URL>]
[support-url <URL>] [plaintext] [ssl <TCP-PORT>] [idle-timeout
<300-7200>]
The following parameters are specified to configure the Web-management interface for idle timeout:
| Management-url | Specify URL to load when the [?] button is clicked on the device's web interface. |
| Support-url | Specify URL to load when the Support tab is clicked on the device's web interface. |
| Plaintext | Indicates that the http
server has to be enabled with no security. If no parameters are specified, |
| SSL | Indicates that the http server has to be enabled with Secure Sockets Layer support. TCP port on which the https server must listen for connections. If the TCP port is not specified, the default is port 443. The |
| Idle-timeout | Specifies the idle timeout for web management sessions. This ranges from 300 seconds to 7200 seconds. The default value is 600 seconds. |
WebUI idle timeout
switch(config)# web-management
idle-timeout Set the idle timeout for web management sessions.
management-url Specify URL for web interface [?] button.
plaintext Enable or disable the http server (insecure).
ssl Enable or disable the https server (secure).
support-url Specify URL for web interface support page.
switch(config)# web-management idle-timeout
<300-7200> Enter an integer number. Enabling and disabling inbound WebAgent access
In the default configuration, inbound WebAgent (web browser) access, that is, inbound HTTP access, is enabled.
Prerequisites
Before you enable or disable inbound WebAgent access on a switch, you must insure that the switch has a separate out-of-band management port if you want to use an out-of-band management port for WebAgent access. See Appendix I, "Network Out-of-Band Management" in this guide for more information about out-of-band management.
Enabling and disabling inbound WebAgent access
To enable inbound WebAgent access, do one of the following:
Use the
web-managementcommand to enable inbound WebAgent access through the data ports.Use the following command to enable inbound WebAgent access through specific ports:
web-management [ listen < oobm | data | both > ]Data ports (listen data option), out-of-band management ports (listen oobm option), or both data and out-of-band management ports (listen both) can be specified.
To disable inbound WebAgent access, do one of the following:
Use the
no web-managementcommand to disable inbound WebAgent access through the data ports.Use the following command to disable inbound WebAgent access through specific ports:
no web-management [ listen < oobm | data | both > ]Data ports (listen data option), out-of-band management ports (listen oobm option), or both data and out-of-band management ports (listen both) can be specified.
Examples
To disable inbound WebAgent access:
switch(config)# no web-management
To re-enable inbound WebAgent access:
switch(config)# web-management
Reconfiguring the console/serial link settings
Use the following command to reconfigure the console/serial link settings:
console [terminal <vt100|ansi|none>] [screen-refresh <1|3|5|10|20|30|45|60] [baud-rate <speed-sense|1200|2400|4800|9600|19200|38400|57600|1155200>] [flow-control <xon/xoff|none>] [idle-timeout <0-7200>] [events [<none]|all|not-info|critical|debug>] [local-terminal <vt100|none|ansi>]
Considerations for setting idle-timeout, baud rate, and flow control settings:
If the console idle-timeout expires, any outbound Telnet or SSH sessions open on the switch are terminated.
If you change the baud rate or flow control settings, you must make the corresponding changes in your console access device. Otherwise, you may lose connectivity between the switch and your terminal emulator due to differences between terminal and switch settings for these two parameters.
All console parameter changes except events require that you save the configuration with write memory and then execute boot before the new console configuration will take effect.
Switch models supporting redundant management, console settings, such as mode, flow-control, and baud-rate, are the same on both management modules. There cannot be individual settings for each management module.
Executing a series of console commands
This example shows how to configure the switch with the following:
VT100 operation
19,200 baud
No flow control
600 second (10 minutes) idle timeout
Critical log events
switch(config)# console terminal vt100 This command will take effect after saving the configuration and rebooting the system. switch(config)# console baud-rate 19200 This command will take effect after saving the configuration and rebooting the system. switch(config)# console flow-control none This command will take effect after saving the configuration and rebooting the system. switch(config)# console idle-timeout 600 switch(config)# console events critical switch(config)# write memory switch(config)# reload
Software version support of console/serial link settings
In software release versions K.15.12 and greater, the console inactivity-timer <minutes> command has been deprecated and replaced by the console idle-timeout <seconds> command. As an example:
switch(config)#console inactivity-timer 2
is now equivalent to:
switch(config)#console idle-timeout 120
In addition, the serial or USB console idle timeout can be controlled separately if needed. The console idle-timeout serial-usb seconds command allows for this behavior. As an example:
switch(config)#console idle-timeout 120 switch(config)#console idle-timeout serial-usb 15
This sequence of commands will set the Telnet/SSH idle timeout to 120 seconds and the serial-usb idle timeout to 15 seconds. Another example:
switch(config)#console idle-timeout 120 switch(config)#console idle-timeout serial-usb 0
This sequence of commands will set the Telnet/SSH idle timeout to 120 seconds and the serial-usb idle timeout to 0, or, in other words, to never time out.
The console inactivity-timer minutes command will continue to be accepted in version, but it will be converted to the new command format in the running configuration. This command conversion will also happen on a software update to version if the console inactivity-timer minutes command was part of the previous configuration.
These settings can be displayed using show console.
Interface-access parameters
The interface access in the switch operates properly by default. However, you can modify interface-access parameters to suit your particular needs.
The following table lists the interface-access parameters that are modifiable and their default values. In most cases, the default values are acceptable for standard operation.
| Parameter | Default value | |
|---|---|---|
| Idle-Timeout | 10 Minutes (disabled) | |
| Inbound Telnet Access | Enabled | |
| Outbound Telnet Access | n/a | |
| WebAgent Access | Enabled | |
| Terminal type | VT-100 | |
| Event Log event types to list (Displayed Events) | All | |
| Baud Rate | Speed Sense | |
| Flow Control | XON/XOFF | |
![[NOTE: ]](images/note.gif) | NOTE: Basic switch security is through passwords. You can gain additional security by using the security features described in the Access Security Guide for your switch. You can also simply block unauthorized access via the WebAgent or Telnet (as described in this section) and installing the switch in a locked environment. |
Terminal line width and length settings
For console/serial link and inbound telnet sessions, the switch output:
Uses whatever width is set by the terminal program. If width is not specified, 80 characters is the default.
Automatically wraps on word boundaries (such as spaces) for non-columnar output
Automatically wraps on column boundaries for columnar output
Hewlett Packard Enterprise recommends that you
do not set your terminal width (terminal width <y>)
above 150 columns. (Windows telnet displays up to 156 characters on
1280 pixelwide display, so 150 is comfortably within this).
Window size negotiation for a telnet session
When a telnet connection is established with
a switch, the switch always uses the default values of 80 columns
by 24 lines for the window dimensions. The window can be resized by
either dragging the corner of the window, or by executing the terminal
length <x> width <y> CLI command and then configuring
the telnet client with those dimensions. The new window dimensions
are lost after that telnet session ends.
When the telnet connection is established with a switch, either the switch or the telnet client needs to initiate the inquiry about the availability of NAWS. If NAWS is available, you can resize the window by dragging the corner of the window to the desired size. The telnet software uses NAWS to tell the switch what the new window dimensions are. If the switch supports the requested window dimensions, it uses them for all future interactions. If the switch does not support those window dimensions, it refuses them and the telnet client requests an alternate set of window dimensions. The negotiation continues until the telnet client and the switch agree on the window dimensions.
The switch currently responds to a request from the remote telnet client to negotiate window size. However, some telnet clients do not request to negotiate window size unless the switch’s telnet server suggests that NAWS is available.
This feature allows window size negotiation to occur with telnet clients that support NAWS but do not try to use it unless it is suggested by the switch’s telnet server. The switch’s telnet server will suggest to the telnet client that NAWS is available.