manualshive.com logo in svg

GDI HES7000, Руководство пользователя

Поделиться
Скачать
GDI HES7000 Скачать руководство пользователя страница 25

 

HES7000 ICLI User’s Guide  A01583  Rev. A  

Page 

19

 of 37 

3.7. Understanding Privilege Levels 

 

The session 

privilege level 

determines which ICLI commands are accessable.  It ranges 

from of 0 to 15, inclusive, with 0 being the lowest.  Only commands at the same or lower 
privilege level can be accessed. 

 

Each user on the device has a default privilege level which is copied to the 

session’s 

privilege level at login.  It is, however, possible for the user to change the session privilege 
level by executing the 

enable 

or 

disable 

commands.  This can be used, for example, as 

follows: 

 

 

The user account is configured with privilege level 0 

 

 

Whenever  the  user  needs  to  perform  higher-privileged  commands,  the  user 

changes session priority level, executes the necessary commands, and then revert 
back to the default priority level 

 

Access to higher priority levels must be password protected by using the 

enable password 

or 

enable secret 

global configuration commands. The main difference between the two is 

whether passwords are displayed in clear text or encrypted form in running-config, and 
consequently, startup-config. 

 

Password input can also be in encrypted or clear text form. The latter is used when an 
operator inputs a new password, as the operator will usually not know the encrypted form of 
the password. 

 

The admin user is by default at level 15, the highest possible privilege level. 

 

 

Example 4.  Configuring Privilege Level Passwords 

 

The following example configures a level 15 password using 

enable secret

, inspects the 

resulting configuration, then removes it again. 

 

myDevice# 

configure terminal

 

 

A secret can either be input in clear text or encrypted form; a digit 
indicates which kind follows on the command line: myDevice(config)# 

enable secret ?

 

 

Specifies an UNENCRYPTED password will follow 

Specifies an ENCRYPTED secret will follow 

 

In this case: Unencrypted. Then follows either the level for which a password is being 
configured, or, if no level is given, the password for level 15: 

 

myDevice(config)# 

enable secret 0 ?

 

    <word32>    Password 
    level       Set exec level password 
myDevice(config)# enable secret 0 

 

Thus, the following two commands are semantically identical: 

 

myDevice(config)# 

enable secret 0 my-secret

 

myDevice(config)# 

enable secret 0 level 15 my-secret

 

 

The running configuration can be inspected to see the encrypted form:  

 

myDevice(config)# 

do show running-config | include enable

 

enable secret 5 level 15 D29441BF847EA2DD5442EA9B1E40D4ED 

 

To remove the password use the ‘no’ form (the two are semantically equivalent for level 15): 

myDevice(config)# 

no enable secret

 

myDevice(config)# 

no enable secret level 15

 

myDevice(config)# 

do show running-config | include enable

 

myDevice(config)# 

 

Содержание HES7000

Страница 1: ...HES7000 ICLI USER S GUIDE A01583 Rev A ...

Страница 2: ...ed by GDI Communications LLC By accepting this document the recipient assumes custody hereof and agrees not to dislcose this data or any portion of this data to any unauthorized person without the prior written consent of GDI Communications LLC Recipient further agrees not to incorporate these drawings specifications or technical information in whole or in part in any other product or endeavor THI...

Страница 3: ...HES7000 ICLI User s Guide A01583 Rev A ...

Страница 4: ......

Страница 5: ...LI Basics 6 3 1 The ICLI has some key characteristics 6 3 2 Command Structure and Syntax 6 3 2 1 Syntax 7 3 3 Ethernet Interface Naming 9 3 4 Using the Keyboard 10 3 4 1 Basic Line Editing 10 3 4 2 Command History 11 3 4 3 Context sensitive Help 11 3 4 4 Other Special Keys 13 3 5 Filtering Output 14 3 6 Understanding Modes and Sub modes 15 3 6 1 ICLI Mode Transitions 17 3 7 Understanding Privilege...

Страница 6: ...fig feature feature_name all defaults 32 6 1 3 show running config interface list all defaults 32 6 1 4 show running config vlan list all defaults 32 6 1 5 show running config interface vlan list all defaults 33 6 1 6 show running config line console vty list all defaults 33 7 Working with Configuration Files 34 7 1 Reverting to Default Configuration 35 8 Working with Software Images 37 ...

Страница 7: ...nt interface on the device and the only management interface accessible on the serial console That is to say even if there is no network connectivity the device can still be managed using a serial connection The style used within this document shows user input written in bold show version Terminal input output is in the format shown below MEMORY Total 86382 KBytes Free 70497 KBytes Max 70496 KByte...

Страница 8: ...erating at the highest privilege level level15 This implies full control over the device and its configuration and it istherefore possible to reset the configuration to factory defaults Type reload defaults and then press Enter When the prompt returns the system has reverted to factory defaultsas shown below reload defaults Reloading defaults Please stand by 2 2 Set Device Hostname and admin User ...

Страница 9: ...esses The configuration proceeds in the same manner as setting the hostname Enter configuration mode input and execute configuration commands leave configuration mode The following commands instruct the device to use DHCP to obtain an IP address but if DHCP fails use a static fallback IP address Inclusionof a fallback IP is optional and may be omitted myDevice configure terminal myDevice config in...

Страница 10: ...e by nature it does not survive across reboots It is therefore necessary to save the file to FLASH storage under the name startup config as this file is read and executed upon every bootto restore the running configuration of the system to the state it had when the saving took place The command show running config will display the configuration settings as seen below For brevity some details were ...

Страница 11: ...iescharacteristics for the serial console line console 0 or network ICLI management connections line vty x The configuration as displayed above is also what is saved to startup config myDevice copy running config startup config Building configuration Saving 1326 bytes to flash startup config myDevice dir Directory of flash r 1970 01 01 00 00 00 648 default config rw 1970 01 03 18 21 28 1326 startu...

Страница 12: ...e of text consisting of keywords and parameters for example myDevice show vlan id 10 myDevice show vlan id 20 The command is show Argurments to that command are vlan and id 10 and 20 are parametersthat could contain other values in another commandinvocation Commands are case insensitive thus show SHOW and Show are identical Conversely parameters may either be case sensitive or case insensitivedepe...

Страница 13: ...een two or more alternatives e g a b c which reads as a or b or c Thus the first command syntax is simple First show then interface then a list of interfaces then exactly one of status statistics capabilities switchport and veriphy The second command is a bit more complex show and erps are mandatory but then the remaining parameters and keywords are optional The user mayenter group IDs the user ma...

Страница 14: ...e present a b c 1 Group of options where one or more has fixed position a b c o This says that b is optional but if it is present then it mustfollow after a if a is present and it must come before c if c is present For example assume a command with this syntax a b c d e f g 1 then valid input examples are a d f because b and c are optional d is picked instead of e and f is chosen as the mandatory ...

Страница 15: ...s 2 4 10 on switch 1 GigabitEthernet 1 3 2 for gigabit port 2 on switches 1 2 and 3 It is possible to wildcard the type and or switch ID and or ports to mean all types all switch IDs and all ports respectively A wildcard is written withan asterisk instead of type switch ID or port and some further abbreviations are possible means all ports of all types on all switches type means all ports of the s...

Страница 16: ...rovides a rich set of keys to assist the user while working with the command line The functionality is divided into Basic line editing Command history Context sensitive help Long lines and pagination 3 4 1 Basic Line Editing Basic line editing allows the input of characters to form a command line whilealso allowing cursor movement and insertion deletion of characters and words The available editin...

Страница 17: ...80 length is 24 history size is 32 exec timeout is 10 min 0 second Current session privilege is 15 Elapsed time is 0 day 0 hour 14 min 40 sec Idle time is 0 day 0 hour 0 min 0 sec Use show history to list the history myDevice show history show running config copy running config startup config dir show history myDevice The list begins with the oldest entry at top 3 4 3 Context sensitive Help The IC...

Страница 18: ...vice show ag Pressing TAB now expands the word fully myDevice show aggregation TAB Press to display possible next input myDevice show aggregation Output modifiers mode Traffic distribution mode cr myDevice show aggregation The syntax is displayed with another press of myDevice show aggregation show aggregation mode myDevice show aggregation This shows that there is an optional mode square brackets...

Страница 19: ... been configured as the terminal length A typical example is the output from show running config After the first several lines have beenoutput the pagination prompt is presented lines of text more next page Space continue g quit C The following keys control pagination Table 4 Pagination Control Keys Key Operation Enter Display next line of output Space Display next page of output G Display remaind...

Страница 20: ...ute a command that generates some output no filteringinitially myDevice show users Line is con 0 You are at this line now Connection is from Console User name is admin Privilege is 15 Elapsed time is 0 day 0 hour 0 min 3 sec Idle time is 0 day 0 hour 0 min 0 sec myDevice Add a filter to include specific word myDevice show users include User User name is admin myDevice Exclude all lines that contai...

Страница 21: ...guring active VLANs Command vlan vlan_id_list Prompt hostname config vlan VLAN Interface Config Config Sub mode for configuring VLAN interfaces Command interface vlan vlan_id_list Prompt hostname config if vlan Interface Config Config Sub mode for configuring Ethernet interfaces Command interface type switch_num port_num Prompt hostname config if Line Config Sub mode for configuring terminal lines...

Страница 22: ...urrent session privilege level see section 3 6 The initial mode is determined by the privilege level of the user logging in Ifthe privilege level is zero or one the user is unprivileged and begins in the Unprivileged Exec mode If the privilege level is higher the session beginsin Privileged Exec mode A user can raise the Exec mode privilege level to a higher value if an enable password has been co...

Страница 23: ...llowing example the user wants to change the IP address on the VLAN1 interface and uses do to verify the current address while in thesub mode Example 2 Using do While In a Sub mode myDevice configure terminal myDevice config interface vlan 1 myDevice config if vlan do show ip interface brief Vlan Address Method Status 1 10 0 0 109 24 DHCP UP myDevice config if vlan end myDevice When in Exec the do...

Страница 24: ...N sub mode as indicated by a new prompt myDevice config vlan 100 myDevice config vlan name MyVlan Change directly from VLAN sub mode into Ethernet interface sub modefor interface instance 4 on switch 1 and set link speed to auto myDevice config vlan interface GigabitEthernet 1 4 myDevice config if speed auto Then enter a command from the global configuration mode thisexits Ethernet interface sub m...

Страница 25: ...perator will usually not knowthe encrypted form of the password The admin user is by default at level 15 the highest possible privilegelevel Example 4 Configuring Privilege Level Passwords The following example configures a level 15 password using enable secret inspects the resulting configuration then removes it again myDevice configure terminal A secret can either be input in clear text or encry...

Страница 26: ...o disables automatic logout History Exec Line Length of command history buffer Length Exec Line Terminal length in lines used for pagination Zero disables pagination Location Line A line of text that describes the terminal location e g Server room motd banner Line Enable disable display of Message Of The Day banner configured with banner motd Privilege Line Assign default privilege level Width Exe...

Страница 27: ...e automatic logout myDevice terminal length 0 myDevice terminal exec timeout 0 myDevice show terminal Line is con 0 You are at this line now Alive from Console Default privileged level is 2 Command line editing is enabled Display EXEC banner is enabled Display Day banner is enabled Terminal width is 80 length is 0 history size is 32 exec timeout is 0 min 0 second Current session privilege is 15 El...

Страница 28: ...e MOTD Message Of The Day banner which in this case is multi line is used as delimiter character but any printable character that isn t used in the message is usable myDevice configure terminal myDevice config banner motd Enter TEXT message End with the character It spans multiple lines And one more But now it ends Then the Login and Exec banners Both are single line Notehow different delimiters a...

Страница 29: ...Guide A01583 Rev A Page 23 of 37 Finally save the configuration to startup config to make it persistent myDevice copy running config startup config Building configuration Saving 1461 bytes to flash startup config myDevice ...

Страница 30: ... assumes the session is initiallyunprivileged Step 1 Raise privilege level myDevice enable 15 Password Step 2 Enter Global Configuration mode myDevice configure terminal myDevice config Step 3 Input configuration commands The IP address is set fromwithin the VLAN interface submode myDevice config hostname myDevice myDevice config interface vlan 1 myDevice config if vlan ip address dhcp fallback 17...

Страница 31: ...alues In the general case almost every configuration command has a corresponding no form The no form is syntactically similar but not necessarily identical to the configuration command but either resets the parameters to defaults for the configurable item being addressed or removes the item altogether In many cases no can be read as no t different from default settings Example 8 Using no Forms The...

Страница 32: ...no mep 10 ccc the extra c meansthat the last word isn t recognized as cc leading to a match of the MEPremoval command instead of the desired reset CC command 5 Managing Users The following describes local user management on the device RADIUS and TACACS user management is beyond the scope of thisdocument It is possible to create several user accounts on a system Each user account has a set of confi...

Страница 33: ...re always displayed in encrypted form myDevice config do show running config include username username admin privilege 15 password encrypted dmVyeS1zZWNyZXQ username operator privilege 10 password encrypted YS1zZWNyZXQ username monitor privilege 1 password encrypted YW5vdGhlci1zZWNyZXQ Delete the operator user and verify it is removed from the configuration myDevice config no username operator myD...

Страница 34: ...figuration clock Configure time of day clock dot1x IEEE Standard for port based Network Access Control eps Ethernet Protection Switching erps Ethernet Ring Protection Switching evc Ethernet Virtual Connections green ethernet Green ethernet Power reduction history Display the session command history interface Interface status and configuration ip Internet Protocol ipmc IPv4 IPv6 multicast configura...

Страница 35: ... Protocol igmp Internet Group Management Protocol interface IP interface status and configuration name server Domain Name System route Display the current ip routing table source source command ssh Secure Shell statistics Traffic statistics verify verify command myDevice show ip statistics IPv4 statistics Rcvd 0 total in 0 byte 0 local destination 0 forwarding 0 header error 0 address error 0 unkn...

Страница 36: ...s system IPv4 statistics Rcvd 0 total in 0 byte 0 local destination 0 forwarding 0 header error 0 address error 0 unknown protocol 0 no route 0 truncated 0 discarded Sent 0 total in 0 byte 0 generated 0 forwarded 0 no route 0 discarded Frags 0 reassemble 0 reassembled 0 couldn t reassemble 0 fragment 0 fragmented 0 couldn t fragment 0 fragment created Mcast 0 received in 0 byte 0 sent in 0 byte Bc...

Страница 37: ...peed to be fixed at 1 Gbps then that value is now non defaultand will be output Duplex is also output since it is forced to full when the speedis fixed at 1 Gbps Display current configuration for an interface All settingsare at default myDevice show running config interface GigabitEthernet 1 4 Building configuration interface GigabitEthernet 1 4 end Now set the speed to 1Gbps and display the confi...

Страница 38: ... interface GigabitEthernet 1 1 more The structure of running config is maintained in the output Sub modes suchas VLANs and Ethernet interfaces are listed but may be empty if the requested feature is irrelevant for the particular sub mode 6 1 3 show running config interface list all defaults By using this filter the user can review a specific list of Ethernet interfaces These may contain wildcards ...

Страница 39: ...ration interface vlan 1 ip address dhcp fallback 172 16 1 2 255 255 0 0 end In this example there is only one VLAN interface on thesystem 6 1 6 show running config line console vty list all defaults This command can be used for the console or list of virtual terminal devices vty On current designs there is a single console device 0 For example myDevice show running config line console 0 Building c...

Страница 40: ...se except running config are stored in the flash file system Theavailable operations are copy source destination where source and destination can be one of running config startup config or flash startup config flash filename tftp server port path to file Copy default config to a new file myDevice copy flash default config flash myFileName Saving 648 bytes to flash myFileName dir List the contents ...

Страница 41: ...ven then the system attempts to keep the most relevant parts of the VLAN 1 IPsetup in order to maintain management connectivity The IP address setup and the active default route reload defaults keep ip Note There is no guarantee however that the above is sufficient It dependson the actual network properties and the system s total IP configuration Insome cases it may be preferable to explicitly un ...

Страница 42: ...lts but try to keep VLAN 1 configuration First list current IP settings myDevice show ip interface brief Vlan Address Method Status 1 172 16 1 17 24 DHCP UP myDevice reload defaults keep ip Reloading defaults attempting to keep VLAN 1 IP address Please stand by show ip interface brief Vlan Address Method Status 1 172 16 1 17 24 DHCP UP Contents of flash are unchanged myDevice dir Directory of flas...

Страница 43: ...rnate designation on each image and reboots the system A firmware upgrade performs these steps Download new firmware using TFTP HTTP HTTPS FTP and verify suitability for the system Overwrite the current Alternate image with the newly downloaded image Swap Active and Alternate and reboot The result is that the old Active build becomes the Alternate and thenewly downloaded image Active The relevant ...

Страница 44: ...8 of 37 HES7000 ICLI User s Guide A01583 Rev A GDICOMMUNICATIONS L L C TRAFFIC EQUIPMENT MANUFACTURER SPECIALIZING IN COMMUNICATIONS 879 Deming Way Sparks Nevada 89431 TELEPHONE 775 345 8000 FAX 775 345 8010 ...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды