next

Interface Access and System Information

Interface access: console/serial link, web, and inbound telnet

The interface access features in the switch operate properly by default. However, you can modify or disable access features to suit your particular needs. Similarly, you can choose to leave the system information parameters at their default settings. However, modifying these parameters can help you to more easily distinguish one device from another in your network.

Interface access features:

Feature Default
Idle-Timeout 10 Minutes (disabled)
Inbound Telnet Access Enabled
Outbound Telnet Access N/A
WebAgent Access Enabled
Terminal type VT-100
Event Log event types to list (Displayed Events) All
Baud Rate Speed Sense
Flow Control XON/XOFF

In most cases, the default configuration is acceptable for standard operation.
[NOTE: ]

NOTE: Basic switch security is through passwords. You can gain additional security by using the security features described in the Access Security Guide for your switch. You can also simply block unauthorized access via the WebAgent or Telnet (as described in this section) and installing the switch in a locked environment.

Terminal line width and length settings

For console/serial link and inbound telnet sessions, the switch output:

  • Uses whatever width is set by the terminal program. If width is not specified, 80 characters is the default.

  • Automatically wraps on word boundaries (such as spaces) for non-columnar output

  • Automatically wraps on column boundaries for columnar output

HP recommends that you do not set your terminal width (terminal width <y>) above 150 columns. (Windows telnet displays up to 156 characters on 1280 pixel wide display, so 150 is comfortably within this).

Listing the current console/serial link configuration

This command lists the current interface access parameter settings.

Syntax

show console

This example shows the default console/serial configuration.

Listing of show console command

HP Switch (config)# show console

Console/Serial Link

Inbound Telnet Enabled [Yes] : Yes
Web Agent Enabled [Yes] : Yes

Terminal Type [VT100] : VT100
Screen Refresh Interval (sec) [3] : 3
Displayed Events [All] : All
Baud Rate [speed-sense] : speed-sense
Flow Control [XON/XOFF] : XON/XOFF
Global Session Idle Timeout (sec) [0] : 0
Serial/USB Console Idle Timeout (sec) [not set] : not set
Current Session Idle Timeout (sec) : 0

Reconfigure inbound telnet access

In the default configuration, inbound Telnet access is enabled.

Syntax

[no] telnet-server [listen | <oobm | data | both> ]

Enables or disables inbound Telnet access on a switch.

Use the no version of the command to disable inbound Telnet access.

The listen parameter is available only on switches that have a separate out-of-band management port. Values for this parameter are:

  • oobm— inbound Telnet access is enabled only on the out-of-band management port. (This port is available on selected switch models.)

  • data— inbound Telnet access is enabled only on the data ports.

  • both— inbound Telnet access is enabled on both the out-of-band management port and on the data ports. This is the default value.

See Appendix I, "Network Out-of-Band Management" in this guide for more information on out-of-band management.

The listen parameter is not available on switches that do not have a separate out-of-band management port.

To disable inbound Telnet access:

HP Switch(config)# no telnet-server

To re-enable inbound Telnet access:

HP Switch(config)# telnet-server

Outbound telnet to another device

This feature operates independently of the telnet-server status and enables you to Telnet to another device that has an IP address.

Syntax

telnet <ipv4-addr | ipv6-addr | hostname | switch-num> [oobm]

Initiates an outbound telnet session to another network device. The destination can be specified as:

  • IPv4 address

  • IPv6 address

  • Hostname

  • Stack number of a member switch (1-16) if the switch is a commander in a stack and stacking is enabled

For switches that have a separate out-of-band management port, the oobm parameter specifies that the Telnet traffic will go out from the out-of-band management interface. If this parameter is not specified, the Telnet traffic goes out from the data interface. The oobm parameter is not available on switches that do not have a separate out-of-band management port. See Appendix I, "Network Out-of-Band Management" in this guide for more information on out-of-band management.

Note: If the console idle-timeout expires, any outbound Telnet or SSH sessions that are open on the switch are terminated. (For information on console idle-timeout, See Reconfigure the console/serial link settings.)

For example, if the host "Labswitch" is in the domain abc.com, you can enter the following command and the destination is resolved to "Labswitch.abc.com".

HP Switch(config)# telnet Labswitch

You can also enter the full domain name in the command:

HP Switch(config)# telnet Labswitch.abc.com

You can use the show telnet command to display the resolved IP address.

The show telnet command displaying resolved IP addresses

HP Switch(config)# show telnet

  Telnet Activity

  -------------------------------------------------------
  Session  : **  1
  Privilege: Manager
  From     : Console
  To       :

  -------------------------------------------------------
  Session  : **  2
  Privilege: Manager
  From     : 12.13.14.10
  To       : 15.33.66.20

  -------------------------------------------------------
  Session  : **  3
  Privilege: Operator
  From     : 2001:db7:5:0:203:4ff:fe0a:251
  To       : 2001:db7:5:0:203:4ff1:fddd:12

Making window size negotiation available for a telnet session

When a telnet connection is established with a switch, the switch always uses the default values of 80 columns by 24 lines for the window dimensions. The window can be resized by either dragging the corner of the window, or by executing the terminal length <x> width <y> CLI command and then configuring the telnet client with those dimensions. The new window dimensions are lost after that telnet session ends.

When the telnet connection is established with an HP switch, either the switch or the telnet client needs to initiate the inquiry about the availability of NAWS. If NAWS is available, you can resize the window by dragging the corner of the window to the desired size. The telnet software uses NAWS to tell the switch what the new window dimensions are. If the switch supports the requested window dimensions, it uses them for all future interactions. If the switch does not support those window dimensions, it refuses them and the telnet client requests an alternate set of window dimensions. The negotiation continues until the telnet client and the switch agree on the window dimensions.

The switch currently responds to a request from the remote telnet client to negotiate window size. However, some telnet clients do not request to negotiate window size unless the switch’s telnet server suggests that NAWS is available.

This feature allows window size negotiation to occur with telnet clients that support NAWS but do not try to use it unless it is suggested by the switch’s telnet server. The switch’s telnet server will suggest to the telnet client that NAWS is available.

Web-management idle timeout

Allows an administrator to set the idle timeout for the WebUI management interface and provides a session timeout page to the user when the WebUI management session ends.

Configure the device web server.

Syntax

[no]web-management [management-url|support-url]URL
[plaintext|ssl<TCP-PORT>|idle-timeout<300-7200>]

Parameters

Management-url

Specify URL to load when the [?] button is clicked on the device's web interface.

Support-url

Specify URL to load when the Support tab is clicked on the device's web interface.

Plaintext

Optional: keyword indicating that the http server should be enabled with no security. If no parameters are specified, plaintext is implied.

SSL

required keyword indicating that the http server should be enabled with Secure Sockets Layer support.
[NOTE: ]

NOTE: The ssl and plaintext variants of the command function independently of each other. Enabling http+ssl does not automatically prevent the device from accepting plaintext connections; you must explicitly disable plaintext connections with the command [no]web-management plaintext.

TCP-PORT

Optional: TCP port on which the https server should listen for connections. If not specified, this defaults to port 443. This is configurable for ssl connections only; the plaintext server always listens on the well-known port 80.

Idle-timeout

Set the idle timeout for web management sessions. This ranges from 300 seconds to 7200 seconds. The default value is 600 seconds.

WebUI idle timeout

HP-5406zl(config)# web-management

....idle-timeout Set the idle timeout for web management sessions.
....management-url Specify URL for web interface [?] button.
....plaintext Enable or disable the http server (insecure). 
....ssl Enable or disable the https server (secure). 
....support-url Specify URL for web interface support page.

HP-5406zl(config)# web-management idle-timeout
....<300-7200> Enter an integer number.

Reconfigure WebAgent access

In the default configuration, web browser access is enabled.

Syntax

[no] web-management [listen | <oobm | data | both> ]

Use the no version of the command to disable inbound HTTP access.

The listen parameter is available only on switches that have a separate out-of-band management port. Values for this parameter are:

  • oobm— inbound HTTP access is enabled only on the out-of-band management port.

  • data— inbound HTTP access is enabled only on the data ports.

  • both— inbound HTTP access is enabled on both the out-of-band management port and on the data ports. This is the default value.

See Appendix I, "Network Out-of-Band Management" in this guide for more information on out-of-band management.

The listen parameter is not available on switches that do not have a separate out-of-band management port.

To disable WebAgent access:

HP Switch(config)# no web-management

To re-enable WebAgent access:

HP Switch(config)# web-management

Reconfigure the console/serial link settings

Syntax

console
[terminal <vt100|ansi|none>]
[screen-refresh <1|3|5|10|20|30|45|60]
[baud-rate <speed-sense|1200|2400|4800|9600|19200|38400|57600|1155200>]
[flow-control <xon/xoff|none>]
[idle-timeout <0-7200>]
[events [<none]|all|not-info|critical|debug>]
[local-terminal <vt100|none|ansi>]
[NOTE: ]

NOTE: If the console idle-timeout expires, any outbound Telnet or SSH sessions open on the switch are terminated.

If you change the Baud Rate or Flow Control settings, you should make the corresponding changes in your console access device. Otherwise, you may lose connectivity between the switch and your terminal emulator due to differences between terminal and switch settings for these two parameters.

All console parameter changes except events and inactivity-timer require that you save the configuration with write memory and then execute boot before the new console configuration will take effect.

The example below shows how to configure the switch with the following:

  • VT100 operation

  • 19,200 baud

  • No flow control

  • 600 second (10 minute) idle timeout

  • Critical log events

Executing a series of console commands

HP Switch(config)# console terminal vt100
This command will take effect after saving the
configuration and rebooting the system.

HP Switch(config)# console baud-rate 19200
This command will take effect after saving the
configuration and rebooting the system.

HP Switch(config)# console flow-control none
This command will take effect after saving the
configuration and rebooting the system.

HP Switch(config)# console idle-timeout 600
HP Switch(config)# console events critical
HP Switch(config)# write memory
HP Switch(config)# reload
[NOTE: ]

NOTE: Switch models supporting redundant management, console settings, such as mode, flow-control and baud-rate, are the same on both management modules. There cannot be individual settings for each management module.
[NOTE: ]

NOTE: In software release versions K.15.12 and greater, the console inactivity-timer <minutes> command has been deprecated and replaced by the console idle-timeout <seconds> command. As an example:

HP Switch(config)#console inactivity-timer 2

is now equivalent to:

HP Switch(config)#console idle-timeout 120

In addition, the serial or USB console idle timeout can be controlled separately if needed. The console idle-timeout serial-usb seconds command allows for this behavior. As an example:

HP Switch(config)#console idle-timeout 120
HP Switch(config)#console idle-timeout serial-usb 15

This sequence of commands will set the Telnet/SSH idle timeout to 120 seconds and the serial-usb idle timeout to 15 seconds. Another example:

HP Switch(config)#console idle-timeout 120
HP Switch(config)#console idle-timeout serial-usb 0

This sequence of commands will set the Telnet/SSH idle timeout to 120 seconds and the serial-usb idle timeout to 0, or, in other words, to never timeout.

The console inactivity-timer minutes command will continue to be accepted in version, but it will be converted to the new command format in the running configuration. This command conversion will also happen on a software update to version if the console inactivity-timer minutes command was part of the previous configuration.

These settings can be displayed using show console.

prev

 		  

 next

Automatic configuration update with DHCP Option 66 

home

 Denying interface access by terminating remote management sessions

Copyright © 2015 Hewlett-Packard Development Company, L.P.