Quidway Eudemon 200 Firewall Manual

http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual 1/1145
8/18/2019 Quidway Eudemon 200 Firewall Manual

Copyright © Huawei Technologies Co., Ltd. 2008. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions
and other Huawei trademarks are the property of Huawei Technologies Co., Ltd.

Notice
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but the statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
i
Contents
Issue 01 (2008-11-15)
1.3.17 reset firewall transparent-mode address-table....................................................................................1-84
1.3.18 reset firewall transparent-mode traffic...............................................................................................1-84
1.4 File Management Configuration Commands................................................................................................1-85
iii
Issue 01 (2008-11-15)
1.5.16 display logbuffer..............................................................................................................................1-152
1.5.17 display patch-information................................................................................................................1-154
1.5.26 firewall session log-type...................................................................................................................1-162
v
Issue 01 (2008-11-15)
2.1.6 display acl...............................................................................................................................................2-7
2.2.2 description (Security Zone View)........................................................................................................2-25
2.3.6 firewall long-link..................................................................................................................................2-38
Quidway Eudemon 200 Firewall
vii
2.5.1 debugging firewall defend....................................................................................................................2-50
2.5.5 display f irewall statistic........................................................................................................................2-53
2.5.6 firewall defend all enable.....................................................................................................................2-54
2.5.8 firewall defend arp-spoofing enable.....................................................................................................2-56
2.5.24 firewall defend ping-of-death enable.................................................................................................2-69
Issue 01 (2008-11-15)
2.5.50 reset firewall statistic ip......................................................................................................................2-91
2.5.51 reset firewall statistic system..............................................................................................................2-92
2.5.52 reset firewall statistic zone.................................................................................................................2-93
2.8.1 debugging firewall mac-binding........................................................................................................2-112
ix
Issue 01 (2008-11-15)
xi
Issue 01 (2008-11-15)
2.17.5 interface virtual-template.................................................................................................................2-231
2.20.1 cir......................................................................................................................................................2-265
xiii
2.21.2 debugging right-manager.................................................................................................................2-288
2.21.14 server ip..........................................................................................................................................2-302
Issue 01 (2008-11-15)
2.22.9 ip-car enable.....................................................................................................................................2-312
2.22.10 ip-car filter......................................................................................................................................2-312
3 Internetworking ..........................................................................................................................3-1
3.2.1 display interface ethernet......................................................................................................................3-14
3.3.4 loopback (AUX Interface View)..........................................................................................................3-25
3.3.5 mtu (AUX Interface View)..................................................................................................................3-26
3.4.1 broadcast-limit link..............................................................................................................................3-27
3.5.6 frame-format (E1 Interface View)........................................................................................................3-39
xv
3.6.6 frame-format (CE1 Interface View).....................................................................................................3-48
3.6.7 loopback (CE1 Interface View)............................................................................................................3-49
3.6.8 using (CE1 Interface View)..................................................................................................................3-50
3.7 T1 Interface Configuration Commands.........................................................................................................3-51
3.7.1 channel-set (T1 Interface View)...........................................................................................................3-52
3.8.1 channel-set (CT1 Interface View)........................................................................................................3-59
3.8.2 clock (CT1 Interface View)..................................................................................................................3-60
3.8.6 frame-format (CT1 Interface View).....................................................................................................3-64
3.8.7 loopback (CT1 Interface View)............................................................................................................3-65
3.9 IP Address Configuration Commands...........................................................................................................3-66
Issue 01 (2008-11-15)
3.10.20 reset tcp statistics............................................................................................................................3-101
3.10.21 reset udp statistics...........................................................................................................................3-102
3.10.22 tcp timer fin-timeout.......................................................................................................................3-102
3.10.23 tcp timer syn-timeout.....................................................................................................................3-103
3.11.1 apply cost..........................................................................................................................................3-106
3.11.2 apply cost-type.................................................................................................................................3-106
3.11.6 apply i p-precedence..........................................................................................................................3-110 3.11.7 apply output-interface......................................................................................................................3-111
3.12.1 apply i p-address next-hop (multicast).................................................................................. ............3-124
3.12.2 debugging ip multicast-policy..........................................................................................................3-125
3.12.3 display ip multicast-policy...............................................................................................................3-126
3.12.4 if-match acl (multicast)....................................................................................................................3-127
xvii
3.13.2 display multicast forwarding-table...................................................................................................3-132
3.13.3 display multicast routing-table.........................................................................................................3-133
3.13.4 display multicast rpf-info.................................................................................................................3-134
Issue 01 (2008-11-15)
3.16.23 static-rpf-peer.................................................................................................................................3-202
xix
3.17.3 display ip routing-table (destination specified)................................................................................3-207
3.17.4 display ip routing-table acl...............................................................................................................3-208
3.17.5 display ip routing-table ip-prefix......................................................................................................3-210
3.17.6 display ip routing-table protocol......................................................................................................3-211
3.17.7 display ip routing-table radix...........................................................................................................3-212
3.17.8 display ip routing-table statistics......................................................................................................3-213
3.17.9 display ip routing-table verbose.......................................................................................................3-214
3.19.17 dhcp server forbidden-ip................................................................................................................3-244
3.19.18 dhcp server ip-pool.........................................................................................................................3-245
Contents
Issue 01 (2008-11-15)
3.19.25 dhcp server ping.............................................................................................................................3-253
3.19.26 dhcp server static-bind...................................................................................................................3-253
3.19.42 nbns-list..........................................................................................................................................3-272
3.19.43 netbios-type....................................................................................................................................3-273
xxi
3.21.33 filter- policy import (OSPF View)............................................................... ...................................3-320 3.21.34 impor t-route (OSPF View).............................................................................................................3-321
Issue 01 (2008-11-15)
3.21.53 router id..........................................................................................................................................3-339
3.23.2 debugging pppoe-client....................................................................................................................3-375
xxiii
3.24.7 if-match any......................................................................................................................................3-393
3.24.8 if-match classifier.............................................................................................................................3-394
3.24.9 if-match dscp....................................................................................................................................3-395
3.24.10 if-match inbound-interface.............................................................................................................3-396
3.24.11 if-match ip-precedence...................................................................................................................3-397
3.24.12 if-match mac...................................................................................................................................3-398
Issue 01 (2008-11-15)
xxv
3.27.20 fr dlci..............................................................................................................................................3-471
3.27.35 fr standby group switch master...................................................................................................... 3-486
3.27.37 fr switch..........................................................................................................................................3-488
3.27.38 fr switching.....................................................................................................................................3-489
3.27.39 interface mfr...................................................................................................................................3-490
3.28 HDLC Configuration Commands............................................................................................................. 3-504
Issue 01 (2008-11-15)
4.1.1 debugging vrrp.......................................................................................................................................4-2
4.1.2 display vrrp.............................................................................................................................................4-3
4.2.1 add interface (VRRP Management Group View)................................................................................4-11
4.2.2 debugging vrrp-group...........................................................................................................................4-13
4.2.3 display vrrp-group................................................................................................................................4-14
4.2.4 triggerdown interface...........................................................................................................................4-14
4.2.5 vgm p-flash enable.................................................................................................................... ............4-15
4.2.6 vrrp group.............................................................................................................................................4-16
4.2.7 vrrp-group enable.................................................................................................................................4-17
4.2.8 vrrp-group group-send..........................................................................................................................4-18
4.2.9 vrrp-group manual-preempt.................................................................................................................4-19
xxvii
Table 1-3 Description of the display rsa local-key-pair public command output..............................................1-29
Table 1-4 Description of the display rsa peer-public-key command output......................................................1-31
Table 1-5 Description of the display ssh server session command output.........................................................1-32
Table 1-6 Description of the ssh user-information command output.................................................................1-33
Table 1-7 Description of the display tcp status command output......................................................................1-34
Table 1-8 Description of the display user-interface command output...............................................................1-36
Table 1-9 Description of the display user-interface maximum-vty command output........................................1-37
Table 1-10 Description of the display users command output...........................................................................1-38
Table 1-11 Description of the display firewall transparent-mode address-table command output....................1-72
Table 1-12 Description of the display firewall transparent-mode traffic command output...............................1-73
Table 1-13 Description of the display ftp-server command output..................................................................1-102
Table 1-14 Description of the display ftp-users command output................................................................... 1-103 Table 1-15 Description of the display startup command output...................................................................... 1-105
Table 1-16 Description of the debugging firewall packet-capture capture command output.......................... 1-138
Table 1-17 Description of the debugging firewall packet-capture send command output...............................1-138
Table 1-18 Description of the debugging firewall packet-capture error command output.............................. 1-139
Table 1-19 Description of the debugging firewall packet-capture event command output............................. 1-140
Table 1-20 Description of the display channel command output.....................................................................1-141
Table 1-21 Description of the display firewall packet-capture configuration command output......................1-147
Table 1-22 Description of the display firewall packet-capture queue command output..................................1-149
Table 1-23 Description of the display firewall packet-capture statistic command output...............................1-150
Table 1-24 Description of the display info-center command output................................................................1-152
Table 1-25 Description of the display logbuffer command output.................................................................. 1-154
Table 1-26 Description of the display schedule reboot command output........................................................1-156
Table 1-27 Description of the display trapbuffer command output................................................................. 1-157
Table 1-28 Definition of eight information levels............................................................................................1-172
Table 1-29 Description of date.........................................................................................................................1-174
Table 1-31 Description of the display ntp-service status command output......................................................1-197
Table 1-32 Description of the display ntp service trace command output.......................................................1-199
Table 1-33 Description of the NTP access authority........................................................................................1-200
xxix
Table 1-35 Description of the display snmp-agent community command output...........................................1-216
Table 1-36 Description of the display snmp-agent group command output....................................................1-217
Table 1-37 Description of the display snmp-agent mib-view command output..............................................1-218
Table 1-38 Description of the display snmp-agent statistics command output................................................1-219
Table 1-39 Description of the display snmp-agent sys-info command output.................................................1-221
Table 1-40 Description of the display snmp-agent usm-user command output...............................................1-222
Table 2-1 Description of the display ip address-set all command output...........................................................2-10
Table 2-2 Description of the display ip port-set all command output................................................................2-12
Table 2-3 Description of the display time-range all command output...............................................................2-13
Table 2-4 Description of the display firewall session aging-time command output..........................................2-33
Table 2-5 Description of the display firewall session no-pat command output.................................................2-36
Table 2-6 Description of the display firewall session table verbose command output......................................2-37
Table 2-7 Description of the display nat command output..............................................................................2-120
Table 2-8 Description of the display accounting-scheme command output.....................................................2-149
Table 2-9 Description of the display user-car 3 command output....................................................................2-154
Table 2-10 Description of the display l2tp session command output...............................................................2-230
Table 2-11 Description of the display l2tp tunnel command output................................................................2-231
Table 2-12 Description of the display interface tunnel 0 command output.....................................................2-246
Table 2-13 Description of the addrserver command output.............................................................................2-253
Table 2-14 Description of the display slb group command output..................................................................2-255
Table 2-15 Description of the display slb rserver command output.................................................................2-256
Table 2-16 Description of the display slb vserver command output................................................................2-257 Table 2-17 Description of the rserver command output...................................................................................2-261
Table 2-18 Description of the vserver command output..................................................................................2-264
Table 2-19 Description of the display p2p-car class command output............................................................2-268
Table 2-20 Description of the display p2p-car statistic class command output...............................................2-272
Table 2-21 Description of the display p2p-car statistic class command output...............................................2-274
Table 2-22 Description of the debugging right-manager command output.....................................................2-289
Table 2-23 Description of the display right-manager online-users command output......................................2-293
Table 2-24 Description of the display right-manager role-info command output............................................2-294
Table 2-25 Description of the display right-manager server-group command output.....................................2-296
Table 2-26 Description of the display right-manager statistics command output............................................2-297
Table 2-27 Description of the display firewall statistic ip-car command output.............................................2-308
Table 2-28 Description of the display source ip monitor table command output............................................2-309
Table 3-1 Description of the display interface command output.........................................................................3-5
Table 3-2 Description of the display ip interface Ethernet 0/0/0 command output..............................................3-8
Table 3-3 Description of the display interface ethernet command output..........................................................3-15
Table 3-4 Description of the display interface virtual-template command output.............................................3-29
Table 3-5 Description of the display virtual-access command output...............................................................3-31
Table 3-6 Description of the display controller e1 command output.................................................................3-39
Table 3-7 Description of the display controller e1 command output.................................................................3-47
Tables
Issue 01 (2008-11-15)
Table 3-8 Description of the display controller t1 command output..................................................................3-56
Table 3-9 Description of the display controller t1 command output..................................................................3-63
Table 3-10 Description of the display ip interface Ethernet 0/0/0 command output..........................................3-68
Table 3-11 Description of the display fib command output...............................................................................3-79
Table 3-12 Description of the display fib | command output.............................................................................3-81
Table 3-13 Description of the display fib acl command output.........................................................................3-82
Table 3-14 Description of the display fib ip-prefix command output................................................................3-83
Table 3-15 Description of the display fib command output...............................................................................3-85
Table 3-16 Description of the display fib statistics command output................................................................3-86
Table 3-17 Description of the display icmp statistic command output..............................................................3-87
Table 3-18 Description of the display ip interface Ethernet 0/0/0 command output..........................................3-89
Table 3-19 Description of the display ip socket command output.....................................................................3-93
Table 3-20 Description of the display ip statistics command output.................................................................3-94
Table 3-21 Description of the display tcp statistics output................................................................................3-96
Table 3-22 Description of the display tcp status command output....................................................................3-99
Table 3-23 Description of the display udp statistics command output.............................................................3-100
Table 3-24 Description of the display igmp group command output...............................................................3-146
Table 3-25 Description of the display pim interface command output............................................................3-167
Table 3-26 Description of the msdp-tracert command domain........................................................................3-191
Table 3-27 Description of the display ip routing-table command output.........................................................3-205
Table 3-28 Description of the display ip routing-table statistics command output..........................................3-214
Table 3-29 Description of the display ip routing-table verbose command output...........................................3-215
Table 3-30 Description of the display arp command output............................................................................3-224 Table 3-31 Description of the display dhcp relay address command output....................................................3-255
Table 3-32 Description of the display dhcp relay statistics command output..................................................3-256
Table 3-33 Description of the display dhcp server conflict command output..................................................3-258
Table 3-34 Description of the display dhcp server expired command output..................................................3-259
Table 3-35 Description of the display dhcp server free-ip command output...................................................3-260
Table 3-36 Description of the display dhcp server ip-in-use command output................................................3-261
Table 3-37 Description of the display dhcp server statistics command output................................................3-262
Table 3-38 Description of the display dhcp server tree command output........................................................3-264
Table 3-39 Description of the display debugging ospf command output.........................................................3-298
Table 3-40 Description of the display ospf abr-asbr command output............................................................ 3-299
Table 3-41 Description of the display ospf asbr-summary command output...................................................3-300
Table 3-42 Description of the display ospf cumulative command output........................................................3-303
Table 3-43 Commands included in the display ospf diagnostic-information command..................................3-305
Table 3-44 Description of the display interface mp-group command output...................................................3-349
Table 3-45 Description of the display ppp mp command output.....................................................................3-352
Table 3-46 Description of the PPPoE Client debugging switches type........................................................... 3-375
Table 3-47 Description of the display pppoe-client session summary command output.................................3-377
Table 3-48 Description of the display pppoe-client session packet command output..................................... 3-377
Table 3-49 Description of the display traffic behavior command output.........................................................3-389
xxxi
Table 3-51 Description of the display rip command output.............................................................................3-421
Table 3-52 Description of the display fr compress command output...............................................................3-449
Table 3-53 Description of the display fr dlci-switch command output............................................................3-451
Table 3-54 Description of the display fr inarp-info command output..............................................................3-453
Table 3-55 Description of the display fr interface command output................................................................3-454
Table 3-56 Description of the display fr lmi-info command output.................................................................3-456
Table 3-57 Description of the display fr map-info command output...............................................................3-457
Table 3-58 Description of the display fr pvc-info command output................................................................3-459
Table 3-59 Description of the display fr standby group command output.......................................................3-460
Table 3-60 Description of the display fr statistics command output................................................................3-462
Table 3-61 Description of the display fr switch-table command output..........................................................3-463
Table 3-62 Description of the display interface mfr command output.............................................................3-464
Table 3-63 Description of the display mfr command output............................................................................3-467
Table 3-64 Description of the debugging hdlc event command output............................................................3-506
Table 3-65 Description of the debugging hdlc command output.....................................................................3-507
Table 4-1 Description of the debugging hrp configuration check command output..........................................4-26
Table 4-2 Description of the display configuration check acl command output................................................4-28
Table 4-3 Description of the hrp configuration check command error output...................................................4-32
Table 4-4 Description of the display ip-link command output...........................................................................4-38
Tables
Issue 01 (2008-11-15)
Purpose
This document introduces the detailed command information about the Eudemon 200, including
command function, command format, parameters description, command views, default level,
usage guidelines, examples, and related commands.
This document describes security defense configuration commands, internetworking
configuration commands, system management configuration commands, and reliability
configuration commands of the Eudemon 200 firewall.
Related Versions
The following table lists the product versions related to this document.
Product Name Version
Eudemon 200 V200R001C03B6
l Network engineers
l Network administrator
Chapter Description
Issue 01 (2008-11-15) Huawei Proprietary and Confidential
1
Chapter Description
3 Internetworking Describes the commands of internetworking.
4 Reliability Describes the commands of reliability.

Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
DANGER
Indicates a hazard with a high level of risk, which if not
avoided, will result in death or serious injury.
WARNING
Indicates a hazard with a medium or low level of risk, which
if not avoided, could result in minor or moderate injury.
CAUTION
performance degradation, or unexpected results.
TIP Indicates a tip that may help you solve a problem or save
time.
important points of the main text.

General Conventions
The general conventions that may be found in this document are defined as follows.
Convention Description
Times New Roman Normal paragraphs are in Times New Roman.
Boldface Names of files, directories, folders, and users are in
boldface. For example, log in as user root.
Italic Book titles are in italics.
Courier New Examples of information displayed on the screen are in
Courier New.
Issue 01 (2008-11-15)
Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention Description Boldface The keywords of a command line are in boldface.
Italic Command arguments are in italics.
[ ] Items (keywords or arguments) in brackets [ ] are optional.
{ x | y | ... } Optional items are grouped in braces and separated by
vertical bars. One item is selected.
[ x | y | ... ] Optional items are grouped in brackets and separated by
vertical bars. One item is selected or no item is selected.
{ x | y | ... }* Optional items are grouped in braces and separated by vertical bars. A minimum of one item or a maximum of all
items can be selected.
[ x | y | ... ]* Optional items are grouped in brackets and separated by

GUI Conventions
The GUI conventions that may be found in this document are defined as follows.
Convention Description
are in boldface. For example, click OK .
> Multi-level menus are in boldface and separated by the ">"
signs. For example, choose File > Create > Folder.

Keyboard Operations The keyboard operations that may be found in this document are defined as follows.
Format Description
Key Press the key. For example, press Enter and press Tab.
Key 1+Key 2 Press the keys concurrently. For example, pressing Ctrl+Alt
+A means the three keys should be pressed concurrently.
Key 1, Key 2 Press the keys in turn. For example, pressing Alt, A means
the two keys should be pressed in turn.

3
Mouse Operations
The mouse operations that may be found in this document are defined as follows.
Action Description
Click Select and release the primary mouse button without moving
the pointer.
quickly without moving the pointer.
Drag Press and hold the primary mouse button and move the
pointer to a certain position.

Updates between document issues are cumulative. Therefore, the latest document issue contains
all updates made in previous issues.
Updates in Issue 01 (2008-11-15)
Initial commercial release
About This Document
Issue 01 (2008-11-15)
1.6 Web Management Commands
1.7 NTP Configuration Commands
1.8 SNMP Configuration Commands
1-1
Function
Using the clock command, you can set the current date and clock, name of daylight saving time,
start and end time, and local time zone of the Eudemon.
Using the undo clock command, you can restore the default setting.
Format
offset
undo clock { summer-time | timezone }
Issue 01 (2008-11-15)
Parameters
time: specifies the current clock in the format of HH:MM:SS. HH ranges from 0 to 23, and MM
and SS range from 0 to 59.
date: specifies the current year, month and day in the format of YYYY/MM/DD. YYYY ranges from 2000 to 2099, MM ranges from 1 to 12, and DD ranges from 1 to 31.
zone-name: specifies the name of daylight saving time, a string in a range of 1 to 32 characters.
one-off : sets the daylight saving time for a specific year.
repeating: sets the daylight saving time for each year since a specific year.
start-time: sets the beginning time of the daylight saving time in the format of HH:MM:SS. HH
ranges from 0 to 23, and MM and SS range from 0 to 59.
start-date: sets the beginning date of the daylight saving time in the format of YYYY/MM/DD.
YYYY ranges from 2000 to 2099, MM ranges from 1 to 12, and DD ranges from 1 to 31.
end-time: sets the ending time of the daylight saving time in the format of HH:MM:SS. HH
ranges from 0 to 23, and MM and SS range from 0 to 59.
end-date: sets the ending date of the daylight saving time in the format of YYYY/MM/DD.
YYYY ranges from 2000 to 2099, MM ranges from 1 to 12, and DD ranges from 1 to 31.
offset : specifies the time offset of the daylight saving time compared with UTC time. The value
is in the format of HH:MM:SS.
add: refers to the added time compared with UTC time.
minus: refers to the minus time compared with UTC time.
Views
Usage Guidelines
In the application environment where absolute time is strictly required, the current date and clock
of the Eudemon must be set. The input time parameter may not include second.
The range of YYYY is 1993 to 2035 for some non-Huawei devices. If you use both the devices
of Huawei and non-Huawei, the range is recommended to set to 2000 to 2035.
You can use the display clock command to view the setting after it is valid. In addition, the
message time such as log time and debug time adopts the local time adjusted by the time zone
and daylight saving time.
# Set the current date of the Eudemon to 0:0:0 01/01/2001.
<Eudemon> clock datetime 0:0:0 2001/01/01
1-3
Related Topics
Function
Using the command-privilege command, you can set the command level of the specified view.
Using the undo command-privilege command, you can remove the configured command level.
By default, the ping, tracert, and telnet commands are of the visit level (0). The display
command is the monitoring level (1). Most configuration commands are of the configuration
level (2). After promotion, the command level is 10. The command to configure the user key,
debugging commands, FTP commands, XModem commands, and file system operation
commands are of the management level (3).
CAUTION
Format
undo command-privilege view view command
Parameters
level level : specifies the precedence of a command. The value ranges from 0 to 3.
view view: specifies the view name.
command : specifies the command to be configured. You can specify multiple commands in one
command.
Views
Usage Guidelines
The commands are divided into four levels, that is, visit, monitoring, configuration, and
management, identified as 0 to 3 respectively.An administrator can authorize the users as
required to enable them to operate in the corresponding view. A login user can operate the
commands according to the authorizations corresponding to the user name or user interface. If these two privileges conflict with each other, the one corresponding to the user name is adopted.
1 System Management
Issue 01 (2008-11-15)
<Eudemon> system-view
1.1.3 display clock
Function
Using the display clock command, you can display the current date and clock of the system.
Format
Usage Guidelines
Using this command, you can adjust whether there is any mistake in the system time and modify
the time in time.
<Eudemon> display clock
Summer-Time : test repeating 12:11:00 2008/06/20 18:00:00 2008/06/21 01:00:00
Table 1-1 Description of the display clock command output
Item Description
1-5
Related Topics
1.1.1 clock
Function
Using the display history-command command, you can see the history command saved on the
terminal devices.
By default, 10 latest commands are displayed.
The terminal automatically saves the history commands entered by the user, that is, records any
keyboard entry of the user with Enter as the unit. In this case, the users can view the saved
history commands by the display history-command command.
CAUTION
l
The saved history commands are the same as that are input by users. For example, if the user inputs an incomplete command, the saved command also is incomplete.
l If the user executes the same command for several times, the command earliest executed is
saved. If the same command is output in different forms, they are considered as different
commands.
Examples
<Eudemon> display history-command display interface
display interface Ethernet 1/0/0 interface Ethernet 1/0/0
1 System Management
Issue 01 (2008-11-15)
Related Topics
Function
Using the display hotkey command, you can display the predefined, undefined and reserved
shortcut keys.
1: Monitoring level
Usage Guidelines The shortcut key can be typed where you input the command and the system displays the
command on the screen.
<Eudemon> display hotkey ----------------- HOTKEY -----------------
CTRL_O undo debug all
=Undefined hotkeys= Hotkeys Command
CTRL_T NULL
CTRL_U NULL
=System hotkeys=
Hotkeys Function
CTRL_A Move the cursor to the beginning of the current line. CTRL_B Move the cursor one character left.
CTRL_C Stop current command function.
CTRL_D Erase current character.
CTRL_E Move the cursor to the end of the current line. CTRL_F Move the cursor one character right.
1-7
CTRL_K Kill outgoing connection.
CTRL_N Display the next command from the history buffer. CTRL_P Display the previous command from the history buffer.
CTRL_R Redisplay the current line.
CTRL_V Paste text from the clipboard.
CTRL_W Delete the word left of the cursor. CTRL_X Delete all characters up to the cursor.
CTRL_Y Delete all characters after the cursor.
CTRL_Z Return to the user view.
CTRL_] Kill incoming connection or redirect connection. ESC_B Move the cursor one word back.
ESC_D Delete remainder of word.
ESC_F Move the cursor forward one word. ESC_N Move the cursor down a line.
ESC_P Move the cursor up a line.
ESC_< Specify the beginning of clipboard.
ESC_> Specify the end of clipboard.
Table 1-2 Description of the display hotkey command output
Item Description
CTRL+G Displays the current configuration.
CTRL+L Display the IP routing table.
CTRL+O Cancels outputting all debugging information.
Undefined hotkeys Indicates the undefined hot keys.
CTRL+T Undefined.
CTRL+U Undefined.
System hotkeys Indicates the system-reserved shortcut keys.
CTRL+A Moves the cursor to the beginning of current line.
CTRL+B Moves the cursor one character left.
CTRL+C Stops the current operation.
CTRL+D Deletes the character the cursor currently points.
CTRL+E Moves the cursor to the end of the current line.
CTRL+F Moves the cursor one character right.
CTRL+H Deletes the character to the left of the cursor.
CTRL+K Stops setting up connection.
CTRL+N Displays the next command in the history command buffer.
CTRL+P Displays the previous command in the history command buffer.
CTRL+R Redisplays the current line.
1 System Management
Issue 01 (2008-11-15)
Item Description
CTRL+V Pastes the text from the clipboard.
CTRL+W Deletes the character to the left of the cursor.
CTRL+X Deletes all the characters to the left of the cursor.
CTRL+Y Deletes all the characters to the right of the cursor.
CTRL+Z Return to the user view.
CTRL+ ] Cuts off the incoming connection or redirects the connection.
ESC+B Moves the cursor one word left.
ESC+D Deletes.

Function
Using the display version command, you can display the system version.
Format
1-9
Usage Guidelines
By viewing the version information, you can get the information about the current software
version, frame type, the active control board and the interface board.
Examples <Eudemon> display version Huawei Versatile Routing Platform Software Software Version: Firewall V200R001C03B61b (VRP (R) Software, Version 3.30)
Copyright (c) 2007-2008 Huawei Technologies Co., Ltd.
Quidway E200 Firewall uptime is 0 week(s), 0 day(s), 0 hour(s), 1 minute(s)
Rpu's version information:
256M bytes SDRAM
Pcb Version : VER.B
1.1.7 header
Using the header command, you can enable displaying the title.
Using the undo header command, you can disable displaying the title.
Format header { login | shell } { information text | file file-name }
undo header { login | shell }
shell: indicates the user session title.
information: indicates the title information.
text : specifies the contents of the title. The value is in the range of 1 to 220 characters.
file: specifies the contents of the file with the indicated file name.
file-name: specifies the file name used by the title, the length of which is 5 to 64 characters. The
title file cannot be more than 128 KB, otherwise the part of more than 128 KB is not displayed.
Views
Issue 01 (2008-11-15)
Usage Guidelines
When a user logs in to the firewall through the terminal line, the firewall prompts the related
messages to the user by setting title attribute. After the terminal connection is activated, the
login title is transmitted to the terminal. If the user successfully logs in, the shell title is displayed.
The first English character is used as the initial and end character of the text. After the user enters
the end character, the system automatically exits from the interactive process.
To exit from the interactive process, as long as the initial and the end of the text are the same
English character, just press Enter.
Examples
<Eudemon> system [Eudemon] header shell information %
info:input banner text, and quit with the character '%'. SHELL : Hello! Welcome use NetEngine%
[Eudemon] quit <Eudemon>
Username:Eudemon Password:******
SHELL : Hello! Welcome use NetEngine Note: The max number of VTY users is 5, and the current number
of VTY users on line is 2.
# Specify the file to be used as login title.
<Eudemon> system-view [Eudemon] header login file flash:/header-file.txt
1.1.8 hotkey
Function
Using the hotkey command, you can correlate a command line with the shortcut keys.
Using the undo hotkey command, you can restore the default.
Format
Parameters
CTRL_G: specifies a command for the shortcut keys CTRL+G.
CTRL_L: specifies a command for the shortcut keys CTRL+L.
CTRL_O: specifies a command for the shortcut keys CTRL+O.
CTRL_T: specifies a command for the shortcut keys CTRL+T.
1-11
CTRL_U: specifies a command for the shortcut keys CTRL+U.
command-text : specifies the command line correlated with the shortcut keys.
Views System view
Usage Guidelines
By default, the system specifies only CTRL_G, CTRL_L and CTRL_O to correspond to certain
commands.
l CTRL_G corresponds to display current-configuration (used to display current
configuration)
l CTRL_L corresponds to display ip routing-table (used to display routing table
information)
l CTRL_O corresponds to undo debugging all (used to disable the overall debugging
function that is disable the output of all debugging information)
You can change the definitions of shortcut keys on your demand.
Examples
# Correlate the display tcp status command with the shortcut keys CTRL_G.
<Eudemon> system-view [Eudemon] hotkey ctrl_g display tcp status [Eudemon] display hotkey ----------------- HOTKEY -----------------
=Defined hotkeys=
CTRL_L display ip routing-table
CTRL_O undo debug all
=Undefined hotkeys=
Hotkeys Command
CTRL_T NULL
CTRL_U NULL
=System hotkeys=
Hotkeys Function
CTRL_A Move the cursor to the beginning of the current line. CTRL_B Move the cursor one character left.
CTRL_C Stop current command function.
CTRL_D Erase current character. CTRL_E Move the cursor to the end of the current line.
CTRL_F Move the cursor one character right.
CTRL_H Erase the character left of the cursor.
CTRL_K Kill outgoing connection. CTRL_N Display the next command from the history buffer.
CTRL_P Display the previous command from the history buffer.
CTRL_R Redisplay the current line.
CTRL_V Paste text from the clipboard. CTRL_W Delete the word left of the cursor.
1 System Management
Issue 01 (2008-11-15)
CTRL_Y Delete all characters after the cursor.
CTRL_Z Return to the user view. CTRL_] Kill incoming connection or redirect connection.
ESC_B Move the cursor one word back.
ESC_D Delete remainder of word.
ESC_F Move the cursor forward one word. ESC_N Move the cursor down a line.
ESC_P Move the cursor up a line.
ESC_< Specify the beginning of clipboard.
ESC_> Specify the end of clipboard.
Related Topics
1.1.9 language-mode
Function Using the language-mode command, you can change the language mode of the command line
interface.
Format
chinese: changes the language mode of the system to Chinese.
english: changes the language mode of the system to English.
Views
By default, the language mode of the system is English.
After the system switches to Chinese mode, the prompts and echo messages of the command
line on the system interface are displayed in Chinese.
Examples
<Eudemon> language-mode chinese Change language mode, confirm? [Y/N] y
1.1.10 lock (User View)
1-13
Function
Using the lock command, you can lock the current user interface so as to prevent the unauthorized
users from operating on the terminal interface.
Format
lock
Parameters
None
Views
User interface includes console interface, AUX interface, and VTY.
After you enter the command lock , the system prompts inputting password. After you confirm
the password again, the system prompts that Lock succeeds. If you want to enter the system
again, you must press Enter and input the correct password.
Examples
# A user logs in from the Console port and locks the current user interface.
<Eudemon> lock
Passwordxxxx
Againxxxx
locked !
# The user can press Enter to log in to the system after a while. The following prompt displays:
Password:
Function
Using the quit command, you can quit the current view and enter a view with a lower level. If the current view is the user view, this command makes you exit from the system.
1 System Management
Issue 01 (2008-11-15)
Usage Guidelines
All the command modes are divided into three levels, which are as follows from the lowest to
the highest:
l Interface view and AAA view
Examples
# Return to the system view from the interface view and then return to the user view. <Eudemon> system-view [Eudemon] interface Ethernet 0/0/0 [Eudemon-Ethernet0/0/0] quit [Eudemon] quit <Eudemon>
Related Topics
1.1.16 system-view
1.1.12 return
1.1.12 return
Function
Using the return command, you can return to the user view from other views except user view.
Format
return
Parameters
None
1-15
Usage Guidelines
The shortcut key for the return command is Ctrl+Z.
Examples
[Eudemon] return<Eudemon>
Function
Using the super command, you can change the user's current level.
User level indicates the type of the login user. There are 4 user levels. Different from the use of
command level, a login user can only use the commands with the levels no higher than the user
level.
Format
Parameters
level : specifies the user level. The value ranges from 0 to 15. By default, the level is 3.
Views
1 System Management
Issue 01 (2008-11-15)
l Visit level: Refers to network diagnosis tool commands (such as ping and tracert), and
external commands (including Telnet client, SSH client and RLOGIN). Saving
configuration file is not allowed on this level of commands.
l Refers to commands of this level, including the display command and the debugging
command, which are used for system maintenance, service fault diagnosis. Saving the configuration file is not allowed on this level of commands.
l Configuration level: Refers to service configuration commands, including routing
command and commands on each network layer, which are used to provide direct network
service to the user.
l Management level: Refers to commands that affect the basic operation of the system and
system support module, which plays a supporting role on service. Commands of this level
involve file system commands, FTP commands, TFTP commands, XModem downloading
commands, configuration file switching commands, power supply control commands,
standby control commands, user management commands, and level setting commands, and
internal parameter setting commands (not stipulated by protocols and by RFC).
In order to prevent unauthorized users from illegal intrusion, user ID authentication is performed when users at a lower level switch to users at a higher level. In other word, the super
password of the higher level is needed. If no password is set, the error prompts.
For the sake of confidentiality, the password that the user entered is not shown on the screen.
Only when correct password is input for three times, can the user switch to the higher level.
Otherwise, the original user level remains unchanged.
Examples
<Eudemon> super 3 Password:
Now user privilege is 3 level, and only those commands whose level is equal to or less than this level can be used.
Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE
Related Topics
Function
Using the super password command, you can set the password for changing the user from a
lower level to a higher level.
Using the undo super password command, you can cancel the current settings.
Format
undo super password [ level user-level ]
1-17
Parameters
level user-level : specifies the user level. The value ranges from 1 to 15. By default, the password
for the user is set to Level 3.
simple: indicates the password in the plain text.
cipher: indicates the password in the encrypted text.
password : If it is in the form of simple, it must be in the plain text, ranging from 1 to 16 characters.
If it is in the form of cipher, it can be either in the encrypted text with 24 characters such as
(TT8F ] Y\5SQ=^Q`MAF4<1!! or in the plain text with 1 to 16 characters such as 1234567.
Views
Usage Guidelines
Input the password in plain text during the authentication no matter the configuration is plain
text or encrypted text.
CAUTION
If simple is selected, the password is saved into the configuration files in the plain text. Some
users at a lower level then can easily get the switch password through viewing the configuration
files. In such a case, the network security cannot be guaranteed. It is suggested to select
cipher to save the password in the cipher text.
After a password is set by using cipher option, the password cannot resume in the system. Do
not lose and forget the super password.
Examples
# Set the user at a lower level to input the password "abcd" when switching to level 3.
<Eudemon> system-view [Eudemon] super password level 3 cipher abcd
Related Topics
1.1.13 super
1.1.15 sysname
Function
Using the sysname command, you can set the host name of the firewall.
1 System Management
Issue 01 (2008-11-15)
sysname host-name
Parameters host-name: specifies the host name. It is a string of 1 to 30 characters.
Views
By default, the host name of the firewall is Eudemon.
Modifying the host name of the firewall affects the prompt of command line interface. If the
host name of the Eudemon is "Eudemon", the prompt in the user view is <Eudemon>.
Examples
<Eudemon> system-view
Function
Using the system-view command, you can enter the system view from the user view.
Format
system-view
Parameters
None
Views
1-19
Default Level
2: Configuration level
Usage Guidelines The user enters the user view when the user logs in for the first time.
Examples
# Enter the system view from the user view.
<Eudemon> system-view Enter system view, return user view with Ctrl+Z.
[Eudemon]
1.2.1 acl
1.2.2 authentication-mode
1.2.9 display rsa peer-public-key
1.2.10 display ssh server
1.2.12 display tcp
1.2.13 display user-interface
Issue 01 (2008-11-15)
1.2.19 idle-timeout
1.2.43 ssh user authentication-type
1-21
Function
Using the acl command, you can restrict inbound and outbound authorities for VTY user
interfaces (Telnet and SSH) through referencing ACL.
Using the undo acl command, you can cancel the current settings.
By default, the incoming and outgoing calls are not restricted.
Format
Parameters
acl-number : specifies the number of an access control list (ACL). The value ranges from 2000
to 3999.
Views
Usage Guidelines
The command can be used to restrict the source address by the basic ACL and restrict the
destination address by the advanced ACL.
Examples
<Eudemon> system-view [Eudemon] user-interface vty 0
[Eudemon-ui-vty0] acl 2000 outbound
# Remove the restriction on Telnet outgoing call on the user interface VTY0.
<Eudemon> system-view [Eudemon] user-interface vty 0 [Eudemon-ui-vty0] undo acl outbound
1.2.2 authentication-mode
Function
Using the authentication-mode command, you can set the authentication mode for logging into the user interface.
1 System Management
Issue 01 (2008-11-15)
Using the undo authentication-mode command, you can restore the default authentication
mode.
By default, the authentication method for the user interface of VTY type is password, and the
logging in to other user interfaces needs no authentication.
Format
undo authentication-mode
password: specifies the local password authentication.
local: specifies the local username and password authentication.
user username: specifies the local username. It is a string of 1 to 16 characters.
password password : specifies the local password. It is a string of 1 to 16 characters.
Views
Usage Guidelines
When AAA authentication is applied to the local user, the command level accessible after the
user logs in to the Eudemon depends on the priority of the local user of AAA configuration.
If the password authentication or non-authentication is configured, the level of the command
that a user can access is determined by the priority of the user interface after the user logs in to
the system.
<Eudemon> system-view [Eudemon] user-interface console 0 [Eudemon-ui-console0] authentication-mode password [Eudemon-ui-console0] set authentication password simple huawei
Related Topics
1.2.47 user-interface
1-23
Function
Using the auto-execute command command, you can set the automatically executed command.
Using the undo auto-execute command command, you can remove the automatically executed
command.
Format
Views
CAUTION
Make sure that you can log in to the system by other means to remove the configuration before
configuring auto-execute command command and saving the configuration.
By default, the command cannot be automatically executed.
There are the following restrictions while using the auto-execute command command:
l If there is only one Console port or one AUX port on the firewall, the port does not support auto-execute command.
l If there are one Console port and one AUX port (two ports in total) on the firewall, then
the Console port does not support auto-execute command while the AUX port support.
l There is no restriction on other types of user interfaces.
Commands configured through auto-execute command are automatically executed when the
user logs on. The user interface disconnects automatically after the completion of this command.
Usually, the telnet command configured through auto-execute command at the terminal user
interface enables the user to be connected with the designated host automatically.
Be careful to use this command, for it results in the terminal, fails to perform routineconfiguration with the system.
1 System Management
Issue 01 (2008-11-15)
Examples
# The telnet 10.110.100.1 command is run automatically after the user logs on from the VTY
0 port.
Related Topics
1.2.47 user-interface
1.2.4 databits
Function
Using the databits command, you can set user interface data bit.
Using the undo databits command, you can restore the default data bit.
Format
Views
By default, the data bit is 8 bits.
Do not use this command generally, if changed the user interface data bit, the hyper terminal
must be set the same data bit when users log on.
The configuration is effective only when the serial interface works in the asynchronous
interactive mode.
1-25
1.2.5 debugging rsa
Function
Using the debugging rsa command, you can send the debugging information containing the
process of RSA and packet architecture to the information center, and debug a certain user
interface.
Using the undo debugging rsa command, you can disable the debugging.
Format
Examples # Enable RSA debugging.
Issue 01 (2008-11-15)
Function
Using the debugging ssh server command, you can send the debugging information containing
the negotiation process stipulated by SSH1.5 protocol to the information center, and debug a
certain user interface.
Using the undo debugging ssh server command, you can disable the debugging.
Format
undo debugging ssh server { vty index | all }
Parameters
index: specifies the debugged SSH channel whose value depends on the number of VTY. By
default, the value ranges from 0 to 4.
all: refers to all SSH channels.
Views
Examples
# Print debugging information in running SSH.
<Eudemon> debugging ssh server vty 0 00:23:20: SSH0: starting SSH control process
00:23:20: SSH0: sent protocol version id SSH-1.5-Eudemon-1.25
00:23:20: SSH0: protocol version id is - SSH-1.5-1.2.26
00:23:20: SSH0: SSH_SMSG_PUBLIC_KEY msg
00:23:21: SSH0: SSH_CMSG_SESSION_KEY msg - length 112, type 0x03 00:23:21: SSH: RSA decrypt started
00:23:21: SSH: RSA decrypt finished 00:23:21: SSH: RSA decrypt started
00:23:21: SSH: RSA decrypt finished
Related Topics
1-27
Function
Using the debugging telnet command, you can enable the debugging on Telnet.
Using the undo debugging telnet command, you can disable the debugging.
Format
Examples
Function
Using the display rsa local-key-pair public command, you can display the public key in the
local key pair. If no key is generated, the system prompts "RSA keys not found."
Format
Issue 01 (2008-11-15)
Usage Guidelines
When configuring the firewall, you can run this command on the client and copy the client public
key from the echo message to the RSA public key on the SSH server.
Examples
<Eudemon> display rsa local-key-pair public
=====================================================
Key name: Eudemon_Host
Key code:
3047 0240
19616B29 7D347D6E E80A499C 573BABED 6841772C 44FE5117
0203
010001
Key name: Eudemon_Server
Key code:
3067 0260
1C4F9691 49D47201 62AF5908 CCD89328 A1265BFB AFDC78BF 1D133CF0 E7C9719E 1A16E59C AE6A8C8E
4B71841D DAA9E294 040092E0 CC244BA3 0203
010001
Table 1-3 Description of the display rsa local-key-pair public command output
Item Description
Time of Key pair created Time when the public key is generated
Key name Name of the public key
Key type Type of the public key

1-29
Related Topics
Function
Using the display rsa peer-public-key command, you can display the specified RSA public
key. If no public key is specified, all public keys are displayed.
Format
display rsa peer-public-key [ brief | name keyname ]
Parameters brief : displays the brief information about all the remote public keys.
name keyname: specifies the key name to be displayed. It is a string of 1 to 30 characters.
Views
Usage Guidelines
Using this command, you can view detailed information about all public keys or a specified
public key.
# Display the detailed information about all the RSA public keys.
<Eudemon> display rsa peer-public-key Address Bits Name 1023 abcd
1024 hq
1024 wn1
1024 hq_all
<Eudemon> display rsa peer-public-key name rsakey001 ===================================== Key name: rsakey001
Key address:
7D5381D0 9CE82913 D7EDF9C0 8511D83C A4ED2B30 B809808E B0D1F52D 045DE408 61B74A0E 135523CC D74CAC61 F8E58C45 2B2F3F2D A0DCC48E 3306367F E187BDD9
1 System Management
Issue 01 (2008-11-15)
0201
25
Table 1-4 Description of the display rsa peer-public-key command output
Item Description
Key address Brief information about the public key

Function
Using the display ssh server command, you can display the configuration and current session
of the SSH server.
Parameters
Views
SSH connection timeout : 60 seconds
SSH server key generating interval : 1 hours SSH Authentication retries : 3 times
1-31
# Display the current session of the SSH server.
<Eudemon> display ssh server session Conn Ver Encry State retry Username VTY0 1.5 DES started 3 Eudemon
Table 1-5 Description of the display ssh server session command output
Item Description
Ver Protocol version of the SSH session
Encry Name of the encryption algorithm
State Status of the SSH session
retry Number of retry times of establishing the SSH session
User-name User name of the SSH server

Using the display ssh user-information command, you can display the configuration of the
SSH user.
Parameters
user-name: specifies a valid SSH user name defined by AAA. It is a string of 1 to 64 characters.
Views
Issue 01 (2008-11-15)
Usage Guidelines
If no user name is specified in the command, the configuration of all the SSH users are displayed.
Using this command, you can view information about the SSH user, including the user name,
password, bound RSA public key, and service type.
Examples
<Eudemon> display ssh user-information Username authentication-type user-public-key-name
Jin rsa key001
Table 1-6 Description of the ssh user-information command output
Item Description
authentication-type Authentication mode of SSH users
user-public-key-name Peer RSA public key assigned to SSH users

1.2.43 ssh user authentication-type
Function
Using the display tcp status command, you can view and monitor TCP connections at any time.
Using the display tcp statistics command, you can view the statistics of the TCP traffic.
Format
1-33
Default Level
Usage Guidelines
Compared with the 1.2.15 display users command, the display tcp status command can be
used to display more information about Telnet client and server.
The display information of the display tcp status command includes:
l Local address of TCP connection
l Local port number
The display information of the display tcp statistic command includes:
l Statistics of received data
l Statistics of sent data
l Timeout times of the retransmission timer and the keepalive timer
l Times for initiating connections
l The number of disconnected connections
l The number of dropped packets during MD5 authentication
l The number of passed packets during MD5 authentication
Examples
# Display all TCP connections with the Eudemon.
<Eudemon> display tcp status TCPCB Local Add:port Foreign Add:port State 04c067a4 0.0.0.0:22 0.0.0.0:0 Listening
04c06564 0.0.0.0:23 0.0.0.0:0 Listening
Table 1-7 Description of the display tcp status command output
Item Description
Local
Add:port
Local IP address of TCP connection and local port number.
Foreign
Add:port
Remote IP address of TCP connection and remote port number.
1 System Management
Issue 01 (2008-11-15)
Item Description
l Closed: indicates that the connection is closed.
l Listening: indicates that the connection is being monitored.
l Syn_Rcvd: indicates that a SYN packet is received.
l Established: indicates that the connection has been set up.
l Close_Wait: The user sends a FIN packet to the server to close the
connection in the Established status. The server then sends an ACK packet
to the user after receiving the FIN packet and changes to the Cloase_Wait
status.
l Fin_Wait1: The user changes to this status after sending an FIN packet to
the server to close the connection.
l Fin_Wait2: The user changes to this status after receiving an ACK packet
that responds to the sent FIN packet.
l Time_Wait: TCP enters this status after a connection is closed. When it
keeps this status as two times long as the lifetime of the longest packets,
the records about the closed connection are cleared.

Function
Using the display user-interface command, you can display the information about the user
interface.
Format
Parameters
ui-number1: specifies the relative user interface ID.
ui-number : specifies the absolute user interface ID. The minimum value is 0. The maximum
value is smaller by 1 than the number of the user interfaces that the system supports. Different
devices support different number of user interfaces.
summary: introduces the user interface briefly.
1-35
Usage Guidelines
Using the command, you can view the authentication mode on the user interface.
Examples
# Display the details on the user interface with the absolute ID as 0.
<Eudemon> display user-interface 0 Idx Type Tx/Rx Modem Privi Auth
* 0 CON 0 9600 3 N
* : Current user-interface is active. I : Current user-interface is active and work in async mode.
Idx : Absolute index of user-interface.
Type : Type and relative index of user-interface.
Privi: The privilege of user-interface. Auth : The authentication mode of user-interface.
A: Authenticate use AAA.
N: Current user-interface need not authentication. P: Authenticate use current UI's password.
Table 1-8 Description of the display user-interface command output
Item Description
* The current user interface is active.
I The current user interface is active and works in the asynchronous mode.
Idx The absolute ID of the user interface.
Type The type and relative ID of the user interface.
Privi Privilege of the user interface.
Auth Authorization mode of the user interface.
A Adopts AAA to authenticate users.
N The current user interface need not be authenticated.

Issue 01 (2008-11-15)
Function
Using the display user-interface maximum-vty command, you can view the maximum number
of VTY user interfaces.
Usage Guidelines
You can modify the maximum number of VTY user interfaces as required.
Examples
<Eudemon> display user-interface maximum-vty Maximum of VTY user : 15
Table 1-9 Description of the display user-interface maximum-vty command output
Item Description

1.2.15 display users
Function
Using the display users command, you can display the login user information on each interface.
Format
1-37
Parameters
all: display the information of the user who logs on in the user view.
Views All views
Usage Guidelines
Using this command, you can view information about the users that access the current
firewall, including the user names, addresses, authentication and authorization.
Examples
# Use the display users command on the Console.
<Eudemon> display users User-Intf Delay Type Ipaddress Username + 0 CON 0 00:00:00
146 VTY 0 00:01:37 TEL 3.3.3.101 zhangsan
147 VTY 1 00:00:06 TEL 3.3.3.101 123456789
Table 1-10 Description of the display users command output
Item Description
+ Terminal line in use.
User-Intf Number in the first column indicates the absolute number of user interface
and that in the second column indicates the relative number of user interface.
Delay Interval from the last input by the user till now, in seconds.
Type Connection type includes Telnet, Console, SSH.
IPaddress IP address of the starting host in connection.

Quidway Eudemon 200 Firewall Manual

Documents

Transcript of Quidway Eudemon 200 Firewall Manual