image image image image image

On This Page

CLI Session


This section displays all the relevant commands used to manage CLI session terminal.

cli clear-history


cli clear-history

Clears the command history of the current user.

Syntax DescriptionN/A

Default

N/A

Configuration Mode

config

History


3.1.0000 

Example

switch (config) # cli clear-history
Related Commandsshow cli

Notes


cli default


cli default {auto-logout <minutes> | paging enable | prefix-modes {enable | show-config} | progress enable | prompt {confirm-reload | confirm-reset | confirm-unsaved | empty-password}}
no cli default {auto-logout | paging enable | prefix-modes {enable | show-config} | progress enable prompt {confirm-reload | confirm-reset | confirm-unsaved | empty-password}

Configures default CLI options for this session only.
The no form of the command deletes or disables the default CLI options.

Syntax Description

auto-logout

Configures keyboard inactivity timeout for automatic logout. Range is 0-35791 minutes. Setting the value to 0 or using the no form of the command disables the auto-logout.

paging enable

Enables text viewing one screen at a time.

prefix-modes {enable | show-config}

Configures the prefix modes feature of CLI.

  • “prefix-modes enable” enables prefix modes for current session
  • “prefix-modes show-config” uses prefix modes in “show configuration” output for current session

progress enable

Enables progress updates.

prompt confirm-reload

Prompts for confirmation before rebooting.

prompt confirm-reset

Prompts for confirmation before resetting to factory state.

prompt confirm-unsaved

Confirms whether or not to save unsaved changes before rebooting.

prompt empty-password

Prompts for a password if none is specified in a pseudo-URL for SCP.

Default

N/A

Configuration Mode

config

History


3.1.0000 

Example

switch (config) # cli default prefix-modes enable
Related Commandsshow cli

Notes


cli max-sessions


cli max-sessions <number>
no cli max-sessions

Configures the maximum number of simultaneous CLI sessions allowed.
The no form of the command resets this value to its default.

Syntax Description

number

Range: 3-30

Default

30 sessions

Configuration Mode

config

History


3.5.0200

Example

switch (config) # cli max-sessions 40
Related Commandsshow terminal

Notes


cli session


cli session {auto-logout <minutes> | paging enable | prefix-modes enable | progress enable | terminal {length <size> | resize | type <terminal-type> | width} | x-display full <display>}
no cli session {auto-logout | paging enable | prefix-modes enable | progress enable | terminal type | x-display}

Configures CLI options for this session only.
The no form of the command deletes or disables the CLI sessions.

Syntax Description

minutes

Configures keyboard inactivity timeout for automatic logout.
Range: 0-35791 minutes
Setting the value to 0 or using the no form of the command disables the auto logout.

paging enable

Enables text viewing one screen at a time.

prefix-modes enable

Configures the prefix modes feature of CLI and enables prefix modes for current session.

progress enable

Enables progress updates.

terminal length

Sets the number of lines for the current terminal.
Range: 5-999

terminal resize

Resizes the CLI terminal settings (to match the actual terminal window).

terminal-type

Sets terminal type. Valid options are:

  • ansi
  • console
  • dumb
  • linux
  • unknown
  • vt52
  • vt100
  • vt102
  • vt220
  • xterm

terminal width

Sets the width of the terminal in characters.
Range: 34-999

x-display full <display>

Specifies the display as a raw string (e.g. localhost:0.0).

Default

N/A

Configuration Mode

config

History


3.1.0000 
3.8.2100: Removed "prefix-modes show-config" option  and terminal type vt320

Example

switch (config) # cli session auto-logout
Related Commandsshow terminal

Notes

The "minutes" attribute can be configured from the CLI shell only.

terminal


terminal {length <number of lines> | resize | type <terminal type> | width <number of characters>}
no terminal type

Configures default CLI options for this session only.
The no form of the command clears the terminal type.

Syntax Description

length

Sets the number of lines for this terminal.
Range: 5-999

resize

Resizes the CLI terminal settings (to match with real terminal).

type

Sets the terminal type.
Possible values: ansi, console, dumb, linux, screen, vt52, vt100, vt102, vt220, xterm.

width

Sets the width of this terminal in characters.
Range: 34-999

Default

N/A

Configuration Mode

config

History


3.1.0000

Example

switch (config) # terminal length 500
Related Commandsshow terminal

Notes


terminal sysrq enable 


terminal sysrq enable
no terminal sysrq enable

Enable SysRq over the serial connection (RS232 or Console port).
The no form of the command disables SysRq over the serial connection (RS232 or Console port).

Syntax Description

N/A 

Default

Disabled

Configuration Mode

config

History


3.4.3000
3.9.3100: Updated command to be disabled by default

Example

switch (config) # terminal sysrq enable
Related Commandsshow terminal

Notes


show cli


show cli

Displays the CLI configuration and status.

Syntax Description

N/A

Default

N/A

Configuration Mode

Any command mode

History


3.1.0000

Example

switch (config) # show cli
CLI current session settings:
Maximum line size: 8192
Terminal width: 171 columns
Terminal length: 38 rows
Terminal type: xterm
X display setting: (none)
Auto-logout: disabled
Paging: enabled
Progress tracking: enabled
Prefix modes: disabled
 
CLI defaults for current session:
Auto-logout: disabled
Paging: enabled
Progress tracking: enabled
Prefix modes: enabled (and use in 'show configuration')
 
Settings for current session:
Show hidden config: yes
Confirm losing changes: yes
Confirm reboot/shutdown: no
Confirm factory reset: yes
Prompt on empty password: yes
Related Commandscli default

Notes


show cli max-sessions


show cli max-sessions

Displays maximum number of sessions.

Syntax Description

N/A 

Default

N/A

Configuration Mode

Any command mode

History


3.5.0200

Example

switch (config) # show cli max-sessions
Maximum number of CLI sessions: 5
Related Commands

Notes


show cli num-sessions


show cli num-sessions

Displays current number of sessions.

Syntax Description

N/A

Default

N/A

Configuration Mode

Any command mode

History


3.5.0200

Example

switch (config) # show cli num-sessions
Current number of CLI sessions: 40
Related Commands

Notes


Banner

banner login


banner login <string>
no banner login

Sets the CLI welcome banner message.
The no form of the command resets the system login banner to its default.

Syntax Description

N/A

Default

NVIDIA Onyx Switch Management

Configuration Mode

Any command mode

History


3.5.0200

Example

switch (config) # banner login Example
Related Commandsshow banner

Notes

 If more than one word is used (there is a space) quotation marks should be added (i.e., “xxxx xxxx”).

banner login-local


banner login-local <string>
no banner login-local

Sets system login local banner.
The no form of the command resets the banner to its default value.

Syntax Description

N/A

Default

""

Configuration Mode

Any command mode

History


3.1.0000

3.5.0200: Added the no form of the command

Example

switch (config) # banner login-local Example
Related Commandsshow banner

Notes

  • The login-local refers to the serial connection banner
  • If more than one word is used (there is a space) quotation marks should be added (i.e., “xxxx xxxx”)

banner login-remote


banner login-remote <string>
no banner login-remote

Sets system login remote banner.
The no form of the command resets the banner to its default value.

Syntax DescriptionstringText string
Default""
Configuration Modeconfig
History

3.1.0000

3.5.0200: Added the no form of the command

Example
switch (config) # banner login-remote Example
Related Commandsshow banner
Notes
  • The login-remote refers to the SSH connections banner
  • If more than one word is used (there is a space) quotation marks should be added (i.e., “xxxx xxxx”).

banner logout


banner logout <string>
no banner logout

Sets system logout banner (for both local and remote logins).
The no form of the command resets the banner to its default value.

Syntax DescriptionstringText string
Default""
Configuration Modeconfig
History


3.1.0000

3.5.0200: Added the no form of the command

Example
switch (config) # banner logout Example
Related Commandsshow banner
Notes

If more than one word is used (there is a space) quotation marks should be added (i.e., “xxxx xxxx”).

banner logout-local


banner logout-local <string>
no banner logout-local

Sets system logout local banner.
The no form of the command resets the banner to its default value.

Syntax DescriptionstringText string
Default""
Configuration Modeconfig
History

3.5.0200

Example
switch (config) # banner logout-local Example
Related Commandsshow banner
Notes
  • The logout-local refers to the serial connection banner
  • If more than one word is used (there is a space) quotation marks should be added (i.e., “xxxx xxxx”). 

banner logout-remote


banner logout-remote <string>
no banner logout-remote

Sets system logout remote banner.
The no form of the command resets the banner to its default value.

Syntax DescriptionstringText string
Default""
Configuration Modeconfig
History

3.5.0200

Example
switch (config) # banner logout-remote Example
Related Commandsshow banner
Notes
  • The logout-remote refers to SSH connections banner
  • If more than one word is used (there is a space) quotation marks should be added (i.e., “xxxx xxxx”).

banner motd


banner motd <string>
no banner motd

Configures the message of the day banner.
The no form of the command resets the system Message of the Day banner.

Syntax DescriptionstringText string
Default

NVIDIA Switch

Configuration Modeconfig
History

3.1.0000

Example
switch (config) # banner motd “My Banner”
Related Commandsshow banner
Notes
  • If more than one word is used (there is a space) quotation marks should be added (i.e., “xxxx xxxx”).
  • To insert a multi-line MotD, hit Ctrl-V (escape sequence) followed by Ctrl-J (new line sequence). The symbol “^J” should appear. Then, whatever is typed after it becomes the new line of the MotD. Remember to also include the string between quotation marks.

show banner


show banner

Sets system logout remote banner.
The no form of the command resets the banner to its default value.

Syntax DescriptionN/A
DefaultN/A
Configuration Modeconfig
History3.1.0000
3.5.0200Updated example
3.6.6000Updated example
3.9.3200Updated example
Example
switch (config) # show banner Banners: Message of the Day (MOTD):

Switch Login:
NVIDIA ONYX Switch Management
Logout: Goodbye
Related Commandsbanner login banner login-local banner login-remote banner logout banner logout-local banner logout-remote banner motd
Notes


SSH

ssh server enable


ssh server enable
no ssh server enable

Enables the SSH server.
The no form of the command disables the SSH server.

Syntax DescriptionN/A
DefaultSSH server is enabled
Configuration Modeconfig
History


3.1.0000

Example
switch (config) # ssh server enable
Related Commandsshow banner
Notes

Disabling SSH server does not terminate existing SSH sessions, it only prevents new ones from being established.

ssh server host-key


ssh server host-key {<key-type> {private-key <private-key>| public-key <public-key>} | generate}

Configures host keys for SSH.

Syntax Descriptionkey-type
  • rsa2—RSAv2
  • dsa2—DSAv2
private-keySets new private-key for the host keys of the specified type.
public-keySets new public-key for the host keys of the specified type.
generateGenerates new RSA and DSA host keys for SSH.
DefaultSSH keys are locally generated
Configuration Modeconfig
History


3.1.0000
3.4.2300: Added notes
3.9.0300: Removed RSAv1
3.9.1000: Added a note

Example
switch (config) # ssh server host-key dsa2 private-key
Key: ***********************************************
Confirm: ***********************************************
Related Commandsshow banner
Notes

RSA2 and a DSA2 host keys are generated by default. The RSA2 key can be used as SSH server and client, while DSA2 key can only be used as SSH client.
When the switch is a server, use RSA key to connect to the NVIDIA  Onyx device.
When the switch is a client (e.g. downloading image or uploading logs), RSA key is recommended. DSA key is only for legacy devices and has been deprecated by OpenSSH starting with the 7.0 release.

ssh server listen


ssh server listen {enable | interface <inf>}
no ssh server listen {enable | interface <inf>}

Enables the listen interface restricted list for SSH. If enabled, and at least one non-DHCP interface is specified in the list, the SSH connections are only accepted on those specified interfaces.
The no form of the command disables the listen interface restricted list for SSH. When disabled, SSH connections are not accepted on any interface.

Syntax Descriptionenable

Enables SSH interface restrictions on access to this system.

interfaceAdds interface to SSH server access restriction list. Possible interfaces are “lo”, and “mgmt0”.
DefaultSSH listen is enabled
Configuration Modeconfig
History

3.1.0000

Example
switch (config) # ssh server listen enable
Related Commandsshow ssh server
Notes


ssh server login attempts


ssh server login attempts <number>
no ssh server login attempts

Configures maximum login attempts on SSH server.
The no form of the command resets the login attempts value to its default.

Syntax Descriptionnumber

Range: 3-100 attempts

interfaceAdds interface to SSH server access restriction list. Possible interfaces are “lo”, and “mgmt0”.
Default6 attempts
Configuration Modeconfig
History


3.1.0000
3.5.1000: Increased minimum number of attempts
3.9.0900: Added notes

Example
switch (config) # ssh server login attempts 5
Related Commandsshow ssh server
Notes
  • The number configured with this command will be relevant only if it is equal or smaller than the number of password prompts
  • Be aware that the "aaa authentication attempts lockout max-fail" default is 5, and the user might be locked before this command will have an affect. Both numbers need to be configured

ssh server login timeout


ssh server login timeout <time>
no ssh server login timeout

Configures login timeout on SSH server.
The no form of the command resets the timeout value to its default.

Syntax Descriptiontime

Range: 1-600 seconds

Default120 seconds
Configuration Modeconfig
History

3.5.0200

Example
switch (config) # ssh server login timeout 130
Related Commandsshow ssh server
Notes


ssh server login record-period


ssh server login record-period <days> no ssh server login record-period

Configures the amount of days for counting the number of successful logins.
The no form of the command disabled this function.

Syntax DescriptionDays

Range: 1-30 days
Default: 1 day

DefaultDisabled
Configuration Modeconfig
History

3.9.0300
3.9.0500: Changed "SSH server login record-period" default value to 1 day

Example
switch (config) # ssh server login record-period 1
Related Commandsshow ssh server login record-period show ssh server
Notes


ssh server min-version


ssh server min-version <version>
no ssh server min-version

Sets the minimum version of the SSH protocol that the server supports.
The no form of the command resets the minimum version of SSH protocol supported.

Syntax Descriptionversion

Possible versions are 1 and 2

Default2
Configuration Modeconfig
History


3.1.0000

Example
switch (config) # ssh server min-version 2
Related Commandsshow ssh server
Notes


ssh server ports


ssh server ports {<port1> [<port2>...]}

Specifies which ports the SSH server listens on.

Syntax Descriptionport

Port number between [1-65535]

Default22
Configuration Modeconfig
History


3.1.0000

Example
switch (config) # ssh server ports 22
Related Commandsshow ssh server
Notes
  • Multiple ports can be specified by repeating the <port> parameter
  • The command will remove any previous ports if not listed in the command

ssh server security strict


ssh server ports {<port1> [<port2>...]}

Enables strict security settings.
The no form of the command disables strict security settings.

Syntax DescriptionN/A


DefaultN/A
Configuration Modeconfig
History


3.3.5060
3.6.4000
3.9.0300: Updated notes

Example
switch (config) # ssh server security strict
Related Commandsshow ssh server
Notes

The following ciphers are disabled for SSH when strict security is enabled:

  • aes256-cbc
  • aes192-cbc
  • aes128-cbc
  • rijndael-cbc@lysator.liu.se
  • 3des-cbc

ssh server security strict


ssh server tcp-forwarding enable

Enables TCP port forwarding.
The no form of the command disables TCP port forwarding.

Syntax DescriptionN/A


DefaultN/A
Configuration Modeconfig
History


3.1.0000

Example
switch (config) # ssh server tcp-forwarding enable
Related Commandsshow ssh server
Notes


ssh server x11-forwarding


ssh server x11-forwarding enable
no ssh server x11-forwarding enable

Enables X11 forwarding on the SSH server.
The no form of the command disables X11 forwarding.

Syntax DescriptionN/A


DefaultDisabled
Configuration Modeconfig
History


3.1.0000

Example
switch (config) # ssh server x11-forwarding enable
Related Commands
Notes

ssh client global


ssh client global {host-key-check <policy>} | known-host <known-host-entry>}
no ssh client global {host-key-check | known-host localhost}

Configures global SSH client settings.
The no form of the command negates global SSH client settings.

Syntax Descriptionhost-key-check <policy>Sets SSH client configuration to control how host key checking is performed. This parameter may be set in 3 ways.
  • If set to “no” it always permits connection, and accepts any new or changed host keys without checking
  • If set to “ask” it prompts user to accept new host keys, but does not permit a connection if there was already a known host entry that does not match the one presented by the host
  • If set to “yes” it only permits connection if a matching host key is already in the known hosts file
known-hostAdds an entry to the global known-hosts configuration file
known-host-entryAdds/removes an entry to/from the global known-hosts configuration file. The entry consist of “<IP> <key-type> <key>”.
Defaulthost-key-check – ask, no keys are configured by default
Configuration Modeconfig
History


3.1.0000

Example
switch (config) # ssh client global host-key-check no
switch (config) # ssh client global known-host "72.30.2.2 ssh-rsa AAAAB3NzaC1yc2EAAAAB....f2CyXFq4pzaR1jar1Vk="
Related Commands

show ssh client

Notes

ssh client user


ssh client user <username> {authorized-key sshv2 <public key> | identity <key type> {generate | private-key [<private key>] | public-key [<public key>]} | known-host <known host> remove}
no ssh client user admin {authorized-key sshv2 <public key ID> | identity <key type>}

Adds an entry to the global known-hosts configuration file, either by generating new key, or by adding manually a public or private key.
The no form of the command removes a public key from the specified user's authorized key list, or changes the key type.

Syntax DescriptionusernameThe specified user must be a valid account on the system. Possible values for this parameter are “admin”, “monitor”, “xmladmin”, and “xmluser”.
authorized-key sshv2 <public key>Adds the specified key to the list of authorized SSHv2 RSA or DSA public keys for this user account. These keys can be used to log into the user's account.
identity <key type>Sets certain SSH client identity settings for a user, dsa2 or rsa2.
generateGenerates SSH client identity keys for specified user.
private-keySets private key SSH client identity settings for the user.
public-keySets public key SSH client identity settings for the user.
known-host <known host> removeRemoves host from user's known host file.
DefaultNo keys are created by default
Configuration Modeconfig
History


3.1.0000

Example
switch (config) # ssh client user admin known-host 172.30.1.116 remove
Related Commands

show ssh client

NotesIf a key is being pasted from a cut buffer and was displayed with a paging program, it is likely that newline characters have been inserted, even if the output was not long enough to require paging. One can specify “no cli session paging enable” before running the “show” command to prevent the newlines from being inserted.

slogin 


slogin [<slogin options>] <hostname>

Invokes the SSH client. The user is returned to the CLI when SSH finishes.

Syntax Descriptionslogin options

-p
-c
-L
-l
-m
-R
-o

-1
-2
-4
-6
-g
-q
-V
-v
-x
-X
-Y
-y
-a
-A

-o flags (option allowed flags):

    AdressFamily
    BatchMode
    CheckHostIP
    Cipher
    Ciphers
    ConnectTimeout
    ForwardAgent
    ForwardX11
    ForwardX11Trusted
    HostKeyAlgorithms
    KexAlgorithms
    LogLevel
    MACs
    Port
    PubkeyAcceptedKeyTypes
    PubkeyAuthentication
    StrictHostKeyChecking
    TCPKeepAlive
    User
    VerifyHostKeyDNS

vrf_nameThere are no restrictions on the VRF name, as long as the VRF exists in the switch.
DefaultN/A
Configuration Modeconfig
History


3.1.0000
3.10.1000: Updated the slogin options

Example
switch (config) # slogin 192.168.10.70
The authenticity of host '192.168.10.70 (192.168.10.70)' can't be established.
RSA key fingerprint is 2e:ad:2d:23:45:4e:47:e0:2c:ae:8c:34:f0:1a:88:cb.
Are you sure you want to continue connecting (yes/no)? yes
Related Commands
NotesFor more information about slogin options see the following: linux.die.net/man/1/ssh

show ssh client


show ssh client

Displays the client configuration of the SSH server.

Syntax DescriptionN/A
DefaultN/A
Configuration ModeAny command mode
History


3.1.0000

Example
switch (config) # show ssh client
SSH client Strict Hostkey Checking: ask
 
SSH Global Known Hosts:
Entry 1: 72.30.2.2
Finger Print: 1e:b7:8b:ec:ab:35:98:be:6b:d6:12:c2:18:72:12:d6
 
No SSH user identities configured.
 
No SSH authorized keys configured.
Related Commands
Notes

show ssh server


show ssh server

Displays SSH server configuration.

Syntax DescriptionN/A
DefaultN/A
Configuration ModeAny command mode
History


3.1.0000
3.4.0000: Updated example
3.5.0200: Added SSH login timeout and max attempts
3.6.6000: Updated example
3.9.0300: Updated example—removed RSA v1 and added SSH server login record-period
3.9.0500: Changed "SSH server login record-period" default period to 1 day

Example
switch (config) # show ssh server
SSH server configuration:
SSH server enabled: yes
Server security strict mode: no
Minimum protocol version: 2
TCP forwarding enabled: yes
X11 forwarding enabled: no
SSH login timeout: 120
SSH login max attempts: 6
SSH server login record-period: 1
SSH server ports: 22
 
Interface listen enabled: yes
Listen Interfaces:
No interface configured.
 
Host Key Finger Prints and Key Lengths:
RSA v2 host key: SHA256:gVu6qLW1ZifEp8wRer2jkvILZMGNl6VCYU3HqC1INC8 (2048)
DSA v2 host key: SHA256:JnldTEla20ZF/c5LdIqo9251DzO742k3hFCQh3Jt4ZA (1024)
Related Commands
Notes

show ssh server host-keys


show ssh server host-keys

Displays SSH host key configuration.

Syntax DescriptionN/A
DefaultN/A
Configuration ModeAny command mode
History


3.1.0000
3.6.6000: Updated example
3.9.0300: Updated example—removed RSA v1

Example
switch (config) # show ssh server host-keys
SSH server configuration:
SSH server enabled: yes
Server security strict mode: no
Minimum protocol version: 2
TCP forwarding enabled: yes
X11 forwarding enabled: no
SSH login timeout: 120
SSH login max attempts: 6
SSH server ports: 22

Interface listen enabled: yes
Listen Interfaces: No interface configured.

Host Key Finger Prints and Key Lengths:
RSA v2 host key: SHA256:gVu6qLW1ZifEp8wRer2jkvILZMGNl6VCYU3HqC1INC8 (2048)
DSA v2 host key: SHA256:JnldTEla20ZF/c5LdIqo9251DzO742k3hFCQh3Jt4ZA (1024)

Host Keys:
RSA v2 host key: "kebo-2100-1 ssh-rsa AAAAB3Nza<...>KE5"
DSA v2 host key: "kebo-2100-1 ssh-dss AAAAB3Nza<...>/s="
Related Commandsssh server host-keys
Notes

show ssh server login record-period


show ssh server login record-period

Displays the amount of days for counting the number of successful logins.(Default: 30 days)

Syntax DescriptionN/A
DefaultDisabled
Configuration ModeAny command mode
History


3.9.0300
3.9.0500: Changed "SSH server login record-period" default value to 1 day

Example

switch (config) # show ssh server login record-period
SSH server login record-period: 1

Related Commandsssh server login record-period
Notes

Remote Login

telnet


telnet

Logs into another system using telnet.

Syntax DescriptionN/A
DefaultN/A
Configuration Modeconfig
History


3.1.0000

Example
switch (config) # telnet
telnet>
Related Commandstelnet-server
Notes

telnet-server enable


telnet-server enable
no telnet-server enable

Enables the telnet server.
The no form of the command disables the telnet server.

Syntax DescriptionN/A
DefaultTelnet server is disabled
Configuration Modeconfig
History


3.1.0000

Example
switch (config) # telnet-server enable
Related Commands

telnet-server
show telnet-server

Notes

show telnet-server


show telnet-server

Displays telnet server settings.

Syntax DescriptionN/A
DefaultN/A
Configuration Modeconfig
History


3.1.0000

Example
switch (config) # show telnet-server
Telnet server enabled: yes
Related Commands

telnet-server
show telnet-server

Notes



Web Interface

web auto-logout


web auto-logout <mins>
no web auto-logout <mins>

Configures length of user inactivity before auto-logout of a web session.
The no form of the command disables the web auto-logout (web sessions will never logged out due to inactivity).

Syntax Descriptionmins

The length of user inactivity in minutes
"0" disables the inactivity timer (same as a “no web auto-logout” command)

Default60 minutes
Configuration Modeconfig
History3.1.0000
Example
switch (config) # web auto-logout 60
Related Commands

show web

NotesThe no form of the command does not automatically log users out due to inactivity.

web cache-enable


web cache-enable
no web cache-enable

Enables web clients to cache web pages.
The no form of the command disables web clients from caching web pages.

Syntax DescriptionN/A
DefaultEnabled
Configuration Modeconfig
History3.4.1100
Example
switch (config) # no web cache-enable
Related Commands

show web

Notes

web client cert-verify


web client cert-verify
no web client cert-verify

Enables verification of server certificates during HTTPS file transfers.
The no form of the command disables verification of server certificates during HTTPS file transfers.

Syntax Description

N/A

Default

N/A

Configuration Mode

config

History

3.2.3000

Example

switch (config) # web client cert-verify

Related Commands


Notes


web client ca-list


web client ca-list {<ca-list-name> | default-ca-list | none}
no web client ca-list

Configures supplemental CA certificates for verification of server certificates during HTTPS file transfers.
The no form of the command uses no supplemental certificates.

Syntax Description

ca-list-name

Specifies CA list to configure

default-ca-list

Configures default supplemental CA certificate list

none

Uses no supplemental certificates

Default

default-ca-list

Configuration Mode

config

History

3.2.3000

Example

switch (config) # web client ca-list default-ca-list

Related Commands


Notes


web enable


web [vrf <vrf-name>] enable [force]
no web [vrf <vrf-name>] enable

Enables the web-based management console.
The no form of the command disables the web-based management console.

Syntax Description

vrf name—Describes VRF name for web daemon. If the VRF parameter is not specified, the "default" VRF will be used implicitly


force—Restarts web with passed VRF context even if it was already enabled using other VRF

Default

enable

Configuration Mode

config

History

3.1.0000

3.8.1000—Added note


3.9.2000—Added VRF option

Example

switch (config) # web enable

Related Commands

show web

Notes

Web interface can be enabled only in one VRF at a time.

web http


web http {enable | port <port-number> | redirect}
no web http {enable | port | redirect}

Configures HTTP access to the web-based management console.
The no form of the command negates HTTP settings for the web-based management console.

Syntax Description

enable

Enables HTTP access to the web-based management console.

port-numberSets a port for HTTP access.
redirectEnables redirection to HTTPS. If HTTP access is enabled, this specifies whether a redirect from the HTTP port to the HTTPS port should be issued to mandate secure HTTPS access.

Default

  • HTTP is disabled
  • HTTP TCP port is 80
  • HTTP redirect to HTTPS is disabled

Configuration Mode

config

History

3.1.0000

Example

switch (config) # web http enable

Related Commands

show web
web enable

Notes

 Enabling HTTP is meaningful if the WebUI as a whole is enabled

web httpd


web httpd listen {enable | interface <ifName>}
no web httpd listen {enable | interface <ifName>} 

Enables the listen interface restricted list for HTTP and HTTPS.
The no form of the command disables the HTTP server listen ability.

Syntax Description

enable

Enables Web interface restrictions on access to this system.

interface <ifName>Adds interface to Web server access restriction list (i.e., mgmt0, mgmt1).

Default

  • Listening is enabled

  • All interfaces are permitted.

Configuration Mode

config

History

3.1.0000

Example

switch (config) # web httpd listen enable

Related Commands

show web
web enable

Notes

If enabled, and if at least one of the interfaces listed is eligible to be a listen interface, then HTTP/HTTPS requests will only be accepted on those interfaces. Otherwise, HTTP/HTTPS requests are accepted on any interface.

web https


web https {certificate {regenerate | name | default-cert} | enable | port <port number> | ssl ciphers {all | TLS | TLS1.2}}
no web https {enable | port <port number>}

Configures HTTPS access to the web-based management console.
The no form of the command negates HTTPS settings for the web-based management console.

Syntax Description

certificate regenerate

Re-generates certificate to use for HTTPS connections

certificate name

Configure the named certificate to be used for HTTPS connections

certificate default-cert

Configure HTTPS to use the configured default certificate

enable

Enables HTTPS access to the web-based management console

port

Sets a TCP port for HTTPS access

ssl ciphers {all | TLS | TLS1.2}

Sets ciphers to be used for HTTPS

Default

  • HTTPS is enabled
  • Default port is 443

Configuration Mode

config

History

3.1.0000


3.4.0000

Added “ssl ciphers” parameter

3.4.0010

Added TLS parameter to “ssl ciphers”

3.8.1000Added note

Example

switch (config) # web https enable

Related Commands

show web
web enable

Notes

  • Enabling HTTPS is meaningful if the WebUI as a whole is enabled
  • See the command “crypto certificate default-cert name” for how to change the default certificate if inheriting the configured default certificate is preferred

web https ssl renegotiation enable


web https ssl renegotiation enable
no web https ssl renegotiation enable

Enables SSL renegotiation flag in httpd web server.
The no form of the command disables SSL renegotiation flag in httpd web server.

Syntax Description

N/A 

Default

  • HTTPS is enabled
  • Default port is 443

Configuration Mode

config

History

3.6.8008

Example

switch (config) # web https ssl renegotiation enable

Related Commands

show web
web enable

Notes


web https ssl secure-cookie enable


web https ssl secure-cookie enable
no web https ssl secure-cookie enable

Enables SSL secure-cookie flag in httpd web server.
The no form of the command disables secure-cookie flag in httpd web server.

Syntax Description

N/A 

Default

Enabled

Configuration Mode

config

History

3.6.8008

Example

switch (config) # web https ssl secure-cookie enable

Related Commands

show web
web enable

Notes


web proxy auth authtype

web proxy auth authtype <auth-type>
no web proxy auth authtype

Configures type of authentication to use with web proxy.
The no form of the command resets web proxy authentication type to its default.

Syntax Description

auth-type

Possible values:

  • none - no authentication
  • basic - HTTP basic authentication

Default

Basic authentication settings

Configuration Mode

config

History

3.1.0000

Example

switch (config) # web proxy auth authtype basic

Related Commands

show web
web enable

Notes


web proxy auth basic


web proxy auth basic {password <password> | username <username>}
no web proxy auth basic {password | username}

Configures HTTP basic authentication settings for proxy.
The no form of the command clears password or username configuration.

Syntax Description

password

Sets plaintext password for HTTP basic authentication with web proxy

username

Sets username for HTTP basic authentication with web proxy

Default

N/A

Configuration Mode

config

History

3.1.0000

Example

switch (config) # web proxy auth basic password 57R0ngP455w0rD

Related Commands

show web
web enable

Notes


web session timeout


web session timeout <number of minutes>

Configures time after which a session expires

Syntax Description

number of minutes

Number of minutes

Default

2 hr 30 min

Configuration Mode

config

History

3.1.0000

Example

switch (config) # web session timeout 180

Related Commands


Notes


web session renewal


web session renewal <number of minutes>

Configures time before expiration to renew a session

Syntax Description

number of minutes

Number of minutes

Default

30 min

Configuration Mode

config

History

3.1.0000

Example

switch (config) # web session renewal 20

Related Commands


Notes


show web 


show web 

Displays WebUI configuration.

Syntax Description

N/A

Default

N/A

Configuration Mode

Any command mode

History

3.6.6000

3.6.8008—Updated example

3.9.2000—Updated example, adding VRP field

Example

switch (config) # show web
Web User Interface:
Web interface enabled: yes
VRF name:                mgmt
Web caching enabled: no
HTTP enabled: no
HTTP port: 80
HTTP redirect to HTTPS: no
HTTPS enabled: yes
HTTPS port: 443
HTTPS ssl-ciphers: TLS1.2
HTTPS ssl-renegotiation: no
HTTPS ssl-secure-cookie: yes
HTTPS certificate name: default-cert
Listen enabled: yes
Listen Interfaces:
No interface configured.
 
Inactivity timeout: 1 hr
Session timeout: 2 hr 30 min
Session renewal: 30 min
 
Web file transfer proxy:
Proxy enabled: no
 
Web file transfer certificate authority:
HTTPS server cert verify: yes
HTTPS supplemental CA list: default-ca-list

Related Commands

web auto-logout
web cache-enable
web enable
web http
web httpd
web https
web https ssl renegotiation enable
web https ssl secure-cookie enable
web proxy auth authtype
web proxy auth basic

Notes