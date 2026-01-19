On This Page
- CLI Session
- Banner
- SSH
- ssh server enable
- ssh server host-key
- ssh server listen
- ssh server login attempts
- ssh server login timeout
- ssh server login record-period
- ssh server min-version
- ssh server ports
- ssh server security strict
- ssh server security strict
- ssh server x11-forwarding
- ssh client global
- ssh client user
- slogin
- show ssh client
- show ssh server
- show ssh server host-keys
- show ssh server login record-period
- Remote Login
UI Commands
This section displays all the relevant commands used to manage CLI session terminal.
cli clear-history
cli clear-history
Clears the command history of the current user.
Syntax Description
N/A
Default
N/A
Configuration Mode
config
History
3.1.0000
Example
switch (config) # cli clear-history
Related Commands
show cli
Notes
cli default
cli default {auto-logout <minutes> | paging enable | prefix-modes {enable | show-config} | progress enable | prompt {confirm-reload | confirm-reset | confirm-unsaved | empty-password}}
no cli default {auto-logout | paging enable | prefix-modes {enable | show-config} | progress enable prompt {confirm-reload | confirm-reset | confirm-unsaved | empty-password}
Configures default CLI options for this session only.
The no form of the command deletes or disables the default CLI options.
Syntax Description
auto-logout
Configures keyboard inactivity timeout for automatic logout. Range is 0-35791 minutes. Setting the value to 0 or using the no form of the command disables the auto-logout.
paging enable
Enables text viewing one screen at a time.
prefix-modes {enable | show-config}
Configures the prefix modes feature of CLI.
progress enable
Enables progress updates.
prompt confirm-reload
Prompts for confirmation before rebooting.
prompt confirm-reset
Prompts for confirmation before resetting to factory state.
prompt confirm-unsaved
Confirms whether or not to save unsaved changes before rebooting.
prompt empty-password
Prompts for a password if none is specified in a pseudo-URL for SCP.
Default
N/A
Configuration Mode
config
History
3.1.0000
Example
switch (config) # cli default prefix-modes enable
Related Commands
show cli
Notes
cli max-sessions
cli max-sessions <number>
no cli max-sessions
Configures the maximum number of simultaneous CLI sessions allowed.
The no form of the command resets this value to its default.
Syntax Description
number
Range: 3-30
Default
30 sessions
Configuration Mode
config
History
3.5.0200
Example
switch (config) # cli max-sessions 40
Related Commands
show terminal
Notes
cli session
cli session {auto-logout <minutes> | paging enable | prefix-modes enable | progress enable | terminal {length <size> | resize | type <terminal-type> | width} | x-display full <display>}
no cli session {auto-logout | paging enable | prefix-modes enable | progress enable | terminal type | x-display}
Configures CLI options for this session only.
The no form of the command deletes or disables the CLI sessions.
Syntax Description
minutes
Configures keyboard inactivity timeout for automatic logout.
Range: 0-35791 minutes Setting the value to 0 or using the no form of the command disables the auto logout.
paging enable
Enables text viewing one screen at a time.
prefix-modes enable
Configures the prefix modes feature of CLI and enables prefix modes for current session.
progress enable
Enables progress updates.
terminal length
Sets the number of lines for the current terminal.
Range: 5-999
terminal resize
Resizes the CLI terminal settings (to match the actual terminal window).
terminal-type
Sets terminal type. Valid options are:
terminal width
Sets the width of the terminal in characters.
Range: 34-999
x-display full <display>
Specifies the display as a raw string (e.g. localhost:0.0).
Default
N/A
Configuration Mode
config
History
3.1.0000
3.8.2100: Removed "prefix-modes show-config" option and terminal type vt320
Example
switch (config) # cli session auto-logout
Related Commands
show terminal
Notes
The "minutes" attribute can be configured from the CLI shell only.
terminal
terminal {length <number of lines> | resize | type <terminal type> | width <number of characters>}
no terminal type
Configures default CLI options for this session only.
The no form of the command clears the terminal type.
Syntax Description
length
Sets the number of lines for this terminal.
Range: 5-999
resize
Resizes the CLI terminal settings (to match with real terminal).
type
Sets the terminal type.
Possible values: ansi, console, dumb, linux, screen, vt52, vt100, vt102, vt220, xterm.
width
Sets the width of this terminal in characters.
Range: 34-999
Default
N/A
Configuration Mode
config
History
3.1.0000
Example
switch (config) # terminal length 500
Related Commands
show terminal
Notes
terminal sysrq enable
terminal sysrq enable
no terminal sysrq enable
Enable SysRq over the serial connection (RS232 or Console port).
The no form of the command disables SysRq over the serial connection (RS232 or Console port).
Syntax Description
N/A
Default
Disabled
Configuration Mode
config
History
3.4.3000
3.9.3100: Updated command to be disabled by default
Example
switch (config) # terminal sysrq enable
Related Commands
show terminal
Notes
show cli
show cli
Displays the CLI configuration and status.
Syntax Description
N/A
Default
N/A
Configuration Mode
Any command mode
History
3.1.0000
Example
switch (config) # show cli CLI current session settings: Maximum line size: 8192 Terminal width: 171 columns Terminal length: 38 rows Terminal type: xterm X display setting: (none) Auto-logout: disabled Paging: enabled Progress tracking: enabled Prefix modes: disabled CLI defaults for current session: Auto-logout: disabled Paging: enabled Progress tracking: enabled Prefix modes: enabled (and use in 'show configuration') Settings for current session: Show hidden config: yes Confirm losing changes: yes Confirm reboot/shutdown: no Confirm factory reset: yes Prompt on empty password: yes
Related Commands
cli default
Notes
show cli max-sessions
show cli max-sessions
Displays maximum number of sessions.
Syntax Description
N/A
Default
N/A
Configuration Mode
Any command mode
History
3.5.0200
Example
switch (config) # show cli max-sessions
Maximum number of CLI sessions: 5
Related Commands
Notes
show cli num-sessions
show cli num-sessions
Displays current number of sessions.
Syntax Description
N/A
Default
N/A
Configuration Mode
Any command mode
History
3.5.0200
Example
switch (config) # show cli num-sessions
Current number of CLI sessions: 40
Related Commands
Notes
Banner
banner login
banner login <string>
no banner login
Sets the CLI welcome banner message.
The no form of the command resets the system login banner to its default.
Syntax Description
N/A
Default
MLNX-OS Switch Management
Configuration Mode
Any command mode
History
3.5.0200
Example
switch (config) # banner login Example
Related Commands
show banner
Notes
If more than one word is used (there is a space) quotation marks should be added (i.e., “xxxx xxxx”).
banner login-local
banner login-local <string>
no banner login-local
Sets system login local banner.
The no form of the command resets the banner to its default value.
Syntax Description
N/A
Default
""
Configuration Mode
Any command mode
History
3.1.0000
3.5.0200: Added the no form of the command
Example
switch (config) # banner login-local Example
Related Commands
show banner
Notes
banner login-remote
banner login-remote <string>
no banner login-remote
Sets system login remote banner.
The no form of the command resets the banner to its default value.
Syntax Description
string
Text string
Default
""
Configuration Mode
config
History
3.1.0000
3.5.0200: Added the no form of the command
Example
switch (config) # banner login-remote Example
Related Commands
show banner
Notes
banner logout
banner logout <string>
no banner logout
Sets system logout banner (for both local and remote logins).
The no form of the command resets the banner to its default value.
Syntax Description
string
Text string
Default
""
Configuration Mode
config
History
3.1.0000
3.5.0200: Added the no form of the command
Example
switch (config) # banner logout Example
Related Commands
show banner
Notes
If more than one word is used (there is a space) quotation marks should be added (i.e., “xxxx xxxx”).
banner logout-local
banner logout-local <string>
no banner logout-local
Sets system logout local banner.
The no form of the command resets the banner to its default value.
Syntax Description
string
Text string
Default
""
Configuration Mode
config
History
3.5.0200
Example
switch (config) # banner logout-local Example
Related Commands
show banner
Notes
banner logout-remote
banner logout-remote <string>
no banner logout-remote
Sets system logout remote banner.
The no form of the command resets the banner to its default value.
Syntax Description
string
Text string
Default
""
Configuration Mode
config
History
3.5.0200
Example
switch (config) # banner logout-remote Example
Related Commands
show banner
Notes
banner motd
banner motd <string>
no banner motd
Configures the message of the day banner.
The no form of the command resets the system Message of the Day banner.
Syntax Description
string
Text string
Default
NVIDIA Switch
Configuration Mode
config
History
3.1.0000
Example
switch (config) # banner motd “My Banner”
Related Commands
show banner
Notes
show banner
show banner
Sets system logout remote banner.
The no form of the command resets the banner to its default value.
Syntax Description
N/A
Default
N/A
Configuration Mode
config
History
3.1.0000
3.5.0200
Updated example
3.6.6000
Updated example
3.9.3200
Updated example
Example
switch (config) # show banner Banners: Message of the Day (MOTD): Switch Login:
NVIDIA MLNX-OS Switch Management
Logout: Goodbye
Related Commands
banner login banner login-local banner login-remote banner logout banner logout-local banner logout-remote banner motd
Notes
SSH
ssh server enable
ssh server enable
no ssh server enable
Enables the SSH server.
The no form of the command disables the SSH server.
Syntax Description
N/A
Default
SSH server is enabled
Configuration Mode
config
History
3.1.0000
Example
switch (config) # ssh server enable
Related Commands
show banner
Notes
Disabling SSH server does not terminate existing SSH sessions, it only prevents new ones from being established.
ssh server host-key
ssh server host-key {<key-type> {private-key <private-key>| public-key <public-key>} | generate}
Configures host keys for SSH.
Syntax Description
key-type
private-key
Sets new private-key for the host keys of the specified type.
public-key
Sets new public-key for the host keys of the specified type.
generate
Generates new RSA and DSA host keys for SSH.
Default
SSH keys are locally generated
Configuration Mode
config
History
3.1.0000
3.4.2300: Added notes3.9.0300: Removed RSAv1 3.9.1000: Added a note
Example
switch (config) # ssh server host-key dsa2 private-key Key: *********************************************** Confirm: ***********************************************
Related Commands
show banner
Notes
RSA2 and a DSA2 host keys are generated by default. The RSA2 key can be used as SSH server and client, while DSA2 key can only be used as SSH client.
When the switch is a server, use RSA key to connect to the NVIDIA Onyx device. When the switch is a client (e.g. downloading image or uploading logs), RSA key is recommended. DSA key is only for legacy devices and has been deprecated by OpenSSH starting with the 7.0 release.
ssh server listen
ssh server listen {enable | interface <inf>}
no ssh server listen {enable | interface <inf>}
Enables the listen interface restricted list for SSH. If enabled, and at least one non-DHCP interface is specified in the list, the SSH connections are only accepted on those specified interfaces.
The no form of the command disables the listen interface restricted list for SSH. When disabled, SSH connections are not accepted on any interface.
Syntax Description
enable
Enables SSH interface restrictions on access to this system.
interface
Adds interface to SSH server access restriction list. Possible interfaces are “lo”, and “mgmt0”.
Default
SSH listen is enabled
Configuration Mode
config
History
3.1.0000
Example
switch (config) # ssh server listen enable
Related Commands
show ssh server
Notes
ssh server login attempts
ssh server login attempts <number>
no ssh server login attempts
Configures maximum login attempts on SSH server.
The no form of the command resets the login attempts value to its default.
Syntax Description
number
Range: 3-100 attempts
interface
Adds interface to SSH server access restriction list. Possible interfaces are “lo”, and “mgmt0”.
Default
6 attempts
Configuration Mode
config
History
3.1.0000
3.5.1000: Increased minimum number of attempts3.9.0900: Added notes
Example
switch (config) # ssh server login attempts 5
Related Commands
show ssh server
Notes
ssh server login timeout
ssh server login timeout <time>
no ssh server login timeout
Configures login timeout on SSH server.
The no form of the command resets the timeout value to its default.
Syntax Description
time
Range: 1-600 seconds
Default
120 seconds
Configuration Mode
config
History
3.5.0200
Example
switch (config) # ssh server login timeout 130
Related Commands
show ssh server
Notes
ssh server login record-period
ssh server login record-period <days> no ssh server login record-period
Configures the amount of days for counting the number of successful logins.
The no form of the command disabled this function.
Syntax Description
Days
Range: 1-30 days
Default: 1 day
Default
Disabled
Configuration Mode
config
History
3.9.0300
3.9.0500: Changed "SSH server login record-period" default value to 1 day
Example
switch (config) # ssh server login record-period 1
Related Commands
show ssh server login record-period show ssh server
Notes
ssh server min-version
ssh server min-version <version>
no ssh server min-version
Sets the minimum version of the SSH protocol that the server supports.
The no form of the command resets the minimum version of SSH protocol supported.
Syntax Description
version
Possible versions are 1 and 2
Default
2
Configuration Mode
config
History
3.1.0000
Example
switch (config) # ssh server min-version 2
Related Commands
show ssh server
Notes
ssh server ports
ssh server ports {<port1> [<port2>...]}
Specifies which ports the SSH server listens on.
Syntax Description
port
Port number between [1-65535]
Default
22
Configuration Mode
config
History
3.1.0000
Example
switch (config) # ssh server ports 22
Related Commands
show ssh server
Notes
ssh server security strict
ssh server ports {<port1> [<port2>...]}
Enables strict security settings.
The no form of the command disables strict security settings.
Syntax Description
N/A
Default
N/A
Configuration Mode
config
History
3.3.5060
3.6.40003.9.0300: Updated notes
Example
switch (config) # ssh server security strict
Related Commands
show ssh server
Notes
The following ciphers are disabled for SSH when strict security is enabled:
ssh server security strict
ssh server tcp-forwarding enable
Enables TCP port forwarding.
The no form of the command disables TCP port forwarding.
Syntax Description
N/A
Default
N/A
Configuration Mode
config
History
3.1.0000
Example
switch (config) # ssh server tcp-forwarding enable
Related Commands
show ssh server
Notes
ssh server x11-forwarding
ssh server x11-forwarding enable
no ssh server x11-forwarding enable
Enables X11 forwarding on the SSH server.
The no form of the command disables X11 forwarding.
Syntax Description
N/A
Default
Disabled
Configuration Mode
config
History
3.1.0000
Example
switch (config) # ssh server x11-forwarding enable
Related Commands
Notes
ssh client global
ssh client global {host-key-check <policy>} | known-host <known-host-entry>}
no ssh client global {host-key-check | known-host localhost}
Configures global SSH client settings.
The no form of the command negates global SSH client settings.
Syntax Description
host-key-check <policy>
Sets SSH client configuration to control how host key checking is performed. This parameter may be set in 3 ways.
known-host
Adds an entry to the global known-hosts configuration file
known-host-entry
Adds/removes an entry to/from the global known-hosts configuration file. The entry consist of “<IP> <key-type> <key>”.
Default
host-key-check – ask, no keys are configured by default
Configuration Mode
config
History
3.1.0000
Example
switch (config) # ssh client global host-key-check no switch (config) # ssh client global known-host "72.30.2.2 ssh-rsa AAAAB3NzaC1yc2EAAAAB....f2CyXFq4pzaR1jar1Vk="
Related Commands
show ssh client
Notes
ssh client user
ssh client user <username> {authorized-key sshv2 <public key> | identity <key type> {generate | private-key [<private key>] | public-key [<public key>]} | known-host <known host> remove}
no ssh client user admin {authorized-key sshv2 <public key ID> | identity <key type>}
Adds an entry to the global known-hosts configuration file, either by generating new key, or by adding manually a public or private key.
The no form of the command removes a public key from the specified user's authorized key list, or changes the key type.
Syntax Description
username
The specified user must be a valid account on the system. Possible values for this parameter are “admin”, “monitor”, “xmladmin”, and “xmluser”.
authorized-key sshv2 <public key>
Adds the specified key to the list of authorized SSHv2 RSA or DSA public keys for this user account. These keys can be used to log into the user's account.
identity <key type>
Sets certain SSH client identity settings for a user, dsa2 or rsa2.
generate
Generates SSH client identity keys for specified user.
private-key
Sets private key SSH client identity settings for the user.
public-key
Sets public key SSH client identity settings for the user.
known-host <known host> remove
Removes host from user's known host file.
Default
No keys are created by default
Configuration Mode
config
History
3.1.0000
Example
switch (config) # ssh client user admin known-host 172.30.1.116 remove
Related Commands
show ssh client
Notes
If a key is being pasted from a cut buffer and was displayed with a paging program, it is likely that newline characters have been inserted, even if the output was not long enough to require paging. One can specify “no cli session paging enable” before running the “show” command to prevent the newlines from being inserted.
slogin
slogin [<slogin options>] <hostname>
Invokes the SSH client. The user is returned to the CLI when SSH finishes.
Syntax Description
slogin options
-p
-c -L -l -m -R -o
-1
-2 -4 -6 -g -q -V -v -x -X -Y -y -a -A
-o flags (option allowed flags):
AdressFamily
BatchMode CheckHostIP Cipher Ciphers ConnectTimeout ForwardAgent ForwardX11 ForwardX11Trusted HostKeyAlgorithms KexAlgorithms LogLevel MACs Port PubkeyAcceptedKeyTypes PubkeyAuthentication StrictHostKeyChecking TCPKeepAlive User VerifyHostKeyDNS
vrf_name
There are no restrictions on the VRF name, as long as the VRF exists in the switch.
Default
N/A
Configuration Mode
config
History
3.1.0000
3.10.1000: Updated the slogin options
Example
switch (config) # slogin 192.168.10.70 The authenticity of host '192.168.10.70 (192.168.10.70)' can't be established. RSA key fingerprint is 2e:ad:2d:23:45:4e:47:e0:2c:ae:8c:34:f0:1a:88:cb. Are you sure you want to continue connecting (yes/no)? yes
Related Commands
Notes
For more information about slogin options see the following: linux.die.net/man/1/ssh
show ssh client
show ssh client
Displays the client configuration of the SSH server.
Syntax Description
N/A
Default
N/A
Configuration Mode
Any command mode
History
3.1.0000
Example
switch (config) # show ssh client SSH client Strict Hostkey Checking: ask SSH Global Known Hosts: Entry 1: 72.30.2.2 Finger Print: 1e:b7:8b:ec:ab:35:98:be:6b:d6:12:c2:18:72:12:d6 No SSH user identities configured. No SSH authorized keys configured.
Related Commands
Notes
show ssh server
show ssh server
Displays SSH server configuration.
Syntax Description
N/A
Default
N/A
Configuration Mode
Any command mode
History
3.1.0000
3.4.0000: Updated example3.5.0200: Added SSH login timeout and max attempts3.6.6000: Updated example3.9.0300: Updated example—removed RSA v1 and added SSH server login record-period3.9.0500: Changed "SSH server login record-period" default period to 1 day
Example
switch (config) # show ssh server SSH server configuration: SSH server enabled: yes Server security strict mode: no Minimum protocol version: 2 TCP forwarding enabled: yes X11 forwarding enabled: no SSH login timeout: 120 SSH login max attempts: 6 SSH server login record-period: 1 SSH server ports: 22
Interface listen enabled: yes Listen Interfaces: No interface configured. Host Key Finger Prints and Key Lengths: RSA v2 host key: SHA256:gVu6qLW1ZifEp8wRer2jkvILZMGNl6VCYU3HqC1INC8 (2048) DSA v2 host key: SHA256:JnldTEla20ZF/c5LdIqo9251DzO742k3hFCQh3Jt4ZA (1024)
Related Commands
Notes
show ssh server host-keys
show ssh server host-keys
Displays SSH host key configuration.
Syntax Description
N/A
Default
N/A
Configuration Mode
Any command mode
History
3.1.0000
3.6.6000: Updated example3.9.0300: Updated example—removed RSA v1
Example
switch (config) # show ssh server host-keys SSH server configuration: SSH server enabled: yes Server security strict mode: no Minimum protocol version: 2 TCP forwarding enabled: yes X11 forwarding enabled: no SSH login timeout: 120 SSH login max attempts: 6 SSH server ports: 22 Interface listen enabled: yes Listen Interfaces: No interface configured. Host Key Finger Prints and Key Lengths: RSA v2 host key: SHA256:gVu6qLW1ZifEp8wRer2jkvILZMGNl6VCYU3HqC1INC8 (2048) DSA v2 host key: SHA256:JnldTEla20ZF/c5LdIqo9251DzO742k3hFCQh3Jt4ZA (1024) Host Keys: RSA v2 host key: "kebo-2100-1 ssh-rsa AAAAB3Nza<...>KE5" DSA v2 host key: "kebo-2100-1 ssh-dss AAAAB3Nza<...>/s="
Related Commands
ssh server host-keys
Notes
show ssh server login record-period
show ssh server login record-period
Displays the amount of days for counting the number of successful logins.(Default: 30 days)
Syntax Description
N/A
Default
Disabled
Configuration Mode
Any command mode
History
3.9.0300
3.9.0500: Changed "SSH server login record-period" default value to 1 day
Example
switch (config) # show ssh server login record-period
SSH server login record-period: 1
Related Commands
ssh server login record-period
Notes
Remote Login
telnet
telnet
Logs into another system using telnet.
Syntax Description
N/A
Default
N/A
Configuration Mode
config
History
3.1.0000
Example
switch (config) # telnet
telnet>
Related Commands
telnet-server
Notes
telnet-server enable
telnet-server enable
no telnet-server enable
Enables the telnet server.
The no form of the command disables the telnet server.
Syntax Description
N/A
Default
Telnet server is disabled
Configuration Mode
config
History
3.1.0000
Example
switch (config) # telnet-server enable
Related Commands
telnet-server
show telnet-server
Notes
show telnet-server
show telnet-server
Displays telnet server settings.
Syntax Description
N/A
Default
N/A
Configuration Mode
config
History
3.1.0000
Example
switch (config) # show telnet-server Telnet server enabled: yes
Related Commands
telnet-server
show telnet-server
Notes
web auto-logout
web auto-logout <mins>
no web auto-logout <mins>
Configures length of user inactivity before auto-logout of a web session.
The no form of the command disables the web auto-logout (web sessions will never logged out due to inactivity).
Syntax Description
mins
The length of user inactivity in minutes
"0" disables the inactivity timer (same as a “no web auto-logout” command)
Default
60 minutes
Configuration Mode
config
History
3.1.0000
Example
switch (config) # web auto-logout 60
Related Commands
show web
Notes
The no form of the command does not automatically log users out due to inactivity.
web cache-enable
web cache-enable
no web cache-enable
Enables web clients to cache web pages.
The no form of the command disables web clients from caching web pages.
Syntax Description
N/A
Default
Enabled
Configuration Mode
config
History
3.4.1100
Example
switch (config) # no web cache-enable
Related Commands
show web
Notes
web client cert-verify
web client cert-verify
no web client cert-verify
Enables verification of server certificates during HTTPS file transfers.
The no form of the command disables verification of server certificates during HTTPS file transfers.
Syntax Description
N/A
Default
N/A
Configuration Mode
config
History
3.2.3000
Example
switch (config) # web client cert-verify
Related Commands
Notes
web client ca-list
web client ca-list {<ca-list-name> | default-ca-list | none}
no web client ca-list
Configures supplemental CA certificates for verification of server certificates during HTTPS file transfers.
The no form of the command uses no supplemental certificates.
Syntax Description
ca-list-name
Specifies CA list to configure
default-ca-list
Configures default supplemental CA certificate list
none
Uses no supplemental certificates
Default
default-ca-list
Configuration Mode
config
History
3.2.3000
Example
switch (config) # web client ca-list default-ca-list
Related Commands
Notes
web enable
web enable
no web enable
Enables the web-based management console.
The no form of the command disables the web-based management console.
Syntax Description
N/A
Default
enable
Configuration Mode
config
History
3.1.0000
3.8.1000—Added note
Example
switch (config) # web enable
Related Commands
show web
Notes
Disabling WebUI or HTTPS blocks connected LCD tablet display of CS8500 modular switch.
web http
web http {enable | port <port-number> | redirect}
no web http {enable | port | redirect}
Configures HTTP access to the web-based management console.
The no form of the command negates HTTP settings for the web-based management console.
Syntax Description
enable
Enables HTTP access to the web-based management console.
port-number
Sets a port for HTTP access.
redirect
Enables redirection to HTTPS. If HTTP access is enabled, this specifies whether a redirect from the HTTP port to the HTTPS port should be issued to mandate secure HTTPS access.
Default
Configuration Mode
config
History
3.1.0000
Example
switch (config) # web http enable
Related Commands
show web
web enable
Notes
Enabling HTTP is meaningful if the WebUI as a whole is enabled
web httpd
web httpd listen {enable | interface <ifName>}
no web httpd listen {enable | interface <ifName>}
Enables the listen interface restricted list for HTTP and HTTPS.
The no form of the command disables the HTTP server listen ability.
Syntax Description
enable
Enables Web interface restrictions on access to this system.
interface <ifName>
Adds interface to Web server access restriction list (i.e., mgmt0, mgmt1).
Default
Configuration Mode
config
History
3.1.0000
Example
switch (config) # web httpd listen enable
Related Commands
show web
web enable
Notes
If enabled, and if at least one of the interfaces listed is eligible to be a listen interface, then HTTP/HTTPS requests will only be accepted on those interfaces. Otherwise, HTTP/HTTPS requests are accepted on any interface.
web https
web https {certificate {regenerate | name | default-cert} | enable | port <port number> | ssl ciphers {all | TLS | TLS1.2}}
no web https {enable | port <port number>}
Configures HTTPS access to the web-based management console.
The no form of the command negates HTTPS settings for the web-based management console.
Syntax Description
certificate regenerate
Re-generates certificate to use for HTTPS connections
certificate name
Configure the named certificate to be used for HTTPS connections
certificate default-cert
Configure HTTPS to use the configured default certificate
enable
Enables HTTPS access to the web-based management console
port
Sets a TCP port for HTTPS access
ssl ciphers {all | TLS | TLS1.2}
Sets ciphers to be used for HTTPS
Default
Configuration Mode
config
History
3.1.0000
3.4.0000
Added “ssl ciphers” parameter
3.4.0010
Added TLS parameter to “ssl ciphers”
3.8.1000
Added note
Example
switch (config) # web https enable
Related Commands
show web
web enable
Notes
web https ssl renegotiation enable
web https ssl renegotiation enable
no web https ssl renegotiation enable
Enables SSL renegotiation flag in httpd web server.
The no form of the command disables SSL renegotiation flag in httpd web server.
Syntax Description
N/A
Default
Configuration Mode
config
History
3.6.8008
Example
switch (config) # web https ssl renegotiation enable
Related Commands
show web
web enable
Notes
web https ssl secure-cookie enable
web https ssl secure-cookie enable
no web https ssl secure-cookie enable
Enables SSL secure-cookie flag in httpd web server.
The no form of the command disables secure-cookie flag in httpd web server.
Syntax Description
N/A
Default
Enabled
Configuration Mode
config
History
3.6.8008
Example
switch (config) # web https ssl secure-cookie enable
Related Commands
show web
web enable
Notes
web proxy auth authtype
web proxy auth authtype <auth-type>
no web proxy auth authtype
Configures type of authentication to use with web proxy.
The no form of the command resets web proxy authentication type to its default.
Syntax Description
auth-type
Possible values:
Default
Basic authentication settings
Configuration Mode
config
History
3.1.0000
Example
switch (config) # web proxy auth authtype basic
Related Commands
show web
web enable
Notes
web proxy auth basic
web proxy auth basic {password <password> | username <username>}
no web proxy auth basic {password | username}
Configures HTTP basic authentication settings for proxy.
The no form of the command clears password or username configuration.
Syntax Description
password
Sets plaintext password for HTTP basic authentication with web proxy
username
Sets username for HTTP basic authentication with web proxy
Default
N/A
Configuration Mode
config
History
3.1.0000
Example
switch (config) # web proxy auth basic password 57R0ngP455w0rD
Related Commands
show web
web enable
Notes
web session timeout
web session timeout <number of minutes>
Configures time after which a session expires
Syntax Description
number of minutes
Number of minutes
Default
2 hr 30 min
Configuration Mode
config
History
3.1.0000
Example
switch (config) # web session timeout 180
Related Commands
Notes
web session renewal
web session renewal <number of minutes>
Configures time before expiration to renew a session
Syntax Description
number of minutes
Number of minutes
Default
30 min
Configuration Mode
config
History
3.1.0000
Example
switch (config) # web session renewal 20
Related Commands
Notes
show web
show web
Displays WebUI configuration.
Syntax Description
N/A
Default
N/A
Configuration Mode
Any command mode
History
3.6.6000
3.6.8008—Updated example
Example
switch (config) # show web Web User Interface: Web interface enabled: yes
Web caching enabled: no HTTP enabled: no HTTP port: 80 HTTP redirect to HTTPS: no HTTPS enabled: yes HTTPS port: 443 HTTPS ssl-ciphers: TLS1.2 HTTPS ssl-renegotiation: no HTTPS ssl-secure-cookie: yes HTTPS certificate name: default-cert Listen enabled: yes Listen Interfaces: No interface configured. Inactivity timeout: 1 hr Session timeout: 2 hr 30 min Session renewal: 30 min Web file transfer proxy: Proxy enabled: no Web file transfer certificate authority: HTTPS server cert verify: yes HTTPS supplemental CA list: default-ca-list
Related Commands
web auto-logout
web cache-enable web enable web http web httpd web https web https ssl renegotiation enable web https ssl secure-cookie enable web proxy auth authtype web proxy auth basic
Notes