Enable Remote Access Services

Before you begin

  • When you enable the rlogin flag, you must configure an access policy to specify the user name of who can access the switch. For more information about the access policy commands, see Access Policies for Services.

    Note

    Note

    Rlogin is only supported on VSP 8600 Series.

About this task

Enable the remote access service to provide multiple methods of remote access.

File Transfer Protocol (FTP), Trivial File Transfer Protocol (TFTP) and Telnet server support both IPv4 and IPv6 addresses, with no difference in functionality or configuration.

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Enable the access service:

    boot config flags {ftpd | rlogind | sshd | telnetd | tftpd}

  3. Repeat as necessary to activate the desired services.
  4. Save the configuration.

Example

Enable the access service for Telnet:

Switch:1>enable
Switch:1#configure terminal
Switch:1(config)#boot config flags telnetd

Variable Definitions

The following table defines parameters for the boot config flags command.

Variable

Value

advanced-feature-bandwidth-reservation [low | high | vim]

Note:

Exception: only supported on 5420 Series, 5520 Series, VSP 7400 Series, and XA1480.

Exception: only low level supported on 5420 Series.

Exception: only low level and vim level is supported on 5520 Series.

Enables the switch to support advanced features by reserving ports as loopback ports. When disabled, you can use all ports on the switch, but advanced features do not work.

The default varies depending on the platform:

The default for XA1400, VSP 7400 and 5420 Series is enabled with low level.

The default for 5520 Series is enabled with vim level if Versatile Interface Module (VIM) is not installed, else low level is enabled.

  • The high level means that the switch reserves the maximum bandwidth for the advanced features.

  • The low level means that the switch reserves less bandwidth to support minimum functionality for advanced features.

  • The vim level means that the switch VIM ports as loopback ports and the Universal Ethernet ports for uplinks.

If you change this parameter, you must restart the switch.

block-snmp

Activates or disables Simple Network Management Protocol management. The default value is false (disabled), which permits SNMP access.

debug-config [console] | [file]

Enables you to debug the configuration file during loading configuration at system boot up. The default is disabled. You do not have to restart the switch after you enable debug-config, unless you want to immediately debug the configuration. After you enable debug-config and save the configuration, the debug output either displays on the console or logs to an output file the next time the switch reboots.

The options are:

  • debug-config [console]—Displays the line-by-line configuration file processing and result of the execution on the console while the device loads the configuration file.

  • debug-config [file]— Logs the line-by-line configuration file processing and result of the execution to the debug file while the device loads the configuration file. The system logs the debug config output to /intflash/debugconfig_primary.txt for the primary configuration file. The system logs the debug config output to /intflash/debugconfig_backup.txt for the backup configuration, if the backup configuration file loads.

debugmode

Enables a TRACE on any port by prompting the selection on the console during boot up. This allows the user start trace for debugging earlier on specified port. Works on console connection only. The default is disabled.

Important:

Do not change this parameter unless directed by technical support.

dvr-leaf-mode

Enables an SPB node to be configured as a DvR Leaf.

A node that has this flag set cannot be configured as a DvR Controller.

The boot flag is disabled by default.

enhancedsecure-mode {jitc | non-jitc}

Enables enhanced secure mode in either the Joint Interoperability Test Command (JITC) or non-JITC sub-modes.

Note:

As a best practice, enable the enhanced secure mode in the non-JITC sub-mode, because the JITC sub-mode is more restrictive and prevents the use of some CLI commands that are commonly used for troubleshooting.

When you enable enhanced secure mode in either the JITC or non-JITC sub-modes, the switch provides role-based access levels, stronger password requirements, and stronger rules on password length, password complexity, password change intervals, password reuse, and password maximum age use.

factorydefaults

Specifies whether the switch uses the factory default settings at startup. The default value is disabled. This flag is automatically reset to the default setting after the CPU restarts. If you change this parameter, you must restart the switch.

Note:

The factorydefaults flag deletes the runtime, primary and backup configuration files, local password files, authentication keys, and certificates. After a factory default, you must change the password on first login.

flow-control-mode

Note:

Exception: not supported on VSP 8600 Series.

Enables or disables flow control globally. When disabled, the system does not generate nor configure the transmission of flow control messages. The system always honors received flow control messages regardless of the flow control mode status. You must enable this mode before you configure an interface to send pause frames.

The default is disabled.

ftpd

Activates or disables the FTP server on the switch. The default value is disabled. To enable FTP, ensure that the tftpd flag is disabled.

ha-cpu

Note:

Exception: only supported on VSP 8600 Series.

Activates or disables High Availability-CPU (HA-CPU) mode. Switches with two CPUs use HA mode to recover quickly from a failure of one of the CPUs.

If you enable or disable HA mode, the secondary CPU resets automatically to load settings from the saved configuration file.

hsecure

Activates or disables High Secure mode. The hsecure command provides the following password behavior:

  • 10 character enforcement

  • The password must contain a minimum of 2 uppercase characters, 2 lowercase characters, 2 numbers, and 2 special characters.

  • Aging time

  • Failed login attempt limitation

The default value is disabled. If you enable High Secure mode, you must restart the switch to enforce secure passwords. If you operate the switch in High Secure mode, the switch prompts a password change if you enter invalid-length passwords.

ipv6-egress-filter

Note:

Exception: not supported on VSP 8600 Series and XA1400 Series.

Enables IPv6 egress filters. The default is disabled.

If you change this parameter, you must restart the switch.

ipv6–mode
Note:

Exception: not supported on VSP 4450 Series, VSP 8600 Series, and XA1400 Series.

Enables IPv6 mode on the switch.

linerate-directed-broadcast {true | false}

Note:

Exception: only supported on VSP 4450 Series.

Enables or disables support for IP Directed Broadcast in hardware without requiring CPU intervention. Setting this boot flag will put port 1/46 into loopback mode, making it unusable for external connections, so you need to move any existing connections on this port first. After setting this boot flag, save the configuration, and then restart the switch.

The default value is disabled.

Important:

The software cannot be upgraded or downgraded to a software release that does not contain this directed broadcast hardware assist functionality without first disabling this feature and saving the configuration.

logging

Activates or disable system logging. The default value is enabled. The system names log files according to the following:

  • The system displays the file names in 8.3 (log.xxxxxxxx.sss) format.

  • The first 6 characters of the file name contain the last three bytes of the chassis base MAC address.

  • The next two characters in the file name specify the slot number of the CPU that generated the logs.

  • The last three characters in the file name are the sequence number of the log file.

The system generates multiple sequence numbers for the same chassis and same slot if the system reaches the maximum log file size.

macsec

Note:

Exception: only supported on 5420 Series.

Enables Media Access Control Security (MACsec) globally.

nni-mstp

Note:

Exception: not supported on VSP 8600 Series and XA1400 Series.

Enables MSTP and VLAN configuration on NNI ports. The default is disabled.

Note:

Spanning Tree is disabled on all NNIs.

You cannot add an SPBM NNI port or MLT port to any non SPBM B-VLAN. You cannot add additional C-VLANs to a brouter port.

reboot

Activates or disables automatic reboot on a fatal error. The default value is activated.

Important:

Do not change this parameter unless directed by technical support.

rlogind

Note:

Exception: rlogin and rsh are only supported on VSP 8600 Series.

Activates or disables the rlogin and rsh server. The default value is disabled.

savetostandby

Note:

Exception: only supported on VSP 8600 Series.

Activates or disables automatic save of the configuration file to the standby CPU. The default value is enabled. If you operate a dual CPU system, enable this flag for ease of operation.

spanning-tree-mode <mstp|rstp>

Specifies the Multiple Spanning Tree Protocol or Rapid Spanning Tree Protocol mode. If you do not specify a protocol, the switch uses the default mode. The default mode is mstp. If you change the spanning tree mode, you must save the current configuration and restart the switch.

spbm-config-mode

Enables you to configure SPB and IS-IS, but you cannot configure PIM and IGMP either globally or on an interface.

Use the no operator so that you can configure PIM and IGMP.

The boot flag is enabled by default. To set this flag to the default value, use the default operator with the command.

sshd

Activates or disables the SSHv2 server service. The default value is disabled.

syslog-rfc5424-format

Controls the format of the syslog output and logging. By default, the switch uses the RFC5424 format. If the RFC based format is disabled, the older format is used.

telnetd

Activates or disables the Telnet server service. The default is disabled.

tftpd

Activates or disables Trivial File Transfer Protocol server service. The default value is disabled.

trace-logging

Activates or disables the creation of trace logs. The default value is disabled.

Important:

Do not change this parameter unless directed by technical support.

urpf-mode

Note:

Exception: not supported on VSP 8600 Series and XA1400 Series.

Enables Unicast Reverse Path Forwarding (uRPF) globally. You must enable uRPF globally before you configure it on a port or VLAN. The default is disabled.

verify-config

Activates syntax checking of the configuration file. The default is enabled.

  • Primary config behavior: When the verifyconfig flag is enabled, the primary config file is pre-checked for syntax errors. If the system finds an error, the primary config file is not loaded, instead the system loads the backup config file.

    If the verify-config flag is disabled, the system does not pre-check syntax errors. When the verify-config flag is disabled, the system ignores any lines with errors during loading of the primary config file. If the primary config file is not present or cannot be found, the system tries to load the backup file.

  • Backup config behavior: If the system loads the backup config file, the system does not check the backup file for syntax errors. It does not matter if the verify-config flag is disabled or enabled. With the backup config file, the system ignores any lines with errors during the loading of the backup config file.

    If no backup config file exists, the system defaults to factory defaults.

As a best practice, disable the verify-config flag.

vrf-scaling

Increases the maximum number of VRFs and Layer 3 VSNs that the switch supports. This flag is disabled by default.

Important:

If you enable both this flag and the spbmconfig-mode flag, the switch reduces the number of configurable VLANs. For more information about maximum scaling numbers, see VSP 8600 Release Notes.

vxlan-gw-full-interworking-mode

Note:

Exception: only supported on VSP 7200 Series, VSP 7400 Series, VSP 8200 Series, and VSP 8400 Series.

Enables VXLAN Gateway in Full Interworking Mode, which supports SPB, SMLT, and vIST.

By default, the Base Interworking Mode is enabled and Full Interworking Mode is disabled. You change modes by enabling this boot configuration flag.

The no operator is the default Base Interworking Mode. In this mode, VXLAN Gateway supports Layer 2 gateway communication between VXLAN and traditional VLAN environments.

For more information about feature support, see VOSS Feature Support Matrix.