HP Firewall CLI user interfaces

The device uses user interfaces (also called "lines") to control CLI logins and monitor CLI sessions. You can configure access control settings, including authentication, user privilege, and login redirect on user interfaces. After users are logged in, their actions must be compliant with the settings on the user interfaces assigned to them.

Users are assigned different user interfaces, depending on their login methods, as shown in Table 2.

Table 2 CLI login method and user interface matrix

User interface assignment

The device automatically assigns user interfaces to CLI login users, depending on their login methods. Each user interface can be assigned to only one user at a time. If no user interface is available, a CLI login attempt will be rejected.

For a CLI login, the device always picks the lowest numbered user interface from the idle user interfaces available for the type of login. For example, four VTY user interfaces (0 to 3) are configured, of which VTY 0 and VTY 3 are idle. When a user Telnets to the device, the device assigns VTY 0 to the user and uses the settings on VTY 0 to authenticate and manage the user.

User interface identification

A user interface can be identified by an absolute number, or the interface type and a relative number.

An absolute number uniquely identifies a user interface among all user interfaces. The user interfaces are numbered starting from 0 and incrementing by 1 and in the sequence of console, AUX, and then VTY user interfaces. You can use the display user-interface command without any parameters to view supported user interfaces and their absolute numbers.

18