HP 200 Unified Threat Management (UTM) Appliance CLI user interfaces, User interface assignment

Page 24

Login method

Default setting and configuration requirements

 

By default, SNMP login is disabled. To use SNMP service, complete

 

the following configuration tasks:

 

Assign an IP address to an interface of the device and make sure

Accessing the device through SNMP

the interface and the NMS can reach each other. By default, only

 

interface GigabitEthernet 0/0 is assigned an IP address

 

(192.168.0.1/24).

 

Configure SNMP basic parameters.

After configuring the network device and the firewall module properly, you can log in to the firewall module from the network device.

CLI user interfaces

The device uses user interfaces (also called "lines") to control CLI logins and monitor CLI sessions. You can configure access control settings, including authentication, user privilege, and login redirect on user interfaces. After users are logged in, their actions must be compliant with the settings on the user interfaces assigned to them.

Users are assigned different user interfaces, depending on their login methods, as shown in Table 2.

Table 2 CLI login method and user interface matrix

User interface

Login method

Console user interface

Console port (EIA/TIA-232 DCE)

 

 

AUX user interface

AUX port (EIA/TIA-232 DTE, typically used for dial-in access

through modems)

 

 

 

Virtual type terminal (VTY) user interface

Telnet or SSH

 

 

User interface assignment

The device automatically assigns user interfaces to CLI login users, depending on their login methods. Each user interface can be assigned to only one user at a time. If no user interface is available, a CLI login attempt will be rejected.

For a CLI login, the device always picks the lowest numbered user interface from the idle user interfaces available for the type of login. For example, four VTY user interfaces (0 to 3) are configured, of which VTY 0 and VTY 3 are idle. When a user Telnets to the device, the device assigns VTY 0 to the user and uses the settings on VTY 0 to authenticate and manage the user.

User interface identification

A user interface can be identified by an absolute number, or the interface type and a relative number.

An absolute number uniquely identifies a user interface among all user interfaces. The user interfaces are numbered starting from 0 and incrementing by 1 and in the sequence of console, AUX, and then VTY user interfaces. You can use the display user-interface command without any parameters to view supported user interfaces and their absolute numbers.

18

Page 23 Page 25
Image 24
Page 23 Page 25
Contents HP Firewalls and UTM Devices Page Contents Page Iii Page Overview F1000-A-EI/F1000-S-EIOverview AppearanceF1000-E Front viewF5000 Aspf Firewall modules Firewall module for 5800 switches Enhanced firewall modulesUTM products U200-A U200-A front viewApplication scenarios F1000-A-EI/F1000-S-EIU200-S Firewall applicationVirtual firewall application VPN applicationF1000-E F5000 Firewall modulesEnhanced firewall modules Clound computing data center applicationRemote access application Enterprise network applicatoinUTM Network diagram Login overview Login methods at a glanceLogin methods Login method Default setting and configuration requirementsCLI login method and user interface matrix User interface Login methodCLI user interfaces User interface assignmentPage Default console port properties Parameter DefaultLogging in to the CLI Logging in through the console port for the first timeConnection description Configuring console login control settings Setting the properties of the serial portConfiguring none authentication for console login Authentication Configuration tasks Reference ModeCommand Remarks Last-numberConfiguring password authentication for console login Configuring scheme authentication for console loginConfiguration Guide PasswordDomain domain-name Hwtacacs-scheme-nameConfiguring common console user interface settings optional Speed speed-valueTelnet login Logging in through TelnetTelnet server and Telnet client configuration requirements Device role RequirementsConfiguring none authentication for Telnet login Configuring password authentication for Telnet login Telnetting to the device without authenticationConfiguring scheme authentication for Telnet login Password authentication interface for Telnet loginUser only depend on the user Configuring common VTY user interface settings optional Step Command RemarksUsing the device to log in to a Telnet server CommandCharacter ValueLogging in through SSH To use the device to log in to a Telnet serverConfiguring the SSH server on the device SSH server and client requirementsLdap-scheme-name Local login through the AUX port Using the device to log in to an SSH serverStarted Command Reference Ssh2 serverHardware Feature compatible AUX login diagramConfiguring none authentication for AUX login Configuring password authentication for AUX login Configuring scheme authentication for AUX login Password authentication interface for AUX loginApply the specified AAA Configuring common settings for AUX login optional Ip alias ip-address port-numberDisplay type of both the device Login procedure Default AUX port propertiesConnecting the AUX port to a terminal Power on the device and press Enter at the prompt Displaying and maintaining CLI login Task Command RemarksInclude regular-expression Regular-expressionSend all num1 aux console Available in user view Vty num2 Configuration guidelines Logging in by using the default Web login settingsLogging in to the Web interface Adding a Web login account Configuring Web loginConfiguring Http login Basic Web login configuration requirementsObject Requirements Web captcha verification-codeConfiguring Https login Interface interface-type Interface-numberVerification-code VPN Configuration Guide Policy-nameHttps Mask mask-lengthDisplaying and maintaining Web login Http login configuration exampleConfiguration procedure Network requirementsHttps login configuration example # Associate the Https service with SSL server policy myssl # Enable the Https serviceConfigure the host Https client # Create RSA local key pairsTroubleshooting Web browser Failure to access the device through the Web interfaceSymptom Configuring the Internet Explorer settingsInternet Explorer setting Configuring Firefox Web browser settings Click OK in the Security Settings dialog boxFirefox Web browser setting Accessing the device through Snmp Configuring Snmp accessConfiguring SNMPv3 access PrerequisitesConfiguring SNMPv1 or SNMPv2c access Ipv6 ipv6-acl-number See Getting Started Command ReferencePriv-password acl acl-number acl ipv6 ipv6-acl-number Notify-view acl acl-number aclSnmp login example StepCommand Remarks# Enable the Snmp agent # Configure an Snmp groupPage Feature and hardware compatibility Logging in to the firewall module from the network deviceLogging in to the firewall module from the network device Resetting the system of the firewall module Configuring the Acsei protocolAcsei timers Configuring Acsei server on the network deviceAcsei starts up and runs in the following procedures Acsei startup and runningConfiguring Acsei client on the firewall module Displaying and maintaining Acsei server and clientNetwork requirements Client-idConfiguration procedure # Set the clock synchronization timer to 10 minutes# Set the monitoring timer to 10 seconds # Log in to the firewall modulePage Basic configuration Performing basic configuration in the Web interfaceOverview Basic configuration wizard-1/6 Click Next For basic configuration appearsBasic configuration wizard-2/6 basic information Click Next For configuring service management appearsBasic configuration wizard-3/6 service management Another service Assign IP addresses to the interfacesConfiguration items Click Next For configuring NAT appearsConfigure the parameters as described in Table IP/Wildcard Performing basic configuration at the CLI Basic configuration wizard-6/6Global-name Interface interface-typeIp address ip-address mask-length mask Zone name zone-name id zone-idConfiguration Configuring the device name in the Web interface Configuring the device name at the CLIManaging the device Hardware Supported storage mediumConfiguring the system time in the Web interface Configuring the system timeDisplaying the current system time Configuring the network time CalendarConfiguring the time zone and daylight saving time Source InterfaceDate and time configuration example This example, Device a is the firewallConfiguring the local clock as the reference clock Configuring the system time at the CLI Configuration guidelinesSystem time configuration results Date-timeZone-offset Date-time ± zone-offsetZone-offset + To change the system time Date-time ± zone-offset +Summer-offset Both date-timeSetting the idle timeout timer in the Web interface Setting the idle timeout timer at the CLITo set the idle timeout timer Configuring banners To enable displaying the copyright statementEnabling displaying the copyright statement Banner message input modesConfiguring the maximum number of concurrent users To configure bannersConfiguring the exception handling method Rebooting the deviceRebooting the firewall in the Web interface Rebooting the firewall at the CLI Rebooting devices immediately at the CLIScheduling a device reboot Job configuration approaches Scheduling jobsComparison of non-modular and modular approaches Scheduling a job in the non-modular approach Scheduling a job in the modular approachJob job-name View view-nameScheduled job configuration example Time time-id at time date command command# Create a job named pc1, and enter its view Setting the port status detection timer # Create a job named pc2, and enter its view# Create a job named pc3, and enter its view # Display information about scheduled jobsConfiguring temperature thresholds for a device or a module Configuring basic temperature thresholdsConfiguring advanced temperature thresholds To set the port status detection timerMonitoring an NMS-connected interface Clearing unused 16-bit interface indexes Verifying and diagnosing transceiver modules Verifying transceiver modulesDiagnosing transceiver modules Interface-number beginCommand Reference Displaying and maintaining device managementSee Getting Started Task Command Remarks Task Command Remarks Configuring a local user in the Web interface Managing usersUser levels Configure a local user, as described in Table Click Apply Click AddConfiguration example Service type feature and hardware compatibilityItem Description Configuring a local user at the CLI Controlling user loginsConfiguring Telnet login control Configuring source IP-based Telnet login control Source sour-addr sour-wildcardVpn-instancevpn-instance-name Ipv6-address prefix-lengthTelnet login control configuration example Configuring source MAC-based Telnet login controlRule-string Configuring source IP-based Snmp login control Getting StartedSnmp login control configuration example Ipv6 ipv6-acl-numberRead-view write-viewwrite-view Group-name acl acl-number acl ipv6Configuring Web login control Configuring source IP-based Web login controlWeb login control configuration example Logging off online Web usersSource sour-addr sour-wildcard N/A any time-range User-id user-nameuser-nameDisplaying online users Field DescriptionUsing the CLI Command conventionsCommand conventions Convention DescriptionUsing the undo form of a command CLI viewsTask Command Entering system view from user viewReturning to the upper-level view from any view Returning to user view from any other viewAccessing the CLI online help Entering a command Editing a command lineAbbreviating commands Command line editing keysConfiguring and using command keyword aliases Configuring and using hotkeysTo configure a command keyword alias Usage guidelinesEnabling redisplaying entered-but-not-submitted commands System-reserved hotkeysHotkey Function Understanding command-line error messages Using the command history functionCommon command-line error messages Error message CauseViewing history commands Setting the command history buffer size for user interfacesPausing between screens of output Controlling the CLI outputFiltering the output from a display command Special characters supported in a regular expressionCharacter Meaning Examples Contain stringstring. string1string2\2 repeats String1string2string2. string1string2\1\2String1string2string1string2 Matches character1character2Configuring user privilege and command levels A being character2, but does not match 2aConfiguring a user privilege level Command levels and user privilege levelsLevel Privilege Default set of commands Management and Maintenance Last-num1 vty first-num2 Last-num2By default, the user privilege level Switching the user privilege level Privilege level switching authentication modes Authentication mode Keywords DescriptionInformation, see Access Control Configuration Guide Switching to a higher user privilege level Information required for user privilege level switchingSaving the running configuration Changing the level of a commandTo change the level of a command View commandSupport and other resources Contacting HPRelated information Command conventions SymbolsConventions GUI conventionsNetwork topology icons Port numbering in examplesIndex 144
Related manuals
Manual 3 pages 45.38 Kb
Top Page Image Contents