HP 200 Unified Threat Management (UTM) Appliance manual Command Remarks, Last-number

Page 29

Scheme—Uses the AAA module to provide local or remote console login authentication. You must provide a username and password for accessing the CLI. For more information about authentication modes and parameters, see Access Control Configuration Guide. Keep your username and password.

By default, console login does not require authentication. Any user can log in through the console port without authentication and have user privilege level 3. To improve device security, configure the password or scheme authentication mode immediately after you log in to the device for the first time.

Table 4 Configuration required for different console login authentication modes

Authentication

Configuration tasks

Reference

mode

 

 

 

Set the authentication mode to none for the console user

"Configuring none

None

authentication for console

interface.

 

login"

 

 

 

 

 

 

Enable password authentication on the console user

"Configuring password

Password

interface.

authentication for console

 

Set a password.

login"

 

 

 

 

Enable scheme authentication on the console user

 

 

interface.

 

 

Configure local or remote authentication settings.

 

To configure local authentication:

1.Configure a local user and specify the password.

 

2.

Configure the device to use local authentication.

"Configuring scheme

Scheme

To configure remote authentication:

authentication for console

 

login"

 

3.

Configure the RADIUS or HWTACACS scheme on

 

 

 

 

the device.

 

 

4.

Configure the username and password on the AAA

 

 

 

server.

 

 

5.

Configure the device to use the scheme for user

 

 

 

authentication.

 

 

 

 

 

Configuring none authentication for console login

Step

 

Command

Remarks

6.

Enter system view.

system-view

N/A

 

 

 

 

7.

Enter console user interface

user-interface console first-number

N/A

 

view.

[ last-number ]

 

 

 

 

 

 

8.

Enable none authentication

 

By default, you can log in to the

authentication-mode none

device through the console port

 

mode.

without authentication and have

 

 

 

 

 

user privilege level 3.

 

 

 

 

9.

Configure common settings

See "Configuring common console

Optional.

 

for console login.

user interface settings (optional)."

 

 

 

 

 

 

The next time you attempt to log in through the console port, you do not need to provide any username or password.

23

Page 28 Page 30
Image 29
Page 28 Page 30
Contents HP Firewalls and UTM Devices Page Contents Page Iii Page F1000-A-EI/F1000-S-EI OverviewOverview AppearanceFront view F1000-EF5000 Aspf Firewall modules Enhanced firewall modules Firewall module for 5800 switchesUTM products U200-A front view U200-AF1000-A-EI/F1000-S-EI Application scenariosU200-S Firewall applicationVPN application Virtual firewall applicationF1000-E Firewall modules F5000Clound computing data center application Enhanced firewall modulesEnterprise network applicatoin Remote access applicationUTM Network diagram Login methods at a glance Login overviewLogin methods Login method Default setting and configuration requirementsUser interface Login method CLI login method and user interface matrixCLI user interfaces User interface assignmentPage Parameter Default Default console port propertiesLogging in to the CLI Logging in through the console port for the first timeConnection description Setting the properties of the serial port Configuring console login control settingsAuthentication Configuration tasks Reference Mode Configuring none authentication for console loginCommand Remarks Last-numberConfiguring scheme authentication for console login Configuring password authentication for console loginPassword Configuration GuideDomain domain-name Hwtacacs-scheme-nameSpeed speed-value Configuring common console user interface settings optionalLogging in through Telnet Telnet loginDevice role Requirements Telnet server and Telnet client configuration requirementsConfiguring none authentication for Telnet login Telnetting to the device without authentication Configuring password authentication for Telnet loginPassword authentication interface for Telnet login Configuring scheme authentication for Telnet loginUser only depend on the user Step Command Remarks Configuring common VTY user interface settings optionalCommand Using the device to log in to a Telnet serverCharacter ValueTo use the device to log in to a Telnet server Logging in through SSHSSH server and client requirements Configuring the SSH server on the deviceLdap-scheme-name Using the device to log in to an SSH server Local login through the AUX portStarted Command Reference Ssh2 serverAUX login diagram Hardware Feature compatibleConfiguring none authentication for AUX login Configuring password authentication for AUX login Password authentication interface for AUX login Configuring scheme authentication for AUX loginApply the specified AAA Ip alias ip-address port-number Configuring common settings for AUX login optionalDisplay type of both the device Default AUX port properties Login procedureConnecting the AUX port to a terminal Power on the device and press Enter at the prompt Task Command Remarks Displaying and maintaining CLI loginInclude regular-expression Regular-expressionSend all num1 aux console Available in user view Vty num2 Logging in to the Web interface Configuration guidelinesLogging in by using the default Web login settings Configuring Web login Adding a Web login accountBasic Web login configuration requirements Configuring Http loginObject Requirements Web captcha verification-codeVerification-code Configuring Https loginInterface interface-type Interface-number Policy-name VPN Configuration GuideMask mask-length HttpsHttp login configuration example Displaying and maintaining Web loginConfiguration procedure Network requirementsHttps login configuration example # Enable the Https service # Associate the Https service with SSL server policy mysslConfigure the host Https client # Create RSA local key pairsFailure to access the device through the Web interface Troubleshooting Web browserSymptom Configuring the Internet Explorer settingsInternet Explorer setting Click OK in the Security Settings dialog box Configuring Firefox Web browser settingsFirefox Web browser setting Configuring Snmp access Accessing the device through SnmpConfiguring SNMPv3 access PrerequisitesIpv6 ipv6-acl-number See Getting Started Command Reference Configuring SNMPv1 or SNMPv2c accessPriv-password acl acl-number acl ipv6 ipv6-acl-number Notify-view acl acl-number aclStepCommand Remarks Snmp login example# Enable the Snmp agent # Configure an Snmp groupPage Logging in to the firewall module from the network device Feature and hardware compatibilityLogging in to the firewall module from the network device Configuring the Acsei protocol Resetting the system of the firewall moduleConfiguring Acsei server on the network device Acsei timersAcsei starts up and runs in the following procedures Acsei startup and runningDisplaying and maintaining Acsei server and client Configuring Acsei client on the firewall moduleNetwork requirements Client-id# Set the clock synchronization timer to 10 minutes Configuration procedure# Set the monitoring timer to 10 seconds # Log in to the firewall modulePage Overview Basic configurationPerforming basic configuration in the Web interface Click Next For basic configuration appears Basic configuration wizard-1/6Click Next For configuring service management appears Basic configuration wizard-2/6 basic informationBasic configuration wizard-3/6 service management Assign IP addresses to the interfaces Another serviceConfigure the parameters as described in Table Configuration itemsClick Next For configuring NAT appears IP/Wildcard Basic configuration wizard-6/6 Performing basic configuration at the CLIInterface interface-type Global-nameIp address ip-address mask-length mask Zone name zone-name id zone-idConfiguration Configuring the device name at the CLI Configuring the device name in the Web interfaceManaging the device Hardware Supported storage mediumDisplaying the current system time Configuring the system time in the Web interfaceConfiguring the system time Calendar Configuring the network timeSource Interface Configuring the time zone and daylight saving timeThis example, Device a is the firewall Date and time configuration exampleConfiguring the local clock as the reference clock Configuration guidelines Configuring the system time at the CLIDate-time System time configuration resultsZone-offset Date-time ± zone-offsetZone-offset + Date-time ± zone-offset + To change the system timeSummer-offset Both date-timeTo set the idle timeout timer Setting the idle timeout timer in the Web interfaceSetting the idle timeout timer at the CLI To enable displaying the copyright statement Configuring bannersEnabling displaying the copyright statement Banner message input modesTo configure banners Configuring the maximum number of concurrent usersRebooting the firewall in the Web interface Configuring the exception handling methodRebooting the device Scheduling a device reboot Rebooting the firewall at the CLIRebooting devices immediately at the CLI Comparison of non-modular and modular approaches Job configuration approachesScheduling jobs Scheduling a job in the modular approach Scheduling a job in the non-modular approachJob job-name View view-name# Create a job named pc1, and enter its view Scheduled job configuration exampleTime time-id at time date command command # Create a job named pc2, and enter its view Setting the port status detection timer# Create a job named pc3, and enter its view # Display information about scheduled jobsConfiguring basic temperature thresholds Configuring temperature thresholds for a device or a moduleConfiguring advanced temperature thresholds To set the port status detection timerMonitoring an NMS-connected interface Clearing unused 16-bit interface indexes Verifying transceiver modules Verifying and diagnosing transceiver modulesDiagnosing transceiver modules Interface-number beginSee Getting Started Command ReferenceDisplaying and maintaining device management Task Command Remarks Task Command Remarks User levels Configuring a local user in the Web interfaceManaging users Click Add Configure a local user, as described in Table Click ApplyItem Description Configuration exampleService type feature and hardware compatibility Configuring Telnet login control Configuring a local user at the CLIControlling user logins Source sour-addr sour-wildcard Configuring source IP-based Telnet login controlVpn-instancevpn-instance-name Ipv6-address prefix-lengthRule-string Telnet login control configuration exampleConfiguring source MAC-based Telnet login control Getting Started Configuring source IP-based Snmp login controlIpv6 ipv6-acl-number Snmp login control configuration exampleRead-view write-viewwrite-view Group-name acl acl-number acl ipv6Configuring source IP-based Web login control Configuring Web login controlLogging off online Web users Web login control configuration exampleSource sour-addr sour-wildcard N/A any time-range User-id user-nameuser-nameField Description Displaying online usersCommand conventions Using the CLICommand conventions Convention DescriptionCLI views Using the undo form of a commandEntering system view from user view Task CommandReturning to the upper-level view from any view Returning to user view from any other viewAccessing the CLI online help Editing a command line Entering a commandAbbreviating commands Command line editing keysConfiguring and using hotkeys Configuring and using command keyword aliasesTo configure a command keyword alias Usage guidelinesHotkey Function Enabling redisplaying entered-but-not-submitted commandsSystem-reserved hotkeys Using the command history function Understanding command-line error messagesCommon command-line error messages Error message CauseSetting the command history buffer size for user interfaces Viewing history commandsPausing between screens of output Controlling the CLI outputCharacter Meaning Examples Filtering the output from a display commandSpecial characters supported in a regular expression String1string2string2. string1string2\1\2 Contain stringstring. string1string2\2 repeatsString1string2string1string2 Matches character1character2A being character2, but does not match 2a Configuring user privilege and command levelsLevel Privilege Default set of commands Configuring a user privilege levelCommand levels and user privilege levels Last-num1 vty first-num2 Last-num2 Management and MaintenanceBy default, the user privilege level Switching the user privilege level Information, see Access Control Configuration Guide Privilege level switching authentication modesAuthentication mode Keywords Description Information required for user privilege level switching Switching to a higher user privilege levelChanging the level of a command Saving the running configurationTo change the level of a command View commandRelated information Support and other resourcesContacting HP Symbols Command conventionsConventions GUI conventionsPort numbering in examples Network topology iconsIndex 144
Related manuals
Manual 3 pages 45.38 Kb
Top Page Image Contents