H3C Technologies H3C S12500 Series Switches User Manual

Page 50

Advertising
background image

38

Step Command

Remarks

5.

Associate the HTTPS

service with a certificate
attribute-based access

control policy.

ip https certificate
access-control-policy

policy-name

Optional.
By default, the HTTPS service is not

associated with any certificate-based
attribute access control policy.
The switch uses the associated policy to
control client access rights.
You must configure the client-verify

enable command and at least one
permit rule in the SSL server policy.

Otherwise, no clients can log in through

HTTPS.
For more information about certificate

attribute-based access control policies,
see the chapter on PKI in Security

Configuration Guide.

6.

Specify the HTTPS service
port number.

ip https port port-number

Optional.
The default HTTPS service port is 443.

7.

Associate the HTTPS
service with an ACL.

ip https acl acl-number

By default, the HTTPS service is not
associated with any ACL.
The switch allows only clients permitted
by the associated ACL to log in.

8.

Set the HTTPS user
authentication mode.

web https-authorization mode

{ auto | manual }

Optional.
The default HTTPS user authentication
mode is manual.
In manual mode, a user must enter the

correct username and password to log in
through HTTPS.
In auto mode, the device first
authenticates users by their certificates:

If the certificate is correct and not
expired, the CN field in the

certificate is used as the username to

perform AAA authentication. If the

authentication succeeds, the Web
interface of the device appears on

the user's terminal.

If the certificate is correct and not

expired, but the AAA authentication

fails, the device shows the Web login

page and the user must enter the
correct username and password to

log in.

If the certificate is incorrect or

expired, the HTTPS connection is

terminated.

9.

Create a local user and
enter local user view.

local-user user-name

By default, no local user is configured.

10.

Configure a password for
the local user.

password { cipher | simple }
password

By default, no password is configured
for the local user.

Advertising
This manual is related to the following products:

H3C S12500-X Series Switches, H3C S9800 Series Switches, H3C S9500E Series Switches, H3C S5560 Series Switches, H3C S5130 Series Switches, H3C S5120 Series Switches, H3C SR8800, H3C SR6600-X, H3C SR6600, H3C MSR 5600, H3C MSR 50, H3C MSR 3600, H3C MSR 30, H3C MSR 2600, H3C MSR 20-2X[40], H3C MSR 20-1X, H3C MSR 930, H3C MSR 900, H3C WX3000E Series Wireless Switches, H3C WX5500E Series Access Controllers, H3C WX3500E Series Access Controllers, H3C WX2500E Series Access Controllers, H3C WX6000 Series Access Controllers, H3C WX5000 Series Access Controllers, H3C WX3000 Series Unified Switches, H3C LSWM1WCM10 Access Controller Module, H3C LSUM3WCMD0 Access Controller Module, H3C LSUM1WCME0 Access Controller Module, H3C LSWM1WCM20 Access Controller Module, H3C LSQM1WCMB0 Access Controller Module, H3C LSRM1WCM2A1 Access Controller Module, H3C LSBM1WCM2A0 Access Controller Module, H3C WA3600 Series Access Points, H3C WA2600 Series WLAN Access Points, H3C SecPath F5020, H3C SecPath F5040, H3C VMSG VFW1000, H3C S10500 Series Switches

Popular Brands
Popular manuals