Configuring https login – H3C Technologies H3C SecBlade LB Cards User Manual

Page 45

Advertising
background image

35

Step Command

Remarks

5.

Associate the HTTP service
with an ACL.

ip http acl acl-number

Optional.
By default, the HTTP service is not

associated with any ACL.
Associating the HTTP service with
an ACL enables the LB product to

allow only clients permitted by the

ACL to log in.

6.

Set the Web connection
timeout time.

web idle-timeout minutes

Optional.
By default, the Web connection

timeout time is 10 seconds.

7.

Set the size of the buffer for

Web login logging.

web logbuffer size pieces

Optional.
By default, the buffer can save up
to 512 Web login logs.

8.

Create a local user and enter

local user view.

local-user user-name

By default, there is a local user
named admin.

9.

Configure a password for the
local user.

password [ [ hash ] { cipher |
simple } password ]

By default, no password is
configured for a newly created

local user, and the password for
local user admin is admin.

10.

Specify the command level of
the local user.

authorization-attribute level level

No command level is configured
for the local user.

11.

Specify the Telnet service type
for the local user.

service-type web

By default, no service type is
configured for the local user.

12.

Exit to system view.

quit

N/A

13.

Enter interface view.

interface interface-type
interface-number

N/A

14.

Assign an IP address and
subnet mask to the interface.

ip address ip-address { mask |
mask-length }

By default, the interface
GigabitEthernet 0/1 on the LB

module has the IP address
192.168.0.1/24 configured, and

the interface GigabitEthernet 0/0

on the L1000-A has the same IP
address configured.

Configuring HTTPS login

The LB product supports the following HTTPS login modes:

Simplified mode—To make the LB product operate in this mode, you only need to enable HTTPS
service on the LB product. The LB product will use a self-signed certificate (a certificate that is

generated and signed by the LB product itself, rather than a CA) and the default SSL settings. This

mode is simple to configure but has potential security risks.

Secure mode—To make the LB product operate in this mode, you must enable HTTPS service on the
LB product, specify an SSL server policy for the service, and configure PKI domain-related
parameters. This mode is more complicated to configure but provides higher security.

For more information about SSL and PKI, see Security Configuration Guide.

Advertising
This manual is related to the following products:

H3C SecPath L1000-A Load Balancer

Popular Brands
Popular manuals