Enterasys Networks Security Router X-PeditionTM User Manual

Firewall CLI Commands

XSR User’s Guide 16-21

•

Event Logging - Defines the event threshold for firewall values logged to the Console or Syslog
with

ip firewall logging

. You can set eight severity levels ranging from 0 for emergency

alarms down to 7 which cumulatively logs all firewall messages through 0, as follows:

–

Level 0: Emergency

–

Level 1: Alert

–

Level 2: Critical - alarms such as failure to allocate memory during initialization are logged if
system logging is enabled and firewall logging is set to level 2 or higher

–

Level 3: Error - abnormal and deny alarms are logged if system logging is set at MEDIUM
or HIGH and firewall logging is level 3 or higher

–

Level 4: Warning - normal and permit alarms are logged if system logging is set at LOW
and firewall logging is level 4 or higher

–

Level 5: Notice

–

Level 6: Information

–

Level 7: Debug

You can generate fewer firewall alarms by setting a low logging level with the system

logging

command.

To further minimize alarms and overhead for the XSR, configure the firewall alarm level to 0
with the

ip firewall logging

command. This value is independent of the XSR logging

priority, and taking this action avoids generating firewall alarms that are later dropped
anyway by the XSR’s system alarm logging mechanism.

•

Authentication - Defines firewall authentication with idle timeout and port range values

with

ip

firewall auth

. Also, the

ip firewall policy

command applies authentication rules on a

group basis. Authentication entries for users are configured using the AAA commands
including

aaa user

and

password

,

aaa group

,

aaa policy

, and

aaa client

. When

configuring the firewall

policy group_name, be sure it matches the AAA group name.

When entering the

telnet <address> <port-number>

command, the screen shown in

Figure 16-13

appears. Be aware that configured usernames and passwords must be less than

32 characters and can include non-alphanumeric characters.

Figure 16-13 Sample Telnet Screen

Be aware that a Telnet session left idle for more than one minute is terminated by default. Set
the idle timeout with

session-timeout

.

Please provide username and password.

XSR>,186>Mar 4 22:56:20 10.10.10.20 CLI: User: clarkkent

XSR>

logged in from address 10.10.10.10.

Username: clarkkent

Authenticated.

Password:******