H3C Technologies H3C S12500 Series Switches User Manual
Page 50
38
Step Command
Remarks
5.
Associate the HTTPS
service with a certificate
attribute-based access
control policy.
ip https certificate
access-control-policy
policy-name
Optional.
By default, the HTTPS service is not
associated with any certificate-based
attribute access control policy.
The switch uses the associated policy to
control client access rights.
You must configure the client-verify
enable command and at least one
permit rule in the SSL server policy.
Otherwise, no clients can log in through
HTTPS.
For more information about certificate
attribute-based access control policies,
see the chapter on PKI in Security
Configuration Guide.
6.
Specify the HTTPS service
port number.
ip https port port-number
Optional.
The default HTTPS service port is 443.
7.
Associate the HTTPS
service with an ACL.
ip https acl acl-number
By default, the HTTPS service is not
associated with any ACL.
The switch allows only clients permitted
by the associated ACL to log in.
8.
Set the HTTPS user
authentication mode.
web https-authorization mode
{ auto | manual }
Optional.
The default HTTPS user authentication
mode is manual.
In manual mode, a user must enter the
correct username and password to log in
through HTTPS.
In auto mode, the device first
authenticates users by their certificates:
•
If the certificate is correct and not
expired, the CN field in the
certificate is used as the username to
perform AAA authentication. If the
authentication succeeds, the Web
interface of the device appears on
the user's terminal.
•
If the certificate is correct and not
expired, but the AAA authentication
fails, the device shows the Web login
page and the user must enter the
correct username and password to
log in.
•
If the certificate is incorrect or
expired, the HTTPS connection is
terminated.
9.
Create a local user and
enter local user view.
local-user user-name
By default, no local user is configured.
10.
Configure a password for
the local user.
password { cipher | simple }
password
By default, no password is configured
for the local user.
- H3C S12500-X Series Switches H3C S9800 Series Switches H3C S9500E Series Switches H3C S5560 Series Switches H3C S5130 Series Switches H3C S5120 Series Switches H3C SR8800 H3C SR6600-X H3C SR6600 H3C MSR 5600 H3C MSR 50 H3C MSR 3600 H3C MSR 30 H3C MSR 2600 H3C MSR 20-2X[40] H3C MSR 20-1X H3C MSR 930 H3C MSR 900 H3C WX3000E Series Wireless Switches H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C WX3000 Series Unified Switches H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000 H3C S10500 Series Switches