H3C Technologies H3C SecPath F1000-E User Manual
Page 46

38
Step Command
Remarks
3.
Enable the HTTPS service.
ip https enable
Disabled by default.
Enabling the HTTPS service triggers an SSL
handshake negotiation process. During the
process, if the local certificate of the device
exists, the SSL negotiation succeeds, and the
HTTPS service can be started properly. If no
local certificate exists, a certificate application
process will be triggered by the SSL
negotiation. Because the application process
takes much time, the SSL negotiation often fails
and the HTTPS service cannot be started
normally. In that case, you need to execute the
ip https enable command multiple times to start
the HTTPS service.
4.
Associate the HTTPS service
with a certificate
attribute-based access control
policy.
ip https certificate
access-control-policy
policy-name
Optional.
By default, the HTTPS service is not associated
with any certificate-based attribute access
control policy.
Associating the HTTPS service with a
certificate-based attribute access control policy
enables the device to control the access rights
of clients.
You must configure the client-verify enable
command in the associated SSL server policy.
If not, no clients can log in to the device.
The associated SSL server policy must contain
at least one permit rule. Otherwise, no clients
can log in to the device.
For more information about certificate
attribute-based access control policies, see
VPN Configuration Guide.
5.
Configure the port number of
the HTTPS service.
ip https port
port-number
Optional.
443 by default.
6.
Associate the HTTPS service
with an ACL.
ip https acl acl-number
By default, the HTTPS service is not associated
with any ACL.
Associating the HTTPS service with an ACL
enables the device to allow only clients
permitted by the ACL to access the device.
7.
Create a local user and enter
local user view.
local-user user-name
By default, no local user is configured.
8.
Configure a password for the
local user.
password { cipher |
simple } password
By default, no password is configured for the
local user.
9.
Specify the command level of
the local user.
authorization-attribute
level level
By default, no command level is configured for
the local user.
10.
Specify the Telnet service type
for the local user.
service-type web
By default, no service type is configured for the
local user.
11.
Exit to system view.
quit
N/A
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS