beautypg.com

H3C Technologies H3C SecPath F1000-E User Manual

Page 46

background image

38

Step Command

Remarks

3.

Enable the HTTPS service.

ip https enable

Disabled by default.
Enabling the HTTPS service triggers an SSL

handshake negotiation process. During the
process, if the local certificate of the device

exists, the SSL negotiation succeeds, and the

HTTPS service can be started properly. If no
local certificate exists, a certificate application

process will be triggered by the SSL

negotiation. Because the application process

takes much time, the SSL negotiation often fails
and the HTTPS service cannot be started

normally. In that case, you need to execute the

ip https enable command multiple times to start
the HTTPS service.

4.

Associate the HTTPS service

with a certificate
attribute-based access control

policy.

ip https certificate
access-control-policy

policy-name

Optional.
By default, the HTTPS service is not associated
with any certificate-based attribute access

control policy.
Associating the HTTPS service with a

certificate-based attribute access control policy
enables the device to control the access rights

of clients.
You must configure the client-verify enable

command in the associated SSL server policy.
If not, no clients can log in to the device.
The associated SSL server policy must contain
at least one permit rule. Otherwise, no clients

can log in to the device.
For more information about certificate

attribute-based access control policies, see
VPN Configuration Guide.

5.

Configure the port number of

the HTTPS service.

ip https port
port-number

Optional.
443 by default.

6.

Associate the HTTPS service
with an ACL.

ip https acl acl-number

By default, the HTTPS service is not associated
with any ACL.
Associating the HTTPS service with an ACL
enables the device to allow only clients

permitted by the ACL to access the device.

7.

Create a local user and enter
local user view.

local-user user-name

By default, no local user is configured.

8.

Configure a password for the
local user.

password { cipher |
simple } password

By default, no password is configured for the
local user.

9.

Specify the command level of
the local user.

authorization-attribute

level level

By default, no command level is configured for
the local user.

10.

Specify the Telnet service type
for the local user.

service-type web

By default, no service type is configured for the

local user.

11.

Exit to system view.

quit

N/A