No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


CLI-based Configuration Guide - Security

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document provides the basic concepts, configuration procedures, and configuration examples in different application scenarios of the network management feature supported by the device.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring the Device as an HTTPS Server

Example for Configuring the Device as an HTTPS Server

Networking Requirements

As shown in Figure 18-2, users access the gateway Router through web.

To prevent data intercepting and tampering during data transmission, a network administrator requires that users use HTTPS to access the Router securely.

Figure 18-2  Networking diagram of HTTPS server configuration

Configuration Roadmap

The configuration roadmap is as follows:

  1. Create a VLAN and a VLANIF interface, and configure the interface to allow enterprise users to access the router.
  2. Configure a server SSL policy and apply the default PKI domain to the server SSL policy. The CA server is not required.
  3. Configure an HTTPS server to ensure confidentiality and integrity of data transmission between users and the Router.


  1. Create a VLAN and configure the interface.

    # Create VLAN 11 on the Router.

    <Huawei> system-view
    [Huawei] sysname Router
    [Router] vlan batch 11

    # Add Eth2/0/0 connecting to users to VLAN 11.

    [Router] interface ethernet 2/0/0
    [Router-Ethernet2/0/0] port link-type access
    [Router-Ethernet2/0/0] port default vlan 11
    [Router-Ethernet2/0/0] quit

    # Create VLANIF 11 and assign IP address to VLANIF 11.

    [Router] interface vlanif11
    [Router-Vlanif11] ip address 24
    [Router-Vlanif11] quit

  2. Configure a server SSL policy.

    # Apply the default PKI domain default to the server SSL policy.

    [Router] ssl policy userserver type server
    [Router-ssl-policy-userserver] pki-realm default

    # Set the maximum number of sessions that can be saved and the timeout period of a saved session are set.

    [Router-ssl-policy-userserver] session cachesize 20 timeout 7200
    [Router-ssl-policy-userserver] quit

  3. Configure the HTTPS server.

    # Bind the SSL policy userserver to the HTTPS server.

    [Router] http secure-server ssl-policy userserver

    # Configure the port number of the HTTPS service.

    [Router] http secure-server port 1278

    # Enable the HTTPS server function on the Router.

    [Router] http secure-server enable
    Warning: The HTTP server has not configured with SSL policy. Continue starting HTTP secure server? [Y/N]: y
      This operation will take several minutes, please wait.........................................................
    Info: Succeeded in starting the HTTPS server

  4. Verify the configuration.

    # Run the display ssl policy userserver command to view the configuration of the SSL policy userserver.

    [Router] display ssl policy userserver
      Policy name                             :   userserver                             
      Policy ID                               :   2                                
      Policy type                             :   Server                            
      Cipher suite                            :   rsa_aes_128_cbc_sha               
      PKI realm                               :   default                                  
      Cache number                            :   20                                
      Time out(second)                        :   7200                              
      Server certificate load status          :   loaded                            
      CA certificate chain load status        :   unloaded                            
      SSL renegotiation status                :   enable
      Bind number                             :   1                                 
      SSL connection number                   :   0                                 

    # Start the web browser on a computer, and enter in the address box. The web management system is displayed, and you can manage the Router on the web pages.

Configuration Files

Configuration file of the Router

 sysname Router
ssl policy userserver type server
 pki-realm default
 session cachesize 20 timeout 7200
 http secure-server ssl-policy userserver
 http secure-server enable
 http secure-server port 1278
vlan batch 11
interface Vlanif11
 ip address
interface Ethernet2/0/0
 port link-type access
 port default vlan 11
Updated: 2019-08-07

Document ID: EDOC1100034077

Views: 125443

Downloads: 230

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next