No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - Basic Configuration

AR500, AR510, AR531, AR550, AR1500, and AR2500 V200R010

This document provides the basic concepts, configuration procedures, and configuration examples in different application scenarios of the Basic configuration supported by the device.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring Web System Parameters

(Optional) Configuring Web System Parameters

Context

The device can function as an HTTPS server and use the data encryption, identity authentication, and message integrity check mechanisms of the SSL protocol to ensure secure data transmission between the device and users. Users can securely access a remote device on web pages.

The device has the web system function enabled before delivery and provides a default SSL policy. The web page file contains the SSL certificate. Therefore, you do not need to perform the following operations.

For security purposes, you are advised to obtain a new digital certificate from a CA and manually configure an SSL policy. For details, see Configuring the Device as an HTTPS Server in the Huawei AR Series IOT Gateway Configuration Guide - Security. The details are not mentioned here.

Procedure

  1. Run system-view

    The system view is displayed.

  2. (Optional) Run set insecure-protocol enable

    Insecure management protocols HTTP and Telnet are allowed to be used.

    By default, insecure management protocols HTTP and Telnet can be used.

  3. Run http server enable

    The web system function is enabled.

    By default, the web system function is enabled on the device.

  4. Run http server-source { -a source-ip-address | -i interface-type interface-number }

    The source IP address of the web system is configured.

    By default, the source IP address of the web system is not configured.

    If the source IP address is not specified for the web system, the device selects a source IP address according to routing entries to send packets. Specify an interface in stable state, such as a loopback interface, as the source interface. Before specifying a source interface, ensure that clients have reachable routes to the source interface. Otherwise, the configuration will fail.

  5. Run http secure-server port port-number

    The port number of the HTTPS server is configured .

    The default port number of the HTTPS server is 443.

    If the default port number is used, attackers may access this port continuously, consuming bandwidth resources and degrading security performance of the server. As a result, authorized users cannot access the device. If the default port number is used by another service, users cannot log in to the device through the web system.

  6. Run http secure-server manager-port port-number

    The management port of the HTTPS server is enabled and the management port number is set.

    By default, the management port of the HTTPS server is disabled.

    You can run this command to enable the management port of the HTTPS server and set the management port number, and then can manage the router.

    NOTE:

    Only users at level 3 and higher levels can log in to the web platform through the management port.

  7. Run http server max-online-users max-online-users

    The maximum number of concurrent online users in the web system is set.

    By default, the maximum number of concurrent online users in the web system is 5.

    You can configure the maximum number of concurrent online users in the web system to restrict the number of users who access the web system at the same time.

  8. Run http timeout timeout

    The HTTPS session timeout interval is set.

    By default, the HTTPS session timeout interval is 10 minutes.

    By default, only five users can concurrently log in to the device through the web system. If a web user logs in to the device but does not perform any operations for a long time, the user occupies web channel resources and other users may fail to log in to the device. You can set a proper HTTPS session timeout interval so that web channel resources can be released in a timely manner.

  9. Configure ACL-based access control for the web system.
    1. Run acl [ number ] acl-number

      A numbered ACL is created and the ACL view is displayed.

    2. Configure an ACL rule.

      The command for configuring rules for a basic ACL differs from that for configuring rules for an advanced ACL.

      • For a basic ACL, run rule [ rule-id ] { deny | permit } [ source { source-address source-wildcard | any } | vpn-instance vpn-instance-name | [ fragment | none-first-fragment ] | logging | time-range time-name ] *

      • For an advanced ACL, run rule [ rule-id ] { deny | permit } ip [ destination { destination-address destination-wildcard | any } | source { source-address source-wildcard | any } | logging | time-range time-name | vpn-instance vpn-instance-name | [ dscp dscp | [ tos tos | precedence precedence ] * ] | [ fragment | none-first-fragment ] ] *

    3. Run quit

      Return to the system view.

    4. Run http acl acl-number

      An ACL is configured for the HTTPS server.

      By default, no ACL is configured for the HTTPS server, that is, web users using any clients can establish HTTPS connections with the device.

  10. Run http server permit interface { interface-type interface-number } &<1-5>

    An interface is configured to allow clients to access the web system.

    By default, all interfaces on the device allow clients to access the web system.

    To prevent unauthorized clients from accessing the web system through an interface, you can run this command to specify an interface that allows clients to access the web system.

    NOTE:
    You can only run the http server permit interface command to configure Layer 3 physical interfaces and Layer 3 VLANIF interfaces.

Translation
Download
Updated: 2019-05-20

Document ID: EDOC1100034225

Views: 44482

Downloads: 100

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next