|
К этому устройству также есть другие инструкции:
Фрагмент инструкции
• Management: Users of this level can perform any operations for the device. NOTE: These user levels are intended for users on the root virtual device. Levels for users on other virtual devices are different. Configuring a local user Local user overview Local users are a set of users configured on the Network Access Server (NAS), a U series security product. A local user is uniquely identified by username. To enable users using a certain network service to pass the local authentication, you must add corresponding entries to the local user database on the NAS. The attributes of a local user include: user password display mode, user password, user status and the service type that the user can use. Configuring a local user through the web interface 1. Select User > Local User from the navigation tree. 82 Figure 45 Local user 2. Click Add to enter the page for adding a local user. Figure 46 Add a local user 3. Configure a local user as described in Table 12. 4. Click Apply. Table 12 Configuration items Item Description User Name Enter a username. The username is case sensitive, and cannot contain these characters: “/”, “\”, “:”, “|”, “*”, “?”, “<“, “>“, “@” and “““. IMPORTANT: When you create a local user, there can be spaces in the username, but there cannot be spaces before and after the username. If there are spaces before and after the username, they will be omitted; if you enter a username with all spaces, your input is taken as an empty input. User Privilege Level Set the user privilege level of a user can use, including Visitor, Monitor, Configure and Management. For more information about the user privilege level, see “User levels.” Service Type Set the service type that a user can use, including FTP, SSH, Telnet, Terminal and PPP. IMPORTANT: A user can log in to the device through the web interface only if the service type that he can use include Telnet. Password Set the password 83 Item Description Confirm Password Reset the password, which must be the same with the previously set password. Local user web configuration example Network requirements Configure UTM to authenticate Telnet users. Figure 47 Network diagram Configuration procedure # Configure a local user 1. Select User > Local User in the navigation tree. 2. Click Add. 3. Enter the username telnet. 4. Select the user privilege level Visitor. 5. Select the service type Telnet. 6. Enter the password 123456. 7. Enter 123456 again to confirm the password. 8. Click Apply. Configuring a local user at the CLI See Access Control Configuration Guide. Controlling user login NOTE: User login control is available only at the CLI. User login control overview The device provides the following login control methods: 84 Use login type Login control methods ACL used Telnet Configuring source IP-based login control over Telnet users Basic ACL Configuring source and destination IP-based login control over Telnet users Advanced ACL Configuring source MAC-based login control over Telnet users Ethernet frame header ACL NMS Configuring source IP-based login control over NMS users Basic ACL Web Configuring source IP-based login control over web users Basic ACL Configuring login control over Telnet users Configuration preparation Before configuration, determine the permitted or denied source IP addresses, source MAC addresses, and destination IP addresses. Configuring source IP-based login control over Telnet users Basic ACLs match the source IP addresses of packets, so you can use basic ACLs to implement source IP-based login control over Telnet users. Basic ACLs are numbered from 2000 to 2999. For more information about ACL, see Access Control Configuration Guide. To configure source IP-based login control over Telnet users: To do… Use the command… Remarks Enter system view system-view — Create a basic ACL and enter its view, or enter the view of an existing basic ACL acl number acl-number [ name name ] [ match-order { config | auto } ] Required By default, no basic ACL exists. Configure an IPv4 basic ACL rule rule [ rule-id ] { deny | permit } [fragment | logging | source { sour-addr sour-wildcard | any } | time-range time-range-name | vpn-instance vpn-instance-name ] * Required in an IPv4 networking environment By default, an IPv4 basic ACL does not contain any rule. The logging keyword takes effect only when the module (such as the firewall) that uses the ACL supports the logging function. Exit the basic ACL view quit — Enter user interface view user-interface [ type ] first-number [ last-number ] — 85 To do… Use the command… Remarks Use the ACL to control user login by source IP address acl acl-number { inbound | outbound } Required inbound: Filters incoming Telnet packets. outbound: Filters outgoing Telnet packets. Configuring source and destination IP-based login control over Telnet users Advanced ACLs can match both source and destination IP addresses of packets, so you can use advanced ACLs to implement source and destination IP-based login control over Te...