QTech QSR-3920 Series Скачать руководство пользователя | Manualshive

Страница: 82 / 120

background image

Configuration manual

7. System Management

82

www.qtech.ru

Enter

the

global

configuration mode.

configure terminal

-

Configure to save history
commands.

service shell-history

Mandatory.
By  default,  the  history
command  saving  function
is enabled.

7.2.8

Configure the Login Security Service

Configuration Condition

None

Enable the System Login Security Service

To enhance the system security, the device provides the system login security service function.
The functions include:



Prevents brute force cracking of user login passwords.



Prevents the fast connection function.

The function of brute force cracking prevention prevents malicious illegal users from forcedly
cracking the user name and password for logging in to the device. If the system finds that the
number of continuous login authentication failures of a user reaches the number specified by
the system, the system rejects the login request from the IP address within the specified
period of time.

The  function  of  preventing  fast  connections  prevents  illegal  users  from  initiating  a  large
number of login requests within a short period time because this may occupy a lot of system
and  network  resources.  If  the  number  of  repeated  login  connections  from  a  user  reached  a
specified  number,  the  system  rejects  the  login  connection  from  the  IP  address  or  the  login
request from the user within the specified period of time.

Table 7-9 Enabling the system login security service

Step

Command

Description

Enter

the

global

configuration mode.

configure terminal

-

Enable the system login
security service.

service

login-secure

{telnet | ssh | ftp |
snmp}

Mandatory.
By default, the system
login security service is
enabled.

«
...
80
81
82
83
84
...
»

Содержание QSR-3920 Series

Страница 1: ...CONFIGURATION MANUAL www qtech ru QSR 3920 Series Router Configuration Manual QSR 3920 08...

Страница 2: ...Device 20 2 3 2 Configure a Local Device to Log in to a Remote Device via Telnet 22 2 3 3 Configure a Local Device to Log in to a Remote Device via SSH 23 3 SYSTEM CONTROL AND MANAGEMENT 25 3 1 Overv...

Страница 3: ...ons 66 5 2 4 Download Files from the FTP 68 5 2 5 Execute a Configuration File Manually 69 5 2 6 Configure Startup Parameters 69 5 2 7 File System Managing Monitoring and Maintaining 70 5 3 Typical Co...

Страница 4: ...em Fan Alarms 89 8 2 4 Configure System Alarm Parameters 89 8 2 5 System Alarm Monitoring and Maintaining 90 9 SYSTEM LOG MANAGEMENT 91 9 1 Overview 91 9 2 System Log Function Configuration 92 9 2 1 C...

Страница 5: ...figuring the Bootloader Functions 117 11 2 2 Set the Bootloader Boot Parameters 117 11 2 3 Upgrade the Bootloader Program 118 11 2 4 Bootloader Monitoring and Maintaining 119 11 3 Typical Configuratio...

Страница 6: ...nfigure the device directly in this mode Logging in to the device by remote dial up through a Modem The device cannot be configured directly in this mode that is before configuration some preparations...

Страница 7: ...ons and chapters The following table shows how to enter the common command modes and switch over between the modes Table 1 2 System modes and methods of switching over between the modes Mode How to En...

Страница 8: ...e run the ip access list standard or ip access list extended command Hostname con fig std nacl Hostname con fig ext nacl Run the exit command to exit to the global configuration mode Run the end comma...

Страница 9: ...elp Help Full help Partial help With the above types of online help users can obtain various help information The following gives some examples To obtain a brief description of the online help system...

Страница 10: ...ion factor alarm of the cpu or memory apply Command apply arp Set a static ARP entry banner Define a login banner bgp BGP information bridge Bridge Group cam Config cam global parameters cardreset exc...

Страница 11: ...rror messages to the users The following table shows common error messages Table 1 3 Command line error messages Error Message Error Cause Invalid input detected at marker No command or key word is fo...

Страница 12: ...own arrow keys when you telnet to the device in the Windows 98 or Windows NT OS set Terminals Preferred Options Simulation Options to VT 100 ANSI History command display is based on the current comman...

Страница 13: ...e end of the command line Ctrl U Deletes all characters on the left of the cursor till the beginning of the command line Display Features To facilitate users the command line interface provides the fo...

Страница 14: ...Configuration manual 1 System Operation Basics 14 www qtech ru Any other keys Exit the display Then the information that has not been displayed will not be displayed...

Страница 15: ...System Login Function Configuration Table 2 1 System login function configuration list Configuration Tasks Logging in to the device through the Console port Configuring remote login through Telnet Ena...

Страница 16: ...via the console port Step 3 Configure the HyperTerminal After powering on the terminal you need to set the communication parameters of the terminal that is baud rate of 9600 bps 8 data bits 1 stop bi...

Страница 17: ...a serial communication port Configure parameters for the serial communication port Baud rate 9600 bps Data bit 8 bits Parity check None Stop bit 1 bit Data stream control None Figure 2 4 Configuring p...

Страница 18: ...ce enable the Telnet service of the device After the Telnet service of the device is enabled the Telnet service port 23 is monitored Table 2 2 Enabling the telnet service of the device Step Command De...

Страница 19: ...H service of the device is enabled the SSH service port 22 is monitored If the ip ssh server command is used without parameter sshv1 compatible it indicates that an SSH client can log in only through...

Страница 20: ...d The Telnet client can log in to a remote device only when the SSH service of the remote device is enabled and the network between the SSH client and the remote device is normal 2 2 4 System Login Mo...

Страница 21: ...he enable password Device enable Device configure terminal Device config enable password admin Step 3 Telnet to the device On the PC run the Telnet program and input the IP address of gigabitethernet0...

Страница 22: ...has been configured 2 3 2 Configure a Local Device to Log in to a Remote Device via Telnet Network Requirements The local device Device1 acts as the Telnet client while the remote device Device2 acts...

Страница 23: ...rom the IP address during the specified time If the Password required but none set message is displayed it indicates that no login password has been configured 2 3 3 Configure a Local Device to Log in...

Страница 24: ...pening or the IP address for the host and its host key have changed RSA key fingerprint is 7b ed cc 81 cf 12 36 6f f7 ff 29 15 63 75 64 10 Are you sure you want to continue connecting yes no yes Pleas...

Страница 25: ...ong the levels level 0 has the lowest rights while level 15 has the highest rights 3 2 Login Control and Management Function Configuration Table 3 1 Configuration list of login control and management...

Страница 26: ...r level authentication is required according to the current configuration and the authentication mode is selected according to the configuration If the enable password of the corresponding level has b...

Страница 27: ...o input the password If passwords have been set for users of different levels on the RADIUS server after inputting the correct password the login succeeds otherwise the login fails For example in runn...

Страница 28: ...only the commands with the levels 0 12 In configuring the command level you need to make use of command modes You can modify the level of a single command or all commands in a specified command mode T...

Страница 29: ...nds are executed automatically By default the command execution is not delayed and the user connection is disconnected after the commands are executed automatically Table 3 5 Configuring auto commands...

Страница 30: ...necessary to limit the online login quantity of one user at one time you can configure the maximum online quantity of the user Table 3 8 Configuring the maximum online quantity of the user Step Comma...

Страница 31: ...er When it is necessary to limit the authentication failure times of one user you can configure the maximum failure times of the user Table 3 11 Configuring the maximum authentication failure times of...

Страница 32: ...er To ensure the security of the file system you can specify the user to own one file authority preventing the illegal access Table 3 14 Configuring the file system authority of the user Step Command...

Страница 33: ...6 Entering the line configuration mode of the console port Step Command Description Enter the global configuration mode configure terminal Enters the line configuration mode of the Console port line c...

Страница 34: ...configuration mode of the Console port or Virtual Type Terminal VTY line con 0 vty vty min number vty max number Mandatory Configure the absolute time for the login user operation absolute timeout abs...

Страница 35: ...t no command is executed automatically Configure Auto Command Execution Options You can configure delay time for auto commands and configure whether to disconnect the user connection after the command...

Страница 36: ...nsole port or VTY line con 0 vty vty min number vty max number Mandatory Configuring the idle timeout exit time exec timeout exec timeout minute_number exec timeout second_number Mandatory The default...

Страница 37: ...entication mode Step Command Description Enter the global configuration mode configure terminal Enter the line configuration mode of the Console port or VTY line con 0 vty vty min number vty max numbe...

Страница 38: ...n mode of the Console port or VTY line con 0 vty vty min number vty max number Mandatory Configuring the accounting mode accounting exec commands level default word Mandatory For the accounting method...

Страница 39: ...ion mode line vty vty min number vty max number Optional Enter the line configuration mode of the Console port line con 0 Optional Configure the ingress ACL of the IP address access class access list...

Страница 40: ...obal configuration mode configure terminal Enter the line configuration mode of the Console port line con 0 Mandatory Configure the user login wait timeout time timeout login respond respond time valu...

Страница 41: ...o receive data it sends the PORT command through this channel The PORT command contains through which port the client receives data Then the FTP server connects its TCP20 port to the specified port of...

Страница 42: ...e transmission adopts the encryption decryption technology so the transmission efficiency is lower than the FTP file transmission 4 2 FTP FTPS TFTP and SFTP Function Configuration Table 4 1 FTP FTPS T...

Страница 43: ...r num user num Optional By default the maximum allowed number of concurrent login users is 1 Configure the connection timeout time ftp timeout time Optional By default the connection timeout time is 3...

Страница 44: ...he device to the FTP server and the FTP server but the other service interface addresses are available In this case users can use the ip ftp source address or ip ftp source interface commands to speci...

Страница 45: ...the TFTP server For the security sake some networks may restrict the communication between the address of the outgoing interface of the route from the device to the TFTP server and the TFTP server bu...

Страница 46: ...server function Step Command Description Enter the global configuration mode configure terminal Enable the SFTP server function ip ssh server sshv1 compatible listen port Mandatory By default do not...

Страница 47: ...iguring a device as an FTP client Configuration Steps Step 1 Configure an FTP server and place the files to be downloaded in the FTP server directory Omitted Step 2 Configure the IP addresses of the d...

Страница 48: ...FTP Hookup connect error 65 message is printed it indicates that the server cannot be reached and the cause may be that the route is not available or the server has not been started If the Total 51054...

Страница 49: ...e the authorized user name and password Device1 configure terminal Device1 config user admin password 0 admin On Device1 enable the FTP service Device1 configure terminal Device1 config ftp enable on...

Страница 50: ...nabled you can find that port 21 is in the listen state Step 4 Use Device2 as an FTP client to copy a startup file from FTP server Device1 to Device2 Device2 filesystem Device2 config fs copy ftp 2 0...

Страница 51: ...to the FTP server via the windows DOS screen Configure the PC and FTP server to transmit data in binary mode ftp binary Figure 4 4 Configuring the PC and FTP server to transmit data in binary mode Ob...

Страница 52: ...ed message is printed the cause may be that the server function is not enabled or the route between the server and the client is not reachable When you connect the FTP server through the FTP client PC...

Страница 53: ...fs copy tftp 2 1 2 1 rp34 7 3 0 26 R pck file system rp34 7 3 0 26 R pck On Device copy the startup file from Device to the TFTP server Device filesystem Device config fs copy startup config tftp 2 1...

Страница 54: ...ing a device as an SFTP client Configuration Steps Step 1 Configure an SFTP server and place the files to be downloaded in the SFTP server directory Omitted Step 2 Configure the IP addresses of the de...

Страница 55: ...ice acts as an SFTP client The network between the server and the device is normal On the SFTP server the user name for a device to log in to the SFTP server is admin and the password is admin The fil...

Страница 56: ...ftp get startup startup Fetching flash startup to startup flash startup 100 13KB 12 9KB s 00 00 After copying the file you can find the related file in the operation directory sftp ls sp8 g 6 6 7 74 d...

Страница 57: ...certificate at the FTP Server and set the FTP user certificate path private key path and CA certificate path Step 3 FTP Client imports the FTP CA certificate user certificate and private key Create o...

Страница 58: ...Bsile5tFv7 bHz0yqJVoUJMIaWOdmLXJj5fI5GeBCprzLM88RJCv6LBHfg4ThOC4Ds80Ssive1 eAod 7kbmVPOZg8 END CERTIFICATE Input the private key data press Enter twice after data to finish or press Enter without data...

Страница 59: ...swDQYJKoZIhvcNAQEFBQADgYEAYrFZQrINHoLN9odc GctzTRGVmMcv9sJ0ncgUEfbrLu6QUodQy3jjxWFIxheJK1btfF66 ShuKtZpqJ1WE9l92tfIHwLp XT0gujtxNi02TOPBNEU7P9nUgxgfDG uhyPTeufSkfn3LCTHmGfVORF2soGSlaUPV1Zy5E9hmFZo Mhs...

Страница 60: ...test index 3 My Certificate Status Valid Serial Number 109eedc1b977a43973273f7d0c538a3b Subject C RU ST moscow L moscow O foobar OU foobar E user example ru CN rsa2 Issuer C RU ST MOSCOW O FOOBAR OU F...

Страница 61: ...ads the file from FTP Server Device config fs ftpscopy 1 0 0 1 a a test doc test doc VerifyType peer Downloading OK Step 5 Check the result After downloading view the downloaded file in the file syste...

Страница 62: ...pplication programs Implement tasks such as route forwarding file management and system management Configuration files Store the system parameters that are configured by the users Log files Store syst...

Страница 63: ...system has started normally Display the Information about a Storage Devices By displaying the information about a storage device you can view the features of the storage device and the size of the re...

Страница 64: ...e fschange usb remove Mandatory Before removing the storage device first uninstall device in the same way as uninstalling a device on a PC If the storage device is not uninstalled file directory on th...

Страница 65: ...ystem configuration mode filesystem Display the current working path pwd Mandatory Change the Current Working Path By changing the current working path you can switch over a user to the specified dire...

Страница 66: ...Mandatory Exercise caution when deleting a directory because the operation of deleting the directory may permanently delete all sub directories and files in the directory and the files cannot be recov...

Страница 67: ...Description Enter the file system configuration mode filesystem Rename a file rename src filename dest filename Mandatory Display the Content of a File In the file system you can view the content of...

Страница 68: ...ted files on the FTP server to the file system via the FTP download command The ftpscopy command uses the SSL authenticated encryption mode to download files from the FTP security server The ftpscopy...

Страница 69: ...ually By executing a configuration file manually you can load the configuration file in the specified path Table 5 9 Executing a configuration file manually Step Command Description Enter the file sys...

Страница 70: ...and Maintaining Table 5 11 File system managing monitoring and maintaining Command Description clear boot loader bootline number Clears the startup parameters with the specified index show filesystem...

Страница 71: ...t loader1 g1 rp39 7 3 2 25 v2 3 0 309 debug pck Boot loader4 backup0 rp39 7 3 2 26 v2 3 0 309 debug pck Modify the next startup file of the system to the rp39 7 3 2 26 v2 3 0 309 debug pck file stored...

Страница 72: ...he system copies the backup startup configuration file to the location of the default startup configuration file and loads this startup configuration file Current configuration Current configuration i...

Страница 73: ...uration the active and the backup startup configuration file save the current configuration to a specified configuration file to ensure that the content in the active and the backup startup configurat...

Страница 74: ...P protocol copy running config ftp vrf vrf name hostname ip address username password dest filename ftps vrf vrf name hostname ip address username password dest filename VerifyType none peer Mandatory...

Страница 75: ...tion Enter the privileged user mode enable Restore the startup configuration copy ftp ip address username password src filename startup config Mandatory Before overwriting the local startup configurat...

Страница 76: ...ression redirect file file name ftp vrf vrf name hostname ip address user name password file name Display the current configuration information show startup config begin exclude include redirect expre...

Страница 77: ...iguring the login security service Configuring CPU monitoring Configuring display of properties in pages 7 2 System Management Function Configuration Table 7 1 System management function list Configur...

Страница 78: ...ion mode configure terminal Configure the device name hostname host name Mandatory 7 2 2 Configure the System Time and Time Zone Configuration Condition None Configure the System Time and Time Zone Th...

Страница 79: ...on mode configure terminal Configure the login welcome message banner motd banner line Mandatory 7 2 4 Configure the System Exception Processing Mode Configuration Condition None Configure the System...

Страница 80: ...vel or a higher level occurs the device restarts From high to low exception levels include emergency alert critical error and warn 7 2 5 Configure to Restart a Device Configuration Condition None Rest...

Страница 81: ...the encryption service you need to select an encryption mode Then all passwords are encrypted in this mode Table 7 7 Configuring the encryption service Step Command Description Enter the global confi...

Страница 82: ...he system finds that the number of continuous login authentication failures of a user reaches the number specified by the system the system rejects the login request from the IP address within the spe...

Страница 83: ...e 7 10 Configuring the parameters of the system login security service Step Command Description Enter the global configuration mode configure terminal Configure the time of forbidding the IP address f...

Страница 84: ...default CPU occupancy monitoring is disabled Enable history statistics of CPU occupancy monitor cpu Mandatory By default history statistics of CPU occupancy is enabled 7 2 10 Configure Display of Pro...

Страница 85: ...ter the privileged user mode enable Configure a serial number for a module part serialnumber write mpu lpu lpu num serialnumber Mandatory Before modifying the serial number of a module part ensure tha...

Страница 86: ...e restored 7 2 13 System Management Monitoring and Maintaining Table 7 15 System management monitoring and maintaining Command Description show about Display the system version information show clock...

Страница 87: ...stem and their operating statuses show semaphore sem name all binary counting list mutex any pended unpended Display the information about the system semaphore show spy Display the status of the monit...

Страница 88: ...n Tasks Configure system temperature alarms Configure system temperature alarms Configure system power supply alarms Configure system power supply alarms Configure system fan alarms Configure system f...

Страница 89: ...Fan Alarms Configuration Condition None Configure System Fan Alarms If a system fan fault or exception occurs the system immediately generates log information about the system fan alarm This helps th...

Страница 90: ...de configure terminal Configure system alarm types to be shielded sysalarm shield type minor major critical all Mandatory 8 2 5 System Alarm Monitoring and Maintaining Table 8 4 System alarm monitorin...

Страница 91: ...ertain type and some functions are affected errors 3 Error message warnings 4 Warning message notifications 5 Event notification message informational 6 Message prompt and notification debugging 7 Deb...

Страница 92: ...e log module collects statistics of the lost information and output the information The log module then obtains the logs one by one from the buffer at the background and outputs the logs at different...

Страница 93: ...figure log display colors 9 2 1 Configure Log Output Functions Configuration Condition None Configure Log Output to the Control Console The control console refers to a Console terminal It is a channel...

Страница 94: ...isplay on the monitor console logging monitor logging level Optional By default the log display function of the global monitor console is enabled Enable log display of the current monitor console term...

Страница 95: ...tgoing interface for sending log information is determined according to the route The main IP address of the outgoing interface acts as the source IP address for sending log information Configure the...

Страница 96: ...tions and higher levels are stored By default the flash memory stores log information of level 5 notifications and higher levels For the levels of logs refer to the detailed description in Table 2 1 B...

Страница 97: ...By default log timestamps adopt the Datetime absolute time format but they also support Uptime relative time format The absolute time format records the year and the time with millisecond precision It...

Страница 98: ...n 9 2 4 Configure the Log Filtration Function Configuration Condition None Configure the Log Filtration Function When configuring log filtration you can not only specify the filtration string to be di...

Страница 99: ...e terminal Configure the log file capacity logging file max size file size Optional By default the log file capacity is 256000 bytes 9 2 6 Configure Log Display Colors Configuration Condition None Con...

Страница 100: ...n in different colors you need to configure the color option of the terminals otherwise no color is displayed for the log information 9 2 7 System Log Monitoring and Maintaining Table 9 12 System log...

Страница 101: ...are again Usually you can restart the device only after the all software versions are upgraded The following types of software are available The image program package Program package with the suffix p...

Страница 102: ...ode ensure that the device can obtain the upgrade program through the external TFTP FTP server and then use the sysupdate image command to upgrade the program package Table 10 2 Upgrading the image pr...

Страница 103: ...rade fails In this case you can manually delete files that are not in need from the flash memory to obtain more space for upgrading application programs It takes a long time to upgrade the image progr...

Страница 104: ...a command Table 10 3 Upgrading the FPGA program through the TFTP FTP Step Command Description Enter the privileged user mode None Mandatory Upgrade the FPGA program sysupdate vrf vrf name dest ip addr...

Страница 105: ...ading the bootloader program ensure that The route between the TFTP FTP server and the device interface is reachable and the TFTP FTP server and the device can ping each other successfully The TFTP FT...

Страница 106: ...ce will prompt the following information downloading Bootloader PR020_29_v1 13 bin omitted OK downloading bootloader qsr3920 1 0 13 bin OK Download bootloader qsr3920 1 0 13 bin 1667912 Bytes successf...

Страница 107: ...ommand manual Table 10 5 Upgrading the bootloader program via the console port Step Command Description Set the HyperTerminal None Mandatory Run the HyperTerminal program select the corresponding seri...

Страница 108: ...start run command loady Ready for binary ymodem download to 0x20000000 at 9600 bps CCCC Starting ymodem transfer Press Ctrl C to cancel Transferring Bootloader PR020_29_v1 13 bin 100 1326 KB 0 KB s 0...

Страница 109: ...hronously It is recommended that you upgrade the bootloader program in TFTP FTP mode The Console port is used to upgrade the monitor program only when the upgrade conditions of the first upgrade mode...

Страница 110: ...ully Update Devinfo Writing file to filesystem Writing file to filesystem OK Updating devinfo OK Sysupdate devinfo devInfo_qsr3920_v11 17 successfully The above information indicates that the devinfo...

Страница 111: ...n the FTP server directory Omitted Step 2 Back up device configuration files Omitted Step 3 Configure the IP addresses of the interfaces so that the network between Device and the FTP server is normal...

Страница 112: ...de version is newer than the current version of the system first and then upgrade For the method of viewing the FPGA version number of the system refer to Step 6 Step 7 Use a command to restart the de...

Страница 113: ...re 49 C CPU On Card Information 1 CPUs CPU Idx 00 Status 0000 Core Num 0008 Core State Core Idx 00 Core Status 0000 Core Utilization 18 Core Idx 01 Core Status 0000 Core Utilization 100 Core Idx 02 Co...

Страница 114: ...Total 4966164480 bytes SizeFree 4137019392 bytes STATISTICS 1 IN 0 OUT 0 IERR 0 OERR The show system lpu command will display the related information of all online service sub cards Here just display...

Страница 115: ...released version the unchanged programs need not be upgraded 10 3 2 Upgrade the bootloader Program via the Console Port Network Requirements PC and the Console port of the device is directly connected...

Страница 116: ...e 0 Use boot parameter 0 device flash0 file rp39 7 3 2 80 v2 3 0 309 debug pck Loading 52040332 bytes in 2297 ms 21 6 MiB s Upgrade through the Console port is complex and slow so the TFTP FTP upgrade...

Страница 117: ...Function Configuration Table 11 1 Bootloader function configuration list Configuration Tasks Set the Bootloader boot parameters Set the Bootloader boot parameters Upgrade the Bootloader program Upgrad...

Страница 118: ...to load and run according to the prompt information If setting the boot device type to the network boot it is necessary to ensure that the route between the Ethernet interface of the host or terminal...

Страница 119: ...the command reset or power off and restart the device and then you can use the latest Bootloader system program When using the update command to upgrade the Bootloader program ensure that the route b...

Страница 120: ...is reachable Network Topology Figure 11 2 Networking for configuring bootloader to guide the Image program from the network Configuration Steps Set Bootloader boot parameter 0 select to load and run t...

Отзывы:

Нет отзывов

Похожие инструкции для QSR-3920 Series

Бренд: Accelerated Страницы: 10

Бренд: Accelerated Страницы: 4

Бренд: Lab.gruppen Страницы: 35

8677 - BladeCenter Rack-mountable - Power...

Бренд: IBM Страницы: 126

301160U - 1TB Ethernet Disk RAID Network Attached...

Бренд: LaCie Страницы: 5

Бренд: Dahua Страницы: 6

Бренд: Teac Страницы: 20

cMT-FHDX Series

Бренд: Maple Systems Страницы: 2

Бренд: NETGEAR Страницы: 2

Бренд: Ubiquiti Страницы: 20

Бренд: AMG Systems Страницы: 2

Бренд: JUMO Страницы: 60

PowerBeam PBE-5AC-400-ISO

Бренд: Ubiquiti Страницы: 23

Бренд: Quatech Страницы: 98

Бренд: TRENDnet Страницы: 2

Бренд: Westermo Страницы: 28

Бренд: EDSLab Страницы: 24

Бренд: QNAP Страницы: 49

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды