Page 1 of 1
disable http and create new account
Posted: 23 Nov 2012 09:27
by Split
Hi im new at the Alcatel data section .
First i want to know it is possible to create a new Login and set different rights .
Second i want connect to swicht only secured means no telenet , http, ftp, in case of http there are redirect to https possible ?
I try no http Server und https Server but if i connect https the Service is disable
R6.6.3 AOS
I have 2 switch as stack
I have update from r6.1.1 to 6.3.3 one switch there are a command to update the second switch?
Thanks for help
Re: disable http and create new account
Posted: 25 Nov 2012 09:45
by yaz
To add user: user admin2 password switch
To give the user read-only access: user admin2 read-only all
To disable access for FTP and similar : no aaa authentication telnet ftp
To disable http and enable https:
no http server
https server
Re: disable http and create new account
Posted: 26 Nov 2012 16:09
by Split
thanks for help yaz
now i know how create a new user .........;
the command no http server and https server i already tried but if i open a web browser => https://<IP Adress Switch> => the Alcatel Switch Page Display with he Info http/https Service unavailible ......somebody a idea?
Re: disable http and create new account
Posted: 26 Nov 2012 16:18
by yaz
Split:
Have you enabled access for HTTP?
aaa authentication http local
Regards,
Yaz
Re: disable http and create new account
Posted: 27 Nov 2012 10:44
by devnull
try
no ip service http
no ip service secure-http
no ip service telnet
no ip service ftp
removing aaa means: service runs, but login is impossible. With removed service it is not even running.
To upgrade stack: Follow the release guides, there are some steps where the order is important.. (marked in red).
Re: disable http and create new account
Posted: 27 Nov 2012 14:41
by Split
Hi
yes i have set aaa authentication default local an i thought with no http server it´s disable but this is wrong how i learned .....
if i understand right there are diffenrent ways i can do: no aaa authentication http local or like devnull say disable the ip service
i have try no ip service http and its works thanks a lot
Re: disable http and create new account
Posted: 28 Nov 2012 03:41
by devnull
Yes.. both ways stops using http..
aaa default local means:
per default check against local user database (for every running service)
every aaa-service with "no"
e.g. no aaa authentication ftp
means that you can not authenticate for this service means: login impossible.
no ip service means: stop this service/daemon (which of course means login not possible).
For several security certifications (EAL/BSI/..) it may be needed to stop availability of services not just to forbid login..
Re: disable http and create new account
Posted: 28 Nov 2012 07:35
by Split
thanks for the datails informations .....
Regards Split