User`s guide
334 XSR User’s Guide
Firewall CLI Commands Chapter 13
Configuring Security on the XSR
– Level 3: Error - abnormal and deny alarms are logged if system
logging is set at MEDIUM or HIGH and firewall logging is level 3
or higher
– Level 4: Warning - normal and permit alarms are logged if system
logging is set at LOW and firewall logging is level 4 or higher
– Level 5: Notice
– Level 6: Information
– Level 7: Debug
You can generate fewer firewall alarms by setting a low logging level
with the system
logging command.
To further minimize alarms and overhead for the XSR, configure the
firewall alarm level to 0 with the
ip firewall logging command.
This value is independent of the XSR logging priority, and taking this
action avoids generating firewall alarms that are later dropped
anyway by the XSR’s system alarm logging mechanism.
Authentication - Defines firewall authentication with idle timeout and
port range values with
ip firewall auth. Also, the ip firewall
policy
command applies authentication rules on a group basis.
Authentication entries for users are configured using the AAA
commands including
aaa user and password, aaa group, aaa
policy
, and aaa client. When configuring the firewall policy
group_name, be sure it matches the AAA group name.
When entering the
telnet <address> <port-number> command,
the screen shown in Figure 56 appears. Be aware that configured
usernames and passwords must be less than 32 characters and can
include non-alphanumeric characters.
Figure 56 Sample Telnet Screen
Be aware that a Telnet session left idle for more than one minute is
terminated by default. Set the idle timeout with
session-timeout.
Please provide username and password.
Username:clarkkent
Password:******
Authenticated.
XSR>,186>Mar 4 22:56:20 10.10.10.20 CLI: User: clarkkent
XSR>
logged in from address 10.10.10.10.