- Enterasys Security Router User's Guide

ManualsBrandsEnterasys Networks ManualsNetwork RouterSecurity Router X-PeditionTM

401

402

403

404

405

406

407

408

409

410

Firewall CLI Commands

XSR User’s Guide 16-21

• Event Logging - Defines the event threshold for firewall values logged to the Console or Syslog

with

ip firewall logging. You can set eight severity levels ranging from 0 for emergency

alarms down to 7 which cumulatively logs all firewall messages through 0, as follows:

– Level 0: Emergency

– Level 1: Alert

– Level 2: Critical - alarms such as failure to allocate memory during initialization are logged if

system logging is enabled and firewall logging is set to level 2 or higher

– Level 3: Error - abnormal and deny alarms are logged if system logging is set at MEDIUM

or HIGH and firewall logging is level 3 or higher

– Level 4: Warning - normal and permit alarms are logged if system logging is set at LOW

and firewall logging is level 4 or higher

– Level 5: Notice

– Level 6: Information

– Level 7: Debug

You can generate fewer firewall alarms by setting a low logging level with the system

logging

command.

To further minimize alarms and overhead for the XSR, configure the firewall alarm level to 0

with the

ip firewall logging command. This value is independent of the XSR logging

priority, and taking this action avoids generating firewall alarms that are later dropped

anyway by the XSR’s system alarm logging mechanism.

• Authentication - Defines firewall authentication with idle timeout and port range values with

firewall auth

. Also, the ip firewall policy command applies authentication rules on a

group basis. Authentication entries for users are configured using the AAA commands

including

aaa user and password, aaa group, aaa policy, and aaa client. When

configuring the firewall policy group_name, be sure it matches the AAA group name.

When entering the

telnet <address> <port-number> command, the screen shown in

Figure 16-13 appears. Be aware that configured usernames and passwords must be less than

32 characters and can include non-alphanumeric characters.

Figure 16-13 Sample Telnet Screen

Be aware that a Telnet session left idle for more than one minute is terminated by default. Set

the idle timeout with

session-timeout.

Please provide username and password.

XSR>,186>Mar 4 22:56:20 10.10.10.20 CLI: User: clarkkent

XSR>

logged in from address 10.10.10.10.

Username: clarkkent

Authenticated.

Password:******