How to record information of remote login

22

By default, the lowest severity of output logs and user logs are 4 and 5, respectively. Therefore, information of remote login is not displayed. In the system view, you can run the info-center source default channel logbuffer log level notification command to set the severity of output logs to 5 (notification). In this way, you can view information of remote login through logs.

Other related questions:
How to view login information on the AR router
You can run the display users command to check login information on each user interface. The login information including user names and IP address and user authorization information is displayed. Example: [Huawei] display users User-Intf Delay Type Network Address AuthenStatus AuthorcmdFlag 129 VTY 0 00:00:00 TEL 10.164.6.10 pass Username : user1 + 130 VTY 1 00:00:00 TEL 10.164.6.15 pass Username : user2

Configuring a remote login mode for the USG6000.
Procedure for configuring a remote login for the USG6000: Remote login through Telnet/SSH Procedure: 1. Configure an administrator IP address for the remote access device. A user whose address is on the network range beyond the one specified in the ACL cannot remotely access the device through Telnet or SSH. system-view [sysname] acl 2000 [sysname-acl-basic-2000] rule permit source x.x.x.x 0 [sysname-acl-basic-2000] quit x.x.x.x is the IP address that can be used to remotely access the device. 2. Configure the limit on the number of connections on the VTY administrator interface. Limiting the maximum number of sessions for remote login prevents excessive system resource consumption, facilitates centralized operation and maintenance, and ensures service continuity upon failures. system-view [sysname] user-interface maximum-vty 3 3. Configure login through Telnet/SSH. Note: It is risky to use Telnet for login. You are advised to use SSH for login. Set the account and password of the administrator who logs in to the device through Telnet. Set the administrator level to 3 and the maximum number of connections for the account to 1. Set the IP addresses of users who can access the device remotely using ACL2000. system-view [sysname] telnet server enable [sysname] user-interface vty 0 4 [sysname-ui-vty0-4] authentication-mode aaa [sysname-ui-vty0-4] acl 2000 inbound [sysname-ui-vty0-4] quit [sysname] aaa [sysname-aaa] manager-user admin1 [sysname-aaa-manager-user-admin1] password Enter Password: Confirm Password: [sysname-aaa-manager-user-admin1] service-type telnet [sysname-aaa-manager-user-admin1] level 3 [sysname-aaa-manager-user-admin1] access-limit 1 Set the password and account of the administrator who logs in to the device through SSH. Set the account and password of the administrator who logs in to the device through SSH. Set the administrator level to 3 and the maximum number of connections for the account to 1. system-view [sysname] user-interface vty 0 4 [sysname-ui-vty0-4] authentication-mode aaa [sysname-ui-vty0-4] quit [sysname] aaa [sysname-aaa] manager-user admin1 [sysname-aaa-manager-user-admin1] ssh authentication-type password [sysname-aaa-manager-user-admin1] password Enter Password: Confirm Password: [sysname-aaa-manager-user-admin1] service-type ssh [sysname-aaa-manager-user-admin1] level 3 [sysname-aaa-manager-user-admin1] access-limit 1 Enable the STelnet service on the device. system-view [sysname] stelnet server enable Set the client service mode of SSH user admin1 to STelnet. [sysname-aaa-manager-user-admin1] ssh service-type stelnet

Accessing the interface configuration view on the USG2000&5000&6000
Perform as follows to view login interface information of the USG: system-view [FW] interface GigabitEthernet 1/0/1 [FW] display interface GigabitEthernet Note: Interface 1/0/1 is used as an example.

How to check historical login records of L2TP VPN users on the AR
The AR does not support query of historical login records of L2TP VPN users.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top