Local Authentication, Hwtacacs Authorization, And Radius Accounting For Ssh Users; Network Requirements; Configuration Procedure - HP 5920 Series Configuration Manual
Hide thumbs
Also See for 5920 Series:
- Command reference manual (607 pages) ,
- Configuration manual (424 pages) ,
- Fc and fcoe configuration manual (257 pages)
Table of Contents
Advertisement
# Enable the default-user-role authorization function, so that an SSH user gets the default user role
network-operator after passing authentication.
[Switch] role default-role enable
Verify the configuration:
3.
When the user initiates an SSH connection to the switch and enter the correct username and
password, the user successfully logs in and can use the commands for the network-operator user
role.
Local authentication, HWTACACS authorization,
and RADIUS accounting for SSH users
Network requirements
As shown in
HWTACACS server and RADIUS server for SSH user authorization and accounting respectively, and to
assign the default user role network-operator to SSH users after they pass authentication.
Configure an account with the username hello for the SSH user. Configure the shared keys for secure
communication with the HWTACACS server and RADIUS server to expert. Configure the switch to
remove domain names from usernames sent to the servers.
Figure 12 Network diagram
Configuration procedure
Configure the HWTACACS server. (Details not shown.)
1.
Configure the RADIUS server. (Details not shown.)
2.
Configure the switch:
3.
# Assign IP addresses to interfaces. (Details not shown.)
# Create local RSA key pairs.
<Switch> system-view
[Switch] public-key local create rsa
# Enable the SSH service.
[Switch] ssh server enable
# Configure an HWTACACS scheme.
Figure
12, configure the switch to perform local authentication for SSH servers, use the
45
Advertisement
Table of Contents
Troubleshooting
