Configuration Procedure - HP MSR2000 Configuration Manual
Hide thumbs
Also See for MSR2000:
- Configuration manual (455 pages) ,
- Manual (73 pages) ,
- High availability configuration manual (91 pages)
Table of Contents
Advertisement
Set the shared keys for secure HWTACACS communication to expert. Configure the router to send
usernames without domain names to the HWTACACS server.
Figure 14 Network diagram
SSH user
192.168.1.58/24
Configuration procedure
1.
Configure the HWTACACS server:
# On the HWTACACS server, set the shared keys for secure communication with the router to
expert, add an account for the SSH user, and specify the password. (Details not shown.)
2.
Configure the router:
# Assign an IP address to Ethernet 1/1, the SSH user access interface.
<Router> system-view
[Router] interface ethernet 1/1
[Router-Ethernet1/1] ip address 192.168.1.70 255.255.255.0
[Router-Ethernet1/1] quit
# Assign an IP address to Ethernet 1/2, through which the router communicates with the server.
[Router] interface ethernet 1/2
[Router-Ethernet1/2] ip address 10.1.1.2 255.255.255.0
[Router-Ethernet1/2] quit
# Create an HWTACACS scheme.
<Router> system-view
[Router] hwtacacs scheme hwtac
# Specify the primary authentication server.
[Router-hwtacacs-hwtac] primary authentication 10.1.1.1 49
# Specify the primary authorization server.
[Router-hwtacacs-hwtac] primary authorization 10.1.1.1 49
# Specify the primary accounting server.
[Router-hwtacacs-hwtac] primary accounting 10.1.1.1 49
# Set the shared keys for secure HWTACACS communication to expert in plain text.
[Router-hwtacacs-hwtac] key authentication simple expert
[Router-hwtacacs-hwtac] key authorization simple expert
[Router-hwtacacs-hwtac] key accounting simple expert
# Remove domain names from the usernames sent to an HWTACACS server.
[Router-hwtacacs-hwtac] user-name-format without-domain
HWTACACS server
10.1.1.1/24
Eth1/2
10.1.1.2/24
Eth1/1
192.168.1.70/24
Router
Internet
46
Advertisement
Table of Contents
Troubleshooting
