HPE FlexNetwork 7500 Series Security Configuration Manual page 371
Hide thumbs
Also See for FlexNetwork 7500 Series:
- Security configuration manual (506 pages) ,
- Command reference manual (474 pages) ,
- Network management and monitoring command reference (430 pages)
Table of Contents
Advertisement
33:71:75:5e:11:c9:a6:51:4b:3e:7c:eb:2a:4d:87:2b:71:7c:
30:64:fe:14:ce:06:d5:0a:e2:cf:9a:69:19:ff
# Assign an IP address to VLAN-interface 2.
[SwitchA] interface vlan-interface 2
[SwitchA-Vlan-interface2] ip address 192.168.0.2 255.255.255.0
[SwitchA-Vlan-interface2] quit
[SwitchA] quit
3.
Configure the SFTP server:
# Upload the server's certificate file ssh-server-ecdsa384.p12 and the client's certificate file
ssh-client-ecdsa384.p12 to the SFTP server through FTP or TFTP. (Details not shown.)
# Create a PKI domain named client384 for verifying the client's certificate and import the file of
the client's certificate to this domain. (Details not shown.)
# Create a PKI domain named server384 for the server's certificate and import the file of the
server's certificate to this domain. (Details not shown.)
# Specify Suite B algorithms for algorithm negotiation.
[SwitchB] ssh2 algorithm key-exchange ecdh-sha2-nistp384
[SwitchB] ssh2 algorithm cipher aes256-gcm
[SwitchB] ssh2 algorithm public-key x509v3-ecdsa-sha2-nistp384
# Specify server384 as the PKI domain of the server's certificate.
[SwitchB] ssh server pki-domain server384
# Enable the SFTP server.
[SwitchB] sftp server enable
# Assign an IP address to VLAN-interface 2.
[SwitchB] interface vlan-interface 2
[SwitchB-Vlan-interface2] ip address 192.168.0.1 255.255.255.0
[SwitchB-Vlan-interface2] quit
# Set the authentication mode to AAA for user lines.
[SwitchB] line vty 0 15
[SwitchB-line-vty0-15] authentication-mode scheme
[SwitchB-line-vty0-15] quit
# Create a local device management user named client001. Authorize the user to use the SSH
service and assign the network-admin user role to the user.# Create a local device
management user named client001. Authorize the user to use the SSH service and assign the
network-admin user role to the user.
[SwitchB] local-user client001 class manage
[SwitchB-luser-manage-client001] service-type ssh
[SwitchB-luser-manage-client001] authorization-attribute user-role network-admin
[SwitchB-luser-manage-client001] quit
# Create an SSH user named client001. Specify the publickey authentication method for the
user and specify client384 as the PKI domain for verifying the client's certificate.
[Switch] ssh user client001 service-type sftp authentication-type publickey assign
pki-domain client384
4.
Establish an SFTP connection to the SFTP server based on the 192-bit Suite B algorithms:
# Establish an SFTP connection to the server at 192.168.0.1.
<SwitchA> sftp 192.168.0.1 suite-b 192-bit pki-domain client384 server-pki-domain
server384
Username: client001
Press CTRL+C to abort.
357
Advertisement
Table of Contents
Troubleshooting
