H3C S5830V2 Security Configuration Manual page 59
Hide thumbs
Also See for S5830V2:
- Configuration manual (318 pages) ,
- Command reference manual (301 pages) ,
- Installation manual (63 pages)
Table of Contents
Advertisement
Figure 11 Network diagram
Configuration procedure
1.
Configure the HWTACACS server:
# On the HWTACACS server, set the shared keys for secure communication with the switch to
expert, add an account for the SSH user, and specify the password. (Details not shown.)
2.
Configure the switch:
# Assign IP addresses to the interfaces. (Details not shown.)
# Create an HWTACACS scheme.
<Switch> system-view
[Switch] hwtacacs scheme hwtac
# Specify the primary authentication server.
[Switch-hwtacacs-hwtac] primary authentication 10.1.1.1 49
# Specify the primary authorization server.
[Switch-hwtacacs-hwtac] primary authorization 10.1.1.1 49
# Specify the primary accounting server.
[Switch-hwtacacs-hwtac] primary accounting 10.1.1.1 49
# Set the shared keys for secure HWTACACS communication to expert in plain text.
[Switch-hwtacacs-hwtac] key authentication simple expert
[Switch-hwtacacs-hwtac] key authorization simple expert
[Switch-hwtacacs-hwtac] key accounting simple expert
# Remove domain names from the usernames sent to an HWTACACS server.
[Switch-hwtacacs-hwtac] user-name-format without-domain
[Switch-hwtacacs-hwtac] quit
# Create an ISP domain and configure AAA methods for login users.
[Switch-isp-bbb] authentication login hwtacacs-scheme hwtac
[Switch-isp-bbb] authorization login hwtacacs-scheme hwtac
[Switch-isp-bbb] accounting login hwtacacs-scheme hwtac
[Switch-isp-bbb] quit
# Create local RSA and DSA key pairs.
[Switch] public-key local create rsa
[Switch] public-key local create dsa
# Enable the SSH service.
[Switch] ssh server enable
# Enable scheme authentication for user interfaces VTY 0 through VTY 15.
45
Advertisement
Table of Contents
Troubleshooting
