HP 6600 Security Configuration Manual page 74
Hide thumbs
Also See for 6600:
- Command reference manual (286 pages) ,
- Configuration manual (236 pages) ,
- Installation and getting started manual (103 pages)
Table of Contents
Advertisement
Configuration procedure
1.
Configure the HWTACACS server.
On the HWTACACS server, set the shared keys for secure communication with the router to expert,
add an account for the PPP user, and specify the password. (Details not shown.)
2.
Configure the router:
# Create HWTACACS scheme hwtac.
<Router> system-view
[Router] hwtacacs scheme hwtac
# Specify the primary authentication server.
[Router-hwtacacs-hwtac] primary authentication 10.1.1.1 49
# Specify the primary authorization server.
[Router-hwtacacs-hwtac] primary authorization 10.1.1.1 49
# Specify the primary accounting server.
[Router-hwtacacs-hwtac] primary accounting 10.1.1.1 49
# Set the shared keys for secure HWTACACS communication to expert.
[Router-hwtacacs-hwtac] key authentication simple expert
[Router-hwtacacs-hwtac] key authorization simple expert
[Router-hwtacacs-hwtac] key accounting simple expert
# Remove domain names from the usernames sent to the HWTACACS server.
[Router-hwtacacs-hwtac] user-name-format without-domain
[Router-hwtacacs-hwtac] quit
# Configure AAA methods for the domain.
[Router] domain bbb
[Router-isp-bbb] authentication ppp hwtacacs-scheme hwtac
[Router-isp-bbb] authorization ppp hwtacacs-scheme hwtac
[Router-isp-bbb] accounting ppp hwtacacs-scheme hwtac
[Router-isp-bbb] ip pool 1 200.1.1.1 200.1.1.99
[Router-isp-bbb] quit
# Configure the serial interface.
[Router] interface serial 2/1/1
[Router-Serial2/1/1] link-protocol ppp
[Router-Serial2/1/1] ppp authentication-mode pap domain bbb
[Router-Serial2/1/1] ip address 2.2.2.1 255.255.255.0/1
[Router-Serial2/1/1] remote address pool 1
[Router-Serial2/1/1] quit
# Configure the Ethernet interface.
[Router] interface gigabitethernet 3/0/1
[Router-GigabitEthernet3/0/1] ip address 10.1.1.2 255.255.255.0
3.
Verify the configuration.
Initiate a PPP connection from the PPP client, and enter the correct username and password. You
pass authentication and the PPP client can use the IP address assigned by the router to access the
network. You can use the display connection command on the router to view information about the
connection.
60
Advertisement
Table of Contents
Troubleshooting
