HPE FlexNetwork 10500 Series Security Configuration Manual page 476
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Security command reference (881 pages) ,
- Network management and monitoring command reference (423 pages) ,
- Configuration manual (407 pages)
Table of Contents
Advertisement
# Assign an IP address to VLAN-interface 2.
[SwitchA] interface vlan-interface 2
[SwitchA-Vlan-interface2] ip address 192.168.0.2 255.255.255.0
[SwitchA-Vlan-interface2] quit
3.
Configure the SCP server:
# Upload the server's certificate files (ssh-server-ecdsa256.p12 and
ssh-server-ecdsa384.p12) and the client's certificate files (ssh-client-ecdsa256.p12 and
ssh-client-ecdsa384.p12) to the SCP server through FTP or TFTP. (Details not shown.)
# Create a PKI domain named client256 for verifying the client's certificate ecdsa256 and
import the file of this certificate to this domain. Create a PKI domain named server256 for the
server's certificate ecdsa256 and import the file of this certificate to this domain. (Details not
shown.)
# Create a PKI domain named client384 for verifying the client's certificate ecdsa384 and
import the file of this certificate to this domain. Create a PKI domain named server384 for the
server's certificate ecdsa384 and import the file of this certificate to this domain. (Details not
shown.)
# Specify Suite B algorithms for algorithm negotiation.
<SwitchB> system-view
[SwitchB] ssh2 algorithm key-exchange ecdh-sha2-nistp256 ecdh-sha2-nistp384
[SwitchB] ssh2 algorithm cipher aes128-gcm aes256-gcm
[SwitchB] ssh2 algorithm public-key x509v3-ecdsa-sha2-nistp256
x509v3-ecdsa-sha2-nistp384
# Enable the SCP server.
[SwitchB] scp server enable
# Assign an IP address to VLAN-interface 2.
[SwitchB] interface vlan-interface 2
[SwitchB-Vlan-interface2] ip address 192.168.0.1 255.255.255.0
[SwitchB-Vlan-interface2] quit
# Set the authentication mode to AAA for user lines.
[SwitchB] line vty 0 15
[SwitchB-line-vty0-15] authentication-mode scheme
[SwitchB-line-vty0-15] quit
# Create a local device management user named client001. Authorize the user to use the SSH
service and assign the network-admin user role to the user.
[SwitchB] local-user client001 class manage
[SwitchB-luser-manage-client001] service-type ssh
[SwitchB-luser-manage-client001] authorization-attribute user-role network-admin
[SwitchB-luser-manage-client001] quit
# Create a local device management user named client002. Authorize the user to use the SSH
service and assign the network-admin user role to the user.
[SwitchB] local-user client002 class manage
[SwitchB-luser-manage-client002] service-type ssh
[SwitchB-luser-manage-client002] authorization-attribute user-role network-admin
[SwitchB-luser-manage-client002] quit
4.
Establish an SCP connection to the SCP server:
Based on the 128-bit Suite B algorithms:
# Specify server256 as the PKI domain of the server's certificate.
[SwitchB]ssh server pki-domain server256
459
Advertisement
Table of Contents
Troubleshooting
