Table of Contents
Advertisement
# Create the local DSA key pair and RSA key pairs.
<Router> system-view
[Router] public-key local create dsa
[Router] public-key local create rsa
# Enable the SSH service.
[Router] ssh server enable
# Enable scheme authentication for user lines VTY 0 through VTY 63.
[Router] line vty 0 63
[Router-line-vty0-63] authentication-mode scheme
[Router-line-vty0-63] quit
# Enable the default user role feature to assign authenticated SSH users the default user role
network-operator.
[Router] role default-role enable
# Configure an LDAP server.
[Router] ldap server ldap1
# Specify the IP address of the LDAP authentication server.
[Router-ldap-server-ldap1] ip 10.1.1.1
# Specify the administrator DN.
[Router-ldap-server-ldap1] login-dn cn=administrator,cn=users,dc=ldap,dc=com
# Specify the administrator password.
[Router-ldap-server-ldap1] login-password simple admin!123456
# Configure the base DN for user search.
[Router-ldap-server-ldap1] search-base-dn dc=ldap,dc=com
[Router-ldap-server-ldap1] quit
# Create an LDAP scheme.
[Router] ldap scheme ldap1-shml
# Specify the LDAP authentication server.
[Router-ldap-ldap-shml] authentication-server ldap1
[Router-ldap-ldap1-shml] quit
# Create an ISP domain named bbb and configure the authentication, authorization, and
accounting methods for login users.
[Router] domain bbb
[Router-isp-bbb] authentication login ldap-scheme ldap1-shml
[Router-isp-bbb] authorization login none
[Router-isp-bbb] accounting login none
[Router-isp-bbb] quit
Verifying the configuration
# Initiate an SSH connection to the router, and enter username aaa@bbb and password
ldap!123456. The user logs in to the router. (Details not shown.)
# Verify that the user can use the commands permitted by the network-operator user role. (Details
not shown.)
77
Advertisement
Table of Contents
Troubleshooting
