Configuration of Launching SSH by password with HWtacacs authentication on S3600*
1 Network requirements:
Before launching SSH by password on S3600, user should pass HWtacacs authentication first. The following is IP address allocation:
Server: 192.168.0.15/24,
VLAN 1 on S3600 switch: 192.168.0.1/24 (All ports belong to VLAN 1)
PC: 192.168.0.2/24
2 Network diagram:
3 Configuration procedure:
3.1 Enter system view:
<H3C>system-view
3.2 Configure HWtacacs policy:
[H3C]hwtacacs scheme 3com
[H3C-hwtacacs-3com]primary authentication 192.168.0.15
[H3C-hwtacacs-3com]primary authorization 192.168.0.15
[H3C-hwtacacs-3com]primary accounting 192.168.0.15
[H3C-hwtacacs-3com]key authentication expert
[H3C-hwtacacs-3com]key authorization expert
[H3C-hwtacacs-3com]key accouting expert
[H3C-hwtacacs-3com]user-name-format without-domain
3.3 Configure HWtacacs domain:
[H3C-hwtacacs-3com]quit
[H3C]domain 3com
3.4 Bind domain with policy:
[H3C-isp-3com] scheme hwtacacs-scheme 3com
[H3C-isp-3com] accounting optional
3.5 Set 3Com as its default domain:
[H3C-isp-3com]quit
[H3C]domain default enable 3com
3.6 Create a Vlan interface:
[H3C]inter vlan 1
[H3C-vlan-interface1]ip add 192.168.0.1 24
3.7 Configure SSH:
[H3C-vlan-interface1]quit
[H3C]user-interface vty 0 4
[H3C-ui-vty0-4]authentication-mode scheme
[H3C-ui-vty0-4]user privilege level 3
[H3C-ui-vty0-4]protocol inbound ssh
3.8 Configure username and password of SSH:
[H3C-ui-vty0-4]quit
[H3C] ssh user lelsw authentication-type password
4 Configuration Tips:
4.1 Please select new domain you create as the default domain.
*NOTICE: This case is also applicable to H3C S3610 / S5510 / S5500 / S5600 series switch.
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作