H3C Technologies H3C S12500-X Series Switches User Manual
Page 10
v
Main mode IKE with pre-shared key authentication configuration example ························································· 161
Network requirements ········································································································································· 161
Configuration procedure ···································································································································· 162
Verifying the configuration ································································································································· 164
Troubleshooting IKE ····················································································································································· 164
IKE negotiation failed because no matching IKE proposals were found ······················································· 164
IKE negotiation failed because no IKE proposals or IKE keychains are referenced correctly····················· 165
IPsec SA negotiation failed because no matching IPsec transform sets were found ···································· 166
IPsec SA negotiation failed due to invalid identity information ······································································ 166
Configuring SSH ····················································································································································· 169
Overview ······································································································································································· 169
How SSH works ··················································································································································· 169
SSH authentication methods ······························································································································· 170
FIPS compliance ··························································································································································· 171
Configuring the device as an SSH server ·················································································································· 171
SSH server configuration task list ······················································································································ 171
Generating local DSA or RSA key pairs ··········································································································· 171
Enabling the SSH server function ······················································································································· 172
Enabling the SFTP server function ······················································································································ 172
Configuring the user lines for Stelnet clients ····································································································· 173
Configuring a client's host public key ··············································································································· 173
Configuring an SSH user ···································································································································· 174
Setting the SSH management parameters ········································································································ 175
Configuring the device as an Stelnet client ··············································································································· 176
Stelnet client configuration task list ···················································································································· 176
Specifying a source IP address or source interface for the Stelnet client ······················································ 177
Establishing a connection to an Stelnet server ································································································· 177
Configuring the device as an SFTP client ·················································································································· 179
SFTP client configuration task list ······················································································································· 179
Specifying a source IP address or source interface for the SFTP client ························································· 179
Establishing a connection to an SFTP server ···································································································· 179
Working with SFTP directories ··························································································································· 180
Working with SFTP files ······································································································································ 181
Displaying help information ······························································································································· 181
Terminating the connection with the SFTP server ····························································································· 182
Configuring the device as an SCP client ··················································································································· 182
Displaying and maintaining SSH ······························································································································· 183
Stelnet configuration examples ··································································································································· 184
Password authentication enabled Stelnet server configuration example ······················································ 184
Publickey authentication enabled Stelnet server configuration example ······················································· 186
Password authentication enabled Stelnet client configuration example ························································ 192
Publickey authentication enabled Stelnet client configuration example ························································ 195
SFTP configuration examples ······································································································································ 197
Password authentication enabled SFTP server configuration example ·························································· 197
Publickey authentication enabled SFTP client configuration example ··························································· 199
SCP configuration examples ······································································································································· 202
SCP file transfer with password authentication ································································································ 203
Configuring IP source guard ·································································································································· 205
Overview ······································································································································································· 205
Static IP source guard binding entries ··············································································································· 205
Dynamic IP source guard binding entries ········································································································· 206
IP source guard configuration task list ······················································································································· 206
Configuring the IPv4 source guard function ·············································································································· 207
- H3C S5560 Series Switches H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C WX3000 Series Unified Switches H3C LSWM1WCM10 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C S9800 Series Switches H3C S5130 Series Switches H3C S5120 Series Switches