Verifying the configuration, Network requirements, Configuration procedure – H3C Technologies H3C S6300 Series Switches User Manual

Page 64

# Enable scheme authentication for user lines VTY 0 through VTY 63.

[Switch] line vty 0 63

[Switch-line-vty0-63] authentication-mode scheme

[Switch-line-vty0-63] quit

# Enable the default user role feature to assign authenticated SSH users the default user role

network-operator.

[Switch] role default-role enable

Verifying the configuration

# Initiate an SSH connection to the switch, and enter the username hello@bbb and the correct password.

The user logs in to the switch. (Details not shown.)
# Verify that the user can use the commands permitted by the network-operator user role. (Details not
shown.)

Local authentication, HWTACACS authorization, and RADIUS
accounting for SSH users

Network requirements

As shown in

Figure 11

, configure the switch to meet the following requirements:

•

Perform local authentication for SSH servers.

•

Use the HWTACACS server and RADIUS server for SSH user authorization and accounting,
respectively.

•

Remove domain names from usernames sent to the servers.

•

Assign the default user role network-operator to SSH users after they pass authentication.

Configure an account with the username hello for the SSH user. Configure the shared keys for secure
communication with the HWTACACS server and RADIUS server to expert.

Figure 11 Network diagram

Configuration procedure

Configure the HWTACACS server. (Details not shown.)

Configure the RADIUS server. (Details not shown.)

Configure the switch:
# Assign IP addresses to interfaces. (Details not shown.)

This manual is related to the following products:

H3C S5820V2 Series Switches H3C S5830 Series Switches H3C S5830V2 Series Switches H3C S3600V2 Series Switches