beautypg.com

H3C Technologies H3C S6300 Series Switches User Manual

Page 73

background image

58

# Assign an IP address to VLAN-interface 2, the SSH user access interface.

system-view

[Switch] interface vlan-interface 2

[Switch-Vlan-interface2] ip address 192.168.1.70 24

[Switch-Vlan-interface2] quit

# Assign an IP address to VLAN-interface 3, through which the switch communicates with the
server.

[Switch] interface vlan-interface 3

[Switch-Vlan-interface3] ip address 10.1.1.2 24

[Switch-Vlan-interface3] quit

# Create local RSA and DSA key pairs.

[Switch] public-key local create rsa

[Switch] public-key local create dsa

# Enable the SSH service.

[Switch] ssh server enable

# Enable scheme authentication for user lines VTY 0 through VTY 63.

[Switch] line vty 0 63

[Switch-line-vty0-63] authentication-mode scheme

[Switch-line-vty0-63] quit

# Enable the default user role feature to assign authenticated SSH users the default user role
network-operator.

[Switch] role default-role enable

# Configure an LDAP server.

[Switch] ldap server ldap1

# Specify the IP address of the LDAP authentication server.

[Switch-ldap-server-ldap1] ip 10.1.1.1

# Specify the administrator DN.

[Switch-ldap-server-ldap1] login-dn cn=administrator,cn=users,dc=ldap,dc=com

# Specify the administrator password.

[Switch-ldap-server-ldap1] login-password simple admin!123456

# Configure the base DN for user search.

[Switch-ldap-server-ldap1] search-base-dn dc=ldap,dc=com

[Switch-ldap-server-ldap1] quit

# Create an LDAP scheme.

[Switch] ldap scheme ldap-shm1

# Specify the LDAP authentication server.

[Switch-ldap-ldap-shm1] authentication-server ldap1

[Switch-ldap-ldap-shm1] quit

# Create ISP domain bbb and configure authentication, authorization, and accounting methods

for login users.

[Switch] domain bbb

[Switch-isp-bbb] authentication login ldap-scheme ldap-shm1

[Switch-isp-bbb] authorization login none

[Switch-isp-bbb] accounting login none

[Switch-isp-bbb] quit