Network requirements, Network diagram, Configuration procedure – H3C Technologies H3C S3600 Series Switches User Manual
Page 922
1-32
login is authorized by the CAMS server. You can specify the level by setting the EXEC Privilege Level
argument in the Add Account window shown in
.
When Switch Acts as Server for Password and HWTACACS Authentication
Network requirements
As shown in
, an SSH connection is required between the host (SSH client) and the switch
(SSH server) for secure data exchange. Password and HWTACACS authentication is required.
z
The host runs SSH2.0 client software to establish a local connection with the switch.
z
The switch cooperates with an HWTACACS server to authenticate SSH users.
Network diagram
Figure 1-19 Switch acts as server for password and HWTACACS authentication
Configuration procedure
z
Configure the SSH server
# Create a VLAN interface on the switch and assign it an IP address. This address will be used as the IP
address of the SSH server for SSH connections.
[Switch] interface vlan-interface 2
[Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0
[Switch-Vlan-interface2] quit
Generating the RSA and DSA key pairs on the server is prerequisite to SSH login.
# Generate RSA and DSA key pairs.
[Switch] public-key local create rsa
[Switch] public-key local create dsa
# Set the authentication mode for the user interfaces to AAA.
[Switch] user-interface vty 0 4
[Switch-ui-vty0-4] authentication-mode scheme