Network requirements, Network diagram, Configuration procedure – H3C Technologies H3C S3100 Series Switches User Manual
Page 742
1-29
authentication succeeds, you will log in to the server. The level of commands that you can access after
login is authorized by the CAMS server. You can specify the level by setting the EXEC Privilege Level
argument in the Add Account window shown in
.
When Switch Acts as Server for Password and HWTACACS Authentication
Network requirements
As shown in
, an SSH connection is required between the host (SSH client) and the switch
(SSH server) for secure data exchange. Password authentication is required.
z
The host runs SSH2.0 client software to establish a local connection with the switch.
z
The switch cooperates with an HWTACACS server to authenticate SSH users.
Network diagram
Figure 1-18 Switch acts as server for password and HWTACACS authentication
Configuration procedure
z
Configure the SSH server
# Create a VLAN interface on the switch and assign it an IP address. This address will be used as the IP
address of the SSH server for SSH connections.
[Switch] interface vlan-interface 2
[Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0
[Switch-Vlan-interface2] quit
Generating the RSA and DSA key pairs on the server is prerequisite to SSH login.
# Generate RSA and DSA key pairs.
[Switch] public-key local create rsa
[Switch] public-key local create dsa
# Set the authentication mode for the user interfaces to AAA.
[Switch] user-interface vty 0 4