Local Authentication, Hwtacacs Authorization, And Radius Accounting For Ssh Users - HP FlexNetwork 10500 Series Security Configuration Manual

[Switch] public-key local create dsa
# Enable the SSH service.
[Switch] ssh server enable
# Enable scheme authentication for user lines VTY 0 through VTY 63.
[Switch] line vty 0 63
[Switch-line-vty0-63] authentication-mode scheme
[Switch-line-vty0-63] quit
# Enable the default user role feature to assign authenticated SSH users the default user role
network-operator.
[Switch] role default-role enable
Verifying the configuration
# Initiate an SSH connection to the switch, and enter the correct username and password. The user
logs in to the switch. (Details not shown.)
# Verify that the user can use the commands permitted by the network-operator user role. (Details
not shown.)
Local authentication, HWTACACS authorization, and
RADIUS accounting for SSH users
Network requirements
As shown in
•
Perform local authentication for SSH servers.
•
Use the HWTACACS server and RADIUS server for SSH user authorization and accounting,
respectively.
•
Exclude domain names from the usernames sent to the servers.
•
Assign the default user role network-operator to SSH users after they pass authentication.
Configure an account with the username hello for the SSH user. Configure the shared keys for
secure communication with the HWTACACS server and RADIUS server to expert.
Figure 12 Network diagram
Configuration procedure
1. Configure the HWTACACS server. (Details not shown.)
2. Configure the RADIUS server. (Details not shown.)
3. Configure the switch:
# Configure IP addresses for interfaces. (Details not shown.)
Figure 12, configure the switch to meet the following requirements:
51