136
7. Verify that the number of online users is not 0 on VLAN-interface 100.
AAA for SSH users by a TACACS server configuration
example
Network requirements
As shown in Figure 49, configure the switch to meet the following requirements:
• Use the TACACS server for SSH user authentication, authorization, and accounting.
• Assign the default user role network-admin to SSH users after they pass authentication.
• Exclude domain names from the usernames sent to the TACACS server.
• Use expert as the shared keys for secure TACACS communication.
Figure 49 Network diagram
Configuration procedure
1. Configure the Stelnet server to generate local key pairs for SSH:
a. From the navigation tree, select Resources > Public key > Public key.
b. Add local DSA, ECDSA, and RSA key pairs.
2. Configure the SSH server:
a. From the navigation tree, select Network > Service > SSH.
b. Enable the Stelnet service.
3. Configure the VLAN and VLAN interface:
a. From the navigation tree, select Network > Links > VLAN.
b. Create VLAN 2.
c. Access the details page for VLAN 2 to perform the following tasks:
− Add interface GigabitEthernet 1/0/2 to the tagged port list.
− Create VLAN-interface 2.
− Assign IP address 192.168.1.70/24 to VLAN-interface 2.
− Configure a TACACS scheme on the switch:
− From the navigation tree, select Security > Authentication > TACACS.
− Add TACACS scheme tac.
− Configure the primary authentication, authorization, and accounting servers:
− Set the IP address to 10.1.1.1.
− Set the port number to 49.
− Set the shared key to expert.
To Next Page
Loading...
