Manualshelf

R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR4060 Router Chassis
71727374757677787980
63
Verifying the configuration
# Initiate an SSH connection to the router, and enter the username aaa@bbb and password
ldap!123456. (Details not shown.) The user logs in to the router.
# Verify that the user can use the commands permitted by the network-operator user role. (Details not
shown.)
AAA for PPP users by an HWTACACS server
Network requirements
As shown in Figure 21:
Router A uses the HWTACACS server to perform PAP authentication for users from Router B.
The HWTACACS server is also the authorization server and accounting server of Router B.
Router B does not provide authentication, authorization, or accounting for users from Router A.
Figure 21 Network diagram
Configuration procedure
1. Configure the HWTACACS server (details not shown):
a. Set the shared keys for secure communication with Router A to expert.
b. Add a user account userb for the PPP users from Router B.
c. Specify the password as passb.
2. Configure Router A:
# Create an HWTACACS scheme.
<RouterA> system-view
[RouterA] hwtacacs scheme hwtac
# Configure the primary HWTACACS server at 10.1.1.1. Set the authentication, authorization,
and accounting ports to 49. Configure the router to establish only one TCP connection with the
server.
[RouterA-hwtacacs-hwtac] primary authentication 10.1.1.1 49 single-connection
[RouterA-hwtacacs-hwtac] primary authorization 10.1.1.1 49 single-connection
[RouterA-hwtacacs-hwtac] primary accounting 10.1.1.1 49 single-connection
# Set the shared keys for authentication, authorization, and accounting to expert.
[RouterA-hwtacacs-hwtac] key authentication simple expert
[RouterA-hwtacacs-hwtac] key authorization simple expert