3Com 4200G, 4210, 5500, 5500G n

Configuring the Switch to Act as the SSH Client and Use RSA Authentication 293

[3Com] rsa local-key-pair create

# Set the authentication mode for the user interfaces to AAA.

[3Com] user-interface vty 0 4

[3Com-ui-vty0-4] authentication-mode scheme

# Enable the user interfaces to support SSH.

[3Com-ui-vty0-4] protocol inbound ssh

# Set the client’s command privilege level to 3.

[3Com-ui-vty0-4] user privilege level 3

[3Com-ui-vty0-4] quit

# Configure the authentication method of the SSH client named client001 as

RSA.

[3Com] ssh user client001 authentication-type rsa

nAfter generating an RSA key pair on the SSH client, manually configure the RSA

public key on the SSH server. For details, refer to “Configure Switch A” on page

293.

# Configure the client public key Switch001.

[3Com] rsa peer-public-key Switch001

RSA public key view: return to System View with "peer-public-key end".

[3Com-rsa-public-key] public-key-code begin

RSA key code view: return to last view with "public-key-code end".

[3Com-rsa-key-code] 3047

[3Com-rsa-key-code] 0240

[3Com-rsa-key-code] C8969B5A 132440F4 0BDB4E5E 40308747 804F608B

[3Com-rsa-key-code] 349EBD6A B0C75CDF 8B84DBE7 D5E2C4F8 AED72834

[3Com-rsa-key-code] 74D3404A 0B14363D D709CC63 68C8CE00 57C0EE6B

[3Com-rsa-key-code] 074C0CA9

[3Com-rsa-key-code] 0203

[3Com-rsa-key-code] 010001

[3Com-rsa-key-code] public-key-code end

[3Com-rsa-public-key] peer-public-key end

[3Com]

# Assign the public key Switch001 to client client001.

[3Com] ssh user client001 assign rsa-key Switch001

■Configure Switch A

# Create a VLAN interface on the switch and assign an IP address for it. This

address will serve as the SSH client’s address for SSH connection.

<3Com> system-view

[3Com] interface vlan-interface 1

[3Com-Vlan-interface1] ip address 10.165.87.137 255.255.255.0

[3Com-Vlan-interface1] quit

# Generate an RSA key pair.

[3Com] rsa local-key-pair create

Contents

Main 3Com Corporation 350 Campus Drive Marlborough, MA USA 01752-3064 C 1 2 3 4 9 10 11 12 13 17 18 19 20 21 25 26 27 28 29 34 35 36 37 38 Page ABOUT THIS GUIDE n c Conventions Related Documentation Products Supported by this Document Page Page 1 n Logging In from the Console Port Page Complete Configuration Telnet login configuration with the authentication mode being none You can telnet to your switch to manage and maintain it remotely. Logging In Through Tel ne t Page Page Configuring Login Access Control # Reference ACL 2000 to control Telnet login by source IP address. # Reference ACL 2000 to control SNMP login by source IP address. # Reference ACL 2000 to control WEB login by source IP address. Complete Configuration Configuration for Telnet login control by source IP address Page 2 Configuring Port-Based VLAN # Create VLAN 101 on Switch B, and add Ethernet 1/0/11 to VLAN 101. # Create VLAN 201 on Switch B, and add Ethernet 1/0/12 to VLAN 201. Complete Configuration Configuration on Switch A Configuring Protocol-Based VLAN n Page Page 3 IP Address Page 4 Configuring Voice VLAN Page n Precautions 5 Configuring GVRP Page n Page Page Page 6 Configuring the Basic Functions of an Ethernet Port n 7 Configuring Link Aggregation n Page Page 8 Configuring Port Isolation Page 9 Configuring Port Security autolearn Configuring Port Security mac-authentication Page Page Configuring Port Security userlogin-withoui Page Page # Configure port security trapping. Configuring Port Security mac-else-userlogin-sec ure-ext Mode Page Page Page 10 Configuring a Port Binding Page 11 MAC Address Table Management Page 12 Configuring DLDP Page Page Page 13 Auto Detect Implementation in Static Routing Page n Auto Detect Implementation in VRRP Page n Auto Detect Implementation in VLAN Interface Backup Page Page Page Page 14 Configuring MSTP Page Page Configuring VLAN-VPN Tunneling Page Page Configuring RSTP n Page Page Page Configuring Digest Snooping and Rapid Tran sit ion Page Page Page Page 15 Configuring Static Routes Page Configuring RIP Configuration Procedure Configure Switch A. Page Configuring OSPF Page Page Page Configuring OSPF DR Election Page Page Page Configuring a (Totally) Stub Area Page n Page Configuration information when area 1 is a stub area: Refer to the configuration of Switch B when area 1 is a non-backbone area. Configuring a (Totally) NSSA Area Page Page Page n Page Configuring OSPF Route Summarization Page Page n Page ASBR route summarization configuration 1 n Page ASBR route summarization configuration 2 n translated from Type-7 LSAs. Page Configuring OSPF Virtual Link Configuration Procedure 1Configure OSPF basic functions. # Configure Switch A. # Configure Switch B. 2Configure a virtual link. # Configure Switch A. # Configure Switch B. Precautions Both ends of a virtual link must be ABRs configured with the vlink-peer command. Configuring Routing Policies Page Page Page Page Page Page 16 Configuring IGMP Snooping Page Page Configuring IGMP Snooping Only c Page Page Configuring Multicast VLAN Page Page Page Configuring PIM-SM plus IGMP plus IGMP Snooping Page Page n # View the BSR information on Switch E. # View the RP information on Switch E. # View the PIM routing table on Switch A. # View the PIM routing table on Switch E. # View multicast group entries created by IGMP Snooping on Switch F. Page Page Configuration on Switch E Configuration on Switch F Configuring PIM-DM plus IGMP Page Page Complete Configuration Configuration on Switch A Configuring Anycast RP Application Page Page Page # View the PIM routing information on Switch F again. Complete Configuration Configuration on Switch C Configuration on Switch F 17 n Configuring 802.1x Access Control Page Page Page 18 Configuring RADIUS Authentication for Telnet Users Page Configuring Dynamic VLAN Assignment with RADIUS Page Configuring Local Authentication for Telnet Users Configuring HWTACACS Authentication for Teln et Use rs Page Configuring EAD Page Page 19 Configuring MAC Page Page Page 20 Single VRRP Group n Page Multiple VRRP Groups Page VRRP Interface Trac kin g Page Page VRRP Port Tracking Page Page Page 21 DHCP Server Global Address Pool Page Page DHCP Server Interface Address Pool DHCP Relay Agent Page DHCP Snooping Page DHCP Accounting Page DHCP Client Page 22 Configuring Basic ACLs Configuring Advanced ACLs Configuring Ethernet Frame Header ACLs Page Configuring User-Defined ACLs Page Page Page 23 Configuring Traffic Policing and LR n Page Configuring Priority Marking and Queue Scheduling n Page Page Configuring Traffic Redirection and Traffic Accounting Page Configuring QoS Profile Page Page 24 Configuring Web Cache Redirection Page Page Page 25 Local Port Mirroring Page Remote Port Mirroring Page Page # Configure the destination port and remote-probe VLAN for the remote destination mirroring group. # Configure Ethernet 1/0/1 as a Trunk port, allowing packets of VLAN 10 to pass. Complete Configuration 1Configuration on the source switch (Switch A) 2Configuration on the intermediate switch (Switch B) Page Traffic Mirroring Page Page 26 XRN Fabric Page Page Page Page n Page Page 27 Cluster Configuration n Page Page Network Management Interface Page Page n Cluster Configuration in Real Networking Cluster Page n Page Complete Configuration 1Configuration on Switch A 28 PoE Configuration Network Page PoE Profile Page # Create Profile2 and enter PoE profile view. # Apply the configured Profile1 to Ethernet 1/0/1 through Ethernet 1/0/5. # Apply the configured Profile2 to Ethernet 1/0/6 through Ethernet 1/0/10. Page 29 UDP Helper Page 30 SNMP Configuration Page RMON Configuration Page 31 NTP Client/Server Mode Configuration NTP Symmetric Peers Mode Configuration NTP Broadcast Mode Page NTP Multicast Mode NTP Client/Server Mode with Authentication Page Page 32 Configuring the Switch to Act as the SSH Server and Use Password Page Page Page Configuring the Switch to Act as the SSH Server and Use RSA Authentication n Page Page Page Page Page Configuring the Switch to Act as the SSH Client and Use Password # Specify the authentication method of user client001 as password. Configuring the Switch to Act as the SSH Client and Use RSA Authentication n # Display the host public key. n Configuring the Switch to Act as the SSH Client and Not to Support First-Time n # Display the server host public key. # Generate an RSA key pair. # Display the client host public key. 298 CHAPTER 32: SSH CONFIGURATION GUIDE n [3Com] undo ssh client first-time n # Specify the server public key on the client. [3Com] ssh client 10.165.87.136 assign rsa-key Switch002 Page Configuring SFTP Page # Add a directory named new1, and then check that the new directory has been successfully created. # Rename the directory to new2, and then verify the operation. # Download the file pubkey2 from the server, renaming it to public. # Upload file pu to the server and rename it to puk, and then verify the operation. # Exit SFTP. Page Page 33 Configuring a Switch as FTP Server SFTP serv er SFTP cli ent Switch B Switch A Vlan-int1 192.168.0 .1/24 Vlan-int1 192.168.0.2/ 24 n Configuring a Switch as FTP Client n Configuring a Switch as TFTP Client Page 34 Outputting Log Information to a Unix Log Host Page Outputting Log Information to a Linux Log Host Outputting Log and Trap Information to a Log Host Through the Same Channel Page Page Outputting Log Information to the Console Displaying the Time Stamp with the UTC Time Zone Use of the Facility Argument in Log Information Output Page 35 Configuring VLAN-VPN n Page Configuring BPDU Tunnel Network Page Complete Configuration Configure Provider 1 36 Page 37 Static Domain Name Resolution Dynamic Domain Name Resolution Page Page 38 Configuring Access Management Internet Page Configuring Access Management with Port Isolation