Home > HP > Printer > HP 5500 Ei 5500 Si Switch Series Configuration Guide

HP 5500 Ei 5500 Si Switch Series Configuration Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual HP 5500 Ei 5500 Si Switch Series Configuration Guide. The HP manuals for Printer are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 71

    Page 71 59 HTTPS login configuration example Network requirements As shown in Figure 29, to prevent unauthorized users from accessing the device, configure the device as the HTTPS server and the host as the HTTPS client, and request a certificate for each of them. Figure 29 Network diagram Configuration procedure This example assumes that the CA is named new-ca, runs Windows Server, and is installed with the Simple Certificate Enrollment Protocol (SCEP) add-on. This example also assumes that the... 
     59 
HTTPS login configuration example 
Network requirements 
As shown in Figure 29, to prevent unauthorized users from accessing the device, configure the device as 
the HTTPS server and the host as the HTTPS client, and request a certificate for each of them. 
Figure 29  Network diagram 
 
 
Configuration procedure 
This example assumes that the CA is named  new-ca, runs Windows Server, and is installed with the 
Simple Certificate Enrollment Protocol (SCEP) add-on. This example also assumes that the...

    Page 72

    Page 72 60 # Create an SSL server policy myssl, specify PKI domain 1 for the SSL server policy, and enable certificate-based SSL client authentication. [Device] ssl server-policy myssl [Device-ssl-server-policy-myssl] pki-domain 1 [Device-ssl-server-policy-myssl] client-verify enable [Device-ssl-server-policy-myssl] quit # Create a certificate attribute group mygroup1, and configure a certif icate attribute rule, specifying that the distinguished name (DN) in the subject name includes the string of... 
     60 
# Create an SSL server policy myssl, specify PKI domain 1 for the SSL server policy, and enable 
certificate-based SSL client authentication.  
[Device] ssl server-policy myssl 
[Device-ssl-server-policy-myssl] pki-domain 1 
[Device-ssl-server-policy-myssl] client-verify enable 
[Device-ssl-server-policy-myssl] quit 
# Create a certificate attribute group  mygroup1, and configure a certif icate attribute rule, 
specifying that the distinguished name (DN) in  the subject name includes the string of...

    Page 73

    Page 73 61 Logging in through NMS You can use an NMS to access the device MIB and perform GET and SET operations to manage and monitor the device. The device supports SNMPv1, SNMPv2c, and SNMPv3, and can work with various network management software products, including IMC. For more information about SNMP, see Network Management and Monitoring Configuration Guide. By default, SNMP access is disabled. To enable SNMP access, log in to the device via any other method. Configuring SNMP login Connect the PC... 
     61 
Logging in through NMS 
You can use an NMS to access the device MIB and perform GET and SET operations to manage and 
monitor the device. The device supports SNMPv1, SNMPv2c, and SNMPv3, and can work with various 
network management software products, including IMC. For more information about SNMP, see 
Network Management and Monitoring Configuration Guide. 
By default, SNMP access is disabled. To enable SNMP access, log in to the device via any other method. 
Configuring SNMP login 
Connect the PC...

    Page 74

    Page 74 62 Step Command Remarks 3. Configure an SNMP group and specify its access right. snmp-agent group v3 group-name [ authentication | privacy ] [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * By default, no SNMP group is configured. 4. Add a user to the SNMP group. snmp-agent usm-user v3 user-name group-name [ [ cipher ] authentication-mode { md5 | sha } auth-password [ privacy-mode {... 
     62 
Step Command Remarks 
3.  Configure an SNMP 
group and specify its 
access right.  snmp-agent
 group  v3  group-name  
[ authentication  | privacy ] 
[  read-view  read-view  ] [ write-view  
write-view  ] [ notify-view  
notify-view  ] [ acl acl-number |  acl 
ipv6  ipv6-acl-number  ] *  By default, no SNMP group is 
configured.  
4.
  Add a user to the SNMP 
group.  snmp-agent
 usm-user  v3  user-name  
group-name  [ [ cipher ] 
authentication-mode  { md5 | sha } 
auth-password  [ privacy-mode  
{...

    Page 75

    Page 75 63 NMS login example Network requirements Configure the device and network management station so you can remotely manage the device through SNMPv3. Figure 31 Network diagram Configuration procedure 1. Configure the device: # Assign an IP address to the device. Make sure the device and the NMS can reach each other. (Details not shown.) # Enter system view. system-view # Enable the SNMP agent. [Sysname] snmp-agent # Configure an SNMP group. [Sysname] snmp-agent group v3... 
     63 
NMS login example 
Network requirements 
Configure the device and network management station so you can remotely manage the device through 
SNMPv3. 
Figure 31 Network diagram 
 
 
Configuration procedure 
1. Configure the device: 
# Assign an IP address to the device. Make sure  the device and the NMS can reach each other. 
(Details not shown.) 
# Enter system view.  
 system-view 
# Enable the SNMP agent.  
[Sysname] snmp-agent 
# Configure an SNMP group.  
[Sysname] snmp-agent group v3...

    Page 76

    Page 76 64 Figure 32 IMC login page b. Enter the username and password, and then click Login. The IMC homepage appears. Figure 33 IMC homepage c. Log in to IMC and configure SNMP settings for IMC to find the switch. d. After the switch is found, you can manage and maintain the switch through IMC. For example, query switch information or co nfigure switch parameters. 
     64 
Figure 32 IMC login page 
 
b. Enter the username and password, and then click  Login.  
The IMC homepage appears. 
Figure 33  IMC homepage  
 
c. Log in to IMC and configure SNMP settings for IMC to find the switch.  
d.  After the switch is found, you can manage and  maintain the switch through IMC. For example, 
query switch information or co nfigure switch parameters.

    Page 77

    Page 77 65 Controlling user logins To harden device security, use ACLs to prevent unauthorized logins. For more information about ACLs, see ACL and QoS Configuration Guide. Controlling Telnet logins Use a basic ACL (2000 to 2999) to filter Telnet traffic by source IP address. Use an advanced ACL (3000 to 3999) to filter Telnet traffic by source and/or destination IP address. Use an Ethernet frame header ACL (4000 to 4999) to filter Telnet traffic by source MAC address. To access the device, a Telnet... 
     65 
Controlling user logins 
To harden device security, use ACLs to prevent unauthorized logins. For more information about ACLs, 
see ACL and QoS Configuration Guide.  
Controlling Telnet logins 
Use a basic ACL (2000 to 2999) to filter Telnet traffic by source IP address. Use an advanced ACL (3000 
to 3999) to filter Telnet traffic by source and/or  destination IP address. Use an Ethernet frame header 
ACL (4000 to 4999) to filter Telnet traffic by source MAC address.  
To access the device, a Telnet...

    Page 78

    Page 78 66 Configuring source/destination IP-based Telnet login control Step Command Remarks 1. Enter system view. system-view N/A 2. Create an advanced ACL and enter its view, or enter the view of an existing advanced ACL. acl [ ipv6 ] number acl-number [ match-order { config | auto } ] By default, no advanced ACL exists. 3. Configure an ACL rule. rule [ rule-id ] { permit | deny } rule-string N/A 4. Exit advanced ACL view. quit N/A 5. Enter user interface view.... 
     66 
Configuring source/destination IP-based Telnet login control  
Step Command Remarks 
1.  Enter system view. 
system-view N/A 
2.  Create an advanced ACL and 
enter its view, or enter the 
view of an existing advanced 
ACL.   acl 
[ ipv6  ] number  acl-number  
[ match-order  { config | auto  } ]  By default, no advanced ACL 
exists.
 
3.  Configure an ACL rule.  rule
 [ rule-id  ] { permit  | deny } 
rule-string   N/A
 
4.  Exit advanced ACL view. 
quit  N/A 
5.  Enter user interface view....

    Page 79

    Page 79 67 Figure 34 Network diagram Configuration procedure # Configure basic ACL 2000, and configure rule 1 to permit packets sourced from Host B, and rule 2 to permit packets sourced from Host A. system-view [Sysname] acl number 2000 match-order config [Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [Sysname-acl-basic-2000] quit # Reference ACL 2000 in user interface view to allow Telnet users from Host A and Host B to... 
     67 
Figure 34 Network diagram 
 
 
Configuration procedure 
# Configure basic ACL 2000, and configure rule 1 to permit packets sourced from Host B, and rule 2 to 
permit packets sourced from Host A. 
 system-view 
[Sysname] acl number 2000 match-order config 
[Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0 
[Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0 
[Sysname-acl-basic-2000] quit 
# Reference ACL 2000 in user interface view to allow Telnet users from Host A and Host B to...

    Page 80

    Page 80 68 Step Command Remarks 5. Apply the ACL to an SNMP community, group or user. • SNMPv1/v2c community: snmp-agent community { read | write } community -name [ mib-view view-name ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * • SNMPv1/v2c group: snmp-agent group { v1 | v2c } group-name [ read-view read-view ] [ write-view write -view ] [ notify-view notify-view ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * • SNMPv3 group: snmp-agent group v3 group-name... 
     68 
Step Command Remarks 
5.  Apply the ACL to an 
SNMP community, group 
or user. 
• SNMPv1/v2c community:  
snmp-agent  community  { read | write  } 
community -name [ mib-view  view-name  ] 
[ acl  acl-number  | acl  ipv6 
ipv6-acl-number  ] * 
• SNMPv1/v2c group: 
snmp-agent  group  { v1 | v2c  } 
group-name  [ read-view  read-view  ] 
[ write-view  write -view  ] [ notify-view  
notify-view  ] [ acl acl-number  | acl  ipv6 
ipv6-acl-number  ] * 
• SNMPv3 group: 
snmp-agent  group  v3  group-name...
    Start reading HP 5500 Ei 5500 Si Switch Series Configuration Guide

    Related Manuals for HP 5500 Ei 5500 Si Switch Series Configuration Guide

    All HP manuals