Home > HP > Printer > HP 5500 Ei 5500 Si Switch Series Configuration Guide

HP 5500 Ei 5500 Si Switch Series Configuration Guide

Add to Favourites
    Download as PDF Print this page Share this page

    Have a look at the manual HP 5500 Ei 5500 Si Switch Series Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    View all the pages
    Page
    of 2513
    Add page 1961 to Favourites
    image text
    Enable zoom 
    							 296 
Establishing a connection between the SSH client and server  
Task Command Remarks 
Establish a connection 
between the SSH client and 
the server, and specify the 
public key algorithm, 
preferred encryption 
algorithm, preferred HMAC 
algorithm and preferred key 
exchange algorithm. 
• For an IPv4 ser ver: 
ssh2  server  [ port-number  ] [ vpn-instance  
vpn-instance-name  ] [ identity-key { dsa | 
rsa } | prefer-ctos-cipher  { 3des | aes128  | 
des  } | prefer-ctos-hmac  { md5 | md5-96  | 
sha1 |  sha1-96  } | prefer-kex  
{  dh-group-exchange  | dh-group1  | 
dh-group14  } | prefer-stoc-cipher  { 3des | 
aes128  | des  } | prefer-stoc-hmac  { md5 | 
md5-96  | sha1  | sha1-96 } ] * 
• For an IPv6 ser ver:  
ssh2  ipv6  server  [ port-number  ] 
[ vpn-instance  vpn-instance-name  ] 
[ identity-key  { dsa  | rsa } | 
prefer-ctos-cipher  { 3des | aes128  | des  } | 
prefer-ctos-hmac  { md5 | md5-96  | sha1 | 
sha1-96 } | prefer-kex  { dh-group-exchange 
|  dh-group1  | dh-group14  } | 
prefer-stoc-cipher  { 3des | aes128  | des  } | 
prefer-stoc-hmac  { md5 | md5-96  | sha1 | 
sha1-96 } ] *  Use either command in 
user view. 
Only the HP 5500 EI 
switches support the 
vpn-instance
 
vpn-instance-name  option.
 
 
Setting the DSCP value for packets sent by the SSH client  
Step Command Remarks 
1.  Enter system view. 
system-view  N/A 
2.  Set the DSCP value for 
packets sent by the SSH client.   
• Set the DSCP value for packets 
sent by the IPv4 SSH client: 
ssh client dscp  dscp-value 
• Set the DSCP value for packets 
sent by the IPv6 SSH client: 
ssh client ipv6 dscp  dscp-value
 
Optional. 
By default, the DSCP value is 16 in 
packets sent by the IPv4 SSH client 
and is 0 in packets sent by the IPv6 
SSH client.  
 
Displaying and maintaining SSH 
 
Task Command Remarks 
Display the source IP address or 
interface set for the SFTP client.  display sftp client source
 [ | { begin  
|  exclude  | include  } 
regular-expression  ]  Available in any view
 
Display the source IP address or 
interface information on an SSH 
client.  display ssh client source
 [ | { begin  
|  exclude  | include  } 
regular-expression  ]  Available in any view
    Add page 1962 to Favourites
    image text
    Enable zoom 
    							 297 
Task Command Remarks 
Display SSH server status 
information or session information 
on an SSH server. display ssh server 
{ status  | 
session  } [ | { begin |  exclude | 
include  } regular-expression ]  Available in any view
 
Display the mappings between 
SSH servers and their host public 
keys on an SSH client.  display ssh server-info
 [ | { begin  | 
exclude  | include  } 
regular-expression  ]  Available in any view
 
Display information about SSH 
users on an SSH server.  display ssh user-information 
[ 
username  ] [ | { begin |  exclude | 
include  } regular-expression ]  Available in any view
 
Display the public keys of the local 
key pairs.  display public-key local 
{ dsa  | 
rsa  } public  [ | { begin | exclude  | 
include  } regular-expression ]  Available in any view 
Display the public keys of the SSH 
peers.  display public-key peer
 [ brief | 
name  publickey-name  ] [ | { begin  
|  exclude  | include  } 
regular-expression  ]  Available in any view 
 
For more information about the 
display public-key local and display public-key peer  commands, see 
Security Command Reference . 
SSH server configuration examples 
When the switch acts as a server for password authentication 
Network requirements 
As shown in Figure 101, a host (the SSH client) and a switch (t he SSH server) are directly connected. 
Configure an SSH user on the switch so that the host can securely log in to the switch after passing 
password authentication. Configure a username and password for the user on the switch. 
Figure 101  Network diagram 
 
 
Configuration procedure 
1. Configure the SSH server: 
# Generate the RSA key pairs. 
 system-view 
[Switch] public-key local create rsa 
The range of public key size is (512 ~ 2048). 
NOTES: If the key modulus is greater than 512, 
It will take a few minutes. 
Press CTRL+C to abort. 
Input the bits of the modulus[default = 1024]: 
Generating Keys...
    Add page 1963 to Favourites
    image text
    Enable zoom 
    							 298 
++++++++ 
++++++++++++++ 
+++++ 
++++++++ 
# Generate a DSA key pair. 
[Switch] public-key local create dsa 
The range of public key size is (512 ~ 2048). 
NOTES: If the key modulus is greater than 512, 
It will take a few minutes. 
Press CTRL+C to abort. 
Input the bits of the modulus[default = 1024]: 
Generating Keys... 
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\
++++++++ 
+++++++++++++++++++++++++++++++++++ 
# Enable the SSH server. 
[Switch] ssh server enable 
# Configure an IP address for VLAN-interface 1. This address will serve as the destination of the 
SSH connection. 
[Switch] interface vlan-interface 1 
[Switch-Vlan-interface1] ip address 192.168.1.40 255.255.255.0 
[Switch-Vlan-interface1] quit 
# Set the authentication mode for the user interfaces to AAA. 
[Switch] user-interface vty 0 15 
[Switch-ui-vty0-15] authentication-mode scheme 
# Enable the user interfaces to support SSH. 
[Switch-ui-vty0-15] protocol inbound ssh 
[Switch-ui-vty0-15] quit 
# Create local user client001, and set the user command privilege level to 3 
[Switch] local-user client001 
[Switch-luser-client001] password simple aabbcc 
[Switch-luser-client001] service-type ssh 
[Switch-luser-client001] authorization-attribute level 3 
[Switch-luser-client001] quit 
# Specify the service type for user client001  as stelnet, and the authentication method as password . 
This step is optional. 
[Switch] ssh user client001 service-type stelnet authentication-type pas\
sword 
2.  Establish a connection between the  SSH client and the SSH server: 
The switch supports a variety of SSH client soft ware, such as PuTTY, and OpenSSH. The following 
example uses PuTTY Version 0.58. 
# Establish a connection to the SSH server. 
Launch PuTTY.exe to enter the following interface. In the  Host Name (or IP address) text box, enter 
the IP address of the server (192.168.1.40).
    Add page 1964 to Favourites
    image text
    Enable zoom 
    							 299 
Figure 102 Specifying the host name (or IP address) 
 
 
Click Open to connect to the server. If the connection is normal, you will be prompted to enter the 
username and password. After entering the username ( client001) and password ( aabbcc), you can 
enter the configuration interface of the server.  
When the switch acts as a server for publickey authentication 
Network requirements 
As shown in Figure 103 , a host (the SSH client) and a switch (the SSH server) are directly connected. 
Configure an SSH user on the switch so that the host can securely log in to the switch after passing 
publickey authentication. Use the RSA public key algorithm. 
Figure 103  Network diagram 
 
 
Configuration procedure
    Add page 1965 to Favourites
    image text
    Enable zoom 
    							 300 
 IMPORTANT: 
During SSH server configuration, 
the client public key is required. Use the client software to 
generate RSA
key pairs on the client before configuring the SSH server.  
1. Configure the SSH client: 
# Generate the RSA key pairs. 
Run PuTTYGen.exe, select  SSH-2 RSA and click Generate. 
Figure 104  Generating the key pair on the client 
 
 
When the generator is generating the key pair, you must move the mouse continuously and keep 
the mouse off the green progress bar shown in  Figure 105. Other
 wise, the progress bar stops 
moving and the key pair generati ng process will be stopped.
    Add page 1966 to Favourites
    image text
    Enable zoom 
    							 301 
Figure 105 Generating process 
 
 
After the key pair is generated, click Save public key and specify the file name as  key.pub to save 
the public key. 
Figure 106  Saving the key pair on the client
    Add page 1967 to Favourites
    image text
    Enable zoom 
    							 302 
Likewise, to save the private key, click Save private key. A warning window pops up to prompt 
you whether to save the private key without any protection. Click  Yes and enter the name of the file 
for saving the key ( private.ppk in this case).  
Then, transmit the public key file  to the server through FTP or TFTP. 
2. Configure the SSH server: 
# Generate the RSA key pairs. 
 system-view 
[Switch] public-key local create rsa 
The range of public key size is (512 ~ 2048). 
NOTES: If the key modulus is greater than 512, 
It will take a few minutes. 
Press CTRL+C to abort. 
Input the bits of the modulus[default = 1024]: 
Generating Keys... 
++++++++ 
++++++++++++++ 
+++++ 
++++++++ 
# Generate a DSA key pair. 
[Switch] public-key local create dsa 
The range of public key size is (512 ~ 2048). 
NOTES: If the key modulus is greater than 512, 
It will take a few minutes. 
Press CTRL+C to abort. 
Input the bits of the modulus[default = 1024]: 
Generating Keys... 
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\
++++++++ 
+++++++++++++++++++++++++++++++++++ 
# Enable the SSH server. 
[Switch] ssh server enable 
# Configure an IP address for VLAN-interface 1. This address will serve as the destination of the 
SSH connection. 
[Switch] interface vlan-interface 1 
[Switch-Vlan-interface1] ip address 192.168.1.40 255.255.255.0 
[Switch-Vlan-interface1] quit 
# Set the authentication mode for the user interfaces to AAA. 
[Switch] user-interface vty 0 15 
[Switch-ui-vty0-15] authentication-mode scheme 
# Enable the user interfaces to support SSH. 
[Switch-ui-vty0-15] protocol inbound ssh 
# Set the user command privilege level to 3. 
[Switch-ui-vty0-15] user privilege level 3 
[Switch-ui-vty0-15] quit 
# Import the client’s public key from file  key.pub and name it  Switch001. 
[Switch] public-key peer Switch001 import sshkey key.pub
    Add page 1968 to Favourites
    image text
    Enable zoom 
    							 303 
# Specify the authentication method for user client002 as publickey , and assign the public key 
Switch001  to the user. 
[Switch] ssh user client002 service-type stelnet authentication-type publickey assign 
publickey Switch001 
3.  Establish a connection between the  SSH client and the SSH server: 
# Specify the private key file and est ablish a connection to the SSH server 
Launch PuTTY.exe to enter the following interface. In the  Host Name (or IP address) text box, enter 
the IP address of the server (192.168.1.40). 
Figure 107  Specifying the host name (or IP address) 
 
 
Select Connection  > SSH  > Auth  from the navigation tree.  The following window appears. Click 
Browse…  to bring up the file selection window, navigate to the private key file ( private.ppk) and 
click  OK.
    Add page 1969 to Favourites
    image text
    Enable zoom 
    							 304 
Figure 108 Specifying the private key file 
 
 
Click Open to connect to the server. If the connection is normal, you will be prompted to enter the 
username. After entering the username ( client002), you can enter the config uration interface of the 
server. 
SSH client configuration examples 
When switch acts as client for password authentication 
Network requirements 
As shown in Figure 109 , Switch A (the SSH client) must pass password authentication to log in to Switch 
B (the SSH server) through the SSH protocol. Configure the username  client001 and the password aabbcc  
for the SSH client on Switch B. 
Figure 109  Network diagram 
 
 
Configuration procedure 
1. Configure the SSH server: 
# Generate the RSA key pairs. 
 system-view
    Add page 1970 to Favourites
    image text
    Enable zoom 
    							 305 
[SwitchB] public-key local create rsa 
The range of public key size is (512 ~ 2048). 
NOTES: If the key modulus is greater than 512, 
It will take a few minutes. 
Press CTRL+C to abort. 
Input the bits of the modulus[default = 1024]: 
Generating Keys... 
++++++++ 
++++++++++++++ 
+++++ 
++++++++ 
# Generate a DSA key pair. 
[SwitchB] public-key local create dsa 
The range of public key size is (512 ~ 2048). 
NOTES: If the key modulus is greater than 512, 
It will take a few minutes. 
Press CTRL+C to abort. 
Input the bits of the modulus[default = 1024]: 
Generating Keys... 
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\
++++++++ 
+++++++++++++++++++++++++++++++++++ 
# Enable the SSH server. 
[SwitchB] ssh server enable 
# Configure an IP address for VLAN-interface 1, which the SSH client will use as the destination for 
SSH connection. 
[SwitchB] interface vlan-interface 1 
[SwitchB-Vlan-interface1] ip address 10.165.87.136 255.255.255.0 
[SwitchB-Vlan-interface1] quit 
# Set the authentication mode for the user interfaces to AAA. 
[SwitchB] user-interface vty 0 15 
[SwitchB-ui-vty0-15] authentication-mode scheme 
# Enable the user interfaces to support SSH. 
[SwitchB-ui-vty0-15] protocol inbound ssh 
[SwitchB-ui-vty0-15] quit 
# Create local user  client001. 
[SwitchB] local-user client001 
[SwitchB-luser-client001] password simple aabbcc 
[SwitchB-luser-client001] service-type ssh 
[SwitchB-luser-client001] authorization-attribute level 3 
[SwitchB-luser-client001] quit 
# Specify the service type for user client001  as stelnet, and the authentication method as password . 
This step is optional. 
[SwitchB] ssh user client001 service-type stelnet authentication-type pa\
ssword 
2.  Establish a connection between the  SSH client and the SSH server: 
# Configure an IP address for VLAN-interface 1. 
 system-view 
[SwitchA] interface vlan-interface 1
    All HP manuals Comments (0)

    Related Manuals for HP 5500 Ei 5500 Si Switch Series Configuration Guide