Tag: <span>AAA</span>

Objective: To separate management traffic from data/customer traffic in your Huawei Routers Preferably, Data and Management are into 2 separate network domains. Pre-requisite: UTP cables (for each MPU management port in case for switchover) are connected to a network switch to access the OOB management gateway To go configuration mode: system-view To preview configuration change before commiting display configuration candidate * * Management IP Configuration* *  a. Configure the vpn instance for management ip vpn-instance <vpn instance name> description <description> ipv4-family b. Set…

Huawei

Configuring Huawei Router to authenticate (also including authorization and accounting) to Tacacs+ server 10.10.10.10 – Tacacs+/ACS/ISE/AAA server#1 10.10.10.11 – Tacacs+/ACS/ISE/AAA server#2 20.20.20.2 –  Loopback/source IP Configure the tacacs server profile or template hwtacacs-server template <PROFILENAME> hwtacacs-server authentication <TACACS IP#1> hwtacacs-server authentication <TACACS IP#2> secondary hwtacacs-server authorization <TACACS IP#1> hwtacacs-server authorization <TACACS IP#2> secondary hwtacacs-server accounting <TACACS IP#1> hwtacacs-server accounting <TACACS IP#2> secondary hwtacacs-server source-ip <SOURCE IP> hwtacacs-server shared-key cipher <TACACS KEY> hwtacacs-server user-name original Sample Config: hwtacacs-server template freenetworktutorials  …

Huawei

SSH Configuration Examples in  Huawei Router Here are the configuration examples: whereas: 192.168.100.100 = Jumphost IP (Allowed IP to SSH into the device) Enable the SSH service stelnet server enable 2. Configure key exchange algorithm ssh server key-exchange { dh_group_exchange_sha256 dh_group_exchange_sha1 ecdh_sha2_nistp256 ecdh_sha2_nistp384 ecdh_sha2_nistp521 sm2_kep} 3. Configure encryption algorithm ssh server cipher { aes256_ctr aes128_ctr aes256_cbc aes128_cbc 3des_cbc } 4. Configure HMAC algorithm ssh server hmac { md5 | md5_96 | sha1 | sha1_96 | sha2_256 | sha2_256_96 } 5.…

Huawei

It is recommended to implement the separation of management and data/customer traffic in your Juniper devices (e.g. QFX Series Switches, MX Series).  Traffic passing through the management plane should be exclusively for management or administrative access purposes only like SSH, SNMP, NTP and AAA. Here’s the recommended configuration or practices for these management services. Configure Authentication, Authorization and Accounting (AAA) -preferably to setup centralized TACACS+ to manage all your devices, implement central network management that can impose security protocol to…

Juniper

It is recommended to implement the separation of management and data/customer traffic in your Datacenter switches like  Cisco Nexus devices (e.g. Nexus 7000, Nexus 9000).  Traffic passing through the management plane should be exclusively for management or administrative access purposes only like SSH, SNMP, NTP and AAA. Here’s the recommended configuration or practices for these management services. Configure Authentication, Authorization and Accounting (AAA) -preferably to setup centralized TACACS+ to manage all your devices, some uses Cisco® Identity Services Engine (ISE)…

Cisco

Objective: To separate management traffic from data/customer traffic in your Cisco XR routers. Preferably, Data and Management are into 2 separate network domains. Pre-requisite: UTP cables (for each RSP management port in case for switchover) are connected to a network switch to access the OOB management gateway * * Management IP Configuration* *  1. Configure the vrf for management vrf management description VRF for Out-of-Band address-family ipv4 unicast 2. Set the physical IP address on each RSP management port. There are total of…

Cisco