Allied Telesis 2.6.1 manual Normal Mode and Security Mode, Operating the switch

Page 47

Operating the switch

47

See the Operations chapter in the AT-8800 Series Switch Software Reference for:

More information about managing and using accounts with user, manager and security officer privileges

A full list of commands that require security officer privilege when the switch is in secure mode

Information about enabling a remote security officer.

Normal Mode and Security Mode

The switch operates in one of two modes, either normal mode or security mode. By default, the switch is in normal mode.

When the switch is in security mode, the command SHOW DEBUG does not display output of the SHOW FEATURE and SHOW CONFIGURATION DYNAMIC commands, or the current configuration in the SHOW SYSTEM output unless the SHOW DEBUG command is entered by a user with security officer privilege.

If you wish to use the following software features you need to enable security mode:

IP authentication

Secure Shell (see the Secure Shell chapter, AT-8800 Series Switch Software Reference)

Encryption (see the Compression and Encryption Services chapter, AT-8800 Series Switch Software Reference)

IPsec (see the IP Security chapter, AT-8800 Series Switch Software Reference)

Public Key Encryption (PKI) (see the Public Key Infrastructure chapter, AT- 8800 Series Switch Software Reference)

Secure Sockets Layer (SSL) (see the Secure Sockets Layer chapter, AT-8800 Series Switch Software Reference)

To enable security mode, first create a user with security officer privilege, then enter the command:

ENABLE SYSTEM SECURITY_MODE

To access secure functionality you will need to log in again as the security officer.

When the switch restarts, it restarts in the same normal mode or security mode as it was before restarting. To restore the switch to normal operating mode, enter the command:

DISABLE SYSTEM SECURITY_MODE

When security mode is disabled, the switch automatically deletes all sensitive data files, including encryption keys.

To display the current operating mode, enter the command:

SHOW SYSTEM

Software Release 2.6.1 C613-02039-00 REV A

Image 47
Contents AT-8800 Series Switch Page Contents AT-8800 Series Switch User Guide Operating the switchMaintenance and Troubleshooting Page Chapter Introducing the AT-8800 Series SwitchWhy Read this User Guide? AT-8800 Series Switch Documentation Set Where To Find More InformationIntroduction Features of the AT-8800 Series SwitchOnline Technical Support Software Features Management FeaturesSpecial Feature Licences Do if You Clear Flash Memory Completely on This Chapter Getting Started with the Command Line Interface CLIParameters for terminal communication Value Connecting a Terminal or PCTerminal Communication Parameters Assigning an IP Address Enter the password at the password promptGetting Started with the Command Line Interface CLI LoggingTo change the IP address for an interface, enter the command Setting RoutesTo add a static route, enter the command Changing a PasswordChoosing a Password Not available Using the CommandsAliases Getting Command Line HelpTo display the current help file, enter the command Setting System Parameters Enabling Special Feature LicencesGetting Started with the Graphical User Interface GUI Getting Started with the Graphical User Interface GUISupported browsers and operating systems What is the GUI?Accessing the Switch via the GUI Browser and PC SetupHttp Proxy Servers See Option 2 Installing the Switch into the LAN on Establishing a Connection to the SwitchSee Option 3 Connecting to an Installed Switch on See Option 1 Configuring the Switch before Installation onSee Http Proxy Servers on page 23 for more information Option 1 Configuring the Switch before InstallationUse this procedure if Plug the switch into the LAN Option 2 Installing the Switch into the LANDefault username is manager At the login prompt, enter the user name and passwordAssign the vlan1 interface an IP address See Secure Access on page 29 for more informationIf necessary, bypass the Http proxy server Option 3 Connecting to an Installed SwitchFind out the IP address of the switch’s interface Select a PCCreate a Security Officer user account Secure AccessTo create an RSA key pair, use the command Then enter the password for CIPHER, sbr4y3To enable system security, use the command System Status System StatusQuality of Service and traffic filters Using the GUI Navigation and FeaturesConfiguration Menu Using Configuration PagesAn example of a configuration page with a selection table Editable Fields Monitoring Menu Management MenuContext Sensitive GUI Help Diagnostics MenuChanging the Password Configuring Multiple Devices Saving Configuration Entered with the GUICombining GUI and CLI Configuration Upgrading the GUI To upgrade the GUIThen delete the GUI resource file, using the command Load the new file onto the switchPoint your web browser at the switch’s IP address TroubleshootingInstall the new file as the preferred GUI Deleting Temporary Files Accessing the Switch via the GUITraffic Flow Time and NTP SolutionSolutions IP Addresses and DhcpLoading Software Page A Security Officer prompt looks like Using Scripts onUser Accounts and Privileges Snmp and MIBs onLogin Operating the switch Normal Mode and Security ModeTo display the current operating mode, enter the command Specific Parameters Storing Files in Flash Memory Remote ManagementExample output from the Show File command Using ScriptsStoring Multiple Scripts Saving the Switch’s ConfigurationFile extensions and file types Extension File type/function Loading and Uploading FilesFile Naming Conventions SPA Loading FilesDownload the patch file Setting Loader DefaultsExample Load a Patch File Using Http To load a patch file Configure the LoaderTo upload a log file Uploading Files From the SwitchExample Upload a Configuration File Using Tftp More informationUpgrading Switch Software Load the new release file onto the switch Example Upgrade to a New Software Release UsingTo upgrade to a new software release Test the release Enter the licence password for the software releaseMake the release the default permanent release Enter licence information for the releaseCheck that the file is successfully loaded Example Upgrade to a new patch fileTo upgrade to a new patch file Snmp and MIBs Using the Built-in EditorFor More About Operations and Facilities Where interface is the name of an interface, such as vlan11AT-8800 Series Switch User Guide Enabling and Disabling Switch Ports Switch PortsTo display information about switch ports, use the command To enable or disable a switch port, use the commandsSTP Autonegotiation of Port Speed and Duplex Mode Speed 10/100 Port TrunkingShow VLAN=ALL Packet Storm Protection Layer 2 SwitchingPort Mirroring Port security Virtual Local Area Networks VLANs Example output from the Show Switch Port Intrusion commandTpid Vlan TaggingFormat of user priority and Vlan data in an Ethernet frame Vlan Membership using Vlan Tags Member ports Vlan membership of example of a network using tagged portsVlan Membership of Untagged Packets Vlans with untagged ports Creating VLANsTo destroy a VLAN, use the command To add tagged ports to a VLAN, use the commandVlan Interaction with STPs and Trunk Groups Summary of Vlan tagging rulesProtected VLANs Ingress Rules Layer 2 Switching ProcessGeneric Vlan Registration Protocol Gvrp Learning Process Forwarding Process Layer 2 Filtering Example output from the Show Switch Filter command Egress Rules Quality of ServiceSpanning Tree Modes Spanning Tree Protocol STPRapid Spanning Tree port states State Meaning Spanning Tree and Rapid Spanning Tree Port StatesSpanning tree port states State Meaning Configuring STP SET STP=stpnameALL PRIORITY=0..65535 Example output from the Show STP command Do not occur Parameter Meaning Switch Max AgeTo display STP port information, use the command Example output from the Show STP Port command 94AT-8800 Series Switch User GuideTo show STP counters, use the command Discarded 96AT-8800 Series Switch User GuideReceive TransmitIgmp Snooping Interfaces to Layer 3 ProtocolsDisable Igmpsnooping Group List Example output from the Show IP Igmp commandParameters TriggersEvent DescriptionLayer IP Multicasting Then use either of the following commandsDisplays the interfaces enabled for IP routing Figure Internet Protocol IPLayer 103 Routing Information Protocol RIPNovell IPX AppleTalk Example output from the Show IPX Circuit commandLayer 105 Resource Reservation Protocol RsvpPage Maintenance and Troubleshooting Switch startup messages How the Switch Starts UpSet system territory How to Avoid ProblemsWatch for software updates If you accidentally do this, you will need to What to Do if You Clear Flash Memory CompletelyGetting the Most Out of Technical Support What to Do if Passwords are LostWhat to Do if the PPP Link Disconnects Regularly Maintenance and Troubleshooting 113 Resetting Switch DefaultsChecking Connections Using Ping To get debugging output, enter the commandTelnet Fails Troubleshooting IP ConfigurationsTo set Ping defaults, enter the command Stop a Ping that is in progress, enter the commandMaintenance and Troubleshooting 115 Troubleshooting Dhcp IP AddressesYour switch is acting as a Dhcp client Your switch is acting as a Dhcp serverNo Routes are Visible to the Remote Router Troubleshooting IPX ConfigurationsTo check that the PPP link is active, enter the command Local Workstations Can Not Access Remote ServersCheck route tables Using Trace Route for IP TrafficTo halt a trace route that is in progress, enter the command