Then enter the password for CIPHER, sbr4y3 | Allied Telesis 2.6.1

30	AT-8800 Series Switch User Guide

2.Login as a Security Officer

To login as the user with Security Officer privilege called “CIPHER”, use the command:

LOGIN CIPHER

And then enter the password for “CIPHER”, “sbr4y3”.

3.Enable system security

To enable system security, use the command:

ENABLE SYSTEM SECURITY

4.Create an RSA key pair for this switch.

To create an RSA key pair, use the command:

CREATE ENCO KEY=0 TYPE=RSA LENGTH=1024

5.Set the switch’s distinguished name.

To set the switch’s distinguished name to "cn=switch1,o=my_company,c=us", use the command:

SET SYSTEM DISTINGUISHEDNAME="cn=switch1, o=my_company,c=us"

6.Set the UTC offset.

To set the Universal Coordinated Time to inform the switch that the difference between local time and GMT is 7 hours, use the command:

SET LOG UTCOFFSET=7

7.Create a self-signed certificate for the switch.

To create a PKI certificate without contacting a CA for browsing to the GUI, use the command:

CREATE PKI CERTIFICATE=cer_name KEYPAIR=0 SERIALNUMBER=12345 SUBJECT="cn=172.30.1.105, o=my_company, c=us"

Using this command creates a certificate that is only suitable for secure switch management via the GUI. A pop-up message will appear in the browser window warning that the certificate is not issued by a trusted authority. You should create a certificate via a Certification Authority if you want to use SSL with the Load Balancer. For details, see the Public Key Infrastructure (PKI) chapter of your Software Reference.

8.Load self-signed switch certificate

To load the signed switch certificate onto the switch, use the command:

ADD PKI CERTIFICATE=cer_name LOCATION=cer_name.cer

TRUST=YES

9.Enable SSL on the HTTP server

To enable SSL on the HTTP server with previously created SSL Key and the port 443, use the command:

SET HTTP SERVER SECURITY=ON SSLKEY=0 PORT=443

Software Release 2.6.1 C613-02039-00 REV A

Image 30

Allied Telesis 2.6.1 manual Then enter the password for CIPHER, sbr4y3, To enable system security, use the command

Contents

AT-8800 Series Switch Page Contents Operating the switch AT-8800 Series Switch User Guide Maintenance and Troubleshooting Page Introducing the AT-8800 Series Switch Why Read this User Guide?Chapter Where To Find More Information AT-8800 Series Switch Documentation Set Features of the AT-8800 Series Switch Online Technical SupportIntroduction Management Features Software Features Special Feature Licences Do if You Clear Flash Memory Completely on Getting Started with the Command Line Interface CLI This Chapter Connecting a Terminal or PC Terminal Communication ParametersParameters for terminal communication Value Logging Enter the password at the password promptGetting Started with the Command Line Interface CLI Assigning an IP Address Setting Routes To change the IP address for an interface, enter the command Changing a Password Choosing a PasswordTo add a static route, enter the command Using the Commands Not available Getting Command Line Help To display the current help file, enter the commandAliases Enabling Special Feature Licences Setting System Parameters Getting Started with the Graphical User Interface GUI Getting Started with the Graphical User Interface GUI Browser and PC Setup What is the GUI?Accessing the Switch via the GUI Supported browsers and operating systems Http Proxy Servers See Option 1 Configuring the Switch before Installation on Establishing a Connection to the SwitchSee Option 3 Connecting to an Installed Switch on See Option 2 Installing the Switch into the LAN on Option 1 Configuring the Switch before Installation Use this procedure ifSee Http Proxy Servers on page 23 for more information At the login prompt, enter the user name and password Option 2 Installing the Switch into the LANDefault username is manager Plug the switch into the LAN See Secure Access on page 29 for more information Assign the vlan1 interface an IP address Select a PC Option 3 Connecting to an Installed SwitchFind out the IP address of the switch’s interface If necessary, bypass the Http proxy server Secure Access Create a Security Officer user account Then enter the password for CIPHER, sbr4y3 To enable system security, use the commandTo create an RSA key pair, use the command System Status System Status Using Configuration Pages Using the GUI Navigation and FeaturesConfiguration Menu Quality of Service and traffic filters An example of a configuration page with a selection table Editable Fields Management Menu Monitoring Menu Diagnostics Menu Changing the PasswordContext Sensitive GUI Help Saving Configuration Entered with the GUI Combining GUI and CLI ConfigurationConfiguring Multiple Devices Load the new file onto the switch To upgrade the GUIThen delete the GUI resource file, using the command Upgrading the GUI Troubleshooting Install the new file as the preferred GUIPoint your web browser at the switch’s IP address Accessing the Switch via the GUI Deleting Temporary Files Traffic Flow IP Addresses and Dhcp SolutionSolutions Time and NTP Loading Software Page Snmp and MIBs on Using Scripts onUser Accounts and Privileges A Security Officer prompt looks like Login Normal Mode and Security Mode To display the current operating mode, enter the commandOperating the switch Specific Parameters Remote Management Storing Files in Flash Memory Using Scripts Example output from the Show File command Saving the Switch’s Configuration Storing Multiple Scripts Loading and Uploading Files File Naming ConventionsFile extensions and file types Extension File type/function Loading Files SPA To load a patch file Configure the Loader Setting Loader DefaultsExample Load a Patch File Using Http Download the patch file More information Uploading Files From the SwitchExample Upload a Configuration File Using Tftp To upload a log file Upgrading Switch Software Example Upgrade to a New Software Release Using To upgrade to a new software releaseLoad the new release file onto the switch Enter licence information for the release Enter the licence password for the software releaseMake the release the default permanent release Test the release Example Upgrade to a new patch file To upgrade to a new patch fileCheck that the file is successfully loaded Using the Built-in Editor Snmp and MIBs Where interface is the name of an interface, such as vlan11 For More About Operations and Facilities AT-8800 Series Switch User Guide Switch Ports Enabling and Disabling Switch Ports To enable or disable a switch port, use the commands To display information about switch ports, use the command STP Autonegotiation of Port Speed and Duplex Mode Port Trunking Speed 10/100 Show VLAN=ALL Layer 2 Switching Packet Storm Protection Port Mirroring Port security Example output from the Show Switch Port Intrusion command Virtual Local Area Networks VLANs Vlan Tagging Tpid Format of user priority and Vlan data in an Ethernet frame Vlan Membership using Vlan Tags Vlan membership of example of a network using tagged ports Vlan Membership of Untagged PacketsMember ports Creating VLANs Vlans with untagged ports To add tagged ports to a VLAN, use the command To destroy a VLAN, use the command Summary of Vlan tagging rules Protected VLANsVlan Interaction with STPs and Trunk Groups Layer 2 Switching Process Generic Vlan Registration Protocol GvrpIngress Rules Learning Process Forwarding Process Layer 2 Filtering Example output from the Show Switch Filter command Quality of Service Egress Rules Spanning Tree Protocol STP Spanning Tree Modes Spanning Tree and Rapid Spanning Tree Port States Spanning tree port states State MeaningRapid Spanning Tree port states State Meaning Configuring STP SET STP=stpnameALL PRIORITY=0..65535 Example output from the Show STP command Do not occur Switch Max Age Parameter Meaning To display STP port information, use the command 94AT-8800 Series Switch User Guide Example output from the Show STP Port command To show STP counters, use the command Transmit 96AT-8800 Series Switch User GuideReceive Discarded Interfaces to Layer 3 Protocols Igmp Snooping Disable Igmpsnooping Example output from the Show IP Igmp command Group List Description TriggersEvent Parameters Layer Internet Protocol IP Then use either of the following commandsDisplays the interfaces enabled for IP routing Figure IP Multicasting Routing Information Protocol RIP Novell IPXLayer 103 Example output from the Show IPX Circuit command AppleTalk Resource Reservation Protocol Rsvp Layer 105Page Maintenance and Troubleshooting How the Switch Starts Up Switch startup messages How to Avoid Problems Set system territory Watch for software updates What to Do if You Clear Flash Memory Completely If you accidentally do this, you will need to What to Do if Passwords are Lost What to Do if the PPP Link Disconnects RegularlyGetting the Most Out of Technical Support To get debugging output, enter the command Resetting Switch DefaultsChecking Connections Using Ping Maintenance and Troubleshooting 113 Stop a Ping that is in progress, enter the command Troubleshooting IP ConfigurationsTo set Ping defaults, enter the command Telnet Fails Your switch is acting as a Dhcp server Troubleshooting Dhcp IP AddressesYour switch is acting as a Dhcp client Maintenance and Troubleshooting 115 Local Workstations Can Not Access Remote Servers Troubleshooting IPX ConfigurationsTo check that the PPP link is active, enter the command No Routes are Visible to the Remote Router Using Trace Route for IP Traffic Check route tables To halt a trace route that is in progress, enter the command