Allied Telesis 2.6.1 - page 30

30 AT-8800 Series Switch User Guide

Software Release 2.6.1

C613-02039-00 REV A

2. Login as a Security Officer

To login as the user with Security Officer privilege called “CIPHER”, use

the command:

LOGIN CIPHER

And then enter the password for “CIPHER”, “sbr4y3”.

3. Enable system security

To enable system security, use the command:

ENABLE SYSTEM SECURITY

4. Create an RSA key pair for this switch.

To create an RSA key pair, use the command:

CREATE ENCO KEY=0 TYPE=RSA LENGTH=1024

5. Set the switch’s distinguished name.

To set the switch’s distinguished name to

"cn=switch1,o=my_company,c=us", use the command:

SET SYSTEM DISTINGUISHEDNAME="cn=switch1,

o=my_company,c=us"

6. Set the UTC offset.

To set the Universal Coordinated Time to inform the switch that the

difference between local time and GMT is 7 hours, use the command:

SET LOG UTCOFFSET=7

7. Create a self-signed certificate for the switch.

To create a PKI certificate without contacting a CA for browsing to the GUI,

use the command:

CREATE PKI CERTIFICATE=cer_name KEYPAIR=0

SERIALNUMBER=12345 SUBJECT="cn=172.30.1.105,

o=my_company, c=us"

Using this command creates a certificate that is only suitable for secure switch

management via the GUI. A pop-up message will appear in the browser

window warning that the certificate is not issued by a trusted authority. You

should create a certificate via a Certification Authority if you want to use SSL

with the Load Balancer. For details, see the Public Key Infrastructure (PKI)

chapter of your Software Reference.

8. Load self-signed switch certificate

To load the signed switch certificate onto the switch, use the command:

ADD PKI CERTIFICATE=cer_name LOCATION=cer_name.cer

TRUST=YES

9. Enable SSL on the HTTP server

To enable SSL on the HTTP server with previously created SSL Key and the

port 443, use the command:

SET HTTP SERVER SECURITY=ON SSLKEY=0 PORT=443

Contents

Main Page Contents Page Page Page Chapter 1 Introduction Introducing the AT-8800 Series Switch Why Read this User Guide? Where To Find More Information The AT-8800 Series Switch Documentation Set Online Technical Support Features of the AT-8800 Series Switch Management Features Software Features Special Feature Licences Warning about FLASH memory Chapter 2 Getting Started with the Command Line Interface (CLI) Connecting a Terminal or PC Terminal Communication Parameters Logging In Assigning an IP Address Setting Routes Changing a Password Choosing a Password Using the Commands Aliases Getting Command Line Help Enabling Special Feature Licences Setting System Parameters Chapter 3 Getting Started with the Graphical User Interface (GUI) What is the GUI? Accessing the Switch via the GUI Browser and PC Setup HTTP Proxy Servers Establishing a Connection to the Switch Start here Option 1: Configuring the Switch before Installation Option 2: Installing the Switch into the LAN AT-8800 Series Switch PC Hub or Layer 2 Switch Page Option 3: Connecting to an Installed Switch Secure Access Page System Status Using the GUI: Navigation and Features The Configuration Menu Using Configuration Pages Page Editable Fields Ports Graphic Apply Button Cancel Button Close Button The Management Menu The Monitoring Menu The Diagnostics Menu Changing the Password Context Sensitive GUI Help Saving Configuration Entered with the GUI Combining GUI and CLI Configuration Configuring Multiple Devices Upgrading the GUI Troubleshooting Deleting Temporary Files Accessing the Switch via the GUI Tra ffi c Fl ow IP Addresses and DHCP Time and NTP Loading Software Page Chapter 4 Operating the switch User Accounts and Privileges Page Normal Mode and Security Mode Page Remote Management Storing Files in FLASH Memory Using Scripts Saving the Switchs Configuration Storing Multiple Scripts Loading and Uploading Files File Naming Conventions Loading Files Setting LOADER Defaults Example: Load a Patch File Using HTTP Uploading Files From the Switch Example: Upload a Configuration File Using TFTP More information Upgrading Switch Software Example: Upgrade to a New Software Release Using TFTP Page Example: Upgrade to a new patch file Using the Built-in Editor SNMP and MIBs For More About Operations and Facilities Page Chapter 5 Layer 2 Switching Switch Ports Enabling and Disabling Switch Ports To enable or disable a switch port, use the commands: To display information about switch ports, use the command: Page Autonegotiation of Port Speed and Duplex Mode Port Trunking Page Packet Storm Protection Port Mirroring Port security Virtual Local Area Networks (VLANs) VLAN Tagging Page VLAN Membership using VLAN Tags VLAN Membership of Untagged Packets Creating VLANs Page Summary of VLAN tagging rules Protected VLANs VLAN Interaction with STPs and Trunk Groups Generic VLAN Registration Protocol (GVRP) Layer 2 Switching Process The Ingress Rules The Learning Process The Forwarding Process Layer 2 Filtering Page The Egress Rules Quality of Service Spanning Tree Protocol (STP) Spanning Tree Modes Spanning Tree and Rapid Spanning Tree Port States Configuring STP Page Page Page Page Page Page To show STP counters, use the command: Page Interfaces to Layer 3 Protocols IGMP Snooping Page Page Triggers Chapter 6 Layer 3 Internet Protocol (IP) IP Multicasting Routing Information Protocol (RIP) Novell IPX AppleTalk Resource Reservation Protocol (RSVP) Page Chapter 7 Maintenance and Troubleshooting How the Switch Starts Up How to Avoid Problems Set system territory Backup software files Backup configuration script Backup switch Configure logging Configure Firewall FLASH compaction Watch for software updates What to Do if You Clear FLASH Memory Completely What to Do if the PPP Link Disconnects Regularly What to Do if Passwords are Lost Getting the Most Out of Technical Support Resetting Switch Defaults Checking Connections Using PING Troubleshooting IP Configurations Troubleshooting DHCP IP Addresses Troubleshooting IPX Configurations Using Trace Route for IP Traffic