Manuals / Allied Telesis / Computer Equipment / Switch

Allied Telesis at-8700xl series switch manual Secure Access

Models: at-8700xl series switch

1 81

Download 81 pages 57.37 Kb

Page 29

Secure Access

Getting Started with the Graphical User Interface (GUI)

29

5.At the login prompt, enter the user name and password

The default username is manager:

User Name: manager

Password: friend

The System Status page is displayed (see Figure 6 on page 31). Select options from the sidebar menu to configure and manage the switch.

Secure Access

You can optionally browse to the switch using Secure Sockets Layer (SSL). This means that sensitive data including passwords and email addresses can not be accessed by malicious parties. This section details the required configuration.

For information about SSL, refer to the Secure Sockets Layer (SSL) chapter of your Software Reference.

For this configuration to succeed your switch must have PKI, ISAKMP, SSH and SSL feature licences. If these licences are not already present on your switch, please contact your authorised distributor or reseller.

To secure your switch’s HTTP Server with SSL for secure switch management via the GUI.

1. Create a Security Officer user account

Only a user with Security Officer privilege can enable system security and SSL.

To add a user with the login name “CIPHER”, password “sbr4y3”, login=yes, and SECURITY OFFICER privilege, use the command:

ADD USER="CIPHER" PASSWORD="sbr4y3"

PRIVILEGE=SECURITYOFFICER Login=yes

CREATE CONFIG=ssl.cfg

RESTART SWITCH

2.Login as a Security Officer

To login as the user with Security Officer privilege called “CIPHER”, use the command:

LOGIN CIPHER

And then enter the password for “CIPHER”, “sbr4y3”.

3.Enable system security

To enable system security, use the command:

ENABLE SYSTEM SECURITY

4.Create an RSA key pair for this switch.

To create an RSA key pair, use the command:

CREATE ENCO KEY=0 TYPE=RSA LENGTH=1024

5.Set the switch’s distinguished name.

Software Release 2.6.1 C613-02030-00 REV B

Image 29

Allied Telesis at-8700xl series switch manual Secure Access

Contents

Software Release AT-8700XL SERIES SWITCHUSER GUIDE Document Number C613-02030-00 REV B AT-8700XL Series Switch User Guide for Software ReleaseCopyright 2003 Allied Telesyn International Corp 19800 North Creek Parkway, Suite 200, Bothell, WA 98011, USACHAPTER 2 Getting Started with the Command Line Interface CLI ContentsCHAPTER 4 Operating the switch CHAPTER 1 IntroductionCHAPTER 6 Maintenance and Troubleshooting SwitchingAT-8700XL Series Switch User Guide CHAPTERChapter Why Read this User Guide?Introduction The AT-8700XL Series Switch Documentation Set Where To Find More InformationTechnical support Features of the AT-8700XL Series SwitchSwitching Features Software Reference Management FeaturesLayer 3 and Other Features Warning about FLASH memory Page Chapter Getting Started with the Command Line Interface CLIThis Chapter Terminal Communication Parameters Connecting a Terminal or PCTable 1 Parameters for terminal communication ParameterAssigning an IP Address Logging InAssigning an IP Address If you use DHCP to assign IP addresses to devices on your LAN, and you want to manage the switch within this DHCP regime, it is recommended that you set your DHCP server to always assign the same IP address to the switch. This will enable you to access the GUI by browsing to that IP address, and will also let you use the switch as a gateway device for your LAN. If you need the switchs MAC address for this, it can be displayed using the command SHOW SWITCHSetting Routes Choosing a Password Changing a PasswordAliases Using the CommandsSetting System Parameters Getting Command Line Helpthe location of the switch, for example Page Chapter Getting Started with the Graphical User Interface GUIThis Chapter Browser and PC Setup What is the GUI?Accessing the Switch via the GUI Getting Started with the Graphical User Interface GUI HTTP Proxy ServersStart here Establishing a Connection to the SwitchUse this procedure if Option 1 Configuring the Switch before InstallationTo install the switch into the same subnet as the PC Option 2 Installing the Switch into the LANTo install the switch into a different subnet than the PC Use this procedure ifSee “Secure Access” on page 29 for more information ADD IP INTERFACE=VLAN1 IPADDRESS=DHCP and ENABLE IP REMOTEASSIGNFor normal access, point your web browser to http//ip-address whereUse this procedure if Option 3 Connecting to an Installed Switch11. At the login prompt, enter the user name and password 1. Find out the IP address of the switch’s interfaceSecure Access 8. Load self-signed switch certificate 7. Create a self-signed certificate for the switch9. Enable SSL on the HTTP server 10. Configure an IP interface to run SSL overGetting Started with the Graphical User Interface GUI System StatusFigure 6 The System Status page Model name Software release Help, Save and Exit Sidebar menuUsing Configuration Pages Using the GUI Navigation and FeaturesThe Configuration Menu Select list Text field Apply and Cancel buttonsTabs Heading row Radio button Add, Modify and Remove buttons Editable Fields The Management Menu Cancel ButtonPorts Graphic Apply ButtonChanging the Password The Diagnostics MenuAs a security precaution, change the password as soon as possible The Monitoring MenuCombining GUI and CLI Configuration Saving Configuration Entered with the GUIConfiguring Multiple Devices Context Sensitive GUI HelpUpgrading the GUI To upgrade the GUITroubleshooting Problem You cannot browse to the switch Accessing the Switch via the GUIDeleting Temporary Files Traffic Flow Solutions SolutionIP Addresses and DHCP Time and NTPLoading Software Page “Normal Mode and Security Mode” on page “Remote Management” on page Operating the switch“Upgrading Switch Software” on page “Using the Built-in Editor” on pageDescription Table 4 Secure commands controlled by the security timerCommand Normal Mode and Security Mode ACTIVATE SCR ADD IP INT ADD SCR ADD USER CREATE CONFIG CommandAT-8700XL Series Software Reference Remote ManagementStoring Files in FLASH Memory AT-8700XL Series Software Reference Using ScriptsFigure 10 Example output from the SHOW FILE command Storing Multiple Scripts Saving the Switch’s ConfigurationFile Naming Conventions Loading and Uploading FilesLoading Files Example Load a Patch File Using HTTP Setting LOADER DefaultsExample Upload a Configuration File Using TFTP Uploading Files From the SwitchMore information To upload a log fileUpgrading Switch Software SECURITY OFFICER privilege Example Upgrade to a New Software Release Using TFTPTo upgrade to a new software release To check that the files are successfully loaded, enter the command Do not set an untested patch as part of the preferred install Example Upgrade to a new patch fileTo upgrade to a new patch file Figure 11 The editor screen layout Using the Built-in EditorAT-8700XL Series Software Reference SNMP MIBs in the AT-8700XL Series Software Reference SNMP and MIBsFor More About Operations and Facilities Switch Ports SwitchingEnabling and Disabling Switch Ports ChapterPort Trunking Autonegotiation of Port Speed and Duplex ModePacket Storm Protection Port MirroringVirtual Local Area Networks VLANs Creating VLANs VLAN Interaction with STPs and Trunk Groups Summary of VLAN tagging rulesProtected VLANs Spanning Tree Protocol STP Quality of ServiceGeneric VLAN Registration Protocol GVRP Spanning Tree and Rapid Spanning Tree Port States IP SwitchingIGMP Snooping Routing Information Protocol RIPEvent TriggersDescription ParametersPage Chapter Maintenance and TroubleshootingThis Chapter How the Switch Starts Up Backup software files How to Avoid ProblemsBackup configuration script Backup switchFLASH compaction Configure loggingWatch for software updates If you accidentally do this, you will need to What to Do if You Clear FLASH Memory CompletelyGetting the Most Out of Technical Support What to Do if Passwords are LostChecking Connections Using PING Resetting Switch DefaultsTelnet Fails Troubleshooting IP ConfigurationsPINGing devices connected to it may give misleading information Using Trace Route for IP Traffic Troubleshooting DHCP IP AddressesYour switch is acting as a DHCP client Your switch is acting as a DHCP server