Manuals / Allied Telesis / Computer Equipment / Switch

Allied Telesis at-8700xl series switch manual Normal Mode and Security Mode

Models: at-8700xl series switch

1 81

Download 81 pages 57.37 Kb

Page 47

Normal Mode and Security Mode

Operating the switch

47

See the Operations chapter in the AT-8700XL Series Software Reference for:

■More information about managing and using accounts with user, manager and security officer privileges

■A full list of commands that require security officer privilege when the switch is in secure mode

■Information about enabling a remote security officer.

Normal Mode and Security Mode

The switch operates in one of two modes, either normal mode or security mode. By default, the switch is in normal mode.

When the switch is in security mode, the command SHOW DEBUG does not display output of the SHOW FEATURE and SHOW CONFIGURATION DYNAMIC commands, or the current configuration in the SHOW SYSTEM output unless the SHOW DEBUG command is entered by a user with security officer privilege.

If you wish to use the following software features you need to enable security mode:

■IP authentication

■Secure Shell (see the Secure Shell chapter, AT-8700XL Series Software Reference)

■Encryption (see the Compression and Encryption Services chapter, AT-8700XL Series Software Reference)

■Public Key Encryption (PKI) (see the Public Key Infrastructure chapter, AT- 8700XL Series Software Reference)

To enable security mode, first create a user with security officer privilege, then enter the command:

ENABLE SYSTEM SECURITY_MODE

To access secure functionality you will need to log in again as the security officer.

When the switch restarts, it restarts in the same normal mode or security mode as it was before restarting. To restore the switch to normal operating mode, enter the command:

DISABLE SYSTEM SECURITY_MODE

When security mode is disabled, the switch automatically deletes all sensitive data files, including encryption keys.

To display the current operating mode, enter the command:

SHOW SYSTEM

When the switch is in security mode, a user with security officer privilege is the only person who can execute commands which affect switch security. Table 5 on page 48 lists commands that only a security officer can execute when the switch is in security mode. A complete list of commands limited by security

Software Release 2.6.1 C613-02030-00 REV B

Image 47

Allied Telesis at-8700xl series switch manual Normal Mode and Security Mode

Contents

Software Release AT-8700XL SERIES SWITCHUSER GUIDE 19800 North Creek Parkway, Suite 200, Bothell, WA 98011, USA AT-8700XL Series Switch User Guide for Software ReleaseDocument Number C613-02030-00 REV B Copyright 2003 Allied Telesyn International CorpCHAPTER 1 Introduction ContentsCHAPTER 2 Getting Started with the Command Line Interface CLI CHAPTER 4 Operating the switchCHAPTER SwitchingCHAPTER 6 Maintenance and Troubleshooting AT-8700XL Series Switch User GuideChapter Why Read this User Guide?Introduction The AT-8700XL Series Switch Documentation Set Where To Find More InformationTechnical support Features of the AT-8700XL Series SwitchSwitching Features Software Reference Management FeaturesLayer 3 and Other Features Warning about FLASH memory Page Chapter Getting Started with the Command Line Interface CLIThis Chapter Parameter Connecting a Terminal or PCTerminal Communication Parameters Table 1 Parameters for terminal communicationAssigning an IP Address Logging InAssigning an IP Address If you use DHCP to assign IP addresses to devices on your LAN, and you want to manage the switch within this DHCP regime, it is recommended that you set your DHCP server to always assign the same IP address to the switch. This will enable you to access the GUI by browsing to that IP address, and will also let you use the switch as a gateway device for your LAN. If you need the switchs MAC address for this, it can be displayed using the command SHOW SWITCHSetting Routes Choosing a Password Changing a PasswordAliases Using the CommandsSetting System Parameters Getting Command Line Helpthe location of the switch, for example Page Chapter Getting Started with the Graphical User Interface GUIThis Chapter Browser and PC Setup What is the GUI?Accessing the Switch via the GUI Getting Started with the Graphical User Interface GUI HTTP Proxy ServersStart here Establishing a Connection to the SwitchUse this procedure if Option 1 Configuring the Switch before InstallationUse this procedure if Option 2 Installing the Switch into the LANTo install the switch into the same subnet as the PC To install the switch into a different subnet than the PCwhere ADD IP INTERFACE=VLAN1 IPADDRESS=DHCP and ENABLE IP REMOTEASSIGNSee “Secure Access” on page 29 for more information For normal access, point your web browser to http//ip-address1. Find out the IP address of the switch’s interface Option 3 Connecting to an Installed SwitchUse this procedure if 11. At the login prompt, enter the user name and passwordSecure Access 10. Configure an IP interface to run SSL over 7. Create a self-signed certificate for the switch8. Load self-signed switch certificate 9. Enable SSL on the HTTP serverModel name Software release Help, Save and Exit Sidebar menu System StatusGetting Started with the Graphical User Interface GUI Figure 6 The System Status pageUsing Configuration Pages Using the GUI Navigation and FeaturesThe Configuration Menu Select list Text field Apply and Cancel buttonsTabs Heading row Radio button Add, Modify and Remove buttons Editable Fields Apply Button Cancel ButtonThe Management Menu Ports GraphicThe Monitoring Menu The Diagnostics MenuChanging the Password As a security precaution, change the password as soon as possibleContext Sensitive GUI Help Saving Configuration Entered with the GUICombining GUI and CLI Configuration Configuring Multiple DevicesUpgrading the GUI To upgrade the GUITroubleshooting Problem You cannot browse to the switch Accessing the Switch via the GUIDeleting Temporary Files Traffic Flow Time and NTP SolutionSolutions IP Addresses and DHCPLoading Software Page “Using the Built-in Editor” on page Operating the switch“Normal Mode and Security Mode” on page “Remote Management” on page “Upgrading Switch Software” on pageDescription Table 4 Secure commands controlled by the security timerCommand Normal Mode and Security Mode ACTIVATE SCR ADD IP INT ADD SCR ADD USER CREATE CONFIG CommandAT-8700XL Series Software Reference Remote ManagementStoring Files in FLASH Memory AT-8700XL Series Software Reference Using ScriptsFigure 10 Example output from the SHOW FILE command Storing Multiple Scripts Saving the Switch’s ConfigurationFile Naming Conventions Loading and Uploading FilesLoading Files Example Load a Patch File Using HTTP Setting LOADER DefaultsTo upload a log file Uploading Files From the SwitchExample Upload a Configuration File Using TFTP More informationUpgrading Switch Software SECURITY OFFICER privilege Example Upgrade to a New Software Release Using TFTPTo upgrade to a new software release To check that the files are successfully loaded, enter the command Do not set an untested patch as part of the preferred install Example Upgrade to a new patch fileTo upgrade to a new patch file Figure 11 The editor screen layout Using the Built-in EditorAT-8700XL Series Software Reference SNMP MIBs in the AT-8700XL Series Software Reference SNMP and MIBsFor More About Operations and Facilities Chapter SwitchingSwitch Ports Enabling and Disabling Switch PortsPort Mirroring Autonegotiation of Port Speed and Duplex ModePort Trunking Packet Storm ProtectionVirtual Local Area Networks VLANs Creating VLANs VLAN Interaction with STPs and Trunk Groups Summary of VLAN tagging rulesProtected VLANs Spanning Tree Protocol STP Quality of ServiceGeneric VLAN Registration Protocol GVRP Spanning Tree and Rapid Spanning Tree Port States IP SwitchingIGMP Snooping Routing Information Protocol RIPParameters TriggersEvent DescriptionPage Chapter Maintenance and TroubleshootingThis Chapter How the Switch Starts Up Backup switch How to Avoid ProblemsBackup software files Backup configuration scriptFLASH compaction Configure loggingWatch for software updates If you accidentally do this, you will need to What to Do if You Clear FLASH Memory CompletelyGetting the Most Out of Technical Support What to Do if Passwords are LostChecking Connections Using PING Resetting Switch DefaultsTelnet Fails Troubleshooting IP ConfigurationsPINGing devices connected to it may give misleading information Your switch is acting as a DHCP server Troubleshooting DHCP IP AddressesUsing Trace Route for IP Traffic Your switch is acting as a DHCP client