AT-S63 Management Software Features Guide
11
Chapter 39: PKI Certificates and SSL ........................................................................................................ 463
Supported Platforms................................................................................... .................................................... 464
Overview.................................................................................................................................. ....................... 465
Types of Certificates......................................................................................... ... .... ... ... ... .......... .................... 465
Distinguished Names............................................................................................................................... ....... 467
SSL and Enhanced Stacking................................................................................................ .......................... 469
Guidelines................................................................................................................................ ....................... 470
Technical Overview.......................... .............................................................................................................. 471
SSL Encryption... ..................................................................................................................................... 471
User Verification...................................................................................................... ... .... .......................... 472
Authentication............... ........................................................................................................................... 472
Public Key Infrastructure...................................................................... ... ... ... ........................................... 473
Public Keys......... ... ... .... ... ... ..................................................................................................................... 473
Message Encryption................................................................................................................................. 473
Digital Signatures.......................................................................... ........................................................... 473
Certificates.......................................... ..................................................................................................... 474
Elements of a Public Key Infrastructure............................................................................... ... ... ....... ....... 475
Certificate Validation........................................ ........................................................................................ 476
Certificate Revocation Lists (CRLs)................................. ........................................................................ 476
PKI Implementation.................................................................................................................... .............. 477
Chapter 40: Secure Shell (SSH) ............ ..................................................................................................... 479
Supported Platforms................................................................................... .................................................... 480
Overview.................................................................................................................................. ....................... 481
Support for SSH ............................................................................................................................................. 482
SSH Server........................................................................................................................................... .......... 483
SSH Clients............................ ... ... .... ... ... ... .... ................................................................................................. 484
SSH and Enhanced Stacking........................ ... ... ........................................................................................... 485
SSH Configuration Guidelines.............................................................................................. ... ...... ................. 487
General Steps to Configuring SSH....................................................................................... .......................... 488
Chapter 41: TACACS+ and RADIUS Protocols .................................................................. ....................... 489
Supported Platforms................................................................................... .................................................... 490
Overview.................................................................................................................................. ....................... 491
Guidelines................................................................................................................................ ....................... 493
Chapter 42: Management Access Control List ............................................................................... .......... 497
Supported Platforms................................................................................... .................................................... 498
Overview.................................................................................................................................. ....................... 499
Parts of a Management ACE......................................................................................... ................................. 500
IP Address................................................................................................................................................ 500
Mask............................................................................................................................................... .......... 500
Application................................................................................................................................................ 500
Guidelines................................................................................................................................ ....................... 501
Examples............................................................................................. ........................................................... 502
Appendix A: AT-S63 Management Software Default Settings ......................... ....................................... 505
Address Resolution Protocol Cache..................................................................................... ... ... .......... .......... 507
Boot Configuration File........................................................ ... .... ... ... ... .... ... .................................................... 508
BOOTP Relay Agent ...................................................................................................................................... 509
Class of Service............................................................................................................................. ................. 510
Denial of Service Defenses........................... ................................................................................................. 511
802.1x Port-Based Network Access Control .................................................................................................. 512
Enhanced Stacking..................................................................................................................... .................... 514
Ethernet Protection Switching Ring (EPSR) Snooping................................................................................... 515
Event Logs........................................................................................................................................ .............. 516
GVRP ............................................................................................................................................... .............. 517
IGMP Snooping...................... ........................................................................................................................ 518