Allied Telesis AT-S63

AT-S63 Management Software Features Guide

Chapter 39: PKI Certificates and SSL ........................................................................................................ 463

Supported Platforms................................................................................... .................................................... 464

Overview.................................................................................................................................. ....................... 465

Types of Certificates......................................................................................... ... .... ... ... ... .......... .................... 465

Distinguished Names............................................................................................................................... ....... 467

SSL and Enhanced Stacking................................................................................................ .......................... 469

Guidelines................................................................................................................................ ....................... 470

Technical Overview.......................... .............................................................................................................. 471

SSL Encryption... ..................................................................................................................................... 471

User Verification...................................................................................................... ... .... .......................... 472

Authentication............... ........................................................................................................................... 472

Public Key Infrastructure...................................................................... ... ... ... ........................................... 473

Public Keys......... ... ... .... ... ... ..................................................................................................................... 473

Message Encryption................................................................................................................................. 473

Digital Signatures.......................................................................... ........................................................... 473

Certificates.......................................... ..................................................................................................... 474

Elements of a Public Key Infrastructure............................................................................... ... ... ....... ....... 475

Certificate Validation........................................ ........................................................................................ 476

Certificate Revocation Lists (CRLs)................................. ........................................................................ 476

PKI Implementation.................................................................................................................... .............. 477

Chapter 40: Secure Shell (SSH) ............ ..................................................................................................... 479

Supported Platforms................................................................................... .................................................... 480

Overview.................................................................................................................................. ....................... 481

Support for SSH ............................................................................................................................................. 482

SSH Server........................................................................................................................................... .......... 483

SSH Clients............................ ... ... .... ... ... ... .... ................................................................................................. 484

SSH and Enhanced Stacking........................ ... ... ........................................................................................... 485

SSH Configuration Guidelines.............................................................................................. ... ...... ................. 487

General Steps to Configuring SSH....................................................................................... .......................... 488

Chapter 41: TACACS+ and RADIUS Protocols .................................................................. ....................... 489

Supported Platforms................................................................................... .................................................... 490

Overview.................................................................................................................................. ....................... 491

Guidelines................................................................................................................................ ....................... 493

Chapter 42: Management Access Control List ............................................................................... .......... 497

Supported Platforms................................................................................... .................................................... 498

Overview.................................................................................................................................. ....................... 499

Parts of a Management ACE......................................................................................... ................................. 500

IP Address................................................................................................................................................ 500

Mask............................................................................................................................................... .......... 500

Application................................................................................................................................................ 500

Guidelines................................................................................................................................ ....................... 501

Examples............................................................................................. ........................................................... 502

Appendix A: AT-S63 Management Software Default Settings ......................... ....................................... 505

Address Resolution Protocol Cache..................................................................................... ... ... .......... .......... 507

Boot Configuration File........................................................ ... .... ... ... ... .... ... .................................................... 508

BOOTP Relay Agent ...................................................................................................................................... 509

Class of Service............................................................................................................................. ................. 510

Denial of Service Defenses........................... ................................................................................................. 511

802.1x Port-Based Network Access Control .................................................................................................. 512

Enhanced Stacking..................................................................................................................... .................... 514

Ethernet Protection Switching Ring (EPSR) Snooping................................................................................... 515

Event Logs........................................................................................................................................ .............. 516

GVRP ............................................................................................................................................... .............. 517

IGMP Snooping...................... ........................................................................................................................ 518