Using SSL for secure web access

		Managing the device securely
Using SSL for secure web access
Using SSL for secure web access		Products
If you prefer to configure the switch using the convenient		Products
If you prefer to configure the switch using the convenient		All switches listed on page 2,
web-based GUI, then this is unencrypted by default. SSL lets		All switches listed on page 2,
you use the GUI securely, by using HTTPS instead of HTTP.		except AT-8948 and x900-48
Configuration 1.	Add a security officer to your switch’s list of users.	Series which have no
Configuration 1.	Add a security officer to your switch’s list of users.	graphical user interface
		graphical user interface
2.	Create an encryption key for SSL to use.	Software Versions
3.	Create a self-signed PKI certificate, or load a certificate	Software Versions
3.	Create a self-signed PKI certificate, or load a certificate	All
	generated by a Certificate Authority (CA) if you have	All
	generated by a Certificate Authority (CA) if you have
	one.
4.	Add the certificate to the certificate database.
5.	Turn security on for the HTTP server.
6.	Enable system security.

Once you have configured SSL, HTTPS connections to the device are available only on port 443.

Example To allow the security officer called “secoff” to browse securely to the GUI, using a self-signed certificate:

add user=secoff password=secoff privilege=securityofficer login=yes

create enco key=0 type=rsa length=1024

set system distinguishedname="cn=switch1,o=my_company,c=us"

create pki certificate=cer_name keypair=0 serialnumber=12345 subject="cn=172.30.1.105,o=my_company,c=us"

add pki certificate=cer_name location=cer_name.cer trust=yes

set http server security=on sslkey=0 port=443

enable system security

Using SNMPv3

Traditionally, SNMP has been a popular but insecure way to monitor networks.

Allied Telesis devices are SNMPv3 compliant. By using SNMPv3, you can authenticate SNMP users and restrict their network access to parts of the network. SNMPv3 is very flexible, as the examples in this section show.

Products

All switches listed on page 2

Software Versions

2.6.4 and later

Configuration 1. Enable SNMP.

2.Set up one or more SNMP views. Views list the objects in the MIB that users can see.

3.Set up one or more groups and add the groups to the views. Each group is a collection of users who have the same access rights.

4.Set up one or more users and add them to the groups. Authentication parameters are set here.

5.Set up a traphost profile, for trap messages to be remotely sent to. This is not compulsory but we recommend it.

Create A Secure Network With Allied Telesis Managed Layer 3 Switches

Allied Telesis Layer 3 Switches manual Using SSL for secure web access, Using SNMPv3

Models: Layer 3 Switches

If you prefer to configure the switch using the convenient

Configuration 1.

Using SNMPv3

Configuration 1. Enable SNMP.