Manuals / Allied Telesis / Computer Equipment / Network Router

Allied Telesis AT-8800 Configuring Users, Managing Secure Copy Sessions, Software Version 143

Models: AT-9900 AT-8700XL AT-9800 AT-8600 RAPIER I AT-8800 AT-8900 X900-48FE

1 232

Download 232 pages 5.78 Kb

Page 143

Software Version 2.8.1

143

Configuring Users

To copy files using SCP, you must be configured as a SSH user. Use the command:

add ssh user=username {password=passwordkeyid=id} [ipaddress=ipadd] [mask=mask]

Further details on configuring and managing SSH users can be found in the

Secure Shell chapter of the Software Reference.

SSH users must use either password authentication, or RSA public/private key authentication. Further details on creating RSA keys can be found in the Compression and Encryption Services chapter of the Software Reference.

Managing Secure Copy Sessions

Monitoring sessions You can monitor the current status of SCP sessions using the show ssh session command. This shows both uploads and downloads, and displays whether the router or switch is acting as a client or server. Use the command:

show ssh session=scp

To see details about SCP file transfers, such as the number of successful or failed file transfers, use the command:

show ssh counter=scp

Removing sessions SSH and SCP sessions can now be deleted without disabling the SSH server. When a SSH session begins, it is assigned an ID number. This number is used to delete the session. To do this:

1.Use the show ssh session command to see current sessions.

Figure 44: Example output from the show ssh session=ssh command

ID Type Dir Peer Address UserState

----------------------------------------------------------

0	Listen	In	0.0.0.0		Initial
1	Listen	In	::		Initial
2	Shell	In	192.168.2.5	manager	Open
3	Shell	Out	192.168.100.264	john	Open
4	SCP	In	172.17.1.1	manager	Authen
5	SCP	Out	172.17.1.1	root	Request

2.Delete the unwanted sessions.

To delete only the SCP sessions in Figure 44, use the command:

delete ssh session=4,5

To delete all sessions, use the command:

delete ssh session=all

Software Version 2.8.1 C613-10477-00 REV B

Image 143

Allied Telesis AT-8800, RAPIER I, X900-48FE, AT-8900 Configuring Users, Managing Secure Copy Sessions, Software Version 143

Contents

Release Note Software VersionRelease Note Software Version Product series Models IntroductionIntroduction Product name Release file GUI resource file CLI help file Backwards Compatibility Issue when UpgradingUpgrading to Software Version Quickly Overview of New FeaturesOverview of New Features AT-8600 AT-9800 AT-8900 X900-48FE AT-9900 Software Version AR400 AR7x5 AR750S Rapier AT-8800Snmp MIBs Restart Log AR400 AR7x5 AR750S Rapier AT-8800Extended Monitoring of CPU Utilisation Command ChangesSystem Enhancements Clearing System ParametersActivate cpu extended Disable cpu extendedEnable cpu extended Reset cpu utilisationActivate cpu extended Command Reference UpdatesDisable cpu extended Enable cpu extendedSet system name Reset cpu utilisationSet system contact Set system locationShow cpu Example output from the show cpu extended commandParameter Meaning More flexibility in Separating Parameters and Values Command Line Interface CLI EnhancementsParts of a Command Command Create config Additional Shortcuts when EditingShow command history Parameter Description Create configCommand Line Interface CLI Enhancements Set command assignmentoperator Example output from the show command history command Show command historyAdd file File System EnhancementFile System Enhancement Create fileSoftware Version Parameter Description Reset file permanentredirectFile size Default 204 800 bytes Show file permanentredirectFile System Enhancement Release Note Example output from the show file permanentredirect commandOrdering Hardware Filters in 48-Port Switches Switching EnhancementsShow switch hwfilter New mode parameter in output Switching EnhancementsCommandChange Set switch hwfilter mode New commandLimiting Rapid MAC Movement PortDisableSet switch thrashlimit Create switch trunkEnable switch port vlan Set switch portNew command Route Update Queue LengthSet switch hwrouteupdate Changed description parameter Removing a Description from a Switch PortSecuring a Single Vlan through Switch Filters Configuring vlansecure New DEV option in output Change of Debug Command SyntaxEthernet Protection Switching Ring Epsr Show switch debugCreate switch trunk Debugging occurs on operations related to the switch chip Disable switch debugDisable switch filter vlansecure Disable switch port vlanEnable switch port vlan Enable switch debugEnable switch filter vlansecure Set lacp Set switch hwrouteupdate Set switch hwfilter modeSet switch port Set switch trunk Set switch thrashlimitShow lacp Example output from the show lacp commandAddress learn thrash action ..... Learn Disable Address learn thrash timeout ... secondShow switch Switching Enhancements ARL, DMA, DEV, PHY, or None Show switch debugWhether the debugging option for the router or switch is VlanSecure Show switch filterShow switch hwfilter New parameter in output of the show switch filter commandMode Show switch portNew parameters in output of the show switch port command MeaningThrashaction is set to none Add ppp acservice PPPoE Access ConcentratorPPPoE Access Concentrator Delete ppp acserviceSet ppp acservice Interface New parameter in output of the show ppp pppoe commandShow ppp pppoe Eth0Enable mstp port Disable mstp portEnable mstp port Disable mstp portNew Port field in output STP EnhancementShow stp port Show stp portShow asyn Asynchronous Port EnhancementMaking Asynchronous Ports Respond More Quickly Set asynShow asyn Set asynWhich characters are bundled Ten timer value 100Ten timer value Asynchronous Port Enhancement Release NoteInternet Group Management Protocol Igmp Enhancements Igmp Proxy on x900 Series SwitchesDownstream interface GroupDownstream interfaces have members Multicast groupSet ip igmp interface Igmp filtering extended to all Igmp message typesAdd ip interface Set ip interfaceShow igmp filter Internet Group Management Protocol Igmp EnhancementsAdd igmp filter Set igmp filterMonitoring reception of Igmp general query messages MSGType=QUEryREPortLEAVe Add igmp filterSet igmp filter Add ip interfaceSet ip igmp interface Set ip interface Attached to Show igmp filterLeaves Is attached to Recd PassedAn Snmp trap are generated Upstream General Query Reception Timeout .... NoneNew parameters in the output of the show ip igmp command Show ip igmpIP Route Preference Options Expanded IP TroubleshootingInternet Protocol IP Enhancements Expanded number of Eth interfaces per physical interfaceAssigning the Filter Type IPv4 Filter ExpansionWaiting for a Response to an ARP Request Enhancements to Display of UDP Connections over IPv4Show ip Set ip arpwaittimeoutNew Arp wait timeout field Adding Static ARP Entries with Multicast MAC AddressesNew IP/MAC address disparity parameter Disable ip macdisparityEnable ip macdisparity Syntax Traffic filter Add ip filterDisable ip macdisparity Set ip arpwaittimeout Enable ip macdisparityReset ip counter Set ip route preference Set ip filterShow ip Arp wait timeout SecsModified parameters on output of the show ip command With multicast MAC addresses. One of Enabled orInternet Protocol IP Enhancements Release Note Show ip cacheCount Number of times the entry was found When the entry is usedShow ip counter Show ip udp Show ip filterGeneration/reception of logs using the Net Manage protocol UDP on the router or switchTime synchronisation using the Network Time Protocol Generation/reception of logs using the Secure Router LogIPv6 Tunnel Expansion Show ipv6 udp New commandIPv6 Enhancements Display of UDP Connections over IPv6Show ipv6 udp L2TP Enhancements L2TP EnhancementsProxyauth=offon Resetting General L2TP CountersHandling PPP Link Negotiation Failures Add l2tp ip Disable l2tp debugEnable l2tp debug Reset l2tp counter Decode Proxy AuthenticationShow l2tp ip Show l2tp tunnelSyntax SHow L2TP TUNnel CALL=1..65535 Show l2tp tunnel callAdd ospf interface Ospf Interface PasswordOpen Shortest Path First Enhancements Nssa Translator RoleShow ospf area Add ospf areaSet ospf area Interaction with global Ospf parameters Redistributing External RoutesOspf backward compatibility Delete ospf redistribute Disable ospf debugEnable ospf debug Add ospf redistributeNSSAStability=1..3600 NSSATranslator=CANdidateALWays Add ospf areaAdd ospf redistribute Add ospf interfaceDelete ospf redistribute Disable ospf debugEnable ospf debug BGPImport=ONOFFTrueFalseYESNO Set ospfSet ospf interface Set ospf areaSet ospf redistribute Stability Interval State Show ospf areaRole Software Version 101 Show ospf redistributeBGP Enhancements BGP EnhancementsBGP Backoff Lower Threshold Upper and Lower ThresholdsBGP Peer and Peer Template Enhancements Enable and Disable BackoffDisplaying Information about Routes from a Peer Displaying Routes Learned from a Specific BGP PeerDisplaying the Number of Routes from a Peer Software Version 105 Add bgp peerAdd bgp peertemplate Disable bgp backoffBACkoff Enable bgp backoffSet bgp backoff Software Version 107Set bgp peer Software Version 109 Set bgp peertemplateMem Lower Threshold Value 90% Mem Lower Notify Show bgp backoffBGP Enhancements Release Note Mem Upper Threshold Value 95% Mem Upper NotifyRoutes learned Show bgp peerShow bgp route MLD and MLD Snooping Enhancements MLD and MLD Snooping EnhancementsMLD Packet Formats Icmp type for MLDv2 ReportsShow mldsnooping More consistent output MLD Snooping Group Membership DisplayChange of Maximum Query Response Interval for Software Version 113Set ipv6 mld Enable ipv6 mld interfaceV2 Draft Compatible Show ipv6 mldShow mldsnooping Software Version 115MLD and MLD Snooping EnhancementsRelease Note Previous example output from the show mldsnooping commandShow classifier Extension to Range of Classifier fields for x900 SwitchesCreate classifier Set classifierCreate classifier Extension to Range of Classifier fields for x900 SwitchesSoftware Version 119 Set classifier Software Version 121 Show classifierIgmp type 0x17 V2LEAVE TCP FlagsIcmp code Icmp typeProtocol 1234567890 Layer 3 Byte Offset Value Mask Classifier Rules 2222 MAC Address Aa-bb-cc-dd-ee-ff TypeVlan1234 FormatOne of URG, ACK, RST, SYN, or FIN Igmp TypeParameter option in brackets if available TCP FlagsSoftware Version 125 QoS EnhancementsPort Groups Storm protection Show qos trafficclass Set qos policyCreate qos trafficclass Set qos trafficclassCreate qos policy Add qos portgroup portWith the enable switch port command Default portdisableStorm protection is inactive Protection is enabledCreate qos portgroup Create qos trafficclassSTORMRate Is matching STORMTimeoutWith the enable switch port command, or Enable switch port vlan commandSpecific port that consists POrt Port to delete from this port group Default no defaultDelete qos portgroup port Destroy qos portgroupSoftware Version 133 Reset qos portgroup countersSet qos policy Uses Kbps. If you specify Mbps or Gbps, the rate Set qos portgroupSoftware Version 135 Parameter Description Set qos trafficclassQoS Enhancements Release Note Parameter Description With the enable switch port or enable switchIs disabled by storm protection Show qos policyStorm Protection Status Rate 1kbps Window 100ms Timeout NoneShow qos port Ports Assigned to Port Groups Assigned to 213-24Port Group Trunk Group None Show qos portgroupQoS EnhancementsRelease Note Integer from 1 to Parameters in output of the show qos portgroup commandShow qos portgroup counters Software Version 139140 Storm Protection Show qos trafficclassNumber of bytes that conforms with band with class Secure Copy SCP Configuring Secure CopyConfiguring the Server Configuring the ClientSoftware Version 143 Configuring UsersUse the show ssh session command to see current sessions Managing Secure Copy SessionsLoading Files to the Switch Loading using Secure CopySoftware Version 145 Uploading using Secure CopyUploading from the Switch Loading Files from a Remote MachineShow loader Uploading Files from a Remote MachineLoad Set loaderSoftware Version 147 Disable ssh debugDisable ssh server Delete ssh sessionWhether the SSH server supports SCP connections Enable ssh debugEnable ssh server Software Version 149 LoadSet loader Copy is the default method for loading and uploadingDefault tftp Software Version 151 Set ssh clientAlice Set ssh serverShow loader 192.168.1.1Debug SSH Server Enabled SCP ServiceShow ssh Software Version 153Show ssh counter Reset loader commandFailure Show ssh sessionSoftware Version 155 Parameter Meaning WriteFileFailedParameter Meaning Secure Shell Session Secure Copy SCP Release NoteCharacters long UploadSoftware Version 157 Show ssl counters SSL Counter EnhancementShow ssl counters SSL Counter EnhancementClient Counters for the SSL client BadSessionIdLen Software Version 159BadSessionIdLen Session ID longer than 32 bytesFirewall Enhancements Firewall EnhancementsFirewall Licencing Disabling SIP ALG Call ID TranslationSoftware Version 161 Set firewall sipalg New commandDisplaying SIP ALG Session Details Firewall Policy Rules ExpansionShow firewall policy Reset firewall sipalg counterDisplaying a Subset of Policy Rules Set firewall sipalgShow firewall policy Show firewallCALLId Valid with the ip or summary commandsIp or callid commands Show firewall sipalgActive SIP Sessions Parameters in output of the show firewall sipalg commandService Within the private network protected by the firewallSeen on the public side of the firewall Router or switch. The router or switch only translates IPFirewall Enhancements Release Note Gbl IPCurrent SIP sessions Start up or reset Current sessions Audio sessions createdSince start up or reset Past sessions Show firewall sipalg counterThem Total number of SIP messages received that the SIP ALGSoftware Version 169 Enhancements to IPsec/VPNResponding to IPsec Packets from an Unknown Tunnel Modifying the Message Retransmission Delay Retrying Isakmp Phase 1 and 2 Negotiations New usePolIkeRetryGood and usePolIkeRetryFailed VPN Tunnel LicencingNew retryikeattempts parameter New retryIkeAttemptsPh1 and retryIkeAttemptsPh2Software Version 173 Create ipsec policyMsgbackoff parameter Default incrementalMsgtimeout value Create isakmp policyOccurs between attempts After the first 16 attempts, a five minute delayRETRYIKEattempts Attempted over new Isakmp SAsSet ipsec policy Software Version 177 Set isakmp policyParameter Meaning VPNs Show ipsecVPNs Maximum Current Peak Respond Bad SPI Show ipsec policySoftware Version 179 Respond Bad SPITo true and packets processed by that policy have an Show ipsec policy counterInBadSpiResponse InBadSpiResponseRetryIkeAttemptsPh1 RetryIkeAttemptsPh2 Show isakmp countersSoftware Version 181 UsePolIkeRetryGood UsePolIkeRetryFailed Same None Show isakmp exchangeSoftware Version 183 Message Back-off IncrementalShow isakmp policy Iskamp policy commandMessage Back-off None Show isakmp saSoftware Version 185 Snmp MIBs Snmp MIBsShdsl Line MIB Usage Logging Snmp operationSnmp request not processed due to excessive memory Snmp Trap not sent due to excessive memory usage Traps on Ospf state changesSoftware Version 189 Trap on Vrrp topology changesTraps on Mstp state and topology changes VLAN-based port state changes Trap on Login FailuresRestart Log New Buffer level 0 field Trap on Memory LevelsSoftware Version 191 Show bufferParameter Meaning Buffer level n New parameters in output of the show buffer commandShow buffer Buffer level 1500CDP over WAN Interfaces CDP over WAN Interfaces Disable lldp cdp interfaceDisable lldp cdp ppptemplate Enable lldp cdp debugSoftware Version 195 Enable lldp cdp interfaceEnable lldp cdp ppptemplate Enables debugging of PPP eventsPpp0 Ppp1 PPP Templates Enabled PPP Templates DisabledShow lldp cdp Show lldp cdp interfaceSoftware Version 197 Permanent Assignments on AR400 Series RoutersPage Chapter Introduction to Ethernet Protection Switching Ring EpsrEpsr Instances and Domains Introduction to Ethernet Protection Switching Ring EpsrMaster Node Ethernet Protection Switching Ring EpsrControl Vlan Data VlanTransit Node Unsolicited Fault Detection Fault Detection and RecoveryMaster Node Polling Fault Detection Fault Recovery Procedure Restoring Normal Operation Epsr Single Domain, Single Ring Network Configuring Epsr# For Transit Nodes 1, 2 Example script for a 4 node ring networkSingle Ring, Dual Domain Network # Node 1 Master node for RingA Transit Node for RingB Example script for a Single Ring, Two Domain Network NodeExample script for a Single Ring, Two Domain Network Nodes 2 # Node 3 Transit node for RingA Master Node for RingB Epsr and Spanning Tree Operation # For Transit Node # For Transit Nodes 2 Command ReferenceAdd epsr datavlan Add epsr datavlanCreate epsr Ethernet Protection Switching Ring Epsr Create epsrDefault 2s RIngflaptime Only configured for the master nodeSeconds 32767s. Only configured for the master node Default 1s FAilovertimeVlan-name cannot be a number or ALL Delete epsr datavlanHyphen character -. The epsr-name cannot be ALL Unique name for the VLAN. This can be from 1 toDestroy epsr Destroy epsrString, 1 to 15 characters long. Valid characters are Disable epsrEthernet Protection Switching Ring Epsr Disable epsr Epsr instance to be disabledDisable epsr debug Disable epsr debugEpsr instance to be enabled Enable epsrEthernet Protection Switching Ring Epsr Enable epsr OUTput Enable epsr debugEnable epsr debug Epsr instance whose debugging is to be enabledPurge epsr Ethernet Protection Switching Ring Epsr Purge epsrSet epsr Set epsrVLANs within the ring domain Ethernet Protection Switching Ring Epsr Set epsr portSet epsr port Epsr to be set for the portEpsr instance whose details are displayed Show epsrShow epsr Ethernet Protection Switching Ring Epsr Show epsr Second Port Status Disabled. This parameter is only shown for a transit nodeSecond Port Shown for a transit nodeEpsr instances Ethernet Protection Switching Ring Epsr Show epsr counterShow epsr counter COUnterRelated Commands show epsr Show epsr debug Show epsr debug