AMX NXA-ENET24 Configuring the SSH Server

User Authentication

63

NXA-ENET24 - Software Management Guide

Configuring the Secure Shell - CLI

This example generates a host-key pair using both the RSA and DSA

algorithms, stores the keys to flash

memory, and then displays the host’s public keys.

Configuring the SSH Server

The SSH server includes basic settings for authentication.

Field Attributes

FIG. 58 CLI - SSH Host-Key Settings

Field Attributes

• SSH Server Status: Allows you to enable/disable the SSH server feature on the switch.

•Default: Disabled

• Version: The Secure Shell version number. Version 2.0 is displayed, but the switch supports

management access via either SSH Version 1.5 or 2.0 clients.

• SSH Authentication

Timeout:

• Specifies the time interval in seconds that the SSH server waits for a response

from a client during an authentication attempt.

Range: 1 to 120 seconds

• Default: 120 seconds

• SSH Authentication

Retries:

Specifies the number of authentication attempts that a client is allowed before

authentication fails and the client has to restart the authentication process.

• Range: 1-5 times

• Default: 3

• SSH Server-Key Size: Specifies the SSH server key size. (Range: 512-896 bits)

• The server key is a private key that is never shared outside the switch.

• The host key is shared with the SSH client, and is fixed at 1024 bits.

Contents

Main AMX Limited Warranty and Disclaimer Table of Contents Page Page Page Page Page Page Spanning Tree Algorithm Configuration .........................................................113 Page Page Configuring Domain Name Service ................................................................155 Page Page Page Page Page Page Page Introduction Key Features Description of Software Features Page Software Specifications Page Page Page System Defaults System Defaults (Cont.) Additional Documentation Initial Configuration Connecting to the Switch Configuration Options Required Connections 1. 2. 3. Remote Connections 1. Basic Configuration Manual Configuration 1. 2. 3. 4. Dynamic Configuration 5. 6. Enabling SNMP Management Access Community Strings 1. Managing System Files Configuring Power over Ethernet DHCP Relay Page Web Interface 1. 2. 3. Navigating the Web Browser Interface Home Page Configuration Options Panel Display Main Menu Switch Main Menu Page Page Page Basic Configuration Displaying System Information Displaying System Information - Web Displaying System Information - CLI Specify the hostname, location and contact information. Displaying Switch Hardware/Software Versions Displaying Switch Hardware/Software Versions - Web Displaying Switch Hardware/Software Versions - CLI Field Attributes Displaying Bridge Extension Capabilities Displaying Bridge Extension Capabilities - Web Displaying Bridge Extension Capabilities - CLI Setting the IP Address Command Attributes Manual Configuration - Web Specify the management interface, IP address and default gateway: Manual Configuration - CLI Using DHCP/BOOTP - Web Using DHCP/BOOTP - CLI Renewing DCHP Managing Firmware Command Attributes Downloading System Software from a Server - Web Downloading System Software from a Server - CLI Saving or Restoring Configuration Settings Downloading Configuration Settings from a Server - Web Downloading Configuration Settings from a Server - CLI This example shows how to download a PoE controller file from a TFTP server. This example shows how to copy a PoE controller file from another unit in the stack. Console Port Settings Console Port Settings - Web Console Port Settings - CLI Telnet Settings Command Attributes Telnet Settings - Web Page Configuring Event Logging System Log Configuration Logging Levels Command Attributes System Log Configuration - Web Remote Logs Configuration Remote Logs Configuration - Web Remote Logs Configuration - CLI Displaying Log Messages Displaying Log Messages - Web Displaying Log Messages - CLI This example shows the event message stored in RAM. Command Attributes Sending SMTP Alerts Sending SMPT Alerts - Web Sending SMPT Alerts - CLI Resetting the System Resetting the System - Web Resetting the System - CLI Setting the System Clock Command Attributes Setting the Time Zone Command Attributes Setting the Time Zone - Web Setting the Time Zone - CLI Page SNMP Protocol SNMPv3 Security Models and Levels Enabling SNMP Command Attributes Enabling SNMP - Web Enabling SNMP - CLI Setting Community Access Strings Setting Community Access Strings - Web Specifying Trap Managers and Trap Types Command Attributes Specifying Trap Managers and Trap Types - Web Specifying Trap Managers and Trap Types - CLI Configuring SNMPv3 Management Access 1. 2. 3. Command Attributes 4. Setting an Engine ID Configuring SNMPv3 Users - Web Configuring SNMPv3 Users - CLI Configuring SNMPv3 Groups Command Attributes Configuring SNMPv3 Groups - Web Configuring SNMPv3 Groups - CLI Setting SNMPv3 Views Command Attributes Setting SNMPv3 Views - Web SNMP Protocol 54 NXA-ENET24 - Software Management Guide Setting SNMPv3 Views - CLI User Authentication Configuring User Accounts Command Attributes Configuring User Accounts - Web Configuring User Accounts - CLI Configuring Local/Remote Logon Authentication Page Page Configuring HTTPS HTTPS Support Configuring HTTPS - Web Configuring HTTPS - CLI Replacing the Default Secure-Site Certificate Configuring the Secure Shell Page e. Generating the Host Key Pair Field Attributes Configuring the Secure Shell - Web 1. Configuring the SSH Server The SSH server includes basic settings for authentication. Configuring the SSH Server - Web Configuring the SSH Server - CLI Configuring Port Security Command Attributes Configuring Port Security - Web Configuring Port Security - CLI Configuring 802.1x Port Authentication Requirements Displaying and Configuring the 802.1x Global Setting Command Attributes Displaying and Configuring the 802.1x Global Setting - Web Displaying and Configuring the 802.1x Global Setting - CLI Configuring Port Settings for 802.1x Configuring Port Settings for 802.1x - Web Click Security, 802.1x, Port Configuration. Modify the parameters required, and click Apply. Page Displaying 802.1x Statistics This switch can display statistics for dot1x protocol exchanges for any port. Displaying 802.1x Statistics - Web 802.1x Statistics Displaying 802.1x Statistics - CLI Filtering Addresses for SNMP Client Access Page Configuring ACLs Configuring Access Control Lists 1. 2. 3. 4. 5. 6. 7. Setting the ACL Name and Type Command Attributes Setting the ACL Name and Type - Web Configuring a Standard IP ACL Configuring a Standard IP ACL - Web Specify the action (i.e., Permi t or Deny). Select the address type (Any, Host, or IP). Configuring a Standard IP ACL - CLI Configuring an Extended IP ACL Command Attributes Configuring an Extended IP ACL - Web Configuring an Extended IP ACL - CLI 3. 1. 2. Configuring a MAC ACL Set any other required criteria, such as VID, Ethernet type, or packet format. Then click Add. Configuring a MAC ACL - Web Configuring a MAC ACL - CLI Configuring ACL Masks Specifying the Mask Type Configuring ACL Masks - Web Configuring ACL Masks - CLI Command Attributes Configuring an IP ACL Mask Configuring an IP ACL Mask - Web Configuring an IP ACL Mask - CLI Command Attributes Configuring a MAC ACL Mask Configuring a MAC ACL Mask - Web Configuring a MAC ACL Mask - CLI Binding a Port to an Access Control List - Web Command Attributes Binding a Port to an Access Control List - Web Binding a Port to an Access Control List - CLI Filtering IPs for Management Access Command Attributes Filtering IP Addresses for Management Access - Web Filtering IP Addresses for Management Access - CLI This example restricts management access for Telnet and SNMP clients. Port Configuration Field Attributes (CLI) Displaying Connection Status - Web Click Port, Po rt Information or Trunk Information. Field Attributes (Web) Displaying Connection Status - CLI This example shows the connection status for Port 13. Field Attributes (CLI - Cont.) Configuring Interface Connections Configuring Interface Connections - Web Configuring Interface Connections - CLI Creating Trunk Groups Statically Configuring a Trunk Command Attributes Statically Configuring a Trunk - Web Statically Configuring a Trunk - CLI Enabling LACP on Selected Ports Command Attributes Page Dynamically Creating a Port Channel Dynamically Creating a Port Channel - Web Dynamically Creating a Port Channel - CLI Displaying LACP Port Counters Counter Information Fields Displaying LACP Port Counters - Web Displaying LACP Port Counters - CLI Displaying LACP Settings and Status for the Local Side Displaying LACP Settings and Status for the Local Side - Web Displaying LACP Local Settings Displaying LACP Settings and Status for the Local Side - CLI Displaying LACP Settings and Status for the Remote Side Displaying LACP Settings and Status for the Remote Side - Web Displaying LACP Remote Settings - Neighbor Configuration Information Displaying LACP Settings and Status for the Remote Side - CLI Setting Broadcast Storm Thresholds Command Attributes Setting Broadcast Storm Thresholds - Web Setting Broadcast Storm Thresholds - CLI Configuring Port Mirroring Command Attributes Configuring Port Mirroring - Web Command Attributes Configuring Port Mirroring - CLI Configuring Rate Limits Configuring Rate Limits - Web Configuring Rate Limits - CLI Port Statistics Showing Port Statistics Port Statistics (Cont.) Showing Port Statistics - Web Port Statistics (Cont.) Page Page Power Over Ethernet (PoE) Settings Switch Power Status Switch Power Status - Web Switch Power Status - CLI Setting a Switch Power Budget Setting a Switch Power Budget - Web Setting a Switch Power Budget - CLI Displaying Port Power Status Displaying Port Power Status - Web Displaying Port Power Status - CLI Configuring Port PoE Power Configuring Port PoE Power - Web Configuring Port PoE Power - CLI Address Table Settings Setting Static Addresses Setting Static Addresses - Web Setting Static Addresses - CLI Displaying the Address Table Displaying the Address Table - Web Displaying the Address Table - CLI Changing the Aging Time Page Page Spanning Tree Algorithm Configuration x x Displaying Global Settings Displaying Global Settings - Web Configuring Global Settings Page Configuring Global Settings - Web Click Spanning Tree, STA Configuration. Modify the required attributes, and click Apply. This example enables Spanning Tree Protocol, and then sets the indicated attributes. Configuring Global Settings - CLI Configuration Settings for RSTP Displaying Interface Settings x Displaying Interface Settings - Web Displaying Interface Settings - CLI Configuring Interface Settings Configuring Interface Settings - Web Page VLAN Configuration Overview - IEEE 802.1Q VLANs Assigning Ports to VLANs Page Forwarding Tagged/Untagged Frames Enabling or Disabling GVRP (Global Setting) Enabling or Disabling GVRP - Web Enabling or Disabling GVRP - CLI Displaying Basic VLAN Information Displaying Basic VLAN Information - CLI Displaying Current VLANs Displaying Current VLANs - Web Displaying Current VLANs - CLI Current VLAN information can be displayed with the following command. Creating VLANs Creating VLANs - Web Creating VLANs - CLI Adding Static Members to VLANs (VLAN Index) 1. 2. Adding Static Members to VLANs - Web Adding Static Members to VLANs - CLI Adding Static Members to VLANs (Port Index) Adding Static Members to VLANs - Web Adding Static Members to VLANs - CLI This example adds Port 3 to VLAN 1 as a tagged port, and removes Port3 from VLAN 2. Configuring VLAN Behavior for Interfaces information in order to automatically register VLAN members on interfaces across the network. Configuring VLAN Behavior for Interfaces - Web Configuring VLAN Behavior for Interfaces - CLI Private VLANs 1. 2. 3. Displaying Current Private VLANs Displaying Current Private VLANs - CLI Configuring Private VLANs Configuring Private VLANs - Web Configuring Private VLANs - CLI Associating Community VLANs Associating Community VLANs - Web Associating Community VLANs - CLI Displaying Private VLAN Interface Information Displaying Private VLAN Interface Information - Web Displaying Private VLAN Interface Information - CLI Configuring Private VLAN Interfaces Configuring Private VLAN Interfaces - Web Page Class of Service Configuration Setting the Default Priority for Interfaces Setting the Default Priority for Interfaces - Web Setting the Default Priority for Interfaces - CLI Mapping CoS Values to Egress Queues Mapping CoS Values to Egress Queues - Web Mapping CoS Values to Egress Queues - CLI Selecting the Queue Mode Selecting the Queue Mode - Web Selecting the Queue Mode - CLI Setting the Service Weight for Traffic Classes Setting the Service Weight for Traffic Classes - Web Setting the Service Weight for Traffic Classes - CLI Mapping Layer 3/4 Priorities to CoS Values Selecting IP Precedence/DSCP Priority Selecting IP Precedence/DSCP Priority - Web Selecting IP Precedence/DSCP Priority - CLI Mapping IP Precedence Mapping IP Precedence - Web Mapping IP Precedence - CLI Mapping DSCP Priority Mapping DSCP Priority - Web Mapping DSCP Priority - CLI Mapping IP Port Priority Mapping IP Port Priority - Web Mapping IP Port Priority - CLI Copy Settings Copy Settings - Web Copy Settings - CLI Mapping CoS Values to ACLs Mapping CoS Values to ACLs - Web Mapping CoS Values to ACLs - CLI Changing Priorities Based on ACL Rules Changing Priorities Based on ACL Rules - Web Changing Priorities Based on ACL Rules - CLI Multicast Filtering Layer 2 IGMP (Snooping and Query) Configuring IGMP Snooping and Query Parameters 1. 2. Page Page Specifying Interfaces Attached to a Multicast Router - CLI Displaying Port Members of Multicast Services Displaying Port Members of Multicast Services - Web Displaying Port Members of Multicast Services - CLI Assigning Ports to Multicast Services Assigning Ports to Multicast Services - Web Assigning Ports to Multicast Services - CLI Configuring Domain Name Service Configuring General DNS Server Parameters Configuring General DNS Server Parameters - Web Configuring General DNS Server Parameters - CLI Configuring Static DNS Host to Address Entries Configuring Static DNS Host to Address Entries - Web You can display entries in the DNS cache that have been learned via the designated name servers. Configuring Static DNS Host to Address Entries - CLI Displaying the DNS Cache Configuring Domain Name Service Displaying the DNS Cache - Web Select DNS, Cache. This example displays all the resource records learned from the designated name servers. Displaying the DNS Cache - CLI FIG. 188 CLI (Command Line Interface) Using the Command Line Interface Console Connection 1. 2. 3. Entering Commands Keywords and Arguments Minimum Abbreviation Command Completion Getting Help on Commands Showing Commands The command show interfaces ? will display the following information: Partial Keyword Lookup Negating the Effect of Commands Using Command History Understanding Command Modes Exec Commands Configuration Commands Command Line Processing Command Groups The system commands can be broken down into the functional groups shown below. Keystroke Commands (Cont.) Command Group Index Line Commands Command Group Index (Cont.) Line Commands Page Page Page General Commands General Commands General Commands (Cont.) System Management Commands General Commands (Cont.) System Management Commands Device Designation Commands User Access Commands Device Designation Commands User Access Commands IP Filter Commands Device Designation Commands (Cont.) IP Filter Commands IP Filter Commands (Cont.) Web Server Commands Web Server Commands Telnet Server Commands Secure Shell Commands The switch supports SSH version 1.5 and 2.0. Web Server Commands (Cont.) Telnet Server Commands To Use the SSH Server 1. 2. 3. 4. 5. Secure Shell Commands Page Page Event Logging Commands Event Logging Commands Page Page Page SMTP Alert Commands SMTP Alert Commands SMTP Alert Commands (Cont.) Time Commands SMTP Alert Commands (Cont.) Time Commands Time Commands (Cont.) System Status Commands Time Commands (Cont.) System Status Commands Page Page Page Flash/File Commands These commands are used to manage the system code or configuration files. Flash/File Commands Page Page Power over Ethernet (PoE) Commands PoE Commands Page PoE Commands (Cont.) Authentication Commands RADIUS Client RADIUS Client Commands (Cont.) TACACS+ Client Port Security Commands Port Security Commands (Cont.) 802.1x Port Authentication Port Security Commands (Cont.) 802.1x Port Authentication Commands Page Page Page Access Control List Commands Access Control Lists 1. 2. 3. 4. 5. 6. 7. Masks for Access Control Lists IP ACL Commandss Page Page Page Page Page Page Page MAC ACL Commands MAC ACL Commands Page Page Page Page ACL Information ACL Information SNMP Commands Page Page Page Page Page Page Interface Commands Page Page Page Page Page Mirror Port Commands Rate Limit Commands Link Aggregation Commands Guidelines for Creating Trunks Page Page Page Page Page Page Address Table Commands Address Table Commands (Cont.) Spanning Tree Commands Page Page Page Page Page Page VLAN Commands Editing VLAN Groups Editing VLAN Groups Configuring VLAN Interfaces Configuring VLAN Interfaces Page Configuring VLAN Interfaces (Cont.) Displaying VLAN Information Configuring Private VLANs 1. 2. 3. 4. 5. 6. Edit Private VLAN Groups Edit Private VLAN Groups Configure Private VLAN Interfaces Configure Private VLAN Interfaces Display Private VLAN Information GVRP and Bridge Extension Commands Display Private VLAN Information GVRP and Bridge Extension Commands GVRP and Bridge Extension Commands (Cont.) Priority Commands Priority Commands (Layer 2) GVRP and Bridge Extension Commands (Cont.) Priority Commands (Layer 2) Page Page Priority Commands (Layer 3 and 4) Maps TCP ports, IP precedence tags, or IP DSCP tags to class of service values Priority Commands (Layer 3 and 4) Page Page Page Multicast Filtering Commands IGMP Snooping Commands IGMP Snooping Commands IGMP Query Commands (Layer 2) IGMP Snooping Commands (Cont.) IGMP Query Commands (Layer 2) IGMP Query Commands (Layer 2 - Cont.) Static Multicast Routing Commands IGMP Query Commands (Layer 2 - Cont.) Static Multicast Routing Commands IP Interface Commands Page IP Interface Commands (Cont.) DNS Commands Page Page Page Page Troubleshooting Troubleshooting Chart