Utilizing the Command Line Interface

5.Set the operation to imageSetSelected:

set 1.1.1.1 .1.3.6.1.4.1.5624.1.2.16.2.7.1.3.1 0100

6.Set the row to active:

set 1.1.1.1 .1.3.6.1.4.1.5624.1.2.16.2.7.1.11.1 1

Note: The primary image cflash:xsr3004.fls must already exist in the XSR, otherwise the configuration will fail at this point.

7.Reboot the XSR to load the new image by configuring the following:

Create a row: set 1.1.1.1 .1.3.6.1.4.1.5624.1.2.16.2.7.1.11.2 5

Set operation to resetSoftwareset: 1.1.1.1 .1.3.6.1.4.1.5624.1.2.16.2.7.1.3.2 8000

Set the row to active: set 1.1.1.1 .1.3.6.1.4.1.5624.1.2.16.2.7.1.11.2 1

Note: The Configuration Management MIB lets you add a delay (Etsysconfigmgmtchangedelaytime) In Steps 3-6 and Step 7. Be aware that the Step 7 delay cannot be smaller than the delay set in Steps 3-6.

Downloading with FIPS Security

In compliance with Federal Information Processing Standard (FIPS) security, XSR 1800/3000 Series routers require a different download procedure than usual. You must specify the FIPScompliant

HMAC SHA-1 key using either the Bootrom key command or the sw-verification key command on the CLI. Follow the prompts as instructed.

When FIPS is enabled, all .FLS files must be signed with the signing utility: signEtsFls.exe -k <20hexdigits><xsr1800.fls>. Only signed incoming FLS files will be accepted from TFTP, SNMP and CompactFlash. After FIPS is enabled, back revisioning is not permitted. To disable FIPS, press the Default button (on the XSR 1800 Series) to clear all configuration settings including the FIPS and master encryption keys.

For the XSR 3000 Series only, FIPS can be disabled by entering five invalid Bootrom password entries. You will be prompted before the XSR reverts to the default factory configuration and clears the FIPS key.

Software Image Commands

You can view the status of the software image including such data as the current firmware image filename, software release version, timestamp, and size by issuing the show version command.

Use the boot system command to actively change the default file name of the software image.

For more command details, refer to the XSR CLI Reference Guide.

Configuration Change Hashing

Transparently, the XSR hashes persistent configuration changes and stores them in an SNMP accessible variable to assist you in assessing remote backups or device monitoring. Hashing by the MD5 algorithm is conducted on the following files:

startup-config

private-config

user.dat

2-36 Managing the XSR

Page 72
Image 72
Enterasys Networks X-PeditionTM Downloading with Fips Security, Software Image Commands, Configuration Change Hashing