Connection Security Configuration | Q-Logic 5602 manual

Section 8

Connection Security Configuration

NOTE: SSH and SSL connection security require the Fabric Security license key. To purchase a license key, contact your authorized maintenance provider or authorized reseller.

This section describes the following tasks:

Managing SSL and SSH Services

Displaying SSL and SSH Services

Creating an SSL Security Certificate

The switch supports secure connections with Telnet and switch management applications. The Secure SHell protocol (SSH) secures Telnet connections to the switch. The Secure Sockets Layer (SSL) protocol secures switch connections to the following management applications:

Enterprise Fabric Suite 2007

QuickTools

Application Programming Interface

Storage Management Initiative-Specification (SMI-S)

8.1

Managing SSL and SSH Services

Consider the following when enabling SSH and SSL services:

To establish a secure Telnet connection, your workstation must use an SSH client.

To enable secure SSL connections, you must first synchronize the date and time on the switch and workstation. Refer to “Setting the Date and Time” on page 5-17.

The SSL service must be enabled to authenticate users through a RADIUS server. Refer to “Configuring a RADIUS Server on the Switch” on page 10-3.

To disable SSL when using a user authentication RADIUS server, the RADIUS server authentication order must be local.

Enabling SSL automatically creates a security certificate on the switch.

59183-01 A

8-1

Image 95

Q-Logic 5602 manual Connection Security Configuration, Managing SSL and SSH Services

Contents

Firmware Version Document Revision History Table of Contents Section Port Configuration Section Zoning Configuration Add Members to an Alias Remove Members from an Alias Connection Security ConfigurationSection Device Security Configuration Radius Server Configuration Section Event Log ConfigurationSimple Network Management Protocol Configuration Command Reference 59183-01 a Index List of Tables Introduction Related Materials Switch Models and ExamplesIntended Audience New in This Release Training Technical SupportAvailability Support Headquarters Contact Information Introduction Technical Support 59183-01 a This section describes the following tasks Command Line Interface Usage To log off, enter the Exit command Logging In to the Switch Command-Line Completion Opening and Closing an Admin SessionEntering Commands Getting Help Setting Page Breaks Local directory now /itasca/conf/images bin Creating a Support File Ftp Downloading and Uploading Files Userimages password images Factory User Accounts User Account Configuration Displaying User Account Information Creating User Accounts Following example deletes the user account named user3 Modifying User Accounts and Passwords Network and Fabric Configuration Displaying Name Server Information WWN Displaying the Ethernet Network Configuration Configuring the Ethernet Port Following is an example of a connection failure Verifying a Switch in the NetworkVerifying and Tracing Fibre Channel Connections Port Switch configuration consists of the following tasks Displaying Switch Information Switch Operational Information PID Ppid CPU Time System Process Information Elapsed Time Between Resets Switch Configuration Parameters Configuration Information Security Configuration Parameters Zoning Configuration Parameters Heartbeat LED Activity Hardware Information Firmware Information Managing Switch Services Please Note Activate a Switch Configuration Managing Switch ConfigurationsDisplay a List of Switch Configurations Modify a Switch Configuration Copy a Switch ConfigurationDelete a Switch Configuration Decimal value, 100-100000 msec Creating the Backup File Back Up and Restore a Switch Configuration Downloading the Configuration File Ftp ipaddress user images password images ftp bin Restoring the Configuration File Setting the Date and Time Paging a Switch Switch Configuration Setting the Date and Time List Switch Reset Methods Resetting a SwitchInstalling Firmware Nondisruptive Activation One-Step Firmware Installation Enter the password for your account name FTP only Wait for the unpack to complete Custom Firmware Installation Display Feature Licenses Managing Switch Feature Upgrades Install a Feature License Key Page You can display the following port information Displaying Port InformationThis section describes the following topics Arbff Port Configuration Parameters PL-XPL-VC-SG3-22 Port Operational Information Port Threshold Alarm Configuration Parameters Port Performance FTRJ8524P2BNL Transceiver Information Set config port Modifying Port Operating Characteristics Port Binding SANbox admin-config # set config security port Resetting a Port Configuring Port Threshold Alarms SANbox admin-config # set config threshold Online Tests for Ports Testing a Port Offline Tests for Ports Display Port Test Results Cancel a Port Test Current value Extending Port Transmission Distance SANbox # show donor Port Config Zoning Configuration Displaying Zoning Database Information Configured Zone Set Information SANbox # zoning list Active ZoneSet Information Active Zone Set Information Zone Membership Information Zone Set Membership Information Alias and Alias Membership Information Zoning Modification History E2JBOD2 Zoning Database Limits Configuring the Zoning Database SANbox # admin start SANbox admin # config edit Modifying the Zoning Database Removing Inactive Zone Sets, Zones, and Aliases Resetting the Zoning Database Managing Zone Sets consists of the following tasks Managing Zone SetsCreate a Zone Set Delete a Zone Set Remove Zones from a Zone Set Rename a Zone SetCopy a Zone Set Add Zones to a Zone Set Delete a Zone Deactivate a Zone SetManaging Zones Create a Zone Remove Members from a Zone Rename a ZoneCopy a Zone Add Members to a Zone Rename an Alias Managing AliasesCreate an Alias Delete an Alias Remove Members from an Alias Copy an AliasAdd Members to an Alias Managing SSL and SSH Services Connection Security Configuration TelnetEnabled True / False SSHEnabled Creating an SSL Security Certificate Displaying SSL and SSH ServicesPage Device Security Configuration Displaying Security Database Information Configured Security Set Information MD5 Active Security Set Information Group Membership Information Security Set Membership Information Security Database Limits Security Database Modification History Set Config Security command Configuring the Security Database Before Reaching the end of the list Modifying the Security Database Resetting the Security Database Rename a Security Set Managing Security SetsCreate a Security Set Delete a Security Set Deactivate a Security Set Add Groups to a Security SetRemove Groups from a Security Set Activate a Security Set Rename a Group Managing GroupsCreate a Group Delete a Group Add Members to a Group Copy a Group Remove Members from a Group Modify a Group Member Radius Server Configuration Displaying Radius Server Information Configuring a Radius Server on the Switch Page Starting and Stopping Event Logging Event Log Configuration Displaying the Event Log Controlling Messages in the Output Stream Filtering the Event Log Display Configure the Event Log Managing the Event Log Configuration Clearing the Event Log Display the Event Log ConfigurationRestore the Event Log Configuration Logging to a Remote Host Creating and Downloading a Log File Page You control the Snmp service SNMPEnabled parameters through Managing the Snmp Service 12-2 59183-01 a Displaying Snmp Information Modifying the Snmp Configuration SANbox admin # reset snmp Resetting the Snmp ConfigurationPage Access Authority Command Reference Syntax and Keywords Command Commands are listed in alphabetical order as follows Command Listing Keywords AdminAuthority Syntax Copy aliassource aliasdestination AliasSyntax alias Keywords add alias memberlist Remove alias memberlist Delete aliasList Members alias Keywords activate configname ConfigSyntax config Save configname Edit confignameRestore 59183-01 a 13-9 Support CreateKeywords certificate 59183-01 a 13-11 SANbox admin # create support Following is an example of the Create Certificate command Keywords MMDDhhmmCCYY DateSyntax date Closes the Telnet session ExitAuthority None Syntax exit Keywords address FcpingAuthority None Hopcount FctracePortdestination Examples The following is an example of the Fctrace command Keywords add licensekey FeatureSyntax feature Add licensekey log Following is an example of the Feature Log command Syntax firmware install Firmware Install 59183-01 a 13-21 Syntax group Group ISL Group Member Attributes Keywords add group Port Group Member Attributes Create group type Configures security for attachments to other switchesMS Group Member Attributes Copy groupsource groupdestination Group Member Attributes Edit group member Securitysets group Members groupRemove group memberlist Rename groupold groupnew Following is an example of the Group Edit command Following is an example of the Group Members command Following is an example of the Group List command Syntax hardreset Hardreset Keyword Help command keywordCommand Help History Re-execute selected commandsFollowing is an example of the History command History Hotreset Hotreset Syntax image Keywords cleanupImage Unpack file 13-36 59183-01 a Lip portnumber Following is an example of the Lip commandLip Reinitializes the specified loop port Authority None Syntax logout Logout Syntax passwd accountname Keywords accountname Passwd Ipaddress PingPing ipaddress Displays current system process information Examples The following is an example of the Ps commandAuthority None Syntax ps Authority None Syntax quit Quit Keywords config configname ResetSyntax reset Radius ServicesFactory Port portlist Zoning SwitchWorkstation could lose communication with the switch System Values Switch Configuration Defaults Parameter 4-Gbps Port Defaults Port Configuration Defaults Port Threshold Alarm Configuration Defaults Snmp Configuration Defaults Zoning Configuration Defaults 11. Services Configuration Defaults 10. Radius Configuration Defaults 13. Security Configuration Defaults 12. System Configuration Defaults Clear SecurityKeywords active Save EditLimits Following is an example of the Security History command Following is an example of the Security List command Following is an example of the Security Limits command Active SecuritysetSyntax securityset Keywords activate securityset Delete securityset Copy securitysetsource securitysetdestinationCreate securityset Deactivate Following is an example of the Securityset List command Following is an example of the Securityset Groups command Option can be one of the following Set AlarmSyntax set alarm option Keywords option State Set BeaconSet beacon state Ports portnumber Set Config Port14. Port Configuration Parameters Keywords port portnumber Send Arbff True instead of IDLEs False on the loop 14. Port Configuration Parameters 14. Port Configuration Parameters 59183-01 a 13-65 13-66 59183-01 a 15. Security Configuration Parameters Set Config SecuritySyntax set config security 13-68 59183-01 a 16. Port Binding Configuration Parameters Set Config Security Portbinding 17. Switch Configuration Parameters Set Config SwitchSyntax set config switch Resource Allocation Timeout Value. The number of millisec 18. Port Alarm Threshold Parameters Set Config ThresholdSyntax set config threshold Following is an example of the Set Config Threshold command Error rate has fallen below the falling trigger 19. Zoning Configuration Parameters Set Config ZoningSyntax set config zoning 59183-01 a 13-75 Component filterlist Set LogSet log Archive Display filter Specifies all ports Disables monitoring on all portsLevel filter Monitors none of the severity levels Stops logging of events Alarms are always logged and always displayed on the screenStart Stop Syntax pagebreak state Set PagebreakKeywords state 59183-01 a 13-81 Set port portnumber EnableSet Port Set port clear State state Speed transmissionspeed Configuration fields Set Setup RadiusConfigures Radius servers on the switch Set setup radius 20. Radius Service Settings 13-86 59183-01 a 21. Switch Services Settings Set Setup ServicesConfigures services on the switch Syntax set setup services 21. Switch Services Settings 59183-01 a 13-89 22. Snmp Configuration Settings Set Setup SnmpConfigures Snmp on the switch Syntax set setup snmp 22. Snmp Configuration Settings 13-92 59183-01 a 23. System Configuration Settings Set Setup SystemSyntax set setup system 13-94 59183-01 a State can be one of the following Set Switch StateAdmin session Set switch state state Set timezone Set Timezone Show about Show AboutAuthority None Syntax Following is an example of the Show Alarm command Show AlarmShow alarm Settings Syntax show broadcast Show Broadcast Show chassis Displays chassis component status and temperatureShow Chassis Portnumber Show Config PortDisplays configuration parameters for one or more ports Show config port portnumber 13-102 59183-01 a Syntax show config security Show Config SecurityDisplays the security database configuration parameters Show config security portbinding portnumber Show Config Security Portbinding Syntax show config switch Show Config SwitchDisplays the switch configuration parameters Syntax show config threshold Show Config ThresholdDisplays alarm threshold parameters for the switch Syntax show config zoning Show Config ZoningDisplays zoning configuration parameters for the switch Syntax show domains Show Domains Show donor Show Donor Show fabric Show Fabric Question marks ? Show FdmiShow fdmi portwwn Portwwn Following is an example of the Show Fdmi WWN command Syntax show interface Show InterfaceDisplays the status of the active network interfaces Component Show LogShow log Numberofevents Options Level Port SettingsFollowing is an example of the Show Log Level command Following is an example of the Show Log Options command Show lsdb Show LsdbDisplays Link State database information Portlist InstalledShow Media Show media 25. Transceiver Information 13-120 59183-01 a 59183-01 a 13-121 Show mem count Following is an example of the Show Mem commandShow Mem Displays information about memory activity Option Show NSShow ns option Following is an example of the Show NS portID command Syntax show pagebreak Displays the current pagebreak settingShow Pagebreak Byte portlist Show PerfSyntax show perf portlist Keywords portlist Inframe portlist Errors portlistOutbyte portlist Frame portlist Following is an example of the Show Perf Byte command 26. Show Port Parameters Show PortShow port Lipalpdalps LIPF7F7 26. Show Port Parameters 59183-01 a 13-133 Syntax show post log Show Post Log Syntax show setup mfg Show Setup MfgDisplays manufacturing information about the switch Displays Radius server information Show Setup RadiusSyntax show setup radius Syntax show setup services Show Setup ServicesDisplays switch service status information Following is an example of the Show Setup Snmp command Show Setup SnmpDisplays the current Snmp settings Syntax show setup snmp Syntax show setup system Show Setup SystemDisplays the current system settings Domainid Show SteeringShow steering domainid 27. Switch Operational Parameters Show SwitchDisplays switch operational information Show switch 13-142 59183-01 a Syntax show timezone Displays the current time zone settingShow Timezone Syntax show topology Show TopologyDisplays all connected devices 59183-01 a 13-145 Show users Show Users Show Version Syntax shutdown Shutdown Port portnumber Test CancelTest cancel Online Test PortSyntax test port portnumber Offline loopbacktype 28. Port Test Parameters 13-152 59183-01 a Test status Test Status Authority None Syntax uptime Examples The following is an example of the Uptime commandUptime Add UserSyntax user Keywords accounts Following is an example of the User Edit command Following is an example of the User Add command Following is an example of the User List command Following is an example of the User Delete command Authority None Syntax whoami Examples The following is an example of the Whoami commandWhoami Copy zonesource zonedestination ZoneSyntax zone Keywords add zone memberlist Rename zoneold zonenew Delete zoneMembers zone Remove zone memberlist Following is an example of the Zone Members command Following is an example of the Zone Zonesets command Syntax zoneset Zoneset Zones zoneset Delete zonesetRemove zoneset zonelist Rename zonesetold zonesetnew Following is an example of the Zoneset Zones command Following is an example of the Zoneset List command Delete orphans ZoningSyntax zoning 29. Zoning Database Limits Opens a Zoning Edit session 13-168 59183-01 a Following is an example of the Zoning Limits command Following is an example of the Zoning List command Index Index-2 59183-01 a FTP See File Transfer Protocol Example Index-4 59183-01 a 59183-01 a Index-5 Index-6 59183-01 a Set Config Security Port command Show Config Security Port command 59183-01 a Index-9 Index-10 59183-01 a 59183-01 a Index-11