8.28 MB - Edge-Core

More documents

Recommendations

Info

4 Command Line Interface Table 4-15 SSH Commands (Continued) Command Function Mode Page copy tftp public-key Copies the user’s public key from a TFTP server to the switch PE 4-63 delete public-key Deletes the public key for the specified user PE 4-38 ip ssh crypto host-key Generates the host key PE 4-38 generate ip ssh crypto zeroize Clear the host key from RAM PE 4-39 ip ssh save host-key Saves the host key from RAM to flash memory PE 4-39 disconnect Terminates a line connection PE 4-18 show ip ssh Displays the status of the SSH server and the configured values PE 4-40 for authentication timeout and retries show ssh Displays the status of current SSH sessions PE 4-40 show public-key Shows the public key for the specified user or for the host PE 4-41 show users Shows SSH users, including privilege level and public key type PE 4-60 The SSH server on this switch supports both password and public key authentication. If password authentication is specified by the SSH client, then the password can be authenticated either locally or via a RADIUS or TACACS+ remote authentication server, as specified by the authentication login command on page 4-68. If public key authentication is specified by the client, then you must configure authentication keys on both the client and the switch as described in the following section. Note that regardless of whether you use public key or password authentication, you still have to generate authentication keys on the switch and enable the SSH server. To use the SSH server, complete these steps: 1. Generate a Host Key Pair – Use the ip ssh crypto host-key generate command to create a host public/private key pair. 2. Provide Host Public Key to Clients – Many SSH client programs automatically import the host public key during the initial connection setup with the switch. Otherwise, you need to manually create a known hosts file on the management station and place the host public key in it. An entry for a public key in the known hosts file would appear similar to the following example: 4-34 10.1.0.54 1024 35 15684995401867669259333946775054617325313674890836547254 15020245593199868544358361651999923329781766065830956 10825913212890233 76546801726272571413428762941301196195566782 59566410486957427888146206 51941746772984865468615717739390164779355942303577413098022737087794545 24083971752646358058176716709574804776117 3. Import Client’s Public Key to the Switch – Use the copy tftp public-key command to copy a file containing the public key for all the SSH client’s granted management access to the switch. (Note that these clients must be configured locally on the switch via the User Accounts page as described on page 3-33.) The clients are subsequently authenticated using these keys. The current
System Management Commands 4 firmware only accepts public key files based on standard UNIX format as shown in the following example for an RSA Version 1 key: 1024 35 1341081685609893921040944920155425347631641921872958921143173880 05553616163105177594083868631109291232226828519254374603100937187721199 69631781366277414168985132049117204830339254324101637997592371449011938 00609025394840848271781943722884025331159521348610229029789827213532671 31629432532818915045306393916643 steve@192.168.1.19 4. Set the Optional Parameters – Set other optional parameters, including the authentication timeout, the number of retries, and the server key size. 5. Enable SSH Service – Use the ip ssh server command to enable the SSH server on the switch. 6. Configure Challenge-Response Authentication – When an SSH client attempts to contact the switch, the SSH server uses the host key pair to negotiate a session key and encryption method. Only clients that have a private key corresponding to the public keys stored on the switch can gain access. The following exchanges take place during this process: a. The client sends its public key to the switch. b. The switch compares the client's public key to those stored in memory. c. If a match is found, the switch uses the public key to encrypt a random sequence of bytes, and sends this string to the client. d. The client uses its private key to decrypt the bytes, and sends the decrypted bytes back to the switch. e. The switch compares the decrypted bytes to the original bytes it sent. If the two sets match, this means that the client's private key corresponds to an authorized public key, and the client is authenticated. Note: To use SSH with only password authentication, the host public key must still be given to the client, either during initial connection or manually entered into the known host file. However, you do not need to configure the client’s keys. ip ssh server This command enables the Secure Shell (SSH) server on this switch. Use the no form to disable this service. Syntax [no] ip ssh server Default Setting Disabled Command Mode Global Configuration 4-35
Page 1:
Powered by Accton ES3526X ES3526X-D
Page 4 and 5:
ES3526X ES3526X-DCPW F2.2.6.9 E0420
Page 6 and 7:
Contents vi Console Port Settings 3
Page 8 and 9:
Contents Configuring IGMP Snooping
Page 10 and 11:
Contents x logging sendmail level 4
Page 12 and 13:
Contents xii capabilities 4-108 flo
Page 14 and 15:
Contents map ip dscp (Interface Con
Page 16 and 17:
Tables Table 4-29 RADIUS Client Com
Page 18 and 19:
Figures Figure 3-43 LACP - Aggregat
Page 20 and 21:
1 Introduction Description of Softw
Page 22 and 23:
1 Introduction Virtual LANs - The s
Page 24 and 25:
1 Introduction Table 1-2 System Def
Page 26 and 27:
1 Introduction 1-8
Page 28 and 29:
2 Initial Configuration • Configu
Page 30 and 31:
2 Initial Configuration Setting Pas
Page 32 and 33:
2 Initial Configuration 5. Wait a f
Page 34 and 35:
2 Initial Configuration 2. Enter th
Page 36 and 37:
3 Configuring the Switch Navigating
Page 38 and 39:
3 Configuring the Switch Main Menu
Page 40 and 41:
3 Configuring the Switch Table 3-2
Page 42 and 43:
3 Configuring the Switch Basic Conf
Page 44 and 45:
3 Configuring the Switch These addi
Page 46 and 47:
3 Configuring the Switch CLI - Ente
Page 48 and 49:
3 Configuring the Switch Using DHCP
Page 50 and 51:
3 Configuring the Switch Downloadin
Page 52 and 53:
3 Configuring the Switch Saving or
Page 54 and 55:
Page 56 and 57:
Page 58 and 59:
Page 60 and 61:
3 Configuring the Switch Remote Log
Page 62 and 63:
3 Configuring the Switch Resetting
Page 64 and 65:
3 Configuring the Switch CLI - This
Page 66 and 67:
3 Configuring the Switch Web - Clic
Page 68 and 69:
3 Configuring the Switch Command At
Page 70 and 71:
3 Configuring the Switch Command At
Page 72 and 73:
3 Configuring the Switch Console#co
Page 74 and 75:
3 Configuring the Switch Configurin
Page 76 and 77:
3 Configuring the Switch Generating
Page 78 and 79:
Page 80 and 81:
3 Configuring the Switch • If a p
Page 82 and 83:
3 Configuring the Switch • The RA
Page 84 and 85:
3 Configuring the Switch • Re-aut
Page 86 and 87:
3 Configuring the Switch Displaying
Page 88 and 89:
3 Configuring the Switch • IP add
Page 90 and 91:
3 Configuring the Switch The order
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
Page 98 and 99:
3 Configuring the Switch • Max MA
Page 100 and 101:
3 Configuring the Switch CLI - Sele
Page 102 and 103:
} } 3 Configuring the Switch CLI -
Page 104 and 105:
3 Configuring the Switch CLI - The
Page 106 and 107:
Page 108 and 109:
3 Configuring the Switch Field LACP
Page 110 and 111:
Page 112 and 113:
3 Configuring the Switch CLI - The
Page 114 and 115:
Page 116 and 117:
3 Configuring the Switch Rate Limit
Page 118 and 119:
3 Configuring the Switch Parameter
Page 120 and 121:
Page 122 and 123:
Page 124 and 125:
3 Configuring the Switch Changing t
Page 126 and 127:
3 Configuring the Switch informatio
Page 128 and 129:
3 Configuring the Switch • Rapid
Page 130 and 131:
Page 132 and 133:
3 Configuring the Switch Alternate
Page 134 and 135:
Page 136 and 137:
3 Configuring the Switch VLAN Confi
Page 138 and 139:
3 Configuring the Switch these host
Page 140 and 141:
Page 142 and 143:
3 Configuring the Switch Creating V
Page 144 and 145:
3 Configuring the Switch - Untagged
Page 146 and 147:
Page 148 and 149:
Page 150 and 151:
Page 152 and 153:
Page 154 and 155:
3 Configuring the Switch Class of S
Page 156 and 157:
3 Configuring the Switch Mapping Co
Page 158 and 159: 3 Configuring the Switch Selecting
Page 160 and 161: 3 Configuring the Switch Layer 3/4
Page 162 and 163: 3 Configuring the Switch CLI* - The
Page 164 and 165: 3 Configuring the Switch Mapping IP
Page 166 and 167: 3 Configuring the Switch Web - Clic
Page 168 and 169: 3 Configuring the Switch Command At
Page 170 and 171: 3 Configuring the Switch CLI - This
Page 172 and 173: 3 Configuring the Switch Assigning
Page 174 and 175: 3 Configuring the Switch 3-140
Page 176 and 177: 4 Command Line Interface To access
Page 178 and 179: 4 Command Line Interface Showing Co
Page 180 and 181: 4 Command Line Interface Exec Comma
Page 182 and 183: 4 Command Line Interface Command Li
Page 184 and 185: 4 Command Line Interface Line Comma
Page 186 and 187: 4 Command Line Interface Example Co
Page 188 and 189: 4 Command Line Interface Command Mo
Page 190 and 191: 4 Command Line Interface Command Us
Page 192 and 193: 4 Command Line Interface disconnect
Page 194 and 195: 4 Command Line Interface Default Se
Page 196 and 197: 4 Command Line Interface The ! comm
Page 198 and 199: 4 Command Line Interface Table 4-7
Page 200 and 201: 4 Command Line Interface • The fa
Page 202 and 203: 4 Command Line Interface • IP add
Page 206 and 207: 4 Command Line Interface Example
Page 212 and 213: 4 Command Line Interface delete pub
Page 220 and 221: 4 Command Line Interface clear logg
Page 222 and 223: 4 Command Line Interface show log T
Page 224 and 225: 4 Command Line Interface logging se
Page 230 and 231: 4 Command Line Interface calendar s
Page 234 and 235: 4 Command Line Interface Related Co
Page 236 and 237: 4 Command Line Interface Frame Size
Page 238 and 239: 4 Command Line Interface • The de
Page 248 and 249: 4 Command Line Interface TACACS+ Cl
Page 250 and 251: 4 Command Line Interface Port Secur
Page 252 and 253: 4 Command Line Interface Table 4-32
Page 254 and 255: 4 Command Line Interface dot1x oper
Page 256 and 257: 4 Command Line Interface dot1x time
Page 258 and 259:
4 Command Line Interface - Max Coun
Page 260 and 261:
4 Command Line Interface Access Con
Page 262 and 263:
4 Command Line Interface Example Co
Page 264 and 265:
4 Command Line Interface Command Us
Page 266 and 267:
Page 268 and 269:
4 Command Line Interface MAC ACLs T
Page 270 and 271:
4 Command Line Interface Example Th
Page 272 and 273:
Page 274 and 275:
4 Command Line Interface SNMP Comma
Page 276 and 277:
4 Command Line Interface Related Co
Page 278 and 279:
Page 280 and 281:
4 Command Line Interface Command Mo
Page 282 and 283:
4 Command Line Interface disabled,
Page 284 and 285:
4 Command Line Interface • Avoid
Page 286 and 287:
Page 288 and 289:
Page 290 and 291:
4 Command Line Interface Mirror Por
Page 292 and 293:
4 Command Line Interface Rate Limit
Page 294 and 295:
Page 296 and 297:
Page 298 and 299:
Page 300 and 301:
4 Command Line Interface lacp port-
Page 302 and 303:
4 Command Line Interface Console#sh
Page 304 and 305:
4 Command Line Interface Console#sh
Page 306 and 307:
4 Command Line Interface clear mac-
Page 308 and 309:
4 Command Line Interface Spanning T
Page 310 and 311:
Page 312 and 313:
4 Command Line Interface spanning-t
Page 314 and 315:
Page 316 and 317:
4 Command Line Interface cause forw
Page 318 and 319:
4 Command Line Interface spanning-t
Page 320 and 321:
4 Command Line Interface VLAN Comma
Page 322 and 323:
4 Command Line Interface Configurin
Page 324 and 325:
Page 326 and 327:
4 Command Line Interface switchport
Page 328 and 329:
4 Command Line Interface show vlan
Page 330 and 331:
4 Command Line Interface 3. Use the
Page 332 and 333:
Page 334 and 335:
Page 336 and 337:
Page 338 and 339:
Page 340 and 341:
4 Command Line Interface queue mode
Page 342 and 343:
Page 344 and 345:
Page 346 and 347:
4 Command Line Interface map ip por
Page 348 and 349:
4 Command Line Interface map ip dsc
Page 350 and 351:
4 Command Line Interface Default Se
Page 352 and 353:
Page 354 and 355:
4 Command Line Interface ip igmp sn
Page 356 and 357:
4 Command Line Interface IGMP Query
Page 358 and 359:
4 Command Line Interface ip igmp sn
Page 360 and 361:
Page 362 and 363:
4 Command Line Interface • If you
Page 364 and 365:
4 Command Line Interface show ip re
Page 366 and 367:
4 Command Line Interface 4-192
Page 368 and 369:
A Software Specifications Additiona
Page 370 and 371:
A Software Specifications A-4
Page 372 and 373:
B Troubleshooting Using System Logs
Page 374 and 375:
Glossary GARP VLAN Registration Pro
Page 376 and 377:
Glossary MD5 Message-Digest Algorit
Page 378 and 379:
Glossary User Datagram Protocol (UD
Page 380 and 381:
Index IGMP groups, displaying 3-137
Page 382:
Index W Web interface access requir
show all

8.28 MB - Edge-Core

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?