Manualshelf

- Enterasys Security Router User's Guide

ManualsBrandsEnterasys Networks ManualsNetwork RouterSecurity Router X-PeditionTM
71727374757677787980
Utilizing the Command Line Interface
2-36 Managing the XSR
5. Set the operation to imageSetSelected:
set 1.1.1.1 .1.3.6.1.4.1.5624.1.2.16.2.7.1.3.1 0100
6. Set the row to active:
set 1.1.1.1 .1.3.6.1.4.1.5624.1.2.16.2.7.1.11.1 1
7. Reboot the XSR to load the new image by configuring the following:
Create a row:
set 1.1.1.1 .1.3.6.1.4.1.5624.1.2.16.2.7.1.11.2 5
Set operation to resetSoftwareset: 1.1.1.1 .1.3.6.1.4.1.5624.1.2.16.2.7.1.3.2 8000
Set the row to active: set 1.1.1.1 .1.3.6.1.4.1.5624.1.2.16.2.7.1.11.2 1
Downloading with FIPS Security
In compliance with Federal Information Processing Standard (FIPS) security, XSR 1800/3000
Series routers require a different download procedure than usual. You must specify the
FIPScompliant
HMAC SHA-1 key using either the Bootrom key command or the sw-verification key command
on the CLI. Follow the prompts as instructed.
When FIPS is enabled, all .FLS files must be signed with the signing utility:
signEtsFls.exe -k
<20hexdigits><xsr1800.fls>
. Only signed incoming FLS files will be accepted from TFTP,
SNMP and CompactFlash. After FIPS is enabled, back revisioning is not permitted. To disable
FIPS, press the Default button (on the XSR 1800 Series) to clear all configuration settings including
the FIPS and master encryption keys.
For the XSR 3000 Series only, FIPS can be disabled by entering five invalid Bootrom password
entries. You will be prompted before the XSR reverts to the default factory configuration and
clears the FIPS key.
Software Image Commands
You can view the status of the software image including such data as the current firmware image
filename, software release version, timestamp, and size by issuing the
show version command.
Use the
boot system command to actively change the default file name of the software image.
For more command details, refer to the XSR CLI Reference Guide.
Configuration Change Hashing
Transparently, the XSR hashes persistent configuration changes and stores them in an SNMP
accessible variable to assist you in assessing remote backups or device monitoring. Hashing by the
MD5 algorithm is conducted on the following files:
startup-config
private-config
user.dat
Note: The primary image cflash:xsr3004.fls must already exist in the XSR, otherwise the
configuration will fail at this point.
Note: The Configuration Management MIB lets you add a delay (Etsysconfigmgmtchangedelaytime)
In Steps 3-6 and Step 7. Be aware that the Step 7 delay cannot be smaller than the delay set in
Steps 3-6.