Manualshelf

User`s manual

ManualsBrandsAsante ManualsComputer equipmentIntraCore 36000 Series
61626364656667686970
User’s Manual 61
6.3.2 Replacing the Default Secure-site Certificate
When you log onto the web interface using HTTPS (for secure access), a Secure Sockets Layer (SSL)
certificate appears for the switch. By default, the certificate that Netscape and Internet Explorer display will
be associated with a warning that the site is not recognized as a secure site. This is because the certificate
has not been signed by an approved certification authority. If you want this warning to be replaced by a
message confirming that the connection to the switch is secure, you must obtain a unique certificate and a
private key and password from a recognized certification authority.
Caution: For maximum security, obtain a unique Secure Sockets Layer certificate at the earliest opportunity.
The default certificate for the switch is not unique.
When you have obtained these, place them on your TFTP server, and use the following command at the
switch's command-line interface to replace the default (unrecognized) certificate with an authorized one:
Console#copy tftp https-certificate
TFTP server ip address: <server ip-address>
Source certificate file name: <certificate file name>
Source private file name: <private key file name>
Private password: <password for private key>
Note: The switch must be reset for the new certificate to be activated. To reset the switch, type:
Console#reload
6.4 Configuring the Secure Shell
The Berkley-standard includes remote access tools originally designed for Unix systems. Some of these
tools have also been implemented for Microsoft Windows and other environments. These tools, including
commands such as rlogin (remote login), rsh (remote shell), and rcp (remote copy), are not secure from
hostile attacks.
The Secure Shell (SSH) includes server/client applications intended as a secure replacement for the older
Berkley remote access tools. SSH can also provide remote management access to this switch as a secure
replacement for Telnet. When the client contacts the switch via the SSH protocol, the switch generates a
public-key that the client uses along with a local user name and password for access authentication. SSH
also encrypts all data transfers passing between the switch and SSH-enabled management station clients,
and ensures that data traveling over the network arrives unaltered.
Note that you need to install an SSH client on the management station to access the switch for management
via the SSH protocol.
Note: The switch supports both SSH Version 1.5 and 2.0.
6.4.1 Usage Guidelines
The SSH server on this switch supports both password and public key authentication. If password
authentication is specified by the SSH client, then the password can be authenticated either locally or via a
RADIUS or TACACS+ remote authentication server, as specified on the Authentication Settings Page
(section 6.2 Configuring Local/Remote Logon Authentication). If public key authentication is specified by
the client, then you must configure authentication keys on both the client and the switch as described in the
following section. Note that regardless of whether you use public key or password authentication, you still
have to generate authentication keys on the switch (SSH Host Key Settings) and enable the SSH server
(Authentication Settings).
To use the SSH server, complete these steps: