Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsC9010 Modular Chassis Switch

821

822

823

824

825

826

827

828

829

830

Protection from TCP Tiny and Overlapping

Fragment Attacks

Tiny and overlapping fragment attack is a class of attack where configured ACL entries — denying TCP port-specific traffic — is

bypassed and traffic is sent to its destination although denied by the ACL.

RFC 1858 and 3128 proposes a countermeasure to the problem. This countermeasure is configured into the line cards and enabled by

default.

Enabling SCP and SSH

Secure shell (SSH) is a protocol for secure remote login and other secure network services over an insecure network. The Dell

Neetworking OS is compatible with SSH versions 1.5 and 2, both the client and server modes. SSH sessions are encrypted and use

authentication.

For details about the command syntax, refer to the Security chapter in the Dell Networking OS Command Line Interface Reference Guide.

SCP is a remote file copy program that works with SSH and is supported on the switch.

NOTE: The Windows-based WinSCP client software is not supported for secure copying between a PC and a Dell

Networking OS-based system. Unix-based SCP client software is supported.

To use the SSH client, use the following command.

• Open an SSH connection and specifying the host name, username, port number, and version of the SSH client.

EXEC Privilege mode

ssh {hostname} [-l username | -p port-number | -v {1 | 2}

hostname is the IP address or host name of the remote device. Enter an IPv4 or IPv6 address in dotted decimal format (A.B.C.D).

• Configure the Dell Networking system as an SCP/SSH server.

CONFIGURATION mode

ip ssh server {enable | port port-number}

• Configure the Dell Networking system as an SSH server that uses only version 1 or 2.

CONFIGURATION mode

ip ssh server version {1|2}

• Display SSH connection information.

EXEC Privilege mode

show ip ssh

The following example shows using the ip ssh server version 2 command to enable SSH version 2 and the show ip ssh

command to confirm the setting.

ell(conf)#ip ssh server version 2

Dell(conf)#do show ip ssh

SSH server : enabled.

SSH server version : v1 and v2.

SSH server vrf : default.

SSH server ciphers : aes256-ctr,aes256-cbc,aes192-ctr,aes192-cbc,aes128-ctr,aes128-

cbc,3des-cbc.

SSH server macs : hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96.

SSH server kex algorithms : diffie-hellman-group-exchange-sha1,diffie-hellman-group1-

sha1,diffie-hellman-group14-sha1.

Password Authentication : enabled.

Hostbased Authentication : disabled.

RSA Authentication : disabled.

Vty Encryption HMAC Remote IP

Dell(conf)#

To disable SSH server functions, use the no ip ssh server enable command.

Security

825