White Papers

ManualsBrandsDell ManualsAccess PlatformsC9010 Modular Chassis Switch

921

922

923

924

925

926

927

928

929

930

• Access-Reject—NAS validates the OTP and if the OTP is invalid, the RADIUS server does not authenticate the user and sends an

Access-Reject response to NAS.

Conguring Challenge Response Authentication for SSHv2

To congure challenge response authentication for SSHv2, perform the following steps:

1 Enable challenge response authentication for SSHv2.

CONFIGURATION mode

ip ssh challenge-response-authentication enable

2 View the conguration.

EXEC mode

show ip ssh

Dell# show ip ssh

SSH server : enabled.

SSH server version : v1 and v2.

SSH server vrf : default.

SSH server ciphers : aes256-ctr,aes256-cbc,aes192-ctr,aes192-cbc,aes128-ctr,aes128-

cbc,3des-cbc.

SSH server macs : hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96.

SSH server kex algorithms : diffie-hellman-group-exchange-sha1,diffie-hellman-group1-

sha1,diffie-hellman-group14-sha1.

Password Authentication : enabled.

Hostbased Authentication : disabled.

RSA Authentication : disabled.

Challenge Response Auth : enabled.

Vty Encryption HMAC Remote IP

2 aes128-cbc hmac-md5 10.16.127.141

4 aes128-cbc hmac-md5 10.16.127.141

* 5 aes128-cbc hmac-md5 10.16.127.141

Dell#

SMS-OTP Mechanism

A short message service one time password (SMS-OTP) is a free RADIUS module to implement two factor authentication. There are

multiple 2FA mechanisms that can be deployed with the RADIUS. Mechanisms such as the Google authenticator do not rely on the

Access-Challenge message and the SMS-OTP module rely on the Access-challenge message. The main objective of this feature is to

handle the Access-Challenge messages and sends the Access-Request message with user’s response.

This module requires NAS for handling the access challenge from the RADIUS server. NAS sends the input OTP in an Access-Request to

the RADIUS server, and the user authentication succeeds or fails depending upon the Access-Accept or Access-Reject response received

at NAS from the RADIUS server.

Conguring the System to Drop Certain ICMP Reply

Messages

You can congure the Dell Networking OS to drop ICMP reply messages. When you congure the drop icmp command, the system

drops the ICMP reply messages from the front end and management interfaces. By default, the Dell Networking OS responds to all the

ICMP messages.

• Drop the ICMP or ICMPv6 message type.

drop {icmp | icmp6}

CONFIGURATION mode.

Security

923