API Guide
Table Of Contents
- Dell EMC SmartFabric OS10 Security Best Practices Guide May 2021
- Contents
- OS10 security best practices
Switch-A:
Switch-A(config)# crypto security-profile DELL123
Switch-B:
Switch-B(config)# crypto security-profile DELL123
11. Assign the certificate and private key pair to the security profile. Enter the certificate name without the file extension.
Switch-A:
Switch-A(config-sec-profile)# certificate dell
Switch-B:
Switch-B(config-sec-profile)# certificate dell
12. Create a security profile for the cluster.
Switch-A:
Switch-A(config)# cluster security-profile DELL123
Switch-B:
Switch-A(config)# cluster security-profile DELL123
13. (Only if you are running release 10.4.3.x) Create the store folder under the /config/certs/ directory on both devices.
Switch-A# system "sudo mkdir /config/certs/store"
Switch-B# system "sudo mkdir /config/certs/store"
14. Copy the certificate to the /config/certs/store/ location and run the c_rehash command on both VLT peers.
Switch-A# system "sudo cp /config/certs/dell.crt /config/certs/store/"
Switch-A# system "sudo c_rehash /config/certs/store/"
Switch-B# system "sudo cp /config/certs/dell.crt /config/certs/store/"
Switch-B# system "sudo c_rehash /config/certs/store/"
15. Open a new SSH session and verify that the warning messages are not displayed. Even if the new certificate is not in effect
on the VLT domain or SFS cluster, the system does not generate the warning message.
16. For MX devices, reboot one of the VLT peers in each VLT pair and the SFS primary node if you are running a multi-node
cluster deployment. For non-MX devices, flap the VLTi link.
CAUTION:
Flapping the VLTi link or rebooting the node may lead to transient packet loss. Perform this step
during a maintenance window.
17. (Optional) Verify if VLT is converged.
Switch-A:
Switch-A# show vlt 255
Domain ID : 255
Unit ID : 1
Role : primary
Version : 2.3
Local System MAC address : 20:04:0f:20:86:00
Role priority : 32768
VLT MAC address : 20:04:0f:21:9a:00
IP address : fda5:74c8:b79e:1::1
Delay-Restore timer : 90 seconds
Peer-Routing : Disabled
Peer-Routing-Timeout timer : 0 seconds
VLTi Link Status
port-channel1000 : up
VLT Peer Unit ID System MAC Address Status IP Address Version
OS10 security best practices
35