Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4820T

781

782

783

784

785

786

787

788

789

790

Certain TACACS+ servers do not authenticate the device if you use the aaa authorization commands level default local

tacacs+ command. To resolve the issue, use the aaa authorization commands level default tacacs+ local

command.

Protection from TCP Tiny and Overlapping Fragment

Attacks

Tiny and overlapping fragment attack is a class of attack where congured ACL entries — denying TCP port-specic trac — is bypassed

and trac is sent to its destination although denied by the ACL.

RFC 1858 and 3128 proposes a countermeasure to the problem. This countermeasure is congured into the line cards and enabled by

default.

Enabling SCP and SSH

Secure shell (SSH) is a protocol for secure remote login and other secure network services over an insecure network. Dell Networking OS

is compatible with SSH versions 1.5 and 2, in both the client and server modes. SSH sessions are encrypted and use authentication. SSH is

enabled by default.

For details about the command syntax, refer to the Security chapter in the Dell Networking OS Command Line Interface Reference Guide.

Dell Networking OS SCP, which is a remote le copy program that works with SSH.

NOTE: The Windows-based WinSCP client software is not supported for secure copying between a PC and a Dell Networking

OS-based system. Unix-based SCP client software is supported.

To use the SSH client, use the following command.

• Open an SSH connection and specify the hostname, username, port number,encryption cipher,HMAC algorithm and version of the SSH

client.

EXEC Privilege mode

ssh {hostname} [-l username | -p port-number | -v {1 | 2}| -c encryption cipher | -m HMAC

algorithm

hostname is the IP address or host name of the remote device. Enter an IPv4 or IPv6 address in dotted decimal format (A.B.C.D).

• SSH V2 is enabled by default on all the modes.

• Display SSH connection information.

EXEC Privilege mode

show ip ssh

Specifying an SSH Version

The following example uses the ip ssh server version 2 command to enable SSH version 2 and the show ip ssh command to

conrm the setting.

Dell(conf)#ip ssh server version 2

Dell(conf)#do show ip ssh

SSH server : enabled.

SSH server version : v2.

SSH server vrf : default.

SSH server ciphers : 3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-

ctr,aes256-ctr.

SSH server macs : hmac-md5,hmac-md5-96,hmac-sha1,hmac-sha1-96,hmac-sha2-256,hmac-

sha2-256-96.

SSH server kex algorithms : diffie-hellman-group-exchange-sha1,diffie-hellman-group1-

sha1,diffie-hellman-group14-sha1.

Password Authentication : enabled.

Hostbased Authentication : disabled.

RSA Authentication : disabled.

Vty Encryption HMAC Remote IP

Dell(conf)#

784

Security