User manual
AN-80i User Manual
70-00072-01-10 Proprietary Redline Communications © 2011 Page 132 of 152 March 2, 2011
Long Reset
If the operator can not
access the AN-80i management interface (unknown IP,
username, and/or password), a long reset operation must be performed to provide
access using the default IP, username and password. The long reset can only be
invoked by an operator having physical access to the AN-80i Ethernet port and power
source (e.g., PoE adapter). Wireless service is interrupted while the system is powered-
off and then rebooted.
If the operator successfully logs in during the long reset opportunity, FIPS mode is
disabled for the duration of the login session (Telnet and HTTP are enabled). FIPS mode
operation is restored following the next reboot unless prevented by changes to the
configuration. If the operator fails to login during the long reset opportunity, the AN-80i
reboots automatically and FIPS mode will be active.
The FIPS mode setting is disabled in the running configuration during a long reset. The
FIPS mode will be permanently disabled if the command 'save config' is issued during
the long reset session.
Runtime Keys and Certificate Files
The following tables are used to store keys and certificates. Each table provides storage
for a specific function (e.g., usr table for standard security mode operation). Key files and
certificates are loaded into the runtime (run) table during each system reboot. The
runtime table is populated at boot time according to the following policies:
1. For each file type, the user (usr/fips) file (if present) has the highest priority. The file
is loaded from the user (usr) table or FIPS (fips) table based on the operational
mode:
Standard Mode: Load files from the user (usr) table.
FIPS Mode: Load files from the FIPS (fips) table.
2. The factory (fact) file is loaded when there is no user file.
3. Embedded files are used for HTTPS (ssl_cert<mac>.pem and ssl_key<mac>.pem)
when these files do not exist in the user/FIPS or factory tables. The embedded key
and certificate are identical for all AN-80i units. The embedded certificate authority
(CA) can not
be displayed or changed by the user.
4. A generated file is used for SSH (dsa_key<mac>.pem) when this file does not exist
in the user/fips or factory tables. The generated key is random for all AN-80i units.
5. The factory files can not be modified or deleted by the user.
Table 54: Security: Runtime (run) Keys and Certificates
dsa_key_<mac>.pem Standard mode: Ethernet: SSH: DSA Key
ssl_cert_<mac>.pem Standard mode: Ethernet: HTTPS: SSL X.509 Certificate
ssl_key_<mac>.pem
Standard mode: Ethernet: HTTPS: SSL Key
usr_wacert_<mac>.der
Standard mode: Wireless: Authentication: X.509 Authority
usr_wcert_<mac>.der Standard mode: Wireless: Authentication: X.509 Unit Certificate
usr_wkey_<mac>.der
Standard mode: Wireless: Authentication: RSA Key
4Gon www.4Gon.co.uk info@4gon.co.uk Tel: +44 (0)1245 808295 Fax: +44 (0)1245 808299