Manualshelf

User guide

ManualsBrandsAlcatel ManualsComputer equipmentOmniSwitch AOS Release 7
31323334353637383940
Logging Into the Switch Enabling the DNS Resolver
OmniSwitch AOS Release 8 Switch Management Guide May 2014 page 1-19
Enabling the DNS Resolver
A Domain Name System (DNS) resolver is an optional internet service that translates host names into IP
addresses. Every time you enter a host name when logging into the switch, a DNS service must look up
the name on a server and resolve the name to an IP address. You can configure IPv4 domain name servers
and IPv6 domain name servers that will be queried in turn to resolve the host name. If all servers are
queried and none can resolve the host name to an IP address, the DNS fails. If the DNS fails, you must
either enter an IP or IPv6 address in place of the host name or specify the necessary lookup tables on one
of the specified servers.
You must perform three steps on the switch to enable the DNS resolver service.
1 Set the default domain name for DNS lookups with the ip domain-name CLI command.
-> ip domain-name mycompany1.com
2 Use the ip domain-lookup CLI command to enable the DNS resolver service.
-> ip domain-lookup
You can disable the DNS resolver by using the no ip domain-lookup command. For more information,
refer to the OmniSwitch AOS Release 8 CLI Reference Guide.
3 Specify the IP addresses of the servers with the ip name-server CLI command. These servers will be
queried when a host lookup is requested.
-> ip name-server 189.202.191.14 189.202.191.15 189.255.19.1
Enabling the FIPS mode
Federal Information Processing Standards (FIPS) is a mode of operation that satisfies security
requirements for cryptographic modules. It is a requirement as per the National Institute of Standards and
Technology (NIST), FIPS 140-2 standard that strong cryptographic algorithms has to be supported to
achieve FIPS compliance. When FIPS mode is enabled on OmniSwitch, FIPS 140-2 compliant encryption
is used by the OmniSwitch devices in the various management interfaces such as SFTP, HTTP, SSh and
SSL.
These strong cryptographic algorithms ensure secure communication with the device to provide
interoperability, high quality, cryptographically-based security for IP networks through the use of
appropriate security protocols, cryptographic algorithms, and keys and prevent any form of hijacking/
hacking or attack on the device through the secure mode of communication.
Note The FIPS mode is configurable through all the three User Interfaces: WebView, SNMP and CLI.
FIPS mode functionalities:
FIPS operates in OpenSSL mode allowing only highly secure and strong cryptographic algorithms.
OpenSSH and Web Server which use the OpenSSL as the underlying layer for secure communications
also works in the FIPS mode.
SNMPv3 supports secure SHA+AES. MD5 or DES are not allowed.