Manualshelf

Hardware manual

ManualsBrandsBrocade Communications Systems ManualsComputer equipmentNetIron CER Series
11121314151617181920
Version 1.1, 03/31/2015
GSS CCT Evaluation Technical Report Page 12 of 56 © 2015 Gossamer Security Solutions, Inc.
Document: AAR-BrocadeNetIron5.8 All rights reserved.
security settings though the process of testing. As such, they are all identified in the DTR, along with the results
and corresponding audit records. Note that every administrator command issued by the evaluators during testing
was found to be audited without exception
fips
o (no) fips enable common-criteria (turn fips and cc modes on or off)
o fips show (show the current fips configuration)
o fips zerozie all (clears all keys)
write memory (write the current configuration settings to persistent memory)
crypto key generate (generate RSA key pair to enable SSH)
openssl s_server (set syslog port, key and cipher)
(no) logging host <ip-address> ssl-port <port> (configure or remove the secure logging host)
ip
o ip ssh pub-key-file (load a user’s public key for authentication)
o ip ssh idle-time <time> (set SSH idle timeout period)
aaa
o aaa authentication (configure authentication settings)
o aaa authentication enable default tacacs+ local (enable tacacas+)
o aaa authentication login default tacacs+ local (enable console login to use passwords and
tacacs+)
o aaa authentication web-server default local (set password authentication for web server)
tacacs-server
o tacacs-server host <<ipaddr>> ssl-auth-port <<port>> default (configure tcacs+ server)
o tacacs-server retransmit <<restransmit period>>
o tacacs-server timeout <<timeout>> (configure timeout period)
o tacacs-server key <<key>> (configure tacacs+ key)
enable
o enable aaa (enable login at console)
o enable password-min-length 15 (configure min password size)
o enable user password-masking (set as part of turning on FIPS mode)
username <user> password (set a user password)
clock set <time> (set time)
server <ntp server ip> minpoll <time> (configure NTP poll interval)
show
o show flash (show flash info)
o show ver (show version)
o show clock (query time)
o show ip client-pub-key (show the client public key used for SSH login)
o show ip ssl (show ssl connections)
o show logging (show current logging configuration and log buffer)
o show run | <options> (show running configuration details)