White Papers
Table Of Contents
- Dell 9.13.0.0 Configuration Guide for the S5000 Switch
- About this Guide
- Configuration Fundamentals
- Getting Started
- Accessing Ports
- Accessing the RJ-45/RS-232 Console Port
- Pin Assignments
- Accessing the CLI Interface and Running Scripts Using SSH
- Default Configuration
- Accessing the USB-B Console Port
- Booting Process
- Enter the Initial Configuration Information
- Configuring the Enable Password
- Configuring a Host Name
- Navigating CLI Modes
- Default Configuration
- Configuring Layer 2 (Data Link) Mode
- Accessing the System Remotely
- Configure the Management Port IP Address
- Configure a Management Route
- Configuring a Username and Password
- Creating a Port-based VLAN
- Assigning Interfaces to a VLAN
- Assigning an IP Address to a VLAN
- Connect the S5000 to the Network
- Configure File Management
- Copying Files to and from the System
- Mounting an NFS File System
- Saving the Running-Configuration
- Viewing Files
- View Configuration Files
- Compressing Configuration Files
- Managing the File System
- Enabling Software Features on Devices Using a Command Option
- View Command History
- Upgrading and Downgrading Dell Networking OS
- Verify Software Images Before Installation
- Using HTTP for File Transfers
- Switch Management
- Configuring Privilege Levels
- Removing a Command from EXEC Mode
- Moving a Command from EXEC Privilege Mode to EXEC Mode
- Allowing Access to CONFIGURATION Mode Commands
- Allowing Access to the Following Modes
- Applying a Privilege Level to a Username
- Applying a Privilege Level to a Terminal Line
- Configuring Logging
- Log Messages in the Internal Buffer
- Configuring a UNIX System as a Syslog Server
- Track Login Activity
- Limit Concurrent Login Sessions
- Enabling Secured CLI Mode
- Changing System Logging Settings
- Display the Logging Buffer and the Logging Configuration
- Configuring a UNIX Logging Facility Level
- Synchronizing Log Messages
- Enabling Timestamp on Syslog Messages
- File Transfer Services
- Terminal Lines
- Configuring Login Authentication for Terminal Lines
- Setting Time Out of EXEC Privilege Mode
- Using Telnet to get to Another Network Device
- Lock CONFIGURATION Mode
- View the Configuration Lock Status
- Recovering from a Forgotten Password
- Recovering from a Forgotten Enable Password
- Recovering from a Failed Start
- Viewing the Reason for Last System Reboot
- 802.1X
- The Port-Authentication Process
- EAP over RADIUS
- Configuring 802.1X
- Enabling 802.1X
- Configuring MAC addresses for a do1x Profile
- Configuring Request Identity Re-Transmissions
- Configuring a Quiet Period after a Failed Authentication
- Forcibly Authorizing or Unauthorizing a Port
- Re-Authenticating a Port
- Configuring Timeouts
- Configuring Dynamic VLAN Assignment with Port Authentication
- Guest and Authentication-Fail VLANs
- Configuring dot1x Profile
- Configuring the Static MAB and MAB Profile
- Configuring Critical VLAN
- Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM)
- Access Control Lists (ACLs)
- IP Access Control Lists (ACLs)
- CAM Allocation and CAM Optimization
- Implementing ACLs on Dell Networking OS
- IP Fragment Handling
- Configure a Standard IP ACL
- Configure an Extended IP ACL
- Established Flag
- Configure Layer 2 and Layer 3 ACLs
- Assign an IP ACL to an Interface
- Configure Ingress ACLs
- Configure Egress ACLs
- Configure ACLs to Loopback
- Applying an ACL on Loopback Interfaces
- IP Prefix Lists
- Creating a Prefix List
- ACL Resequencing
- Route Maps
- Bidirectional Forwarding Detection (BFD)
- How BFD Works
- BFD Packet Format
- BFD Sessions
- BFD Three-Way Handshake
- Session State Changes
- Configure BFD
- Border Gateway Protocol IPv4 (BGPv4)
- Autonomous Systems (AS)
- Sessions and Peers
- Route Reflectors
- Communities
- BGP Attributes
- Weight
- Local Preference
- Origin
- AS Path
- Next Hop
- Multiprotocol BGP
- Implement BGP with Dell Networking OS
- AS Number Migration
- BGP4 Management Information Base (MIB)
- Configuration Information
- Enabling BGP
- Configuring AS4 Number Representations
- Configuring Peer Groups
- Configuring BGP Fast Fall-Over
- Configuring Passive Peering
- Maintaining Existing AS Numbers During an AS Migration
- Allowing an AS Number to Appear in its Own AS Path
- Enabling Graceful Restart
- Enabling Neighbor Graceful Restart
- Filtering on an AS-Path Attribute
- Filtering BGP Routes Using AS-PATH Information
- Redistributing Routes
- Enabling Additional Paths
- Configuring IP Community Lists
- Filtering Routes with Community Lists
- Manipulating the COMMUNITY Attribute
- Changing MED Attributes
- Changing the LOCAL_PREFERENCE Attribute
- Configuring the local System or a Different System to be the Next Hop for BGP-Learned Routes
- Changing the WEIGHT Attribute
- Enabling Multipath
- Filtering BGP Routes Using Route Maps
- Filtering BGP Routes Using AS-PATH Information
- Filtering BGP Routes
- Configuring BGP Route Reflectors
- Aggregating Routes
- Configuring BGP Confederations
- Enabling Route Flap Dampening
- Changing BGP Timers
- Enabling BGP Neighbor Soft-Reconfiguration
- Enabling or disabling BGP neighbors
- Route Map Continue
- Enabling MBGP Configurations
- BGP Regular Expression Optimization
- Debugging BGP
- Sample Configurations
- Bare Metal Provisioning (BMP)
- Content Addressable Memory (CAM)
- Control Plane Policing (CoPP)
- Data Center Bridging (DCB)
- Ethernet Enhancements in Data Center Bridging
- Enabling Data Center Bridging
- Data Center Bridging: Default Configuration
- Configuring Priority-Based Flow Control
- Configuring PFC in a DCB Map
- Applying a DCB Map on a Port
- Configuring PFC without a DCB Map
- Priority-Based Flow Control Using Dynamic Buffer Method
- Behavior of Tagged Packets
- Configuration Example for DSCP and PFC Priorities
- Using PFC to Manage Converged Ethernet Traffic
- Configure Enhanced Transmission Selection
- Hierarchical Scheduling in ETS Output Policies
- Using ETS to Manage Converged Ethernet Traffic
- Applying DCB Policies in a Switch Stack
- Configure a DCBx Operation
- Verifying the DCB Configuration
- Sample DCB Configuration
- QoS dot1p Traffic Classification and Queue Assignment
- Configuring the Dynamic Buffer Method
- Dynamic Host Configuration Protocol (DHCP)
- DHCP Packet Format and Options
- Assign an IP Address using DHCP
- Implementation Information
- Configuration Tasks
- Configure the System to be a DHCP Server
- Configure the System to be a Relay Agent
- Configure the System for User Port Stacking
- Configure Secure DHCP
- Viewing the Number of SAV Dropped Packets
- Clearing the Number of SAV Dropped Packets
- Equal Cost Multi-Path (ECMP)
- Fabric Services
- FCoE Transit
- Fibre Channel over Ethernet
- Ensure Robustness in a Converged Ethernet Network
- FIP Snooping on Ethernet Bridges
- FIP Snooping in a Switch Stack
- Using FIP Snooping
- Enable the FCoE Transit Feature
- FIP Snooping Prerequisites
- Important Points to Remember
- Enabling the FCoE Transit Feature
- Enable FIP Snooping on VLANs
- Configure the FC-MAP Value
- Configure a Port for a Bridge-to-Bridge Link
- Configure a Port for a Bridge-to-FCF Link
- Impact on Other Software Features
- FIP Snooping on an NPIV Proxy Gateway
- FIP Snooping in an S5000 Stack
- Impact on Other Software Features
- FIP Snooping Restrictions
- Configuring FIP Snooping
- Displaying FIP Snooping Information
- FCoE Transit Configuration Example
- FIPS Cryptography
- Fibre Channel Interface
- Force10 Resilient Ring Protocol (FRRP)
- GARP VLAN Registration Protocol (GVRP)
- High Availability (HA)
- Internet Group Management Protocol (IGMP)
- IGMP Protocol Overview
- Configure IGMP
- Viewing IGMP Enabled Interfaces
- Selecting an IGMP Version
- Viewing IGMP Groups
- Adjusting Timers
- Enabling IGMP Immediate-Leave
- IGMP Snooping
- Fast Convergence after MSTP Topology Changes
- Egress Interface Selection (EIS) for HTTP and IGMP Applications
- Designating a Multicast Router Interface
- Interfaces
- Interface Types
- View Basic Interface Information
- Resetting an Interface to its Factory Default State
- Enabling Energy Efficient Ethernet
- View EEE Information
- Clear EEE Counters
- Enabling a Physical Interface
- Physical Interfaces
- Egress Interface Selection (EIS)
- Management Interfaces
- VLAN Interfaces
- Loopback Interfaces
- Null Interfaces
- Port Channel Interfaces
- Port Channel Definition and Standards
- Port Channel Benefits
- Port Channel Implementation
- Interfaces in Port Channels
- Configuration Tasks for Port Channel Interfaces
- Creating a Port Channel
- Adding a Physical Interface to a Port Channel
- Reassigning an Interface to a New Port Channel
- Configuring the Minimum Oper Up Links in a Port Channel
- Adding or Removing a Port Channel from a VLAN
- Assigning an IP Address to a Port Channel
- Deleting or Disabling a Port Channel
- Load Balancing Through Port Channels
- Changing the Hash Algorithm
- Bulk Configuration
- Defining Interface Range Macros
- Monitoring and Maintaining Interfaces
- Non Dell-Qualified Transceivers
- Splitting QSFP Ports to SFP+ Ports
- Converting a QSFP or QSFP+ Port to an SFP or SFP+ Port
- Configuring wavelength for 10–Gigabit SFP+ optics
- Link Dampening
- Link Bundle Monitoring
- Using Ethernet Pause Frames for Flow Control
- Configure the MTU Size on an Interface
- Port-Pipes
- Auto-Negotiation on Ethernet Interfaces
- View Advanced Interface Information
- Configuring the Traffic Sampling Size Globally
- Dynamic Counters
- Internet Protocol Security (IPSec)
- IPv4 Routing
- IP Addresses
- Configuration Tasks for IP Addresses
- Assigning IP Addresses to an Interface
- Configuring Static Routes
- Configure Static Routes for the Management Interface
- IPv4 Path MTU Discovery Overview
- Using the Configured Source IP Address in ICMP Messages
- Configuring the Duration to Establish a TCP Connection
- Enabling Directed Broadcast
- Resolution of Host Names
- Enabling Dynamic Resolution of Host Names
- Specifying the Local System Domain and a List of Domains
- Configuring DNS with Traceroute
- ARP
- Configuration Tasks for ARP
- Configuring Static ARP Entries
- Enabling Proxy ARP
- Clearing ARP Cache
- ARP Learning via Gratuitous ARP
- Enabling ARP Learning via Gratuitous ARP
- ARP Learning via ARP Request
- Configuring ARP Retries
- ICMP
- Configuration Tasks for ICMP
- Enabling ICMP Unreachable Messages
- UDP Helper
- Enabling UDP Helper
- Configuring a Broadcast Address
- Configurations Using UDP Helper
- UDP Helper with Broadcast-All Addresses
- UDP Helper with Subnet Broadcast Addresses
- UDP Helper with Configured Broadcast Addresses
- UDP Helper with No Configured Broadcast Addresses
- Troubleshooting UDP Helper
- IPv6 Routing
- Protocol Overview
- Implementing IPv6 with Dell Networking OS
- Configuration Tasks for IPv6
- Adjusting Your CAM-Profile
- Assigning an IPv6 Address to an Interface
- Assigning a Static IPv6 Route
- Configuring Telnet with IPv6
- SNMP over IPv6
- Showing IPv6 Information
- Showing an IPv6 Interface
- Showing IPv6 Routes
- Showing the Running-Configuration for an Interface
- Clearing IPv6 Routes
- Disabling ND Entry Timeout
- Configuring IPv6 RA Guard
- iSCSI Optimization
- Intermediate System to Intermediate System
- Link Aggregation Control Protocol (LACP)
- Layer 2
- Link Layer Discovery Protocol (LLDP)
- 802.1AB (LLDP) Overview
- Optional TLVs
- Configure LLDP
- Enabling LLDP on Management Ports
- Advertising TLVs
- Storing and Viewing Unrecognized LLDP TLVs
- Viewing the LLDP Configuration
- Viewing Information Advertised by Adjacent LLDP Agents
- Configuring LLDPDU Intervals
- Configuring LLDP Notification Interval
- Configuring Transmit and Receive Mode
- Configuring a Time to Live
- Debugging LLDP
- Relevant Management Objects
- Microsoft Network Load Balancing
- Multicast Source Discovery Protocol (MSDP)
- Anycast RP
- Implementation Information
- Configure Multicast Source Discovery Protocol
- Related Configuration Tasks
- Enable MSDP
- Manage the Source-Active Cache
- Accept Source-Active Messages that Fail the RFP Check
- Specifying Source-Active Messages
- Limiting the Source-Active Messages from a Peer
- Preventing MSDP from Caching a Local Source
- Preventing MSDP from Caching a Remote Source
- Preventing MSDP from Advertising a Local Source
- Logging Changes in Peership States
- Terminating a Peership
- Clearing Peer Statistics
- Debugging MSDP
- Configuring Anycast RP
- MSDP Sample Configurations
- Multiple Spanning Tree Protocol (MSTP)
- Configure Multiple Spanning Tree Protocol
- Enable Multiple Spanning Tree Globally
- Adding and Removing Interfaces
- Creating Multiple Spanning Tree Instances
- Influencing MSTP Root Selection
- Interoperate with Non-Dell Networking OS Bridges
- Modifying Global Parameters
- Modifying the Interface Parameters
- Configuring an EdgePort
- Configuring Fast Hellos for Link State Detection
- Flush MAC Addresses after a Topology Change
- MSTP Sample Configurations
- Debugging and Verifying MSTP Configurations
- Multicast Features
- NPIV Proxy Gateway
- Object Tracking
- Open Shortest Path First (OSPFv2)
- Protocol Overview
- Implementing OSPF with Dell Networking OS
- Configuration Information
- Configuration Task List for OSPFv2 (OSPF for IPv4)
- Enabling OSPFv2
- Assigning an OSPFv2 Area
- Enable OSPFv2 on Interfaces
- Assigning OSPFv3 Process ID and Router ID to a VRF
- Configuring Stub Areas
- Configuring LSA Throttling Timers
- Enabling Passive Interfaces
- Enabling Fast-Convergence
- Changing OSPFv2 Parameters on Interfaces
- Enabling OSPFv2 Authentication
- Configuring Virtual Links
- Creating Filter Routes
- Redistributing Routes
- Troubleshooting OSPFv2
- Sample Configurations for OSPFv2
- OSPFv3 NSSA
- Configuration Task List for OSPFv3 (OSPF for IPv6)
- Enabling IPv6 Unicast Routing
- Assigning IPv6 Addresses on an Interface
- Assigning Area ID on an Interface
- Assigning OSPFv3 Process ID and Router ID Globally
- Assigning OSPFv3 Process ID and Router ID to a VRF
- Configuring Stub Areas
- Configuring Passive-Interface
- Redistributing Routes
- Configuring a Default Route
- Enabling OSPFv2 Graceful Restart
- OSPFv3 Authentication Using IPsec
- Troubleshooting OSPFv3
- Configuration Task List for OSPFv2 (OSPF for IPv4)
- Configuration Task List for OSPFv3 (OSPF for IPv6)
- Enabling IPv6 Unicast Routing
- Applying cost for OSPFv3
- Assigning IPv6 Addresses on an Interface
- Assigning Area ID on an Interface
- Assigning OSPFv3 Process ID and Router ID Globally
- Assigning OSPFv3 Process ID and Router ID to a VRF
- Configuring Stub Areas
- Configuring Passive-Interface
- Redistributing Routes
- Configuring a Default Route
- Enabling OSPFv3 Graceful Restart
- OSPFv3 Authentication Using IPsec
- Troubleshooting OSPFv3
- Policy-based Routing (PBR)
- PIM Sparse-Mode (PIM-SM)
- PIM Source-Specific Mode (PIM-SSM)
- Port Monitoring
- Private VLANs (PVLAN)
- Per-VLAN Spanning Tree Plus (PVST+)
- Quality of Service (QoS)
- Implementation Information
- Port-Based QoS Configurations
- Policy-Based QoS Configurations
- DSCP Color Maps
- Enabling QoS Rate Adjustment
- Enabling Strict-Priority Queueing
- Weighted Random Early Detection
- Pre-Calculating Available QoS CAM Space
- Configuring Weights and ECN for WRED
- Configuring WRED and ECN Attributes
- Guidelines for Configuring ECN for Classifying and Color-Marking Packets
- Applying Layer 2 Match Criteria on a Layer 3 Interface
- Applying DSCP and VLAN Match Criteria on a Service Queue
- Classifying Incoming Packets Using ECN and Color-Marking
- Guidelines for Configuring ECN for Classifying and Color-Marking Packets
- Sample configuration to mark non-ecn packets as “yellow” with Multiple traffic class
- Sample configuration to mark non-ecn packets as “yellow” with single traffic class
- Enabling Buffer Statistics Tracking
- Routing Information Protocol (RIP)
- Remote Monitoring (RMON)
- Rapid Spanning Tree Protocol (RSTP)
- Software-Defined Networking (SDN)
- Security
- AAA Accounting
- AAA Authentication
- Obscuring Passwords and Keys
- AAA Authorization
- RADIUS
- RADIUS Authentication and Authorization
- Configuration Task List for RADIUS
- TACACS+
- Protection from TCP Tiny and Overlapping Fragment Attacks
- Enabling SCP and SSH
- Using SCP with SSH to Copy a Software Image
- Secure Shell Authentication
- Enabling SSH Authentication by Password
- Using RSA Authentication of SSH
- Configuring Host-Based SSH Authentication
- Using Client-Based SSH Authentication
- Configuring the HMAC Algorithm for the SSH Server
- Configuring the HMAC Algorithm for the SSH Client
- Configuring the SSH Server Cipher List
- Configuring the SSH Client Cipher List
- Troubleshooting SSH
- Telnet
- VTY Line and Access-Class Configuration
- Two Factor Authentication (2FA)
- Configuring the System to Drop Certain ICMP Reply Messages
- Dell EMC Networking OS Security Hardening
- Service Provider Bridging
- sFlow
- Simple Network Management Protocol (SNMP)
- Protocol Overview
- Implementation Information
- Configuration Task List for SNMP
- Set up SNMP
- Reading Managed Object Values
- Writing Managed Object Values
- Configuring Contact and Location Information using SNMP
- Subscribing to Managed Object Value Updates using SNMP
- Enabling a Subset of SNMP Traps
- Enabling an SNMP Agent to Notify Syslog Server Failure
- Copy Configuration Files Using SNMP
- Copying a Configuration File
- Copying Configuration Files via SNMP
- Copying the Startup-Config Files to the Running-Config
- Copying the Startup-Config Files to the Server via FTP
- Copying the Startup-Config Files to the Server via TFTP
- Copy a Binary File to the Startup-Configuration
- Additional MIB Objects to View Copy Statistics
- Obtaining a Value for MIB Objects
- MIB Support to Display Reason for Last System Reboot
- MIB Support for Power Monitoring
- MIB Support to Display the Available Memory Size on Flash
- MIB Support to Display the Software Core Files Generated by the System
- MIB Support to Display the Available Partitions on Flash
- MIB Support to Display Egress Queue Statistics
- MIB Support to ECMP Group Count
- MIB Support for entAliasMappingTable
- MIB Support for LAG
- MIB Support to Display Unrecognized LLDP TLVs
- Manage VLANs using SNMP
- Managing Overload on Startup
- Enabling and Disabling a Port using SNMP
- Fetch Dynamic MAC Entries using SNMP
- Deriving Interface Indices
- Monitoring BGP sessions via SNMP
- Monitor Port-Channels
- Troubleshooting SNMP Operation
- Transceiver Monitoring
- Stacking
- Stacking S5000 Switches
- Configuring an S5000 Switch Stack
- Configuring Stacking Ports and Bringing Up a Stack
- Provisioning a Stack Unit
- Converting Four 10 GbE Ports to 40 GbE Ports for Stacking
- Removing a Stack Group from Stacking Mode
- Remove a Switch from a Stack
- Adding a Stack Unit
- Adding a Standalone Switch to a Stack
- Merging Two Stacks
- Split a Stack
- Managing Redundant Stack Management
- Resetting a Unit on a Stack
- Verify a Stack Configuration
- Troubleshooting a Switch Stack
- Storm Control
- Spanning Tree Protocol (STP)
- Protocol Overview
- Configure Spanning Tree
- Configuring Interfaces for Layer 2 Mode
- Enabling Spanning Tree Protocol Globally
- Adding an Interface to the Spanning Tree Group
- Removing an Interface from the Spanning Tree Group
- Modifying Global Parameters
- Modifying Interface STP Parameters
- Enabling PortFast
- Prevent Network Disruptions with BPDU Guard
- Global BPDU Filtering
- Interface BPDU Filtering
- Selecting STP Root
- STP Root Guard
- Enabling SNMP Traps for Root Elections and Topology Changes
- Configuring Spanning Trees as Hitless
- STP Loop Guard
- Displaying STP Guard Configuration
- SupportAssist
- System Time and Date
- Tunneling
- Uplink Failure Detection (UFD)
- Upgrade Procedures
- Virtual LANs (VLANs)
- VLT Proxy Gateway
- Virtual Link Trunking (VLT)
- Overview
- VLT Terminology
- Configure Virtual Link Trunking
- RSTP Configuration
- Preventing Forwarding Loops in a VLT Domain
- Sample RSTP Configuration
- Configuring VLT
- Configuring a VLT Interconnect
- Enabling VLT and Creating a VLT Domain
- Configuring a VLT Backup Link
- Configuring a VLT Port Delay Period
- Reconfiguring the Default VLT Settings (Optional)
- Connecting a VLT Domain to an Attached Access Device (Switch or Server)
- Configuring a VLT VLAN Peer-Down (Optional)
- Configuring Enhanced VLT (Optional)
- PVST+ Configuration
- VLT Sample Configuration
- eVLT Configuration Example
- PIM-Sparse Mode Configuration Example
- Verifying a VLT Configuration
- Additional VLT Sample Configurations
- Troubleshooting VLT
- Reconfiguring Stacked Switches as VLT
- Specifying VLT Nodes in a PVLAN
- Configuring a VLT VLAN or LAG in a PVLAN
- Proxy ARP Capability on VLT Peer Nodes
- VLT Nodes as Rendezvous Points for Multicast Resiliency
- Configuring VLAN-Stack over VLT
- IPv6 Peer Routing in VLT Domains Overview
- Virtual Routing and Forwarding (VRF)
- Virtual Router Redundancy Protocol (VRRP)
- S5000 Debugging and Diagnostics
- Standards Compliance
- X.509v3
- Introduction to X.509v3 certification
- X.509v3 support in
- Information about installing CA certificates
- Information about Creating Certificate Signing Requests (CSR)
- Information about installing trusted certificates
- Transport layer security (TLS)
- Online Certificate Status Protocol (OSCP)
- Verifying certificates
- Event logging
Chapter 49: Rapid Spanning Tree Protocol (RSTP)....................................................................730
Protocol Overview.......................................................................................................................................................... 730
Configuring Rapid Spanning Tree................................................................................................................................730
Important Points to Remember............................................................................................................................. 730
RSTP and VLT............................................................................................................................................................ 731
Configuring Interfaces for Layer 2 Mode...................................................................................................................731
Enabling Rapid Spanning Tree Protocol Globally.....................................................................................................733
Adding and Removing Interfaces...........................................................................................................................735
Modifying Global Parameters................................................................................................................................. 735
Modifying Interface Parameters............................................................................................................................736
Configuring an EdgePort.........................................................................................................................................736
Influencing RSTP Root Selection...........................................................................................................................737
Enabling SNMP Traps for Root Elections and Topology Changes................................................................ 737
Chapter 50: Software-Defined Networking (SDN)..................................................................... 738
Chapter 51: Security..................................................................................................................739
AAA Accounting...............................................................................................................................................................739
Configuration Task List for AAA Accounting......................................................................................................739
AAA Authentication......................................................................................................................................................... 741
Configuration Task List for AAA Authentication................................................................................................ 741
Obscuring Passwords and Keys...................................................................................................................................744
AAA Authorization...........................................................................................................................................................744
Privilege Levels Overview....................................................................................................................................... 744
Configuration Task List for Privilege Levels....................................................................................................... 745
RADIUS.............................................................................................................................................................................. 748
RADIUS Authentication and Authorization..........................................................................................................749
Configuration Task List for RADIUS..................................................................................................................... 750
TACACS+..........................................................................................................................................................................753
Configuration Task List for TACACS+................................................................................................................. 753
Command Authorization..........................................................................................................................................755
Protection from TCP Tiny and Overlapping Fragment Attacks.......................................................................... 755
Enabling SCP and SSH.................................................................................................................................................. 755
Using SCP with SSH to Copy a Software Image.............................................................................................. 756
Secure Shell Authentication....................................................................................................................................757
Enabling SSH Authentication by Password.........................................................................................................757
Using RSA Authentication of SSH.........................................................................................................................757
Configuring Host-Based SSH Authentication.................................................................................................... 758
Using Client-Based SSH Authentication..............................................................................................................759
Configuring the HMAC Algorithm for the SSH Server.................................................................................... 759
Configuring the HMAC Algorithm for the SSH Client......................................................................................759
Configuring the SSH Server Cipher List..............................................................................................................760
Configuring the SSH Client Cipher List............................................................................................................... 760
Troubleshooting SSH................................................................................................................................................ 761
Telnet..................................................................................................................................................................................761
VTY Line and Access-Class Configuration.................................................................................................................761
VTY Line Local Authentication and Authorization.............................................................................................762
VTY Line Remote Authentication and Authorization........................................................................................ 762
Contents
23