Concept Guide

ManualsBrandsDell ManualsComputer equipmentPowerEdge M IO Aggregator

201

202

203

204

205

206

207

208

209

210

The following example shows how to deny incoming connections from subnet 10.0.0.0 without displaying a login prompt.

Example of Conguring VTY Authorization Based on MAC ACL for the Line (Per MAC Address)

DellEMC(conf)#mac access-list standard sourcemac

DellEMC(config-std-mac)#permit 00:00:5e:00:01:01

DellEMC(config-std-mac)#deny any

DellEMC(conf)#

DellEMC(conf)#line vty 0 9

DellEMC(config-line-vty)#access-class sourcemac

DellEMC(config-line-vty)#end

Dell EMC Networking OS Security Hardening

The security of a network consists of multiple factors. Apart from access to the device, best practices, and implementing various security

features, security also lies with the integrity of the device. If the software itself is compromised, all of the aforementioned methods become

ineective.

The Dell EMC Networking OS is enhanced verify whether the OS image and the startup conguration le are altered before loading. This

section explains how to congure OS image and startup conguration verication.

Dell EMC Networking OS Image Verication

Dell EMC Networking OS comes with the OS image verication and the startup conguration verication features. When enabled, these

features check the integrity of The OS image and the startup conguration that the system uses while the system reboots and loads only if

they are intact.

Important Points to Remember

• The OS image verication feature is disabled by default on the Dell EMC Networking OS.

• The OS image verication feature is supported for images stored in the local system only.

• The OS image verication feature is not supported when the fastboot or the warmboot features are enabled on the system.

• If OS image verication fails after a reload, the system does not load the startup conguration. The System displays an appropriate

error message until the no verified boot command is used on the system.

• After you enable The OS image verication feature, the system prompts you to enter The OS image hash when you upgrade the Dell

EMC Networking OS to a later version. The system checks if your hash matches with The OS image hash only after reloading.

• After enabling The OS image verication feature, use the verified boot hash command to verify and store the hash value. If you

don’t store the hash value, you cannot reboot the device until you verify The OS image hash.

Enabling and Conguring OS Image Hash Verication

To enable and congure Dell EMC Networking OS image hash verication, follow these steps:

1 Enable the OS image hash verication feature.

CONFIGURATION mode

verified boot

2 Verify the hash checksum of the current OS image le on the local le system.

EXEC Privilege

verified boot hash system-image {A: | B:} hash-value

You can get the hash value for your hashing algorithm from the Dell EMC iSupport page. You can use the MD5, SHA1, or SHA256 hash

and the Dell EMC Networking OS automatically detects the type of hash.

208

Security