Manualshelf

Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentExtremeWare XOS Command
161162163164165166167168169170
170 ExtremeWare XOS 11.0 Concepts Guide
Security
NOTE
You cannot use RADIUS and TACACS+ at the same time.
You can configure two TACACS+ servers, specifying the primary server address, secondary server
address, and TCP port number to be used for TACACS+ sessions.
Secure Shell 2
Secure Shell 2 (SSH2) is a feature of ExtremeWare XOS that allows you to encrypt Telnet session data
between a network administrator using SSH2 client software and the switch, or to send encrypted data
from the switch to an SSH2 client on a remote system.
The ExtremeWare XOS SSH2 switch application also works with SSH2 client and server (version 2.x or
later) from SSH Communication Security, and with (version 2.5 or later) from OpenSSH.
Enabling SSH2 for Inbound Switch Access
SSH2 functionality is not present in the base ExtremeWare XOS software image; SSH2 is in an
additional, installable software module. Before you can access any SSH2 commands, you must install
this additional software module. Without the software module, the commands do not appear on the
command line. To install the software module, see the instructions in Appendix A, “Software Upgrade
and Boot Options”.
Because SSH2 is currently under U.S. export restrictions, you must first obtain a security-enabled
version of the ExtremeWare software from Extreme Networks before you can enable SSH2.
You must enable SSH2 on the switch before you can connect to that using an external SSH2 client.
Enabling SSH2 involves two steps:
Generating or specifying an authentication key for the SSH2 sessions.
Enabling SSH2 access specifying a TCP port to be used for communication and specifying on which
virtual router SSH2 is enabled.
By default, if you have a security license, SSH2 is enabled using TCP port 22 for all virtual routers.
An authentication key must be generated before the switch can accept incoming SSH2 sessions. This can
be done automatically by the switch, or you can enter a previously generated key. To have the key
generated by the switch, use the following command:
configure ssh2 key
The key generation process takes approximately 10 minutes. Once the key has been generated, you
should save your configuration to preserve the key.
To use a key that has been previously created, use the following command:
configure ssh2 key {pregenerated}
You are prompted to enter the pregenerated key.