Admin Guide
Table Of Contents
- Contents
- Chapter 1: Introduction
- Chapter 2: New in this document
- Chapter 3: Basic administration
- Chapter 4: System startup fundamentals
- Chapter 5: Boot parameter configuration using ACLI
- Chapter 6: Run-time process management using ACLI
- Chapter 7: Chassis operations
- Chassis operations fundamentals
- Chassis operations configuration using ACLI
- Enabling jumbo frames
- Configuring port lock
- Configuring SONMP
- Viewing the topology message status
- Associating a port to a VRF instance
- Configuring an IP address for the management port
- Configuring Ethernet ports with Autonegotiation
- Enabling channelization
- Configuring serial management port dropping
- Controlling slot power
- Enabling or disabling the USB port
- Chassis operations configuration using EDM
- Editing system information
- Editing chassis information
- Configuring system flags
- Configuring channelization
- Configuring basic port parameters
- Viewing the boot configuration
- Configuring boot flags
- Enabling Jumbo frames
- Configuring the date and time
- Associating a port to a VRF instance
- Configuring CP Limit
- Configuring an IP address for the management port
- Editing the management port parameters
- Configuring the management port IPv6 interface parameters
- Configuring management port IPv6 addresses
- Auto reactivating the port of the SLPP shutdown
- Editing serial port parameters
- Enabling port lock
- Locking a port
- Viewing power information
- Viewing power status on VSP 8400
- Viewing fan information
- Viewing topology status information
- Viewing the topology message status
- Configuring a forced message control pattern
- Chapter 8: Hardware status using EDM
- Chapter 9: Domain Name Service
- Chapter 10: Licensing
- Chapter 11: Network Time Protocol
- Chapter 12: Secure Shell
- Secure Shell fundamentals
- Secure Shell configuration using ACLI
- Downloading the software
- Enabling the SSHv2 server
- Changing the SSH server authentication mode
- Setting SSH configuration parameters
- Verifying and displaying SSH configuration information
- Connecting to a remote host using the SSH client
- Generating user key files
- Managing an SSL certificate
- Disabling SFTP without disabling SSH
- Enabling SSH rekey
- Configuring SSH rekey data-limit
- Configuring SSH rekey time-interval
- Displaying SSH rekey information
- Downgrading or upgrading from releases that support different key sizes
- Secure Shell configuration using Enterprise Device Manager
- Chapter 13: System access
- System access fundamentals
- System access configuration using ACLI
- Enabling ACLI access levels
- Changing passwords
- Configuring an access policy
- Specifying a name for an access policy
- Allowing a network access to the switch
- Configuring access policies by MAC address
- System access security enhancements
- Displaying the boot config flags status
- Enabling enhanced secure mode
- Creating accounts for different access levels
- Deleting accounts in enhanced secure mode
- Configuring a password for a specific user
- Returning the system to the factory defaults
- Configuring the password complexity rule
- Configuring the password length rule
- Configuring the change interval rule
- Configuring the reuse rule
- Configuring the maximum number of sessions
- Configuring the maximum age rule
- Configuring the pre- and post-notification rule
- System access configuration using EDM
- Chapter 14: ACLI show command reference
- Access, logon names, and passwords
- Basic switch configuration
- Current switch configuration
- CLI settings
- Ftp-access sessions
- Hardware information
- NTP server statistics
- Power summary
- Power information for power supplies
- System information
- System status (detailed)
- Telnet-access sessions
- Users logged on
- Port egress COS queue statistics
- CPU queue statistics
- Chapter 15: Port numbering and MAC address assignment reference
- Chapter 16: Supported standards, RFCs, and MIBs
- Glossary
VSP switch as client
The VSP switch acting as the SSHv2 client generates a DSA public and private server key pair. The
public part of the key for DSA is stored in the following location:
/intflash/.ssh/dsa_key_rwa
The public part of the key must be copied to the SSH server and be named according to the naming
requirement of the server.
If the server is a VSP device, please consult Table 38: DSA authentication access level and file
name on page 156 for proper naming convention.
If a DSA key pair does not exist, you can generate the DSA key pair using the ssh dsa-user-key
[WORD<1–15>][size <1024–1024>] command.
You need to copy the DSA public key to the SSHv2 server that you connect to using the VSP as a
client. RSA is not supported when using the VSP switch as a client, but you can use RSA when the
VSP switch is acting as the server.
VSP switch as server
After you install one of the SSHv2 clients you must generate a client and server key using the RSA
or DSA algorithms.
To authenticate an SSHv2 client using DSA, the administrator must copy the public part of the client
DSA key to /intflash/.ssh directory on the VSP modular switch that is acting as the SSHv2 server.
The file that is copied over to the SSHv2 server must be named according to
Table 38: DSA
authentication access level and file name on page 156.
DSA authentication access level and file name
The following table lists the access levels and file names that you must use to store the SSHv2
client authentication information using DSA onto the VSP modular switch acting as the SSHv2
Server.
Table 38: DSA authentication access level and file name
Client key format or WSM
Access level File name
Client key in non IETF and IETF format
with enhanced secure mode disabled
Note:
The VSP switch supports IETF and
non-IETF for DSA.
RWA /intflash/.ssh/dsa_key_rwa
RW /intflash/.ssh/dsa_key_rw
RO /intflash/.ssh/dsa_key_ro
L3 /intflash/.ssh/dsa_key_rwl3
L2 /intflash/.ssh/dsa_key_rwl2
L1 /intflash/.ssh/dsa_key_rwl1
Client key in enhanced secure mode
administrator /intflash/.ssh/dsa_key_admin
operator /intflash/.ssh/dsa_key_operator
security /intflash/.ssh/dsa_key_security
privilege /intflash/.ssh/dsa_key_priv
auditor /intflash/.ssh/dsa_key_auditor
Secure Shell
January 2017 Administering Avaya VSP 7200 Series and 8000 Series 156
Comments on this document? infodev@avaya.com