Admin Guide
Table Of Contents
- Contents
- Chapter 1: Introduction
- Chapter 2: New in this document
- Chapter 3: Basic administration
- Chapter 4: System startup fundamentals
- Chapter 5: Boot parameter configuration using ACLI
- Chapter 6: Run-time process management using ACLI
- Chapter 7: Chassis operations
- Chassis operations fundamentals
- Chassis operations configuration using ACLI
- Enabling jumbo frames
- Configuring port lock
- Configuring SONMP
- Viewing the topology message status
- Associating a port to a VRF instance
- Configuring an IP address for the management port
- Configuring Ethernet ports with Autonegotiation
- Enabling channelization
- Configuring serial management port dropping
- Controlling slot power
- Enabling or disabling the USB port
- Chassis operations configuration using EDM
- Editing system information
- Editing chassis information
- Configuring system flags
- Configuring channelization
- Configuring basic port parameters
- Viewing the boot configuration
- Configuring boot flags
- Enabling Jumbo frames
- Configuring the date and time
- Associating a port to a VRF instance
- Configuring CP Limit
- Configuring an IP address for the management port
- Editing the management port parameters
- Configuring the management port IPv6 interface parameters
- Configuring management port IPv6 addresses
- Auto reactivating the port of the SLPP shutdown
- Editing serial port parameters
- Enabling port lock
- Locking a port
- Viewing power information
- Viewing power status on VSP 8400
- Viewing fan information
- Viewing topology status information
- Viewing the topology message status
- Configuring a forced message control pattern
- Chapter 8: Hardware status using EDM
- Chapter 9: Domain Name Service
- Chapter 10: Licensing
- Chapter 11: Network Time Protocol
- Chapter 12: Secure Shell
- Secure Shell fundamentals
- Secure Shell configuration using ACLI
- Downloading the software
- Enabling the SSHv2 server
- Changing the SSH server authentication mode
- Setting SSH configuration parameters
- Verifying and displaying SSH configuration information
- Connecting to a remote host using the SSH client
- Generating user key files
- Managing an SSL certificate
- Disabling SFTP without disabling SSH
- Enabling SSH rekey
- Configuring SSH rekey data-limit
- Configuring SSH rekey time-interval
- Displaying SSH rekey information
- Downgrading or upgrading from releases that support different key sizes
- Secure Shell configuration using Enterprise Device Manager
- Chapter 13: System access
- System access fundamentals
- System access configuration using ACLI
- Enabling ACLI access levels
- Changing passwords
- Configuring an access policy
- Specifying a name for an access policy
- Allowing a network access to the switch
- Configuring access policies by MAC address
- System access security enhancements
- Displaying the boot config flags status
- Enabling enhanced secure mode
- Creating accounts for different access levels
- Deleting accounts in enhanced secure mode
- Configuring a password for a specific user
- Returning the system to the factory defaults
- Configuring the password complexity rule
- Configuring the password length rule
- Configuring the change interval rule
- Configuring the reuse rule
- Configuring the maximum number of sessions
- Configuring the maximum age rule
- Configuring the pre- and post-notification rule
- System access configuration using EDM
- Chapter 14: ACLI show command reference
- Access, logon names, and passwords
- Basic switch configuration
- Current switch configuration
- CLI settings
- Ftp-access sessions
- Hardware information
- NTP server statistics
- Power summary
- Power information for power supplies
- System information
- System status (detailed)
- Telnet-access sessions
- Users logged on
- Port egress COS queue statistics
- CPU queue statistics
- Chapter 15: Port numbering and MAC address assignment reference
- Chapter 16: Supported standards, RFCs, and MIBs
- Glossary
Variable Value
accessible. A user role at the privilege level must login to the switch
through the console port only.
Use the no operator before this parameter, no ssh dsa-user-key
WORD<1–15>, to disable SSH DSA user key.
encryption-type {[3des-cbc]
[aead-aes-128-gcm-ssh ]
[aead-aes-256-gcm-ssh]
[aes128-cbc][aes128-ctr]
[aes192-cbc][aes192-ctr]
[aes256-cbc][aes256-ctr]
[blowfish-cbc] [rijndael128-cbc]
[rijndael192-cbc]}
Configures the encryption-type. Select an encryption-type from one of the
following:
• 3des-cbc
• aead-aes-128-gcm-ssh
• aead-aes-256-gcm-ssh
• aes128-cbc
• aes128-ctr
• aes192-cbc
• aes192-ctr
• aes256-cbc
• aes256-ctr
• blowfish-cbc
• rijndael128-cbc
• rijndael192-cbc
Use the no operator before this parameter, no ssh encryption-type
{[3des-cbc][aead-aes-128-gcm-ssh ][aead-aes-256-gcm-
ssh] [aes128-cbc][aes128-ctr][aes192-cbc][aes192-ctr]
[aes256-cbc][aes256-ctr][blowfish-cbc] [rijndael128-
cbc][rijndael192-cbc]}, to disable the encryption type. To disable all
authentication types use the command no ssh encryption-type.
key-exchange-method {[diffie-
hellman-group1-sha1][diffie-
hellman-group14-sha1]}
Configures the key-exchange type. Select from one of the following:
• diffie-hellman-group1-sha1
• diffie-hellman-group14-sha1
Use the no operator before this parameter, no ssh key-exchange-
method {[diffie-hellman-group1-sha1][diffie-hellman-
group14-sha1]}, to disable the key exchange method. To disable all
authentication types use the command no ssh key-exchange-method.
max-sessions <0-8> Specifies the maximum number of SSH sessions allowed. A value from 0
to 8. Default is 4.
pass-auth Enables password authentication. The default is enabled.
port <22,1024–49151> Sets the Secure Shell (SSH) connection port. <22,1024 to 49151> is the
TCP port number. The default is 22
Table continues…
Secure Shell
January 2017 Administering Avaya VSP 7200 Series and 8000 Series 164
Comments on this document? infodev@avaya.com