Admin Guide
Table Of Contents
- Contents
- Chapter 1: Introduction
- Chapter 2: New in this document
- Chapter 3: Basic administration
- Chapter 4: System startup fundamentals
- Chapter 5: Boot parameter configuration using ACLI
- Chapter 6: Run-time process management using ACLI
- Chapter 7: Chassis operations
- Chassis operations fundamentals
- Chassis operations configuration using ACLI
- Enabling jumbo frames
- Configuring port lock
- Configuring SONMP
- Viewing the topology message status
- Associating a port to a VRF instance
- Configuring an IP address for the management port
- Configuring Ethernet ports with Autonegotiation
- Enabling channelization
- Configuring serial management port dropping
- Controlling slot power
- Enabling or disabling the USB port
- Chassis operations configuration using EDM
- Editing system information
- Editing chassis information
- Configuring system flags
- Configuring channelization
- Configuring basic port parameters
- Viewing the boot configuration
- Configuring boot flags
- Enabling Jumbo frames
- Configuring the date and time
- Associating a port to a VRF instance
- Configuring CP Limit
- Configuring an IP address for the management port
- Editing the management port parameters
- Configuring the management port IPv6 interface parameters
- Configuring management port IPv6 addresses
- Auto reactivating the port of the SLPP shutdown
- Editing serial port parameters
- Enabling port lock
- Locking a port
- Viewing power information
- Viewing power status on VSP 8400
- Viewing fan information
- Viewing topology status information
- Viewing the topology message status
- Configuring a forced message control pattern
- Chapter 8: Hardware status using EDM
- Chapter 9: Domain Name Service
- Chapter 10: Licensing
- Chapter 11: Network Time Protocol
- Chapter 12: Secure Shell
- Secure Shell fundamentals
- Secure Shell configuration using ACLI
- Downloading the software
- Enabling the SSHv2 server
- Changing the SSH server authentication mode
- Setting SSH configuration parameters
- Verifying and displaying SSH configuration information
- Connecting to a remote host using the SSH client
- Generating user key files
- Managing an SSL certificate
- Disabling SFTP without disabling SSH
- Enabling SSH rekey
- Configuring SSH rekey data-limit
- Configuring SSH rekey time-interval
- Displaying SSH rekey information
- Downgrading or upgrading from releases that support different key sizes
- Secure Shell configuration using Enterprise Device Manager
- Chapter 13: System access
- System access fundamentals
- System access configuration using ACLI
- Enabling ACLI access levels
- Changing passwords
- Configuring an access policy
- Specifying a name for an access policy
- Allowing a network access to the switch
- Configuring access policies by MAC address
- System access security enhancements
- Displaying the boot config flags status
- Enabling enhanced secure mode
- Creating accounts for different access levels
- Deleting accounts in enhanced secure mode
- Configuring a password for a specific user
- Returning the system to the factory defaults
- Configuring the password complexity rule
- Configuring the password length rule
- Configuring the change interval rule
- Configuring the reuse rule
- Configuring the maximum number of sessions
- Configuring the maximum age rule
- Configuring the pre- and post-notification rule
- System access configuration using EDM
- Chapter 14: ACLI show command reference
- Access, logon names, and passwords
- Basic switch configuration
- Current switch configuration
- CLI settings
- Ftp-access sessions
- Hardware information
- NTP server statistics
- Power summary
- Power information for power supplies
- System information
- System status (detailed)
- Telnet-access sessions
- Users logged on
- Port egress COS queue statistics
- CPU queue statistics
- Chapter 15: Port numbering and MAC address assignment reference
- Chapter 16: Supported standards, RFCs, and MIBs
- Glossary
Variable Value
WORD<1–15 > Specifies the user access level. The valid user
access levels for the switch are:
• rwa—Specifies read-write-all.
• rw—Specifies read-write.
• ro—Specifies read-only
• rwl3—Specifies read-write for Layer 3.
• rwl2—Specifies rread-write for Layer 2.
• rwl1—Specifies read-write for Layer 1.
size <1024–1024> Specifies the size of the DSA user key. The default is
1024 bits.
Managing an SSL certificate
The TLS server selects the server certificate in the following order:
1. A CA-signed certificate if the certificate is already present in the /intflash/.cert/ folder
on the switch.
2. A self-signed certificate if the certificate is already present in the /intflash/.cert/ folder
on the switch.
If the server certificates are not available, TLS server generates a new self-signed certificate on boot
and uses that by default. The self-signed certificate is available in /.intflash/.cert/.ssl. You
can choose to use an online or offline CA signed certificate which will take precedence over the self-
signed one.
About this task
If a certificate is already present, you must confirm that it can be deleted before a new one is
created.
After you create a certificate, the system logs one of the following INFO alarms:
•
New default Server Certificate and Key are generated and installed
•
Current Server Certificate and Key are installed
The default certificate key length for a certificate generated on the switch is 2,048 bits.
Note:
The ssl certificate [validity-period-in-days <30-3650>] command in this
procedure does not require a system reboot.
Procedure
1. Enter Global Configuration mode:
enable
Secure Shell configuration using ACLI
January 2017 Administering Avaya VSP 7200 Series and 8000 Series 169
Comments on this document? infodev@avaya.com