Admin Guide
Table Of Contents
- Contents
- Chapter 1: Introduction
- Chapter 2: New in this release
- Chapter 3: Basic administration
- Chapter 4: System startup fundamentals
- Chapter 5: Boot parameter configuration using ACLI
- Chapter 6: Run-time process management using ACLI
- Chapter 7: Chassis operations
- Chassis operations fundamentals
- Chassis operations configuration using ACLI
- Enabling jumbo frames
- Configuring port lock
- Configuring SONMP
- Viewing the topology message status
- Associating a port to a VRF instance
- Configuring an IP address for the management port
- Configuring Ethernet ports with Autonegotiation
- Enabling channelization
- Configuring serial management port dropping
- Controlling slot power
- Chassis operations configuration using EDM
- Editing system information
- Editing chassis information
- Configuring system flags
- Configuring channelization
- Configuring basic port parameters
- Viewing the boot configuration
- Configuring boot flags
- Enabling Jumbo frames
- Configuring the date and time
- Associating a port to a VRF instance
- Configuring CP Limit
- Configuring an IP address for the management port
- Editing the management port parameters
- Configuring the management port IPv6 interface parameters
- Configuring management port IPv6 addresses
- Auto reactivating the port of the SLPP shutdown
- Editing serial port parameters
- Enabling port lock
- Locking a port
- Viewing power information
- Viewing power status on VSP 8400
- Viewing fan information
- Viewing topology status information
- Viewing the topology message status
- Configuring a forced message control pattern
- Chapter 8: Hardware status using EDM
- Chapter 9: Domain Name Service
- Chapter 10: Licensing
- Chapter 11: Network Time Protocol
- Chapter 12: Secure Shell
- Chapter 13: System access
- System access fundamentals
- System access configuration using ACLI
- Enabling ACLI access levels
- Changing passwords
- Configuring an access policy
- Specifying a name for an access policy
- Allowing a network access to the switch
- Configuring access policies by MAC address
- System access security enhancements using ACLI
- Displaying the boot config flags status
- Enabling enhanced secure mode
- Creating accounts for different access levels
- Deleting accounts in enhanced secure mode
- Configuring a password for a specific user
- Returning the system to the factory defaults
- Configuring the password complexity rule
- Configuring the password length rule
- Configuring the change interval rule
- Configuring the reuse rule
- Configuring the maximum number of sessions
- Configuring the maximum age rule
- Configuring the pre- and post-notification rule
- System access configuration using EDM
- Chapter 14: ACLI show command reference
- Access, logon names, and passwords
- Basic switch configuration
- Current switch configuration
- CLI settings
- Ftp-access sessions
- Hardware information
- NTP server statistics
- Power summary
- Power information for power supplies
- System information
- System status (detailed)
- Telnet-access sessions
- Users logged on
- Port egress COS queue statistics
- CPU queue statistics
- Chapter 15: Port numbering and MAC address assignment reference
- Chapter 16: Supported standards, RFCs, and MIBs
- Glossary
SSH Client Secure Shell (SSH) Secure Copy (SCP)
that a DSA key has been
generated.
OpenSSH
Unix Solaris 2.5 / 2.6
• Supports SSHv2 clients.
• Authentication:
- RSA is supported when the
switch acts as a server. The VSP
switch does not support RSA as a
client.
- DSA
- Password
• Provides a keygen tool.
• It creates both RSA and DSA
keys.
• Client distribution includes an SCP
client that is supported on The VSP
modular switch.
VSP switch as client
The VSP switch acting a the SSHv2 client generates a DSA public and private server key pair. The
public part of the key for DSA is stored in the following location:
/intflash/.ssh/dsa_pub.key
The public part of the key must be copied to the SSH server and be named according to the naming
requirement of the server.
If the server is a VSP device, please consult
Table 38: DSA authentication access level and file
name on page 149 for proper naming convention.
If a DSA key pair does not exist, then the VSP modular switch automatically generates one when
you enable the SSHv2 server. You can also generate the DSA key pair using the ssh dsa-user-
key [WORD<1–15>][size <512-1024>] command.
You need to copy the DSA public key to the SSHv2 server that you connect to using the VSP as a
client. RSA is not supported when using the VSP switch as a client, but you can use RSA when the
VSP switch is acting as the server.
VSP switch as server
After you install one of the SSHv2 clients you must generate a client and server key using the RSA
or DSA algorithms.
To authenticate an SSHv2 client using DSA, the administrator must copy the public part of the client
DSA key to /intflash/.ssh directory on the VSP modular switch that is acting as the SSHv2 server.
That file that is copied over to the SSHv2 server must be named according to
Table 38: DSA
authentication access level and file name on page 149.
DSA authentication access level and file name
The following table lists the access levels and file names that you must use to store the SSHv2
client authentication information using DSA onto the VSP modular switch acting as the SSHv2
Server.
Secure Shell
October 2015 Administering Avaya VSP 7200 Series and 8000 Series 148
Comments on this document? infodev@avaya.com