C613-50631-01 Rev A Command Reference for IE340 Series 2866
AlliedWare Plus™ Operating System - Version 5.5.3-0.x
AMF AND AMF PLUS COMMANDS
ATMF
SECURE-MODE ENABLE-ALL
atmf secure-mode enable-all
Overview Use this command to enable AMF secure mode on an entire network. AMF secure
mode makes an AMF network more secure by:
• Adding an authorization mechanism before an AMF member is allowed to
join an AMF network.
• The encryption of all AMF packets sent between AMF nodes.
• Adding support for user login authentication by RADIUS or TACACS+, and
removing the requirement to have the same privileged user account in the
local user database on all devices in the AMF network.
• Adding additional logging which enables network administrators to monitor
attempts to gain unauthorized access to the AMF network.
Once this command is run on an AMF network, the AMF masters and AMF
controllers manage the addition of AMF nodes and AMF areas to the AMF network.
This command can only be run on an AMF master.
Use the no variant of this command to disable AMF secure mode on an entire
network.
Syntax
atmf secure-mode enable-all
no atmf secure-mode enable-all
Default Secure mode is disabled by default.
Mode Privileged Exec
Usage notes When an AMF network is running in AMF secure mode the atmf restricted-login
feature is automatically enabled. This restricts the atmf working-set command to
users that are logged on to an AMF master. This feature cannot be disabled
independently of secure mode.
When AMF secure mode is enabled the AMF controllers and masters in the AMF
network form a group of certificate authorities. A node may only join a secure AMF
network once it has been authorized by a master or controller. When enabled, all
devices in the AMF network must be running in secure mode. Unsecured devices
will not be able to join a secure AMF network.
Running atmf secure-mode enable-all:
• Groups all AMF members in a working set.
•Executes clear atmf secure-mode certificates on the working set of members,
which removes existing secure mode certificates from all the nodes.
• Groups all the AMF masters in a working set.
•Executes atmf authorize provision all on the working set of masters, so all
masters provision all nodes.
• Groups all AMF nodes in a working set.
To Next Page
Loading...
Need help?
General
