BigIron RX Series Configuration Guide xxvii
53-1002253-01
Chapter 30 Configuring Secure Shell
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .913
Overview of Secure Shell (SSH) . . . . . . . . . . . . . . . . . . . . . . . . . . . .913
SSH version 2 support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .913
Supported features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .914
Configuring SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .914
Generating a host key pair . . . . . . . . . . . . . . . . . . . . . . . . . . . .915
Configuring DSA challenge-response authentication . . . . . . .916
Disabling 3-DES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .921
Displaying SSH connection information . . . . . . . . . . . . . . . . . . . . .921
Using secure copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .922
Chapter 31 Configuring Multi-Device Port Authentication
How multi-device port authentication works. . . . . . . . . . . . . . . . . .925
RADIUS authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .925
Authentication-failure actions . . . . . . . . . . . . . . . . . . . . . . . . . .926
Supported RADIUS attributes . . . . . . . . . . . . . . . . . . . . . . . . . .926
Dynamic VLAN and ACL assignments. . . . . . . . . . . . . . . . . . . .926
Support for authenticating multiple MAC addresses
on an interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .927
Support for multi-device port authentication and 802.1x
on the same interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .927
Configuring multi-device port authentication . . . . . . . . . . . . . . . . .927
Enabling multi-device port authentication . . . . . . . . . . . . . . . .927
Configuring an authentication method list for 802.1x . . . . . .928
Setting RADIUS parameters . . . . . . . . . . . . . . . . . . . . . . . . . . .928
Specifying the format of the MAC addresses sent to the
RADIUS server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .929
Specifying the authentication-failure action . . . . . . . . . . . . . .929
Defining MAC address filters. . . . . . . . . . . . . . . . . . . . . . . . . . .930
Configuring dynamic VLAN assignment . . . . . . . . . . . . . . . . . .930
Specifying to which VLAN a port is moved after its
RADIUS-specified VLAN assignment expires . . . . . . . . . . . . . .933
Saving dynamic VLAN assignments to the running
configuration file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .934
Clearing authenticated MAC addresses . . . . . . . . . . . . . . . . . .934
Disabling aging for authenticated MAC addresses . . . . . . . . .935
Specifying the aging time for blocked MAC addresses . . . . . .935
Displaying multi-device port authentication information . . . . . . . .936
Displaying authenticated MAC address information . . . . . . . .936
Displaying multi-device port authentication configuration
information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .936
Displaying multi-device port authentication information for
a specific MAC address or port . . . . . . . . . . . . . . . . . . . . . . . . .939
Displaying the authenticated MAC addresses . . . . . . . . . . . . .940
Displaying the non-authenticated MAC addresses . . . . . . . . .940
To Next Page
Loading...
