Troubleshooting PKI ····················································································································································· 259

Failed to retrieve a CA certificate ······················································································································ 259

Failed to request a local certificate ··················································································································· 259

Failed to retrieve CRLs ········································································································································ 260

IPsec configuration ·················································································································································· 261

IPsec overview ······························································································································································ 261

IPsec implementation ··········································································································································· 261

Basic concepts ····················································································································································· 262

IPsec for IPv6 routing protocols ·························································································································· 264

Protocols and standards ····································································································································· 264

Configuring IPsec for IPv6 routing protocols ············································································································· 264

Configuring an IPsec proposal ·························································································································· 264

Configuring an IPsec policy ······························································································································· 265

Displaying and maintaining IPsec ······························································································································ 267

IPsec for RIPng configuration example ······················································································································· 267

SSH2.0 configuration ············································································································································· 272

SSH2.0 overview ························································································································································· 272

Introduction to SSH2.0 ······································································································································· 272

SSH operation ····················································································································································· 272

SSH connection across VPNs ····························································································································· 275

Configuring the switch as an SSH server ·················································································································· 275

SSH server configuration task list ······················································································································ 275

Generating a DSA or RSA key pair ·················································································································· 275

Enabling the SSH server function ······················································································································· 276

Configuring the user interfaces for SSH clients ································································································ 276

Configuring a client public key ·························································································································· 277

Configuring an SSH user ···································································································································· 278

Setting the SSH management parameters ········································································································ 279

Configuring the switch as an SSH client ··················································································································· 280

SSH client configuration task list ························································································································ 280

Specifying a source ip address/interface for the SSH client ·········································································· 280

Configuring whether first-time authentication is supported ············································································· 281

Establishing a connection between the SSH client and server ······································································· 281

Displaying and maintaining SSH ······························································································································· 282

SSH server configuration examples ··························································································································· 283

When the switch acts as a server for password authentication ····································································· 283

When the switch acts as a server for publickey authentication ····································································· 285

SSH client configuration examples ····························································································································· 290

When switch acts as client for password authentication ················································································ 290

When switch acts as client for publickey authentication ················································································ 293

SFTP configuration ·················································································································································· 296

SFTP overview ······························································································································································· 296

Configuring the switch as an SFTP server ················································································································· 296

Configuration prerequisites ································································································································ 296

Enabling the SFTP server ···································································································································· 296

Configuring the SFTP connection idle timeout period ····················································································· 296

Configuring the switch an SFTP client ························································································································ 297

Specifying a source ip address or interface for the SFTP client ····································································· 297

Establishing a connection to the SFTP server ···································································································· 297

Working with SFTP directories ··························································································································· 298

Working with SFTP files ······································································································································ 298

Displaying help information ······························································································································· 299

Terminating the connection to the remote SFTP server ···················································································· 299