Command Authorization; Protection From Tcp Tiny And Overlapping Fragment Attacks; Enabling Scp And Ssh - Dell S4048–ON Configuration Manual
S-series 10gbe switches
Hide thumbs
Also See for S4048–ON:
- Configuration manual (1146 pages) ,
- Deployment manual (78 pages) ,
- Troubleshooting manual (29 pages)
Table of Contents
Advertisement
To delete a TACACS+ server host, use the no tacacs-server host {hostname | ip-address} command.
freebsd2# telnet 2200:2200:2200:2200:2200::2202
Trying 2200:2200:2200:2200:2200::2202...
Connected to 2200:2200:2200:2200:2200::2202.
Escape character is '^]'.
Login: admin
Password:
Dell#
Dell#
Command Authorization
The AAA command authorization feature configures Dell Networking OS to send each configuration command to a TACACS server
for authorization before it is added to the running configuration.
By default, the AAA authorization commands configure the system to check both EXEC mode and CONFIGURATION mode
commands. Use the no aaa authorization config-commands command to enable only EXEC mode command checking.
If rejected by the AAA server, the command is not added to the running config, and a message displays:
04:07:48:
%RPM0-P:CP %SEC-3-SEC_AUTHORIZATION_FAIL: Authorization failure Command
authorization failed for user (denyall) on vty0 ( 10.11.9.209 )
Protection from TCP Tiny and Overlapping Fragment Attacks
Tiny and overlapping fragment attack is a class of attack where configured ACL entries — denying TCP port-specific traffic — is
bypassed and traffic is sent to its destination although denied by the ACL.
RFC 1858 and 3128 proposes a countermeasure to the problem. This countermeasure is configured into the line cards and enabled by
default.
Enabling SCP and SSH
Secure shell (SSH) is a protocol for secure remote login and other secure network services over an insecure network. Dell
Networking OS is compatible with SSH versions 1.5 and 2, in both the client and server modes. SSH sessions are encrypted and use
authentication. SSH is enabled by default.
For details about the command syntax, refer to the Security chapter in the Dell Networking OS Command Line Interface Reference
Guide.
Dell Networking OS SCP, which is a remote file copy program that works with SSH.
NOTE: The Windows-based WinSCP client software is not supported for secure copying between a PC and a Dell
Networking OS-based system. Unix-based SCP client software is supported.
To use the SSH client, use the following command.
•
Open an SSH connection and specify the hostname, username, port number,encryption cipher,HMAC algorithm and version of
the SSH client.
EXEC Privilege mode
ssh {hostname} [-l username | -p port-number | -v {1 | 2}| -c encryption cipher | -m HMAC
algorithm
hostname is the IP address or host name of the remote device. Enter an IPv4 or IPv6 address in dotted decimal format
(A.B.C.D).
•
SSH V2 is enabled by default on all the modes.
•
Display SSH connection information.
EXEC Privilege mode
show ip ssh
751
Security
Advertisement
Table of Contents
Troubleshooting
