Allied Telesis AT-S63 User Manual
AT-S63 Management Software Features Guide
Section IX: Management Security
419
SSH and Enhanced Stacking
The AT-S63 Management Software allows for encrypted SSH
management sessions between a management station and a master
switch of an enhanced stack, but not with slave switches, as explained in
this section.
management sessions between a management station and a master
switch of an enhanced stack, but not with slave switches, as explained in
this section.
When you remotely manage a slave switch, all management
communications are conducted through the master switch using the
enhanced stacking feature. Management packets from your workstation
are first directed to the master switch before being forwarded to the slave
switch. The reverse is true as well. Management packets from a slave
switch first pass through the master switch before reaching your
management station.
communications are conducted through the master switch using the
enhanced stacking feature. Management packets from your workstation
are first directed to the master switch before being forwarded to the slave
switch. The reverse is true as well. Management packets from a slave
switch first pass through the master switch before reaching your
management station.
Enhanced stacking uses a proprietary protocol different from Telnet and
SSH protocols. Consequently, there is no encryption between a master
switch and a slave switch. The result is that SSH encryption only occurs
between your workstation and the master switch, not between your
workstation and a slave switch.
SSH protocols. Consequently, there is no encryption between a master
switch and a slave switch. The result is that SSH encryption only occurs
between your workstation and the master switch, not between your
workstation and a slave switch.
This is illustrated in Figure 46. The figure shows an SSH management
station that is managing a slave switch of an enhanced stack. The packets
exchanged between the slave switch and the master switch are
transmitted in plaintext and those exchanged between the master switch
and the SSH management station are encrypted
station that is managing a slave switch of an enhanced stack. The packets
exchanged between the slave switch and the master switch are
transmitted in plaintext and those exchanged between the master switch
and the SSH management station are encrypted
Figure 46 SSH Remote Management of a Slave Switch
FAULT
RPS
MASTER
POWER
CLASS 1
LASER PRODUCT
STATUS
TERMINAL
PORT
1
3
5
7
9
11
2
4
6
8
10
12
13
15
17
19
21
23R
14
16
18
20
22
24R
AT-9424T/SP
Gigabit Ethernet Switch
1
3
5
7
9
11
13
15
17
19
21
23R
2
4
6
8
10
12
14
16
18
20
22
24R
23
24
L/A
D/C
D/C
L/A
D/C
L/A
1000 LINK / ACT
HDX / COL
FDX
10/100 LINK / ACT
PORT ACTIVITY
L/A
1000 LINK / ACT
SFP
SFP
24
SFP
23
FAULT
RPS
MASTER
POWER
GBIC
23
GBIC
24
CLASS 1
LASER PRODUCT
STATUS
TERMINAL
PORT
1
3
5
7
9
11
2
4
6
8
10
12
13
15
17
19
21
23R
14
16
18
20
22
24R
AT-9424T/GB
Gigabit Ethernet Switch
1
3
5
7
9
11
13
15
17
19
21
23R
2
4
6
8
10
12
14
16
18
20
22
24R
23
24
L/A
D/C
D/C
L/A
D/C
L/A
1000 LINK / ACT
HDX / COL
FDX
10/100 LINK / ACT
PORT ACTIVITY
L/A
1000 LINK / ACT
GBIC
Plaintext Management Packets
(Proprietary Enhanced Stacking Protocol)
(Proprietary Enhanced Stacking Protocol)
Encrypted Management Packets
(SSH Protocol)
(SSH Protocol)
Slave Switch
Master Switch
SSH
Management
Workstation
Management
Workstation