Allied Telesis at-8516f User Guide
Operating the switch
47
Software Release 2.6.1
C613-02025-00 REV C
C613-02025-00 REV C
See the Operations chapter in the Rapier Series Switch Software Reference for:
■
More information about managing and using accounts with user, manager
and security officer privileges
and security officer privileges
■
A full list of commands that require security officer privilege when the
switch is in secure mode
switch is in secure mode
■
Information about enabling a remote security officer.
Normal Mode and Security Mode
The switch operates in one of two modes, either normal mode or security
mode. By default, the switch is in normal mode.
mode. By default, the switch is in normal mode.
When the switch is in security mode, the command SHOW DEBUG does not display
output of the SHOW FEATURE and SHOW CONFIGURATION DYNAMIC
commands, or the current configuration in the SHOW SYSTEM output unless the
SHOW DEBUG command is entered by a user with security officer privilege.
output of the SHOW FEATURE and SHOW CONFIGURATION DYNAMIC
commands, or the current configuration in the SHOW SYSTEM output unless the
SHOW DEBUG command is entered by a user with security officer privilege.
If you wish to use the following software features you need to enable security
mode:
mode:
■
IP authentication
■
Secure Shell (see the Secure Shell chapter, Rapier Series Switch Software
Reference)
Reference)
■
Encryption (see the Compression and Encryption Services chapter, Rapier
Series Switch Software Reference)
Series Switch Software Reference)
■
IPsec (see the IP Security chapter, Rapier Series Switch Software Reference)
■
Public Key Encryption (PKI) (see the Public Key Infrastructure chapter,
Rapier Series Switch Software Reference)
Rapier Series Switch Software Reference)
■
Secure Sockets Layer (SSL) (see the Secure Sockets Layer chapter, Rapier
Series Switch Software Reference)
Series Switch Software Reference)
To enable security mode, first create a user with security officer privilege, then
enter the command:
enter the command:
ENABLE SYSTEM SECURITY_MODE
To access secure functionality you will need to log in again as the security
officer.
officer.
When the switch restarts, it restarts in the same normal mode or security mode
as it was before restarting. To restore the switch to normal operating mode,
enter the command:
as it was before restarting. To restore the switch to normal operating mode,
enter the command:
DISABLE SYSTEM SECURITY_MODE
When security mode is disabled, the switch automatically deletes all sensitive
data files, including encryption keys.
data files, including encryption keys.
To display the current operating mode, enter the command:
SHOW SYSTEM