Patton electronic SmartNode 4110 Series ユーザーズマニュアル
Configuration file handling task list
89
SmartWare Software Configuration Guide
6 • Configuration file handling
123100000020002abc000cf187d909XYZ
Then you have to download the created key file to the SmartNode. Open a telnet session and type in the fol-
lowing commands:
lowing commands:
>enable
#copy tftp://<ip>/<path> key:
where <ip> is the IP address of your TFTP server and <path> is the path to the key file relative to the
TFTP root.
TFTP root.
Encrypt a configuration file
Use the encryption tool to encrypt a configuration file on your PC. Therefore you have to enter the
following command.
following command.
enctool encrypt <plain-file> <encrypted-file> [<key>]
Where <plain-file> is the path of the non-encrypted input configuration file and <encrypted-file> is the path of
the encrypted output configuration file. <key> specifies the encryption key which shall be used to encrypt the
configuration file. If omitted the default key is used.
the encrypted output configuration file. <key> specifies the encryption key which shall be used to encrypt the
configuration file. If omitted the default key is used.
Download an encrypted configuration file
Now you can download the configuration file as usual using the CLI copy-command, the auto-provisioning
feature, HTTP or SNMP download. The SmartNode automatically detects that a downloaded file is encrypted
and tries to decrypt the file using the pre-installed key.
feature, HTTP or SNMP download. The SmartNode automatically detects that a downloaded file is encrypted
and tries to decrypt the file using the pre-installed key.
Upload an encrypted configuration file
The SmartNode immediately decrypts a configuration file after downloading it. This is the configuration
file is stored non-encrypted in the flash memory. Thus when you upload a configuration it is
uploaded non-encrypted.
file is stored non-encrypted in the flash memory. Thus when you upload a configuration it is
uploaded non-encrypted.
You may upload an encrypted configuration file specifying the encrypted flag at the end of the copy command:
#copy startup-config tftp://<ip>/<path> encrypted
This encrypts the configuration file before sending it to the TFTP server. Use the enctool decrypt command
on the PC to regain the original configuration.
on the PC to regain the original configuration.
The downloaded key also defines how the passwords are
encrypted in your configuration files. After you downloaded a
key file you have to regenerate the startup-config from the
running-config by executing the command.
encrypted in your configuration files. After you downloaded a
key file you have to regenerate the startup-config from the
running-config by executing the command.
copy running-config startup-config
If you don’t do this, the device will fail executing the commands
that have encrypted password arguments in the startup-config.
that have encrypted password arguments in the startup-config.
IMPORTANT