Steps to Enable SSH2 and SSL Extreme Switch Access

 Problem Description : 

Steps to secure Extreme Switch access

 Resolution : 

SSH2 and SSL are not included in the core image. You must install SSH module to enable security on switch. Modules are built at the same time as core images and are designed to work in concert with the core image, so the version number of a module must match the version number of the core image that it will be running on. Follow the steps below to install…

1.Download and install SSH module to switch (check version number) from TFTP Server (Casper):

Download image 168.26.240.20 ssh.xmod “VR-Default”

2.Activate the installed module by rebooting the switch or by issuing the command:

run update

3.To use SSL restart the thttpd process:

restart process thttpd

4.Generate an authentication key for SSH2:

configure ssh2 key

5.Enable SSH2:

enable ssh2

6.Type save and confirm

7.View status of SSH on switch to confirm. Make sure it is enabled and valid key is indicated:

show management

8.Use Putty to SSH into switch IP for testing

9.After confirmation, disable telnet and save

disable telnet

save

10.Enable SSL on the switch for secure HTTP access:

enable web https

11.Create a self-signed certificate by using the following command:

configure ssl certificate privkeylen 2048 country US organization “Gordon State College” common-name “Extreme CA”

12.Save

13.Confirm key and other certificate information:

show ssl

14.Test secure HTTP access in a browser (https://{IP ADDRESS})

 Revision Date : 2/24/2014