beautypg.com

Setting the secure shell, Setting stp and rstp, Setting the secure shell setting stp and rstp – Allied Telesis AT-S100 User Manual

Page 62

background image

Chapter 2: Configuring the AT-S100 Software

62

Setting the Secure

Shell

Secure management is increasingly important in modern networks, as the
ability to easily and effectively manage switches and the requirement for
security are two universal requirements. Switches are often remotely
managed using remote sessions via the Telnet protocol. This method,
however, has a serious security problem—it is only protected by plaintext
usernames and passwords which are vulnerable to wiretapping and
password guessing.

The Secure Shell (SSH) protocol provides encrypted and strongly
authenticated remote login sessions, similar to the Telnet and rlogin
protocols, between a host running a Secure Shell server and a machine
with a Secure Shell client.

The syntax of this command is:

crypto key generate userkey USERNAME rsa <768-32768>

To generate a 2048-bit RSA user key for SSH version 2 connections for a
user named “mel,” enter the following commands:

switch#configure terminal

switch(config)#crypto key generate userkey mel rsa
2048

For more information about this command, see “CRYPTO KEY
GENERATE USERKEY” on page 121.

Setting STP and

RSTP

The performance of a Ethernet network can be negatively impacted by the
formation of a data loop in the network topology. A data loop exists when
two or more nodes on a network can transmit data to each other over
more than one data path. The problem that data loops pose is that data
packets can become caught in repeating cycles, referred to as broadcast
storms, that needlessly consume network bandwidth and can significantly
reduce network performance.

STP and RSTP prevent data loops from forming by ensuring that only one
path exists between the end nodes in your network. Where multiple paths
exist, these protocols place the extra paths in a standby or blocking mode,
leaving only one main active path.

STP and RSTP can also activate a redundant path if the main path goes
down. So not only do these protocols guard against multiple links between
segments and the risk of broadcast storms, but they can also maintain
network connectivity by activating a backup redundant path in case a main
link fails.

Where the two protocols differ is in the time each takes to complete the
process referred to as convergence. When a change is made to the
network topology, such as the addition of a new bridge, a spanning tree
protocol must determine whether there are redundant paths that must be

See also other documents in the category Allied Telesis Computer hardware: