Allied Telesis AT-S63 User Manual

Chapter 31: Encryption Keys

696

Section VII: Management Security

The management session assumes that the web server mode that the
master switch is using is the same for all the switches in the stack. As an
example, if the master switch is using HTTPS, a web browser
management session assumes that all the other switches in the stack are
also using HTTPS, and it does not allow you to manage any switches
running HTTP.

For those networks that consist of enhanced stacking switches where
some switches support SSL and others do not, there are two approaches
you can take. One is to create different enhanced stacks for the different
switches. You could create one enhanced stack for those switches that
support SSL and another stack for those that do not. You create different
enhanced stacks by assigning switches to different Management VLANs.
For information, refer to “Specifying a Management VLAN” on page 581.

Another workaround is to leave the switches in one enhanced stack, but
designate two master switches. One master switch could be using HTTP
and the other HTTPS. When you want to use your web browser to
manage those switches that support SSL, you would start the
management session on the master switch whose server mode is set to
HTTPS. To manage those switch not supporting SSL, you would start the
management session on the master switch whose web server is set to
HTTP.

To implement SSL in an enhanced stack, you must create an encryption
key pair and a certificate on each switch. When you start a web browser
management session on the master switch of an enhanced stack, the
management session uses the certificate and key pair on the master
switch. When you change to another switch in the stack, the management
session starts to use the certificate and key pair on that switch, and so
forth.