beautypg.com

Normal mode and security mode, Normal mode – Allied Telesis AR700 SERIES Software Release 2.7.1 User Manual

Page 45

background image

45

Software Release 2.7.1
C613-02047-00 REV A

See the Operations chapter in the Software Reference for:

More information about managing and using accounts with user, manager
and security officer privileges

A full list of commands that require security officer privilege when the
router is in secure mode

Information about enabling a remote security officer.

Normal Mode and Security Mode

The router operates in one of two modes, either normal mode or security
mode. By default, the router is in normal mode.

When the router is in security mode, the command SHOW DEBUG does not
display output of the SHOW FEATURE and SHOW CONFIGURATION
DYNAMIC commands, or the current configuration in the SHOW SYSTEM
output unless the SHOW DEBUG command is entered by a user with security
officer privilege.

If you wish to use the following software features you need to enable security
mode:

IP authentication

Secure Shell (see the Secure Shell chapter in the Software Reference)

Encryption (see the Compression and Encryption Services chapter in the
Software Reference)

IPsec (see the IP Security chapter in the Software Reference)

Public Key Encryption (PKI) (see the Public Key Infrastructure chapter in the
Software Reference)

To enable security mode, first create a user with security officer privilege, then
enter the command:

enable system security_mode

To access secure functionality you will need to log in again as the security
officer.

When the router restarts, it restarts in the same normal mode or security mode
as it was before restarting. To restore the router to normal operating mode,
enter the command:

disable system security_mode

When security mode is disabled, the router automatically deletes all sensitive
data files, including encryption keys.

To display the current operating mode, enter the command:

show system

When the router is in security mode, a user with security officer privilege is the
only person who can execute commands which affect router security.

Table 5

lists commands that only a security officer can execute when the router is in
security mode. A complete list of commands limited by security mode are
listed in the Operation chapter in the Software Reference.

See also other documents in the category Allied Telesis Computer hardware: