Allied Telesis AT-8700XL Series Switch User Manual

30

AT-8700XL Series Switch User Guide

Software Release 2.6.1

C613-02030-00 REV B

To set the switch’s distinguished name to
"cn=switch1,o=my_company,c=us", use the command:

SET SYSTEM DISTINGUISHEDNAME="cn=switch1,

o=my_company,c=us"

6.

Set the UTC offset.

To set the Universal Coordinated Time to inform the switch that the
difference between local time and GMT is 7 hours, use the command:

SET LOG UTCOFFSET=7

7.

Create a self-signed certificate for the switch.

To create a PKI certificate without contacting a CA for browsing to the GUI,
use the command:

CREATE PKI CERTIFICATE=cer_name KEYPAIR=0

SERIALNUMBER=12345 SUBJECT="cn=172.30.1.105,

o=my_company, c=us"

Using this command creates a certificate that is only suitable for secure switch
management via the GUI. A pop-up message will appear in the browser
window warning that the certificate is not issued by a trusted authority. For
details, see the Public Key Infrastructure (PKI) chapter of your Software
Reference.

8.

Load self-signed switch certificate

To load the signed switch certificate onto the switch, use the command:

ADD PKI CERTIFICATE=cer_name LOCATION=cer_name.cer

TRUST=YES

9.

Enable SSL on the HTTP server

To enable SSL on the HTTP server with previously created SSL Key and the
port 443, use the command:

SET HTTP SERVER SECURITY=ON SSLKEY=0 PORT=443

10. Configure an IP interface to run SSL over

To configure an IP interface that SSL will be run over, first enable IP using
the command:

ENABLE IP

To make

VLAN1

the IP interface, and 172.30.1.105 the interface’s IP address,

use the command:

ADD IP INTERFACE=vlan1 IP=172.30.1.105

To add an IP route on this interface with a next hop of 172.30.1.254, use the
command:

ADD IP ROUTE=0.0.0.0 INTERFACE=vlan1 NEXT=172.30.1.254

For this example to succeed, you would have to log in as “cipher” rather than “manager”
when connecting to the switch with a web browser.