beautypg.com

Normal mode and security mode – Allied Telesis AT-8700XL Series Switch User Manual

Page 47

background image

Operating the switch

47

Software Release 2.6.1
C613-02030-00 REV B

See the Operations chapter in the AT-8700XL Series Software Reference for:

More information about managing and using accounts with user, manager
and security officer privileges

A full list of commands that require security officer privilege when the
switch is in secure mode

Information about enabling a remote security officer.

Normal Mode and Security Mode

The switch operates in one of two modes, either normal mode or security
mode. By default, the switch is in normal mode.

When the switch is in security mode, the command SHOW DEBUG does not display
output of the SHOW FEATURE and SHOW CONFIGURATION DYNAMIC
commands, or the current configuration in the SHOW SYSTEM output unless the
SHOW DEBUG command is entered by a user with security officer privilege.

If you wish to use the following software features you need to enable security
mode:

IP authentication

Secure Shell (see the Secure Shell chapter, AT-8700XL Series Software
Reference)

Encryption (see the Compression and Encryption Services chapter, AT-8700XL
Series Software Reference)

Public Key Encryption (PKI) (see the Public Key Infrastructure chapter, AT-
8700XL Series Software Reference)

To enable security mode, first create a user with security officer privilege, then
enter the command:

ENABLE SYSTEM SECURITY_MODE

To access secure functionality you will need to log in again as the security
officer.

When the switch restarts, it restarts in the same normal mode or security mode
as it was before restarting. To restore the switch to normal operating mode,
enter the command:

DISABLE SYSTEM SECURITY_MODE

When security mode is disabled, the switch automatically deletes all sensitive
data files, including encryption keys.

To display the current operating mode, enter the command:

SHOW SYSTEM

When the switch is in security mode, a user with security officer privilege is the
only person who can execute commands which affect switch security. Table 5
on page 48 lists commands that only a security officer can execute when the
switch is in security mode. A complete list of commands limited by security

See also other documents in the category Allied Telesis Computer hardware: