AT-9000 Switch Command Line User’s Guide
1365
Private CAs allow companies to keep track of the certificates and control
access to various network devices.
If your company is large enough, it might have a private CA, and you might
want that group to issue the certificate for the switch so that you are in
compliance with company policy.
If you choose to have a public or private CA issue the certificate, you must
first create a self-signed certificate. Afterwards, you have to generate a
digital document, called an enrollment request
,
which you send to the CA.
The document contains the public key and other information that the CA
will use to create the certificate.
Before sending an enrollment request to a CA, you should contact the CA
to determine what other documents or procedures might be required in
order for the CA to process the certificate. This is particularly important
with public CAs, which typically have strict guidelines on issuing
certificates.
Distinguished
Name
A certificate, whether its self-signed by the switch or issued by a CA, must
identity its owner, which, in the case of a certificate for the switch, is the
switch itself and your company. The name of the owner is entered in the
form of a distinguished name, which has six parts.
Common name (cn): This is the IP address or name of the switch.
Organizational unit (ou): This is the name of the department, such
as Network Support or IT, that the switch is serving.
Organization (o): This is the name of your company.
Location: The location of the switch or company, such as the city.
State (st): The state where the switch or company is located.
Country (c): This is the country.
The common name of a certificate for the switch should be its IP address.
At the start of an HTTPS web browser management session with the
switch, the web browser on your management station checks to see if the
name to whom the certificate was issued matches the name of the web
site. In the case of the switch, the web site’s name is the switch’s IP
address. If they do not match, your web browser displays a security
warning. It is for this reason that the common name in the distinguished
name should be the IP address of the switch. Of course, even if you see
the security warning, you can close the warning prompt and still configure
the switch using your web browser.
Alternatively, if your network has a Domain Name System, and you
mapped a name to the IP address of the switch, you can specify the
switch’s name, instead of the IP address as the common name in the
distinguished name.
Summary of Contents for AT-9000/12PoE
Page 4: ......
Page 28: ...Contents 28...
Page 36: ...Tables 36...
Page 42: ...42...
Page 76: ...Chapter 2 Starting a Management Session 76...
Page 100: ...Chapter 4 Basic Command Line Management Commands 100...
Page 112: ...112...
Page 130: ...Chapter 7 Basic Switch Management 130...
Page 170: ...Chapter 8 Basic Switch Management Commands 170...
Page 284: ...Chapter 12 Power Over Ethernet Commands 284...
Page 298: ...Chapter 13 IPv4 and IPv6 Management Addresses 298...
Page 322: ...Chapter 14 IPv4 and IPv6 Management Address Commands 322...
Page 342: ...Chapter 16 SNTP Client Commands 342...
Page 371: ...AT 9000 Switch Command Line User s Guide 371 awplus write Save the configuration...
Page 388: ...Chapter 19 Enhanced Stacking 388...
Page 406: ...Chapter 20 Enhanced Stacking Commands 406...
Page 414: ...Chapter 21 Port Mirror 414...
Page 422: ...Chapter 22 Port Mirror Commands 422...
Page 432: ...Chapter 23 Internet Group Management Protocol IGMP Snooping 432...
Page 452: ...Chapter 25 Multicast Commands 452...
Page 454: ...454...
Page 462: ...Chapter 26 File System 462...
Page 488: ...Chapter 29 Boot Configuration File Commands 488...
Page 500: ...Chapter 30 File Transfer 500...
Page 508: ...Chapter 31 File Transfer Commands 508...
Page 510: ...510...
Page 528: ...Chapter 33 Event Log Commands 528...
Page 536: ...Chapter 34 Syslog Client 536...
Page 544: ...544...
Page 554: ...Chapter 36 Static Port Trunks 554...
Page 562: ...Chapter 37 Static Port Trunk Commands 562...
Page 574: ...Chapter 38 Link Aggregation Control Protocol LACP 574...
Page 588: ...Chapter 39 LACP Commands 588...
Page 590: ...590...
Page 610: ...Chapter 40 STP RSTP and MSTP Protocols 610...
Page 690: ...Chapter 45 Multiple Spanning Tree Protocol MSTP 690...
Page 716: ...716...
Page 740: ...Chapter 47 Port based and Tagged VLANs 740...
Page 760: ...Chapter 48 Port based and Tagged VLAN Commands 760...
Page 778: ...Chapter 49 GARP VLAN Registration Protocol 778...
Page 800: ...Chapter 50 GARP VLAN Registration Protocol Commands 800...
Page 816: ...Chapter 51 MAC Address based VLANs 816...
Page 830: ...Chapter 52 MAC Address based VLAN Commands 830...
Page 850: ...Chapter 55 Voice VLAN Commands 850...
Page 860: ...Chapter 56 VLAN Stacking 860 Section III File System...
Page 866: ...Chapter 57 VLAN Stacking Commands 866 Section III File System...
Page 868: ...868...
Page 878: ...Chapter 58 MAC Address based Port Security 878...
Page 892: ...Chapter 59 MAC Address based Port Security Commands 892...
Page 918: ...Chapter 60 802 1x Port based Network Access Control 918...
Page 960: ...Chapter 61 802 1x Port based Network Access Control Commands 960...
Page 962: ...962...
Page 974: ...Chapter 62 SNMPv1 and SNMPv2c 974...
Page 1024: ...1024...
Page 1036: ...Chapter 65 sFlow Agent 1036...
Page 1140: ...Chapter 68 LLDP and LLDP MED Commands 1140...
Page 1146: ...Chapter 69 Address Resolution Protocol ARP 1146...
Page 1154: ...Chapter 70 Address Resolution Protocol ARP Commands 1154...
Page 1228: ...Chapter 73 Advanced Access Control Lists ACLs 1228...
Page 1288: ...1288...
Page 1300: ...Chapter 76 Local Manager Accounts 1300...
Page 1310: ...Chapter 77 Local Manager Account Commands 1310...
Page 1316: ...Chapter 78 Telnet Server 1316...
Page 1324: ...Chapter 80 Telnet Client 1324...
Page 1328: ...Chapter 81 Telnet Client Commands 1328...
Page 1340: ...Chapter 82 Secure Shell SSH Server 1340...
Page 1350: ...Chapter 83 SSH Server Commands 1350...
Page 1362: ...Chapter 85 Non secure HTTP Web Browser Server Commands 1362...
Page 1406: ...Chapter 88 RADIUS and TACACS Clients 1406...
Page 1446: ...Chapter System Monitoring Commands 1446...
Page 1476: ...Appendix B Management Software Default Settings 1476...