102
EPICenter Concepts and Solutions Guide
Managing Network Security
If you have both SNMPv1 and SNMPv3 on a device, EPICenter makes it very easy to switch between
one and the other. This means that if you have enabled SNMPv3 on your devices, and then find it
necessary to return to SNMPv1 for any reason, you can do so with minimal effort.
Using SSHv2 to Access Network Devices.
Extreme Networks products support the secure shell 2 (SSHv2) protocol to encrypt traffic between the
switch management port and the network management application (EPICenter). This protects the
sensitive data from being intercepted or altered by unauthorized access. You configure SSHv2 for
EPICenter in the Admin feature, using the Server Properties section.
To enable SSH on a device from EPICenter, follow these steps:
1
The device must be running a version of ExtremeWare that supports SSH. This requires a special
license due to export restrictions. Refer to the
ExtremeWare Software User Guide
for licensing
information.
2
Install the “EPICenter SSH Enabling module”. This is an SSH enabling key that can be obtained from
Extreme Networks. Refer to the
EPICenter Installation and Upgrade Note
or the
EPICenter Release Notes
for information on how to obtain this key.
3
Install an SSH client on the same server as the EPICenter server. EPICenter supports PuTTy in a
Windows environment, and OpenSSH in a Solaris environment.
4
Set the path to the SSH client in EPICenter, using Admin Manager. EPICenter will use this as the
SSH client.
5
Enable SSH on the devices for which you want EPICenter to use SSH for direct communications.
EPICenter will now use SSH instead of regular Telnet for direct communications with the device,
including Netlogin and polling for the FDB from the Extreme Networks switches.
Note that you can also use Secure Copy (SCP) and Secure FTP (SFTP) with EPICenter if you have an
SSH client installed on the same system with the EPICenter server.
Monitoring Configuration Changes
Fundamental to securing your network is verifying that no configuration changes have occurred that
may have a detrimental effect on network security. Something as simple as changing passwords can
introduce a weakness in your security design for the network.
The EPICenter Configuration Manager provides several features you can use to monitor the integrity of
your device configurations:
•
You can save baseline configurations for each of your devices. Not only do these provide a
known-good backup if needed, but EPICenter can then compare these to your regularly-scheduled
configuration archive files to determine if any configuration changes have been made. If it detects
changes, EPICenter will inspect the Syslog file for the device to identify any entries that are related
to the configuration changes observed in the archived configuration file.
•
Regularly archiving your device configuration files provides a backup in case a configuration is
accidentally or intentionally changed.
•
The Configuration Manager’s
Diff
feature lets you compare two saved configuration files, or
compare a saved configuration file against the baseline configuration for the device to see the
differences between the two files. You must have a Differences viewer installed on the system where
Summary of Contents for EPICenter 5.0
Page 12: ...12 EPICenter Concepts and Solutions Guide Preface...
Page 76: ...76 EPICenter Concepts and Solutions Guide Managing your Network Assets...
Page 92: ...92 EPICenter Concepts and Solutions Guide Managing VLANs...
Page 116: ...116 EPICenter Concepts and Solutions Guide Managing Wireless Networks...
Page 146: ...146 EPICenter Concepts and Solutions Guide VoIP and EPICenter Avaya Integrated Management...
Page 163: ...Appendices...
Page 164: ......
Page 178: ...178 EPICenter Concepts and Solutions Guide Troubleshooting...