Booting the Switch
ARX®1000 Hardware Installation Guide
6 - 9
Preparing to Install a Redundant Peer
The initial-boot script requires some additional information if you are
installing the second switch in a redundant pair. Both members of a
redundant pair share a common
master key
. A master key is an encryption
key for all critical-security parameters (CSPs), such as administrative
passwords. Redundant switches share the same users, groups, and
passwords, so they must use the same master key.
At the peer that is currently installed, use the
show master-key
command to
create an encrypted copy of the master key:
show master-key
The CLI prompts you for two passwords:
•
System Password
is a password entered at initial-boot time (see Sample:
Booting a Non-Replacement Switch, on page 6-4). It is 12-32 characters
long. This validates that you have permission to access the master key.
•
Wrapping Password
is set with this command. The security software uses
this to encrypt (and later decrypt) the master-key string.
Enter 12-32 characters. At least one character in this password must be a
number (0-9) or a symbol (!, @, #, $, and so on).
Save this password: you will need it to decrypt the master key later, on
the new switch.
This command outputs a base64-encoded string that is the encrypted master
key. Save this string
and
the wrapping password that you set in the
command.
For example, this shows the master key on a switch named “prtlndA1kB:”
prtlndA1kB#
show master-key
Master Key System Password:
%uper$ecretpw
Wrapping Password:
an0ther$ecretpw
Validate Wrapping Password:
an0ther$ecretpw
Encrypted master key:
2oftVCwAAAAgAAAApwazSRFd2ww/H1pi7R7JMDZ9SoIg4WGA/XsZP+HcXjsIAAA
ADDRbMCxE/bc=
prtlndA1kB#
...
Applying the Master Key
As shown earlier, there is a prompt for the master key in the initial-boot
script. You can answer this prompt with the encrypted master key; the script
then prompts for the wrapping password. For example,
...
The master key is used to encrypt critical security parameters.
15. Enter the master key
in the format base64-encoded key or keyword 'generate'.(default=generate) #
2oftVCwAAAAgAAAApwazSRFd2ww/H1pi7R7JMDZ9SoIg4WGA/XsZP+HcXjsIAAAADDRbMCxE/bc=
The wrapping password is used to encrypt and decrypt the master key.
16. Enter the wrapping password
Содержание ARX 1000
Страница 1: ...ARX 1000 Hardware Installation Guide version 4 01 001 810 0006 00 ...
Страница 2: ......
Страница 5: ...Table of Contents ...
Страница 6: ......
Страница 9: ......
Страница 10: ...Table of Contents x ...
Страница 12: ......
Страница 22: ......
Страница 28: ......
Страница 34: ......
Страница 42: ......
Страница 48: ...Chapter 5 5 8 ...
Страница 50: ......
Страница 62: ...Chapter 6 6 14 ...
Страница 64: ......
Страница 70: ......
Страница 74: ...Appendix A A 6 ...
Страница 75: ...Index ...
Страница 76: ......