Guidelines – Allied Telesis AT-S63 User Manual

Page 795

Advertising
background image

AT-S63 Management Software Menus Interface User’s Guide

Section IX: Management Security

795

For those networks that consist of enhanced stacking switches where
some switches support SSL and others do not, there are two approaches
you can take. One is to create different enhanced stacks for the different
switches with one enhanced stack for those switches that support SSL and
another stack for those that do not. You create different enhanced stacks
by connecting the switches with different common VLANs. For information,
refer to “Planning for Remote Management” on page 49.

Another workaround is to leave the switches in one enhanced stack, but
designate two master switches, where one master switch uses HTTP and
the other HTTPS. To manage those switches in the stack that support
SSL, you would start the management session on the master switch
whose server mode is set to HTTPS. To manage those switch not
supporting SSL, you would start the management session on the master
switch whose web server is set to HTTP.

Each switch in a stack must have its own key pair and certificate. They
cannot share keys and certificates. When you start a web browser
management session on the master switch of an enhanced stack, the
management session uses that switch’s certificate and key pair. When you
change to another switch in the stack, the management session starts to
use the certificate and key pair on that switch, and so forth.

Guidelines

The guidelines for creating certificates are:

ˆ

A certificate can have only one key.

ˆ

A switch can use only those certificates that contain a key that was
generated on the switch.

ˆ

You can create multiple certificates on a switch, but the device uses
the certificate whose key pair has been designated as the active key
pair for the switch’s web server.

ˆ

Most web browsers support both unsecured (plaintext) and secured
(encrypted) operation. These modes are referred to as HTTP and
HTTPS, respectively. If you choose to use encryption when you
manage a switch, the web browser you use must support HTTPS.

Advertising
Popular Brands
Popular manuals