Allied Telesis AT-S63 User Manual
Page 550
Chapter 26: Encryption Keys
550
Section IV: Security
packets are sent encrypted. The web server on an AT-9400 Series switch,
can operate in either mode. Enhanced stacking switches that do not
support SSL, such as the AT-8000 Series switches, use HTTP exclusively.
A web browser management session of the switches in an enhanced
stack cannot alternate between the different security modes during a
session. The management session assumes that the web server mode
that the master switch is using is the same for all the switches in the
stack. As an example, if the master switch is using HTTPS, a web browser
management session assumes that all the other switches in the stack are
also using HTTPS, and it does not allow you to manage any switches
running HTTP.
For those networks that consist of enhanced stacking switches where
some switches support SSL and others do not, there are two approaches
you can take. One is to create different enhanced stacks for the different
switches. You could create one enhanced stack for those switches that
support SSL and another stack for those that do not. You create different
enhanced stacks by assigning switches to different Management VLANs.
For information, refer to ”Specifying a Management VLAN” on page 461.
Another workaround is to leave the switches in one enhanced stack, but
designate two master switches. One master switch could be using HTTP
and the other HTTPS. When you want to use your web browser to
manage those switches that support SSL, you would start the
management session on the master switch whose server mode is set to
HTTPS. To manage those switch not supporting SSL, you would start the
management session on the master switch whose web server is set to
HTTP.
To implement SSL in an enhanced stack, you must create an encryption
key pair and a certificate on each switch. When you start a web browser
management session on the master switch of an enhanced stack, the
management session uses the certificate and key pair on the master
switch. When you change to another switch in the stack, the
management session starts to use the certificate and key pair on that
switch, and so forth.