Configuring autorun on the switch, Enabling secure mode, Ge a-42 – HP 2910AL User Manual
Page 454
File Transfers
Using USB Autorun
Event Log or Syslog.
For details on how to use the switch’s event log or
syslog for help in isolating autorun-related problems, see “Using the Event Log
for Troubleshooting Switch Problems” on page C-26.
Configuring Autorun on the Switch
To enable/disable the autorun feature on the switch, the following commands
can be executed from configuration mode in the CLI.
Syntax: [no] autorun [encryption-key <key-string> | secure-mode]
Enables/disables USB autorun on the switch.
Use the
encryption-key
keyword to configure or remove an
encryption-key (a base-64 encoded string). The encryption key
is a pre-requisite for enabling autorun in secure-mode.
Encryption is regarded only when the AutoRun file is also
signed by an authentic source.
Use the
secure-mode
keyword to enable or disable secure mode
for autorun.
Default: Enabled (or Disabled if a password has been set).
Enabling Secure Mode
Autorun secure mode can be used to verify the authenticity of autorun
command files. Secure-mode is configured using the
autorun secure-mode
command and can be enabled under the following conditions:
■
an encryption-key has already been configured using the
autorun
encryption key command; and
■
a trusted certificate for verifying autorun command files has been copied
to the switch using the
copy <tftp | usb> autorun-cert-file command.
There is an additional security option to install a valid key-pair for signing the
result files that are generated during autorun operations. The key-pair can be
generated on the switch using the
crypto key generate autorun [rsa] command.
N o t e
The key-pair can also be installed from a tftp server or via the usb port using
copy <tftp | usb> autorun-key-file <ipaddr filename> command. The filename must
contain the private key and the matching public key in a X509 certificate
structure. Both the private key and the X509 certificate must be in PEM format.
A-42