H3c-technologies H3C WX6000 Series Access Controllers Uživatelský manuál Strana 655
- Strana / 678
- Tabulka s obsahem
- ŘEŠENÍ PROBLÉMŮ
- KNIHY
Hodnocené. / 5. Na základě hodnocení zákazníků
68-8
Generating an RSA key pair is an important step in certificate request. The key pair includes a public
key and a private key. The private key is kept by the user, while the public key is transferred to the CA
along with some other information. For detailed information about RSA key pair configuration, refer to
SSH in H3C WX6103 Access Controller Switch Interface Board Configuration Guide.
Follow these steps to submit a certificate request in manual mode:
To do… Use the command… Remarks
Enter system view
system-view
—
Enter PKI domain view
pki domain
domain-name —
Set the certificate request mode to
manual
certificate request mode manual
Optional
Manual by default
Return to system view
quit
—
Retrieve a CA certificate manually
Refer to
Retrieving a Certificate
Manually
Required
Generate a local RSA key pair
public-key local create rsa
Required
No local RSA key pair exists by
default.
Submit a local certificate request
pki request-certificate domain
domain-name [ password ]
[
pkcs10
[
filename
filename ] ]
Required
z If a PKI domain has already a local certificate, creating an RSA key pair will result in inconsistency
between the key pair and certificate. To generate a new RSA key pair, delete the local certificate
and then issue the public-key local create rsa command.
z A newly created key pair will overwrite the existing one. If you perform the public-key local create
rsa command in the presence of a local RSA key pair, the system will ask you whether you want to
overwrite the existing one.
z If a PKI domain has already a local certificate, you cannot request another certificate for it. This is to
avoid inconsistency between the certificate and the enrollment information resulting from
configuration changes. To request a new certificate, use the pki delete-certificate command to
delete the existing local certificate and the CA certificate stored locally.
z When it is impossible to request a certificate from the CA through SCEP, you can save the request
information by using the pki request-certificate domain command with the pkcs10 and filename
keywords, and then send the file to the CA by an out-of-band means.
z Make sure the clocks of an entity and the CA are synchronous. Otherwise, the validity period of the
certificate may be abnormal.
z The pki request-certificate domain configuration will not be saved in the configuration file.
- Interface Board 1
- Configuration Guide 1
- All Rights Reserved 2
- Trademarks 2
- Preface 3
- Conventions 4
- Obtaining Documentation 5
- Documentation Feedback 5
- Table of Contents 6
- OAP Board Overview 29
- 2 Logging In Through Telnet 31
- Common Configuration 32
- Table 2-4 34
- [H3C-ui-vty0] idle-timeout 6 43
- <H3C> system-view 43
- Management System 46
- 4 Logging In from an NMS 48
- Packets 49
- 6 Controlling Login Users 51
- 7 VLAN Configuration 56
- VLAN Fundamental 57
- VLAN Classification 58
- Port link type 60
- Default VLAN 61
- VLAN Configuration Example 66
- Verification 67
- 8 Voice VLAN Configuration 69
- Voice VLAN Modes on a Port 70
- Configuring Voice VLAN 71
- 9 GVRP Configuration 78
- Operating mechanism of GARP 79
- GARP message format 79
- GVRP Configuration Task List 81
- Configuring GVRP 82
- GVRP Configuration Examples 83
- IP Addressing Configuration 88
- Special Case IP Addresses 89
- Subnetting and Masking 89
- Configuring IP Addresses 90
- 172.16.2.0/24 93
- IP Performance Configuration 94
- Configuring TCP Attributes 96
- 12 QinQ Configuration 100
- Implementations of QinQ 101
- Configuring Basic QinQ 103
- Configuring Selective QinQ 103
- QinQ Configuration Example 104
- Network diagram 105
- Configuration procedure 105
- BPDU Tunneling Configuration 108
- Configuring BPDU Isolation 109
- Network requirements 111
- Ethernet Port Configuration 114
- Combo Port Configuration 115
- Configuring Combo port state 116
- Configuring a Port Group 117
- Port Isolation Configuration 124
- Displaying Isolation Groups 125
- Uplink port support: No 126
- Group ID: 1 126
- Link Aggregation Overview 127
- Manual Link Aggregation 128
- Static LACP link aggregation 129
- Aggregation Port Group 131
- Configuring Link Aggregation 132
- Group Can Learn 138
- Port Security Configuration 140
- Port Security Modes 141
- Enabling Port Security 143
- Enabling the autoLearn Mode 145
- Configuring NTK 146
- Configuring Trapping 147
- Configuration Prerequisites 148
- Configuration Procedure 148
- Symptom 157
- Analysis 157
- Solution 157
- 20 MSTP Configuration 159
- Basic concepts in STP 160
- Path cost 161
- How STP works 161
- Figure 20-3 165
- Introduction to MSTP 167
- Basic concepts in MSTP 168
- Protocols and Standards 172
- Configuration Task List 173
- Configuring the Root Bridge 174
- Configuration example 175
- Configuring Timers of MSTP 179
- Enabling the MSTP Feature 185
- Configuring Leaf Nodes 186
- Configuring Port Priority 188
- Performing mCheck 190
- Configuring Digest Snooping 191
- Configuration Example 192
- Prerequisites 194
- Enabling Root Guard 196
- Enabling Loop Guard 197
- MSTP Configuration Example 199
- 21 IP Routing Overview 203
- Routing Protocol Overview 205
- Route backup 206
- Route Recursion 207
- 22 GR Overview 209
- Static Routing Configuration 213
- Configuring a Static Route 214
- 24 RIP Configuration 219
- Operation of RIP 220
- RIP Version 221
- RIP Message Format 221
- RIPv2 message format 222
- RIPv2 authentication 222
- Supported RIP Features 223
- Configuring a RIP version 224
- Advertising a summary route 226
- Advertising a Default Route 227
- Configuring RIP Timers 229
- Enabling poison reverse 230
- Specifying a RIP Neighbor 231
- RIP Configuration Examples 232
- Troubleshooting RIP 234
- 25 OSPF Configuration 235
- Basic Concepts 236
- LSA types 237
- Neighbor and Adjacency 237
- Area partition 238
- Classification of Routers 238
- (Totally) Stub area 240
- NSSA area 240
- Route summarization 241
- Route types 241
- OSPF network types 242
- DR and BDR 243
- OSPF Packet Formats 244
- OSPF packet header 244
- Hello packet 245
- DD packet 245
- LSR packet 246
- LSU packet 247
- LSAck packet 247
- LSA header format 248
- Formats of LSAs 249
- Supported OSPF Features 252
- OSPF Configuration Task List 253
- Configuring Stub Routers 264
- OSPF Configuration Examples 270
- # Configure Switch B 271
- # Configure Switch C 271
- 3) Verify the configuration 271
- Processing steps 285
- IP Source Guard Overview 287
- Displaying IP Source Guard 288
- Troubleshooting 292
- 27 DLDP Configuration 293
- Device A 294
- Device B 294
- DLDP Fundamentals 295
- DLDP mode 296
- DLDP authentication mode 297
- DLDP implementation 298
- DLDP neighbor state 299
- Enabling DLDP 300
- Setting DLDP Mode 301
- Setting the DelayDown Timer 302
- Resetting DLDP State 303
- DLDP Configuration Example 304
- 28 Multicast Overview 307
- Broadcast 308
- Multicast 309
- Roles in Multicast 310
- Multicast Models 311
- Multicast Architecture 312
- IPv6 Multicast Addresses 314
- Multicast Protocols 316
- Layer 2 multicast protocols 317
- IGMP Snooping Configuration 319
- IGMP Snooping related ports 320
- Enabling IGMP Snooping 324
- Configuring Static Ports 326
- Multicast VLAN Configuration 344
- 31 LLDP Configuration 348
- TLV Types 349
- Enabling LLDP 352
- Setting LLDP Operating Mode 352
- Configuring LLDPDU TLVs 352
- Enable LLDP Polling 354
- Configuring LLDP Trap 355
- LLDP Configuration Example 356
- 32 sFlow Configuration 359
- Configuring sFlow 360
- Displaying sFlow 360
- 33 ARP Configuration 363
- ARP Message Format 364
- ARP Mapping Table 365
- Configuring ARP 366
- Enabling the ARP Entry Check 367
- ARP Configuration Example 367
- Configuring Gratuitous ARP 368
- 34 Proxy ARP Configuration 370
- 35 DHCP Overview 374
- DHCP Address Allocation 375
- DHCP Message Format 376
- DHCP Options 377
- Introduction to DHCP Options 378
- Self-Defined Options 378
- Option 184 379
- Application Environment 381
- Fundamentals 381
- IP network 382
- DHCP Client Configuration 391
- DHCP Snooping Configuration 394
- BOOTP Client Configuration 400
- Through BOOTP 401
- Network requirement 402
- 40 ACL Overview 403
- Introduction to IPv4 ACL 404
- IPv4 ACL Match Order 405
- Introduction to IPv6 ACL 406
- IPv6 ACL Classification 407
- IPv6 ACL Naming 407
- IPv6 ACL Match Order 407
- IPv6 ACL Step 408
- 41 IPv4 ACL Configuration 409
- Configuring a Basic IPv4 ACL 410
- Configuration Examples 411
- Copying an IPv4 ACL 415
- Network Diagram 416
- 42 IPv6 ACL Configuration 418
- Copying an IPv6 ACL 421
- Network Requirements 422
- 43 QoS Overview 424
- Occurrence of Congestion 425
- Influence of Congestion 425
- Countermeasures 426
- Rate Configuration 428
- Token Bucket 432
- Complicated Evaluation 432
- Traffic Policing 433
- Line Rate 433
- Line Rate Configuration 434
- 45 QoS Policy Configuration 435
- Defining a Class 436
- Defining a Traffic Behavior 437
- Defining a Policy 439
- Applying a Policy 439
- 46 Congestion Management 441
- Configuring an SP Queue 444
- Configuring a WRR Queue 444
- Configuring SP+WRR Queues 445
- 47 Priority Mapping 447
- Overview 452
- Port Mirroring Configuration 457
- Implementing Port Mirroring 458
- Displaying Port Mirroring 462
- 51 UDP Helper Configuration 466
- 52 SNMP Configuration 469
- SNMP Protocol Version 470
- MIB Overview 470
- SNMP Configuration 471
- Configuring SNMP Logging 473
- Trap Configuration 474
- SNMP Configuration Example 476
- 53 RMON Configuration 480
- RMON Groups 481
- Configuring RMON 482
- RMON Configuration Example 484
- 54 NTP Configuration 486
- How NTP Works 487
- NTP Message Format 488
- Operation Modes of NTP 490
- Broadcast mode 491
- Multicast mode 491
- NTP Configuration Task list 492
- NTP Configuration Examples 500
- delay disper 506
- Root delay: 40.00 ms 506
- AC B and AC A 510
- 55 DNS Configuration 511
- DNS suffixes 512
- Configuring the DNS Client 513
- Configuring the DNS Proxy 514
- DNS Configuration Examples 515
- File System Management 521
- Directory Operations 522
- File Operations 522
- Storage Device Operations 523
- Memory space management 524
- Configuration File Overview 525
- Format of configuration file 526
- 57 FTP Configuration 530
- Configuring the FTP Client 531
- Configuring the FTP Server 535
- <Sysname> reboot 538
- 58 TFTP Configuration 539
- Configuring the TFTP Client 540
- Information Center Overview 543
- System Information Format 546
- 60 Basic Configurations 559
- Configuring the Device Name 560
- Configuring the System Clock 560
- Configuring a Banner 562
- Configuring CLI Hotkeys 563
- CLI Features 567
- Edit Features 569
- CLI Display 569
- Display functions 570
- Saving History Commands 571
- The ping command 572
- The tracert command 572
- System Maintaining 574
- System Debugging 574
- System Maintaining Example 575
- 62 Device Management 576
- Upgrading Boot ROM 578
- 63 NQA Configuration 580
- Basic Concepts of NQA 582
- NQA Configuration Task List 583
- Configuring the NQA Server 583
- Enabling the NQA Client 584
- Creating an NQA Test Group 584
- Configuring the DHCP Test 586
- Configuring the FTP Test 586
- Configuring the HTTP Test 587
- Configuration prerequisites 589
- Configuring the SNMP Test 590
- Configuring the TCP Test 591
- Configuring the DLSw Test 593
- Configuring Trap Delivery 595
- Scheduling an NQA Test Group 596
- NQA Configuration Examples 597
- 64 SSH Configuration 606
- Asymmetric Key Algorithm 607
- SSH Operating Process 607
- Version negotiation 608
- Authentication 608
- Session request 609
- Interactive session 609
- Enabling SSH Server 610
- Configuring RSA and DSA Keys 611
- Configuring an SSH User 613
- 65 SFTP Service 629
- Configuring an SFTP Client 630
- Working with SFTP Files 632
- Displaying Help Information 632
- SFTP Configuration Example 633
- 66 SSL Configuration 637
- SSL Configuration Task List 638
- Troubleshooting SSL 642
- 67 HTTPS Configuration 643
- Enabling the HTTPS Service 644
- Control Policy 645
- HTTPS Configuration Example 646
- 68 PKI Configuration 648
- Architecture of PKI 649
- Applications of PKI 650
- Operation of PKI 650
- PKI Configuration Task List 651
- Configuring an Entity DN 651
- Configuring a PKI Domain 652
- Deleting a Certificate 658
- PKI Configuration Examples 659
- Networking diagram 663
- Troubleshooting PKI 664
- Failed to Retrieve CRLs 665
- 69 Track Configuration 666
- Detection Modules 667
- Application Modules 668
- Track Configuration Example 669
- 70 Index 672
Související produkty a manuály pro Směrovače H3c-technologies H3C WX6000 Series Access Controllers
(19 stránky)© 2020, manymanuals.cz. Všechna práva vyhrazena. | 0.063 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentáře k této Příručce