Legal Notices
About this Guide
- How to Use this Guide
- Related Publications
- Text Conventions
- Commonly Used Acronyms
- Feature Platform Support Labeling
- Getting Help
- Providing Feedback to Us
Getting Started
- Device Management Methods
- Initial Configuration
- Advanced Configuration Overview
Using the CLI
- CLI Conventions
- Configuring CLI Properties
  - Example CLI Properties Configuration
  - CLI Properties Display Commands
Image Configuration and File Management
- Configuration and Image File Management on Your System
- Automated Deployment
- Saving a Configuration
- Executing a Configuration
- Deleting a Configuration Restore-Point or File
- Downloading a File from an FTP, TFTP, or SCP Server
- Downloading a Firmware Image via the Serial Port
- Uploading a Configuration File
- Setting the Boot Firmware Image
- Running a Configuration Script
- Linecard Phantom Configuration (K-Series)
- Configuration and Image File Display Commands
High Availability Firmware Upgrade (HAU) Configuration
- Using High Availability Firmware Upgrade in Your Network
- Implementing HAU
- High Availability Upgrade Preconditions
- System Limitations During a High Availability Upgrade
- HAU Configuration Overview
- Configuring HAU
- Terms and Definitions
S- and K-Series Virtual Switch Bonding (VSB) Configuration
- Using Virtual Switch Bonding in Your Network
- Implementing VSB
- VSB Configuration Overview
- Configuring VSB
- Terms and Definitions
7100-Series Virtual Switch Bonding (VSB) Stacking Configuration
- Using Virtual Switch Bonding in Your Network
- Implementing VSB Stacking
- VSB Configuration Overview
- Configuring VSB
- Terms and Definitions
Port Configuration
- Port Configuration Overview
- Configuring Ports
- Terms and Definitions
Port Mirroring Configuration
- How to Use Port Mirroring in Your Network
- Implementing Port Mirroring
- Overview of Port Mirroring Configurations
- Configuring Port Mirrors
- Example: Configuring and Monitoring Port Mirroring (S-, K-Series)
- Example: Configuring an IDS Mirror (S-, K-Series)
- Example: Configuring a Policy Mirror Destination (S-, K-Series)
System Configuration
- Chassis Compatibility Mode (S-Series)
- System Properties Overview
  - System Properties Example
- User Management Overview
- Management Authentication Notification MIB Overview
  - Configuring Management Authentication Notification MIB
  - Management Authentication Notification MIB Configuration Examples
- License Overview
  - Configuring a License
  - License Examples
- SNTP Overview
- Telnet Overview
  - Configuring Telnet
  - Telnet Examples
- Secure Shell Overview
- Domain Name Server (DNS) Overview
  - Configuring DNS
  - DNS Configuration Example
- DHCP Overview
  - IPv4 DHCP Supported Server Options
  - DHCP Server
    - Configuring Client Class
    - DHCP Configuration Example
- DHCPv6 Overview
- Node Alias Overview
  - Configuring Node Alias
  - Setting Node Alias State and Max Entries
- MAC Address Settings Overview
- Terms and Definitions
Security Mode Configuration
- How to Use Security Mode in Your Network
- Implementing Security Mode
- Configuring Security Mode
  - Security Mode Display Commands
- Security Mode Configuration Example
- Terms and Definitions
IPsec Protocol Configuration
- How to Use IPsec in Your Network
- IPsec Implementation Requirements
  - Required Manual Configuration
- Understanding the IPsec Protocol
  - IKE Map
- Configuring IPsec
- IPsec Configuration Example
- Terms and Definitions
Public-Key Infrastructure (PKI) Configuration
- Using Public-Key Infrastructure (PKI) in Your Network
- Implementing Public-Key Infrastructure
- Public-Key Infrastructure Configuration Overview
- Configuring Public-Key Infrastructure
- Terms and Definitions
Tracked Object Manager Configuration
- Using Tracked Object Manager in Your Network
  - Tracked Objects
  - Probes
  - Scheduling
    - Probe Session Scheduling
    - Tracked Object Scheduling
- State Probe Configuration
- Timing Probe Configuration
- Tracked Object Configuration
- Terms and Definitions
Bidirectional Forwarding Detection (BFD) Configuration
- Using Bidirectional Forwarding Detection (BFD) in Your Network
- Implementing BFD
- BFD Configuration Overview
- Configuring BFD
- Terms and Definitions
Link-State Configuration
- Using the Link-State Application in Your Network
- Configuring Link-State
IP SLA Configuration
- Using IP SLA in Your Network
- Configuring IP SLA
Power over Ethernet Configuration
- How to Use PoE in Your Network
- Implementing PoE
  - Allocation of PoE Power to Modules
    - When Manual Mode is Configured
  - Management of PoE Power to PDs
- Configuring PoE
Discovery Protocol Configuration
- How to Use Neighbor Discovery in Your Network
- Understanding Neighbor Discovery
- Configuring LLDP
- Configuring Neighbor Warning Detection
- Configuring Enterasys Discovery Protocol
  - Enterasys Discovery Protocol Configuration Commands
  - Enterasys Discovery Protocol Show Commands
- Configuring Cisco Discovery Protocol
  - Cisco Discovery Protocol Configuration Commands
  - Cisco Discovery Protocol Show Commands
Data Center Bridging Configuration
- How to Use Data Center Bridging in Your Network
- Implementing Data Center Bridging
- Enhanced Transmission Selection Configuration
- Priority-Based Flow Control Configuration (S-, 7100-Series)
- Application Priority Configuration
- Congestion Notification (CN) Configuration (S-, 7100-Series)
- Configuring Data Center Bridging
- Terms and Definitions
Simple Network Management Protocol (SNMP) Configuration
- Using SNMP in Your Network
  - High-Level Configuration Process
- SNMP Concepts
- SNMP Support on S- K- and 7100-Series Devices
- Configuring SNMP
  - Configuration Basics
  - How SNMP Processes a Notification Configuration
  - SNMP Defaults
    - Device Start Up Configuration
  - Configuring SNMPv1/SNMPv2c
    - Creating a New Configuration
    - Adding to or Modifying the Default Configuration
  - Configuring SNMPv3
  - Configuring Secure SNMP Community Names
    - Example
- Reviewing SNMP Settings
Spanning Tree Configuration
- What Is the Spanning Tree Protocol?
- Why Would I Use Spanning Trees in My Network?
- How Do I Implement Spanning Trees?
- STP Overview
  - Rapid Spanning Tree
  - Multiple Spanning Tree
    - Per-VLAN Spanning Tree (PVST)
- Functions and Features Supported on the S- K- and 7100-Series Devices
- Understanding How Spanning Tree Operates
- Configuring STP and RSTP
- Configuring MSTP
- Understanding and Configuring SpanGuard
- Understanding and Configuring Loop Protect
- Terms and Definitions
Shortest Path Bridging (SPB) Configuration
- Using Shortest Path Bridging (SPB) in Your Network
- Implementing Shortest Path Bridging
- Shortest Path Bridging VLAN Configuration Overview
- Configuring Shortest Path Bridging VLAN
- Terms and Definitions
Routing as a Service (RaaS) Configuration
- Using Routing as a Service (RaaS) in Your Network
- Implementing Routing as a Service
- Routing as a Service Configuration Overview
  - Helper Router Configuration
  - Main Router Configuration
- Configuring Routing as a Service
- RaaS Configuration Example
- Terms and Definitions
VLAN Configuration
- Using VLANs in Your Network
- Implementing VLANs
  - Preparing for VLAN Configuration
- Understanding How VLANs Operate
  - Learning Modes and Filtering Databases
  - VLAN Assignment and Forwarding
  - Example of a VLAN Switch in Operation
- VLAN Support on Extreme Networks S-, K-, and 7100-Series Switches
- Configuring VLANs
- Terms and Definitions
- VLAN Provider Bridges
  - Configuring Provider Bridges
    - Customer Bridge Mode
    - Provider Bridge Mode
Link Aggregation Control Protocol (LACP) Configuration
- Using Link Aggregation in Your Network
- Implementing Link Aggregation
- Link Aggregation Overview
- Configuring Link Aggregation
- Link Aggregation Configuration Examples
  - Link Aggregation Configuration Example 1
  - Link Aggregation Configuration Example 2
    - Configuring the Edge Switch
    - Configuring the Upstream Switch
- Terms and Definitions
Policy Configuration
- Using Policy in Your Network
- Implementing Policy
- Policy Overview
- Configuring Policy
- Policy Configuration Example
- Terms and Definitions
Multicast Configuration
- How to Use Multicast in Your Network
- Implementing Multicast
- Understanding Multicast
  - Internet Group Management Protocol (IGMP)
  - Understanding Distance Vector Multicast Routing Protocol (DVMRP)
    - Overview
    - DVMRP Support on Extreme Networks Devices
  - Understanding PIM
- Configuring Multicast
MSDP Configuration
- MSDP Overview
  - Source Active Messages
  - MSDP Mesh Groups
- Configuring MSDP
  - MSDP Display Commands
  - Example MSDP Configuration
- Configuring Anycast RP in MSDP
Multi-Topology Configuration
- Multiple Topology Overview
- Configuring a Multicast Topology
Multicast Listener Discovery (MLD) Configuration
- Using MLD in Your Network
- Implementing MLD
- Understanding MLD
  - MLD Support on Extreme Networks Devices
  - Example: Sending a Multicast Stream
- Configuring MLD
System Logging Configuration
- Using Syslog in Your Network
  - Syslog On S- K- and 7100-Series Switches
- Syslog Overview
- Configuring Syslog
Network Monitoring Configuration
- Using Network Monitoring in Your Network
- Network Monitoring Overview
- Configuring Network Monitoring
NetFlow Configuration
- Using NetFlow in Your Network
- Implementing NetFlow
- Understanding Flows
  - Flow Expiration Criteria
  - Deriving Information from Collected Flows
- Configuring NetFlow on the S- and K-Series
- Terms and Definitions
- NetFlow Version 5 Record Format
- NetFlow Version 9 Templates
Connectivity Fault Management Configuration
- How to Use Connectivity Fault Management in Your Network
- Connectivity Fault Management Overview
- Implementing Connectivity Fault Management
- Configuring CFM at the Global System Level
  - CFM Logging Filtering
  - VLAN Table Configuration
- Activating CFM Configuration
- Configuring a Maintenance Domain (MD)
- Configuring a Maintenance Association (MA)
- Configuring a Maintenance End-Point (MEP)
- CFM Loopback and Linktrace Protocols
  - The CFM Loopback Protocol
  - The CFM Linktrace Protocol
- Configuring Connectivity Fault Management
- Single MD Configuration Example
- Multiple MD Configuration Example
- Terms and Definitions
Virtual Routing and Forwarding (VRF) Configuration
- Using VRF in Your Network
- Implementing VRF
- VRF Overview
- Configuring VRF
- Terms and Definitions
IP Routing Configuration
- The Router
  - Entering Router Configuration
  - Display Router Configuration
- The Routing Interface
- IP Static Routes
  - Traffic Forwarding IP Static Routes (S-, K-Series)
    - Traffic Forwarding IPv4 Static Route Examples
  - Traffic Non-Forwarding IP Static Routes
    - Traffic Non-Forwarding IP Static Route Examples
- IPv6 Neighbor Discovery
- Configuring IPv6 Neighbor Discovery
- The ARP Table
- IP Broadcast (S-, K-Series)
- Router Management and Information Display
- IP Debug (S-, K-Series)
- Terms and Definitions
Tunneling Configuration
- How to Use Tunneling in Your Network
- Implementing Tunneling
- Tunneling Overview
- Configuring Tunneling
- Tunnel Configuration Example
  - Configuration Example Packet Transit Discussion
  - Configuration Example CLI Input
- Terms and Definitions
Layer 3 Virtual Private Network (VPN) Configuration
- How to Use Layer 3 VPN in Your Network
  - L3 VPN using L3 Tunnels or Native MPLS
  - L3 VPN over SPBV
- Implementing Layer 3 VPN using L3 Tunneling
- Implementing Layer 3 VPN using Native MPLS Tunneling
- Implementing Layer 3 VPN over SPBV
- Layer 3 VPN Overview
- Configuring Layer 3 VPN
- L3 VPN Using L3 Tunnels or Native MPLS Example Configuration
- L3 VPN Over SPBV Example Configuration
- Terms and Definitions
Routing Information Protocol (RIP) Configuration
- Using RIP in Your Network
- RIP Overview
  - Configuring RIP Authentication
  - Configuring RIP Offset
- Configuring RIP
- Terms and Definitions
Routing Information Protocol Next Generation (RIPng) Configuration
- Using RIPng in Your Network
- RIPng Configuration Overview
- Configuring RIPng
- Terms and Definitions
Open Shortest Path First (OSPFv2) Configuration
- Using the OSPF Protocol in Your Network
- Implementing OSPF
- OSPF Overview
- Configuring OSPF
  - Default Settings
Open Shortest Path First Version 3 (OSPFv3) Configuration
- Using the OSPFv3 Protocol in Your Network
- Implementing OSPFv3
- OSPFv3 Configuration Overview
- OSPFv3 Configuration Details
  - Default Settings
Intermediate System To Intermediate System (IS-IS) Configuration
- Using IS-IS in Your Network
- Implementing IS-IS
- IS-IS Configuration Overview
- Configuring IS-IS
- Terms and Definitions
RADIUS-Snooping Configuration
- Using RADIUS-Snooping in Your Network
- Implementing RADIUS-Snooping
- RADIUS-Snooping Overview
  - RADIUS-Snooping Configuration
  - RADIUS-Snooping Management
  - RADIUS Session Attributes
- Configuring RADIUS-Snooping
- RADIUS-Snooping Configuration Example
  - Configure the Distribution-tier Switch
  - Managing RADIUS-Snooping on the Distribution-tier Switch
- Terms and Definitions
Border Gateway Protocol (BGP) Configuration
- Using BGP in Your Network
- Implementing BGP
- BGP Overview
- Configuring BGP
- Terms and Definitions
Network Address Translation (NAT) Configuration
- Using Network Address Translation in Your Network
- Implementing NAT
- NAT Overview
- Configuring NAT
- NAT Configuration Examples
- Terms and Definitions
Load Sharing Network Address Translation (LSNAT) Configuration
- Using LSNAT on Your Network
- Implementing LSNAT
- LSNAT Overview
- Configuring LSNAT
- LSNAT Configuration Example
- Terms and Definitions
Transparent Web Cache Balancing (TWCB) Configuration
- Using Transparent Web Cache Balancing (TWCB) on Your Network
- Implementing TWCB
- TWCB Overview
  - The Server Farm
  - The Cache Server
    - Cache Server Weight
    - Fail Detection
  - The Web Cache
  - The Outbound Interface
  - The Switch and Router
    - The TWCB Binding
  - TWCB Source and Destination NAT
    - TWCB Destination NAT
    - TWCB Source NAT
- Configuring TWCB
- TWCB Configuration Example
Virtual Router Redundancy Protocol (VRRP) Configuration
- Using VRRP in Your Network
- Implementing VRRP in Your Network
- VRRP Overview
- Configuring VRRP
- VRRP Configuration Examples
  - Basic VRRP Configuration Example
  - Multiple Backup VRRP Configuration Example
- Terms and Definitions
Security Configuration
- Using Security Features in Your Network
- Implementing Security
- Security Overview
- Configuring Security
Flow Setup Throttling Configuration
- Using Flow Setup Throttling in Your Network
- Implementing Flow Setup Throttling
- Flow Setup Throttling Overview
- Configuring Flow Setup Throttling
- Flow Setup Throttling Configuration Example
  - Switch 1 Configuration
  - Switch 2 Chassis Configuration
- Terms and Definitions
Route-Map Manager Configuration
- Using Route-Map Manager in Your Network
- Implementing Route-Maps
- Route-Map Manager Overview
- Configuring Route-Map Manager
- Route-Map Manager Configuration Examples
- Terms and Definitions
S- and K-Series L3 and L2 Access Control List Configuration
- Using Access Control Lists (ACLs) in Your Network
- Implementing ACLs
- ACL Overview
- Configuring ACLs
- Terms and Definitions
7100-Series Access Control List Configuration
- Using Access Control Lists (ACLs) in Your Network
- Implementing ACLs
- ACL Overview
- Configuring ACLs
- Terms and Definitions
Quality of Service (QoS) Configuration
- Using Quality of Service in Your Network
- Implementing Quality of Service
- Quality of Service Overview
- Understanding QoS Configuration on the S- K- and 7100-Series
- The QoS CLI Command Flow
- QoS Configuration Example (S-, K-Series)
- Terms and Definitions
Anti-Spoofing Configuration
- Anti-Spoofing Feature Overview
- Implementing Anti-Spoofing in Your Network
  - Using DHCP Snooping Only
    - Using DAI, IP Source Guard, and Duplicate IP Detection
- Anti-Spoofing Configuration
  - Overview
    - Port Classes
    - Managing the Binding Database
  - Configuration Examples
    - Code Example
Authentication Configuration
- Using Authentication in Your Network
- Implementing User Authentication
- Authentication Overview
- Configuring Authentication
- Authentication Configuration Example
- Terms and Definitions
IEEE 802.1x MACsec Authentication
- MACsec Overview
- Configuring IEEE 802.1x MACsec Authentication (S-, 7100-Series)
OpenFlow
- OpenFlow Overview
- OpenFlow Limitations
- OpenFlow Security
  - Generating Transport Layer Security (TLS) Private Keys
  - Certificate Revocation Checking Not Supported
- Configuring OpenFlow
Glossary
- A
- B
- C
- D
- E
- F
- G
- H
- I
- J
- L
- M
- N
- O
- P
- Q
- R
- S
- T
- U
- V
- W
- X

Implementing Public-Key Infrastructure

To implement Public-Key Infrastructure:

Add one or more PEM formatted CA certificates to a certificate list.
Configure OCSP with a list of trusted CA certificates used to verify OCSP response signatures.
Optionally, configure an alternate OCSP responder (OCSR) URL for the OCSR used to check revocation status.
Perform one, but not both, of the following:
- Restrict the system to a single specified authorization credential which must be shared by all users.
- Configure a dynamic extracted username from the X.509 certificate subject field.
Configure the SSH server for PKI (see Configuring Secure Shell).

Published May 2016prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback