These sections discuss various ways that data is collected and presented.
Status reports are sent either in encrypted or clear text. By default, this is determined by the installation of the SSL module. If the SSL module is installed, the status report is sent using an SSL over TCP session in encrypted text. Otherwise, the status report is sent over a regular TCP session in clear text. You can disable the SSL transport even if the SSL module is installed by using the configure tech-support collector [hostname | ip_address] tcp-port port {vr vr_name} {from source_ip_address} {ssl [on | off]} command.
For security reasons, status reports are never pushed from a collector out to a switch. The switch always pushes status reports to a collector. The first release of the tech-support application supports local configuration only. The switch pushes status reports to a collector based solely on the local configuration.
The status report format is the output of the show tech-support command. You can limit the amount of information in the report using the data-set configuration parameter. Two data-sets are available in the first release. With SSH, we recommend that you configure the data-set as detail to include all output of the show tech-support command in the switch status report. Without SSH, we recommend that you configure the data-set as summary to include certain output of the show tech area command in the switch status report for just a few critical areas, such as general, config, log, VLAN (Virtual LAN), and EPM.
You can also configure when the switch sends a status report. The switch can send a report based on a critical severity event occurrence, daily, at boot-up, or manually when directed by the network administrator. Because of the amount of information that can be transmitted, automatic status reports are sent no more frequently than one report per hour. When a series of critical severity events occurs, only the first one triggers the switch to send status reports. All other critical severity events that occur within one hour after the first critical severity event are ignored.
When SSL is enabled, the switch can authenticate the collector during the SSL handshake by verifying whether the collector‘s certificate is issued by one of switch‘s trusted Certificate Authorities (CA). In this case, the switch has to know the CA that issued the collector certificate.
When SSL is enabled, the collector can also authenticate the switch during the SSL handshake by requesting that the switch send the certificate, and then verify that the switch‘s certificate is issued by one of collector‘s trusted CAs. In this case, the switch has to have a certificate, and the collector has to know the CA that issued the switch the certificate.
To keep the required configuration minimal, the ExtremeXOS 15.4 release of the tech-support application does not perform authentications. The switch does not verify that the collector is a valid, authorized server before the transmission. The collector does not verify that received status reports are transmitted from a valid, authorized device either.