Extreme NetIron Configuration Guide for Common Criteria NDcPP 2.1
> About This Document
Published July 2021
Search this document
Print this page
Email this page
View PDF
Previous
Next
Preface
Text Conventions
Documentation and Training
Help and Support
Send Feedback
About This Document
Supported hardware and software
What's new in this document
Common Criteria Certification
Common Criteria overview
Establishing a serial connection
Setting the Management IP address of the Device
Device Access
Password Requirements
Features unavailable in Common Criteria mode
Enabling Common Criteria mode
Entering Common Criteria Administrative mode
Entering Common Criteria Operational mode
Displaying Common Criteria information
Downloading firmware from Extreme's website
Simplified firmware upgrade
Extreme NetIron MLX Series single-command (full-system) upgrade
Extreme NetIron CER single-command (full-system) upgrade
Step 1: Download Manifest file and Validation
Step 2: Download File Images
Downloading the images
Sample output of the Simplified upgrade
Firmware Version Installed
Setting System Time and Date
Banner commands
Configuring authentication in the devices
TLS client mode: Authenticating server certificate
OCSP support for TLS
Configuring SSH session rekey interval by volume and time
Syslog configuration
Encrypted Syslog servers in Common Criteria mode
AAA servers in Common Criteria mode
Downgrading from Common Criteria mode to non-FIPS mode
OpenSSL License
OpenSSL license overview
Appendix A - Audit Log Entries
Audit Logs
TLS-related audit log entries
OCSP and Certificate-related Audit Log entries
SSH related audit log entries
Certificate audit log entries
Other Entries
Appendix B - Self-Test Messages
Self-Test Message from the Console
Appendix C - Configuring an external Syslog Server with TLS support
External Syslog server overview
Setting up stunnel
Creating a certificate with the OpenSSL toolkit
Creating a configuration file
Changing the stunnel4 startup file
Restarting the stunnel service
Configuring rsyslog
Enabling accepting remote logs
Restarting rsyslog service
Printing log messages
Requirements for valid trusted certificates used with TLS applications
Appendix D - Radius Server with TLS Support
Configuring FreeRADIUS with TLS support
About This Document
