Configure Remote Attestation

For Remote Attestation to work, Measured Boot must be enabled. To learn more about Measured Boot, see Measured Boot in this document.

Note

Note

Remote Attestation is supported on Extreme 8720 and Extreme 8520 devices.

To configure Remote Attestation do the following:

  1. Navigate into the configuration mode 
    SLX # configure terminal
SLX (config)#
  2. Enable Measured Boot. 
    SLX (config)# measure-boot enable
SLX (config)#
  3. Enter the Remote Attestation configuration mode. 
    SLX (config)# remote-attestation 
SLX (config-remote-attestation)#
  4. Configure the remote Remote Attestation server first. Here you will configure the settings for the VRF that will be used to access the Remote Attestation server. 
    SLX (config-remote-attestation)# registrar-server 10.1.1.1 use-vrf default-vrf 
SLX (config-remote-attestation-10.1.1.1/default-vrf)#
  5. Configure the port on which the Remote Attestation server is listening. This configuration is done on the VRF configured in the previous step. 
    SLX (config-remote-attestation-10.1.1.1/default-vrf)# registrar-port 
SLX (config-remote-attestation-10.1.1.1/default-vrf)#
    The default port is 8890. If your Remote Attestation server is listening on another port, enter that port number here. Valid values are in the range 0-65535.
  6. Exit out of registrar-server configuration mode. 
    SLX (config-remote-attestation-10.1.1.1/default-vrf)# exit
SLX (config-remote-attestation) #
  7. Configure the Remote Attestation Agent UUID. 
    SLX(config-remote-attestation)# agent-uuid ?
SLX (config-remote-attestation) #
Possible completions:
	<1-100>   UUID of the device.[auto]
    The show remote-attestation status displays UUID status.
  8. Configure the Remote Attestation listening port. 
    SLX(config-remote-attestation)# agent-port ?
SLX (config-remote-attestation) #
Possible completions:
  <Choose the port number in the range 0 - 65535>
   SLX(config-remote-attestation)# agent-port
    The Remote Attestation agent is configured to listen on port 9002 by default. If your Remote Attestation agent is listening on a different port, configure that port here. Port can be in the range 0-65535.
  9. Enable the Remote Attestation agent. 
     SLX (config-remote-attestation) # agent-enable
SLX (config-remote-attestation) #
  10. Exit out of the Remote Attestation configuration mode. 
    SLX (config-remote-attestation) # exit
SLX (config)#
  11. Exit out of the Global Configuration mode. 
    SLX (config)# exit
SLX #
9037776-00 Rev AA