HP StorageWorks 2/128 HP StorageWorks SAN Director 2/128 Fabric OS V4.2.x Rele - Page 18

Security: SSH login, Security: SLAP counter

Get HP StorageWorks 2/128 - SAN Director Switch PDF manuals and user guides View all HP StorageWorks 2/128 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 18 highlights

Important Notes Table 5: Fabric OS Area Information (Continued) Fabric OS Area Security: PKICERT utility, installing certificates Security: selectelnet Security: secure mode Security: secure mode, passwd Telnet Security: SLAP counter Security: SSH login Description PKICERT v1.0.6 is the most current version of the PKICERT utility. When running the PKICERT utility to install switch certificates in a fabric that did not previously contain switch certificates and now includes a SAN Director 2/128, select the option to specify that certificates are installed on only those switches that do not currently contain certificates. SAN Director 2/128s are delivered with switch certificates preinstalled. Switches that were originally shipped with Fabric OS v2.5, v3.0, and v4.0 and have never installed and enabled Secure Fabric OS do not have certificates installed. If you need to reinstall switch certificates in a SAN Director 2/128, follow these guidelines: ■ The host running PKICERT v1.0.6 must be connected to a proxy switch running Fabric OS v2.6.2, v3.1.2, or v4.2. ■ All switches in the fabric other than the SAN Director 2/128 can run v2.6.1, v3.1, v4.1 or newer firmware. If you try to log in to a switch through a sectelnet client while that switch is in the process of either booting or shutting down, you might see the message, Random number generation failed. The message is printed by the sectelnet client because the switch Telnet service is not running (the service has either already been shut down (if the switch is shutting down), or is not yet established (if the switch is booting). If the switch is booting, wait a few seconds and try again. If an upgrade from Fabric OS v4.0 to v4.1 or v4.2 is performed, followed by a downgrade to Fabric OS v4.0 and upgrade back to Fabric OS v4.1 or v4.2, the switch password state is reset and prompts the user for new secure mode passwords. CAUTION: Using the passwd Telnet command in secure mode to change the password results in all sessions using that password being logged out, including the session that changed the password. This is expected behavior. The session terminates if you change the password in secure mode. The SLAP counter is designed to work when all the switches in the fabric are in secure mode. All the switches in the fabric must be in secure mode for accurate SLAP statistics. To properly connect SSH login, wait for secure mode to complete before rebooting or performing HA failover on the SAN Director 2/128. If secure mode is enabled and a reboot occurs before secure mode completes, SSH login does not connect and goes to the wrong MAC address, because the active CP changes after an HA failover. 18 SAN Director 2/128 Fabric OS 4.2.x Release Notes

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
Important Notes
18
SAN Director 2/128 Fabric OS 4.2.x Release Notes
Security: PKICERT
utility, installing
certificates
PKICERT v1.0.6 is the most current version of the PKICERT utility.
When running the PKICERT utility to install switch certificates in a fabric that
did not previously contain switch certificates and now includes a SAN
Director 2/128, select the option to specify that certificates are installed on
only those switches that do not currently contain certificates. SAN Director
2/128s are delivered with switch certificates preinstalled. Switches that
were originally shipped with Fabric OS v2.5, v3.0, and v4.0 and have
never installed and enabled Secure Fabric OS do not have certificates
installed.
If you need to reinstall switch certificates in a SAN Director 2/128, follow
these guidelines:
The host running PKICERT v1.0.6 must be connected to a proxy
switch running Fabric OS v2.6.2, v3.1.2, or v4.2.
All switches in the fabric other than the SAN Director 2/128 can
run v2.6.1, v3.1, v4.1 or newer firmware.
Security: selectelnet
If you try to log in to a switch through a sectelnet client while that switch is in
the process of either booting or shutting down, you might see the message,
Random number generation failed
. The message is printed by the
sectelnet client because the switch Telnet service is not running (the service
has either already been shut down (if the switch is shutting down), or is not
yet established (if the switch is booting). If the switch is booting, wait a few
seconds and try again.
Security: secure mode
If an upgrade from Fabric OS v4.0 to v4.1 or v4.2 is performed, followed
by a downgrade to Fabric OS v4.0 and upgrade back to Fabric OS v4.1 or
v4.2, the switch password state is reset and prompts the user for new secure
mode passwords.
Security: secure mode,
passwd Telnet
CAUTION: Using the
passwd
Telnet command in secure mode to change
the password results in all sessions using that password being logged out,
including the session that changed the password.
This is expected behavior. The session terminates if you change the
password in secure mode.
Security: SLAP counter
The SLAP counter is designed to work when all the switches in the fabric are
in secure mode. All the switches in the fabric must be in secure mode for
accurate SLAP statistics.
Security: SSH login
To properly connect SSH login, wait for secure mode to complete before
rebooting or performing HA failover on the SAN Director 2/128. If secure
mode is enabled and a reboot occurs before secure mode completes, SSH
login does not connect and goes to the wrong MAC address, because the
active CP changes after an HA failover.
Table 5:
Fabric OS Area Information (Continued)
Fabric OS Area
Description