description description-string
no description
config>system>security>mgmt-access-filter>ip-filter>entry
config>system>security>mgmt-access-filter>ipv6-filter>entry
config>sys>security>keychain>direction>bi>entry
config>system>security>keychain>direction>uni>receive>entry
config>system>security>keychain>direction>uni>send>entry
config>system>security>user>public-keys>ecdsa>ecdsa-key
config>system>security>user>public-keys>rsa>rsa-key
Supported on all 7210 SAS platforms as described in this document
The config>system>security>mgmt-access-filter>ipv6-filter>entry context is not supported on the 7210 SAS-K 2F1C2T.
This command associates a text string with a configuration context to help identify the context in the configuration file.
The no form of this command removes the string.
Specifies the description character string. Allowed values are any string up to 80 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
[no] shutdown
config>system>security>mgmt-access-filter
config>system>security>keychain>direction>bi>entry
config>system>security>keychain>direction>uni>receive>entry
config>system>security>keychain>direction>uni>send>entry
Supported on all 7210 SAS platforms as described in this document
The shutdown command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.
The no form of this command puts an entity into the administratively enabled state.
no shutdown
security
config>system
Supported on all 7210 SAS platforms as described in this document
Commands in this context configure security settings.
Security commands manage user profiles and user membership. Security commands also manage user login registrations.
[no] ftp-server
config>system>security
Supported on all 7210 SAS platforms as described in this document
This command enables FTP servers running on the system.
FTP servers are disabled by default. At system startup, only SSH servers are enabled.
The no form of this command disables FTP servers running on the system.
hash-control [read-version {1 | 2 | all}] [write-version {1 | 2}]
no hash-control
config>system>security
Supported on all 7210 SAS platforms as described in this document
If the user executes a save or info command, the system encrypts all passwords, for example, MD5 keys, for security reasons. At present, two algorithms exist.
The first algorithm is a simple, short key that can be copied and pasted in a different location when the user wants to configure the same password. However, because it is the same password and the hash key is limited to the password/key, even the casual observer will notice that it is the same key.
The second algorithm is a more complex key, and cannot be copied and pasted in different locations in the configuration file. In this case, if the same key or password is used repeatedly in different contexts, each encrypted (hashed) version is different.
hash-control read-version all
When the read-version is configured as ‟all,” both versions 1 and 2 are accepted by the system. Otherwise, only the selected version is accepted when reading configuration or exec files. The presence of incorrect hash versions aborts the script/startup.
Selects the hash version that is used the next time the configuration file is saved (or an info command is executed). Be careful to save the read and write version correctly, so that the file can be properly processed after the next reboot or exec.
source-address
config>system>security
Supported on all 7210 SAS platforms as described in this document
This command specifies the source address that should be used in all unsolicited packets sent by the application.
This feature only applies on in-band interfaces and does not apply on the out-band management interface. Packets going out the management interface will keep using that as the source IP address. That is, when the RADIUS server is reachable through both the management interface and a network interface, the management interface is used despite what is configured under the source-address statement.
application app [ip-int-name | ip-address]
no application app
config>system>security>source-address
Supported on all 7210 SAS platforms as described in this document
This command specifies the application to use the source IP address specified by the source-address command.
Specifies the application name.
Specifies the name of the IP interface and IP address. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
[no] telnet-server
config>system>security
Supported on all 7210 SAS platforms as described in this document
This command enables Telnet servers running on the system.
Telnet servers are off by default. At system startup, only SSH servers are enabled.
Telnet servers in networks limit Telnet clients to three attempts to login. The Telnet server disconnects the Telnet client session after three attempts.
The no form of this command disables Telnet servers running on the system.