description description-string
no description
config>system>security>mgmt-access-filter>ip-filter>entry config>system>security>mgmt-access-filter>ipv6-filter>entry
config>sys>security>keychain>direction>bi>entry
config>system>security>keychain>direction>uni>receive>entry
config>system>security>keychain>direction>uni>send>entry
config>system>security>user>public-keys>ecdsa>ecdsa-key
config>system>security>user>public-keys>rsa>rsa-key
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode
This command creates a text description stored in the configuration file for a configuration context.
This command associates a text string with a configuration context to help identify the context in the configuration file.
The no form of this command removes the string.
The description character string. Allowed values are any string up to 80 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
[no] shutdown
config>system>security>mgmt-access-filter
config>system>security>keychain>direction>bi>entry
config>system>security>keychain>direction>uni>receive>entry
config>system>security>keychain>direction>uni>send>entry
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.
The no form of this command puts an entity into the administratively enabled state.
no shutdown
security
config>system
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
Commands in this context configure security settings.
Security commands manage user profiles and user membership. Security commands also manage user login registrations.
[no] ftp-server
config>system>security
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This command enables FTP servers running on the system.
FTP servers are disabled by default. At system startup, only SSH server are enabled.
The no form of this command disables FTP servers running on the system.
no ftp-server
hash-control [read-version {1 | 2 | all}] [write-version {1 | 2}]
no hash-control
config>system>security
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This command enables the system to encrypt all passwords, MD5 keys, and so on using specific algorithms.
Whenever the user executes a save or info command, the system will encrypt all passwords, MD5 keys, and so on for security reasons. At present, two algorithms exist.
The first algorithm is a simple, short key that can be copied and pasted in a different location when the user needs to configure the same password. However, because it is the same password and the hash key is limited to the password/key, even the casual observer will notice that it is the same key.
The second algorithm is a more complex key, and cannot be copied and pasted in different locations in the configuration file. In this case, if the same key or password is used repeatedly in different contexts, each encrypted (hashed) version will be different.
all
Both versions 1 and 2 will be accepted by the system. Otherwise, only the selected version will be accepted when reading configuration or exec files. The presence of incorrect hash versions will abort the script/startup.
Select the hash version that will be used the next time the configuration file is saved (or an info command is executed). Be careful to save the read and write version correctly, so that the file can be properly processed after the next reboot or exec.
source-address
config>system>security
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
Commands in this context specify the source address that should be used in all unsolicited packets sent by the application.
This feature only applies on in-band interfaces and does not apply on the out-band management interface. Packets going out the management interface will keep using that as the source IP address. That is, when the RADIUS server is reachable through both the management interface and a network interface, the management interface is used despite whatever is configured under the source-address statement.
application app [ip-int-name | ip-address]
no application app
config>system>security>source-address
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This command specifies the application to use the source IPv4 address specified by the source-address command.
Specifies the application name.
Specifies the name of the IP interface and IP address. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
application6 app [ipv6-address]
no application6 app
config>system>security>source-address
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This command specifies the application to use the source IPv6 address specified by the source address.
Specifies the application name.
Specifies the name of the IPv6 address.
[no] telnet-server
config>system>security
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This command enables Telnet servers running on the system.
Telnet servers are off by default. At system startup, only SSH servers are enabled.
Telnet servers in networks limit a Telnet client to three login attempts. The Telnet server disconnects the Telnet client session after the third attempt.
The no form of this command disables Telnet servers running on the system.