Dell EMC Networking Enable HTTPS/SSH and disable HTTP/Telnet for switch management on Legacy PowerConnect 7000 and N series switches.

Summary: How to restrict management access to HTTPS and SSH on PowerConnect 7000.

Article Content


Instructions

This article provides the steps necessary to restrict management access to HTTPS and SSH on PowerConnect 7000.

 
This procedure assumes:

  • The switch is already configured with an IP address and is reachable within the network.
  • There is an account created with Privilege Level 15. To verify this, use the command "show users accounts".


For newer N-Series switches and additional management options, please see HOW10399
 

1)  Connect to the switch via CLI


2)  The 7000 series requires a Privileged Exec (Enable) mode password for telnet/SSH management. Failure to set this password may result in severely limited CLI management ability. Add an enable password:
  • console>enable
  • console#config
  • console(config)#enable password MYPASSWORD


3)  To enable SSH, enter the following commands:

  • console(config)#crypto key generate rsa
  • console(config)#crypto key generate dsa
  • console(config)#ip ssh server

If you are having issues with specific commands, ensure you are running the latest firmware version. 
 

HOW10444_en_US__1icon Before disabling either telnet or HTTP access, verify SSH or HTTPS access.

 
4)  To disable telnet, run: 

  • console(config)# ip telnet server disable


5)  To enable HTTPS, enter the following commands"

  • console(config)# crypto certificate 1 generate
  • console(config-crypto-cert)#key-generate <512-2048>
  • console(config-crypto-cert)#exit
  • console(config)# ip http secure-certificate <1 - 2> Instance of the certificate to be activated.
  • console(config)# ip http secure-server

This system is capable of the generation and storage of 2 certificates.To generate the second key, replace the number 1 with 2.To activate the second key, use (config)# ip http secure-certificate 2.


6)  To disable HTTP, enter:

  • console(config)# no ip http server


7)  After verifying connectivity via SSH or HTTPS, save the configuration by entering:

  • console#copy running-config startup-config
 
HOW10444_en_US__2icon After completing these steps, you can expect to receive errors about certificate authenticity. This is due to the certificates and keys being self-generated. This is not an error.

 

For newer N-Series switches and additional management options, please see HOW10399
 


Article Properties


Affected Product

Networking, PowerSwitch N2000 Series, PowerSwitch N3000 Series, PowerSwitch N4000 Series, PowerConnect 7024, PowerConnect 7024F, PowerConnect 7024P, PowerConnect 7048, PowerConnect 7048P, PowerConnect 7048R

Last Published Date

21 Feb 2021

Version

3

Article Type

How To

Rate This Article


Accurate
Useful
Easy to Understand
Was this article helpful?

0/3000 characters