English dropdown-ico

Manual Cisco Systems OL-5650-02

122 pages 1.14 mb
Download

Go to site of 122

Summary
  • Cisco Systems OL-5650-02 - page 1

    Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Cisco Content S er vices S witc h S ecurity Conf iguration Guide Sof twa re V er sion 7 .50 Marc h 2005 Text Part Number: O L-5650-02 ...

  • Cisco Systems OL-5650-02 - page 2

    THE SPECIFICA T IONS AND INFORMA TION REGARDING THE PRODUCTS IN THIS MAN U AL ARE SUBJECT TO CHANGE WITHOUT NO TICE. ALL ST A TEMENTS, INFORMA TION, AND RECOMMENDA TION S IN THIS MANUAL ARE BELIEVED T O BE A CCURA TE BUT ARE PRESENTED WITHOUT W ARRANTY OF ANY KIND, EX PRESS OR IMPLIED. USERS MUST T AKE FULL RESPONSIBILITY FO R THEIR APPLICA TION OF ...

  • Cisco Systems OL-5650-02 - page 3

    iii Cisco Content Services Switch Security Configuration Guide OL-5650-02 CONTENTS Preface xi Audience xii How to Use This Guide xii Related Documentation xiii Symbols and Conventions xvi Obtaining Documentation xvii Cisco.com xvii Documentation DVD xviii Ordering Documentation xviii Documentation Feedback xviii Cisco Product Security Overview xix ...

  • Cisco Systems OL-5650-02 - page 4

    Contents iv Cisco Content Services Switch Security Configuration Guide OL-5650-02 Controlling Admi nistrative Access to the CSS 1-10 Enabling Administrativ e Access to the CSS 1-10 Disabling Administrative Access to the CSS 1-11 Controlling CSS Network Traffic Through Access Control Lists 1-12 ACL Overview 1-13 ACL Configuration Quick Start 1-15 Cr ...

  • Cisco Systems OL-5650-02 - page 5

    v Cisco Content Services Switch Security Configuration Guide OL-5650-02 Contents Configuring SSHD in the CSS 2-3 Configuring SSHD Keepalive 2-3 Configuring SSHD Port 2-4 Configuring SSHD Server-Keybits 2-4 Configuring SSHD Version 2-5 Configuring Telnet Access When Using SSHD 2-6 Showing SSHD Configurations 2-6 CHAPTER 3 Configuring the CSS as a Cl ...

  • Cisco Systems OL-5650-02 - page 6

    Contents vi Cisco Content Services Switch Security Configuration Guide OL-5650-02 Setting the Global TACACS+ Keepalive Fre quency 4-7 Defining a TACACS+ Server 4-8 Setting TACACS+ Authorization 4-11 Sending Full CSS Commands to the TACACS+ Server 4-12 Setting TACACS+ Acco unting 4-13 Showing TACACS+ Server Configuration Information 4-14 CHAPTER 5 C ...

  • Cisco Systems OL-5650-02 - page 7

    vii Cisco Content Services Switch Security Configuration Guide OL-5650-02 FIG UR ES Figure 1-1 CSS Directory Access Privileges 1-5 Figure 1-2 ACLs Enabled o n the CSS 1-14 Figure 5-1 Example of FWLB 5-9 Figure 5-2 FWLB with VIP/Interface Redundancy Configuration 5-11 ...

  • Cisco Systems OL-5650-02 - page 8

    Figures viii Cisco Content Services Switch Security Configuration Guide OL-5650-02 ...

  • Cisco Systems OL-5650-02 - page 9

    ix Cisco Content Services Switch Security Configuration Guide OL-5650-02 TABLES T able 1-1 ACL Configuration Quick Start 1-16 T able 1-2 Clause Command Option s 1-21 T able 1-3 Field Descriptions for the show acl Command Output 1-31 T able 1-4 Field Descriptions for the show nql Command Output 1-38 T able 2-1 Field Descriptions for the show sshd co ...

  • Cisco Systems OL-5650-02 - page 10

    Tables x Cisco Content Services Switch Security Configuration Guide OL-5650-02 ...

  • Cisco Systems OL-5650-02 - page 11

    xi Cisco Content Services Switch Security Configuration Guide OL-5650-02 Preface This guide provides in structions fo r configuring the securi ty features of th e Cisco 11500 Series Co ntent Services Switches (CSS). Information in this guide applies to all CSS models except where noted . The CSS software is a vailable in a Stan dard or optional Enh ...

  • Cisco Systems OL-5650-02 - page 12

    Preface Audience xii Cisco Content Services Switch Security Configuration Guide OL-5650-02 Audience This guide is intended for the follo wing trained and qualif ied service personnel who are responsible for conf iguring the CSS: • We b m a s t e r • System adminis trator • System operator How to Use This Guide This guide is or ganized as foll ...

  • Cisco Systems OL-5650-02 - page 13

    xiii Cisco Content Services Switch Security Configuration Guide OL-5650-02 Preface Related Documentation Related Documentation In addition to thi s guide, the Content Se rvices Switch docume ntation includes the follo wing publications. Document T itle Description Release Note for the Cisco 11500 Series Content Services Switc h This release note pr ...

  • Cisco Systems OL-5650-02 - page 14

    Preface Related Do cumentation xiv Cisco Content Services Switch Security Configuration Guide OL-5650-02 Cisco Conte nt Services Switch Adm inistrati on Guide This guide de scribes how to perform adm inistrative tasks on the CSS, including upg rading your CSS software and co nfigu ring the follo wing: • Logging, includi ng displaying log messages ...

  • Cisco Systems OL-5650-02 - page 15

    xv Cisco Content Services Switch Security Configuration Guide OL-5650-02 Preface Related Documentation Cisco Conte nt Services Switch Cont ent Load-Balancing Conf iguratio n Guide This guide describes ho w to perform CSS content load-balancing configur ation tasks, in cluding: • Flo w and port mapping • Services • Service, global, and script ...

  • Cisco Systems OL-5650-02 - page 16

    Preface Symbols and Conventions xvi Cisco Content Services Switch Security Configuration Guide OL-5650-02 Symbols and Conventions This guide u ses the fol lowing symbols and conv entions to identify d if ferent ty pes of informatio n. Caution A caution means that a specific action you take co uld cause a loss of data or adversely impact use of the ...

  • Cisco Systems OL-5650-02 - page 17

    xvii Cisco Content Services Switch Security Configuration Guide OL-5650-02 Preface Obtaining Documentation Courier text indicates text that appears on a command line, including the CLI prompt. Courier bold text indicates commands and te xt you enter in a command line. Italics text indicates the first occurrence of a ne w term, book title, emphasize ...

  • Cisco Systems OL-5650-02 - page 18

    Preface Documentation Feedba ck xviii Cisco Content Services Switch Security Configuration Guide OL-5650-02 Documentation DVD Cisco documentation and additi onal litera ture are a vailable in a Documentation D VD package, which m ay hav e shipped w ith your produc t. The Document ation D VD is updated regularly an d may be more current than pri nte ...

  • Cisco Systems OL-5650-02 - page 19

    xix Cisco Content Services Switch Security Configuration Guide OL-5650-02 Preface Cisco Product Security O verview Y ou can submit comments by using th e response card (if present) behind the front cov e r of your document or b y writing to the follo wing address: Cisco Systems Attn: Customer Document Or dering 170 W est T asman Driv e San Jose, CA ...

  • Cisco Systems OL-5650-02 - page 20

    Preface Obtaining Technical Assistance xx Cisco Content Services Switch Security Configuration Guide OL-5650-02 • Nonemergencies — psirt@cisco.com Ti p W e encourage you to use Pretty Good Pri vac y (PGP) or a compatible produ ct to encrypt any sensiti ve information that you send to Cisco. PSIR T can work from encrypted information that is com ...

  • Cisco Systems OL-5650-02 - page 21

    xxi Cisco Content Services Switch Security Configuration Guide OL-5650-02 Preface Obtaining Techn ical Assistance Access to all tools on the Cisco T echni cal Support W ebsite requires a Cisco.com user ID and password. If you hav e a valid service contract b ut do not hav e a user ID or password, you can re gister at this URL: http://tools.cisco.co ...

  • Cisco Systems OL-5650-02 - page 22

    Preface Obtaining Additional Publ ications and Information xxii Cisco Content Services Switch Security Configuration Guide OL-5650-02 For a complete list of Cisco T A C contacts, go to this URL: http://www .cisco.com/t echsupport/contacts Definitions of Service Request Severity T o ensure that all service req uests are reported in a standard format ...

  • Cisco Systems OL-5650-02 - page 23

    xxiii Cisco Content Services Switch Security Configuration Guide OL-5650-02 Preface Obtaining Additional Public ations and Information • Pa c k e t magazine is the C isco System s technical user magazine for maximizing Internet and netw orking in vestments. Each quarter , Packet deli vers co verage of the latest industry trends, tech nology break ...

  • Cisco Systems OL-5650-02 - page 24

    Preface Obtaining Additional Publ ications and Information xxiv Cisco Content Services Switch Security Configuration Guide OL-5650-02 ...

  • Cisco Systems OL-5650-02 - page 25

    CH A P T E R 1-1 Cisco Content Services Switch Security Configuration Guide OL-5650-02 1 Controlling CSS Access This chapter describes how to config ure access to the CSS including network traf fic. Information in this chapter applie s to all models of the CSS, except where noted. This chapter contains t he follo wing major sections: • Changing t ...

  • Cisco Systems OL-5650-02 - page 26

    Chapter 1 Controlling CSS Access Changing the Administra tive Username and Pa ssword 1-2 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Changing the Administrative Username and Password During the initial log in to the CSS you enter the def ault user name admin and the default passw ord system in lo wercase text. F or securit ...

  • Cisco Systems OL-5650-02 - page 27

    1-3 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 1 Controlling CSS Access Creating Usernames and Passwo rds Creating Usernames and Passwords Logging into the CSS requ ires a username and passw ord. The CSS supports a maximum of 32 usernames, inclu ding the administrator and tech nician usernames. Y ou can assign eac ...

  • Cisco Systems OL-5650-02 - page 28

    Chapter 1 Controlling CSS Access Creating Usernames and Passwords 1-4 Cisco Content Services Switch Security Configuration Guide OL-5650-02 • password - Specif ies the password is not en crypted. Use this option when you use the CLI to dynamically create use rs. • password - The p assword. Enter an unquoted te xt string with no spaces and a len ...

  • Cisco Systems OL-5650-02 - page 29

    1-5 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 1 Controlling CSS Access Creating Usernames and Passwo rds • access - Specifies directory access privileg es for the username. By default, users hav e both read- and write-acces s pr i vileges (B) to all se ven directories. Enter , in order , one of the followi ng a ...

  • Cisco Systems OL-5650-02 - page 30

    Chapter 1 Controlling CSS Access Controlling Remote User Access to the CSS 1-6 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Controlling Remote User Access to the CSS T o control access to th e CSS, you can config ure the CSS to authenti cate remote (virtual) or console users. The CSS can a u thenticate users by using the lo ...

  • Cisco Systems OL-5650-02 - page 31

    1-7 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 1 Controlling CSS Access Controlling Remote User Access to the CSS Configuring Virtual Authentication V irtual authentication allo ws remote users to log in to the CSS when they are using FTP , T elnet, SSHD, or the Device Management user interface wi th or without re ...

  • Cisco Systems OL-5650-02 - page 32

    Chapter 1 Controlling CSS Access Controlling Remote User Access to the CSS 1-8 Cisco Content Services Switch Security Configuration Guide OL-5650-02 T o remov e users currently logged in to th e CSS, use the disconnect command. T o define th e T A CA CS+ server as the p rimary virtual authentication method, enter: #(config) virtual authentication p ...

  • Cisco Systems OL-5650-02 - page 33

    1-9 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 1 Controlling CSS Access Controlling Remote User Access to the CSS • secondary - Defines the seco nd authentication method that the CSS u ses if the fi rst method fails. The d efault secondar y console authenticatio n method is to disallow all user access. Note If y ...

  • Cisco Systems OL-5650-02 - page 34

    Chapter 1 Controlling CSS Access Controlling Administra tive Access to the CSS 1-10 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Controlling Administrati ve Access to the CSS CSS access through a console, FTP , SSH, SNMP , and T elnet is enabled by default. The CSS su pports a maximum of four FTP sessions and a max imum of ...

  • Cisco Systems OL-5650-02 - page 35

    1-11 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 1 Controlling CSS Access Controlling Administrative Access to the CSS • no restrict xml - Enables t he transfer of XML conf iguration f iles to the CSS through unsecu re HTTP connection s (disabled by default). • no restrict web-mgmt - Enables De vice M anagement ...

  • Cisco Systems OL-5650-02 - page 36

    Chapter 1 Controlling CSS Access Controlling CSS Network Traffic Thr ough Access Control Lists 1-12 Cisco Content Services Switch Security Configuration Guide OL-5650-02 • re strict se cure -xml - Disables the transfer of XML configuration f iles to the CSS through secure HTTPS SSL conn ections (d isabled by default). • re strict xml - Disabl e ...

  • Cisco Systems OL-5650-02 - page 37

    1-13 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 1 Controlling CSS Access Controllin g CSS Network Tr affic Through Ac cess Control Lists • Logging A CL Acti vity • A CL Example ACL Overview A CLs configured on the CSS provide a ba sic le vel of security for accessing your network. W ithout A CLs on the CSS, al ...

  • Cisco Systems OL-5650-02 - page 38

    Chapter 1 Controlling CSS Access Controlling CSS Network Traffic Thr ough Access Control Lists 1-14 Cisco Content Services Switch Security Configuration Guide OL-5650-02 For e xample, Figure 1-2 shows three VLAN circui ts on the CSS. Figure 1 -2 ACLs Enabled on the CSS For VLAN1, if you w ant to allow any TC P traf fic to the destination V IP addre ...

  • Cisco Systems OL-5650-02 - page 39

    1-15 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 1 Controlling CSS Access Controllin g CSS Network Tr affic Through Ac cess Control Lists Enabling A CLs globally af fects all traf fic on all CSS circui ts whether they h av e A CLs or not. When you enable A CLs, all tr aff ic on a c ircuit that is not conf igured in ...

  • Cisco Systems OL-5650-02 - page 40

    Chapter 1 Controlling CSS Access Controlling CSS Network Traffic Thr ough Access Control Lists 1-16 Cisco Content Services Switch Security Configuration Guide OL-5650-02 T able 1 -1 ACL Confi guration Quic k Start T ask and Command Example 1. Enter global conf iguration mode. # config (config)# 2. Create an A CL and access A C L mode. Enter an A CL ...

  • Cisco Systems OL-5650-02 - page 41

    1-17 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 1 Controlling CSS Access Controllin g CSS Network Tr affic Through Ac cess Control Lists The follo w ing running-conf ig example sho ws the result of entering the commands in Ta b l e 1 - 1 . !**************************** ACL **************************** acl 7 clause ...

  • Cisco Systems OL-5650-02 - page 42

    Chapter 1 Controlling CSS Access Controlling CSS Network Traffic Thr ough Access Control Lists 1-18 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Note If a circuit does not have an A CL, the CSS applies an implicit “deny all” clause to this circuit causing th e CSS to deny all traf fic on it. T o create an A CL and acces ...

  • Cisco Systems OL-5650-02 - page 43

    1-19 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 1 Controlling CSS Access Controllin g CSS Network Tr affic Through Ac cess Control Lists 4. Apply another A CL on the circuit. I f you do not apply an A CL on the circuit, the CSS denies traff ic on the circu it when you enable A CLs on the CSS. 5. Reenable all A CLs ...

  • Cisco Systems OL-5650-02 - page 44

    Chapter 1 Controlling CSS Access Controlling CSS Network Traffic Thr ough Access Control Lists 1-20 Cisco Content Services Switch Security Configuration Guide OL-5650-02 • clause numbe r bypass - Creates a clause in the A CL to permit traffic on a circuit and bypasses (d oes not process) c ontent rules that apply to the traff ic. The syntax for c ...

  • Cisco Systems OL-5650-02 - page 45

    1-21 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 1 Controlling CSS Access Controllin g CSS Network Tr affic Through Ac cess Control Lists Ta b l e 1 - 2 provides v ariables and options for the clause command. Bolded sy ntax defines keyw ords that you e nter on the comm and line. Italics de fine v ariab les where yo ...

  • Cisco Systems OL-5650-02 - page 46

    Chapter 1 Controlling CSS Access Controlling CSS Network Traffic Thr ough Access Control Lists 1-22 Cisco Content Services Switch Security Configuration Guide OL-5650-02 sour ce_port The source port for the traf fic. If yo u do not designate a source port, this clause allo ws traff ic from any port number . E nter one of the follo wing: • eq port ...

  • Cisco Systems OL-5650-02 - page 47

    1-23 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 1 Controlling CSS Access Controllin g CSS Network Tr affic Through Ac cess Control Lists destination_port The desti nation port. Enter one of the follo wing. Y ou may use a port number or port name with th e options. • eq port is equal to the port n umber . • lt ...

  • Cisco Systems OL-5650-02 - page 48

    Chapter 1 Controlling CSS Access Controlling CSS Network Traffic Thr ough Access Control Lists 1-24 Cisco Content Services Switch Security Configuration Guide OL-5650-02 sourcegroup name The source group a s the destina t ion for the traf fic. Enter the group name. T o see a list of source grou ps, enter: show group ? Note The clause number bypass ...

  • Cisco Systems OL-5650-02 - page 49

    1-25 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 1 Controlling CSS Access Controllin g CSS Network Tr affic Through Ac cess Control Lists After you create clauses for an ACL, you ca n apply the A CL to a circuit. For more informatio n, see the “ A pplying an A CL to a Circuit or DNS Queries” section. Adding a C ...

  • Cisco Systems OL-5650-02 - page 50

    Chapter 1 Controlling CSS Access Controlling CSS Network Traffic Thr ough Access Control Lists 1-26 Cisco Content Services Switch Security Configuration Guide OL-5650-02 For e xample, you apply A CL 7 to VLAN1 and then globally enable A CLs on the CSS. At a later time, to add a new clause to A CL 7 and to hav e the clause take effect on the CSS, en ...

  • Cisco Systems OL-5650-02 - page 51

    1-27 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 1 Controlling CSS Access Controllin g CSS Network Tr affic Through Ac cess Control Lists Note When you remov e an applied A CL from the circuit, the CSS applies an implicit “deny all” clause to this circuit causing the CSS to deny all traf fic on it. If you want ...

  • Cisco Systems OL-5650-02 - page 52

    Chapter 1 Controlling CSS Access Controlling CSS Network Traffic Thr ough Access Control Lists 1-28 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Ho wev er , if you conf igure a CSS with the d ns-ser ver command, and the CSS recei ves a DNS query fo r a domain name that you conf igured on the CSS using the host command, the ...

  • Cisco Systems OL-5650-02 - page 53

    1-29 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 1 Controlling CSS Access Controllin g CSS Network Tr affic Through Ac cess Control Lists 2. In A CL mode, remove the A CL from the circuit. (config-acl[7])# remove circuit-(VLAN1) 3. Make any changes to the A CL. If you delete an A CL from the circuit, conf igure ano ...

  • Cisco Systems OL-5650-02 - page 54

    Chapter 1 Controlling CSS Access Controlling CSS Network Traffic Thr ough Access Control Lists 1-30 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Use the global configuration acl enable command to enable all A CLs on the CSS. T o globally enable all A CLs, enter: (config)# acl enable Disabling ACLs on the CSS If you need to ...

  • Cisco Systems OL-5650-02 - page 55

    1-31 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 1 Controlling CSS Access Controllin g CSS Network Tr affic Through Ac cess Control Lists • DNS Hits - Pack ets that match an A CL clause for DNS f lo ws when an A CL clause is applied to DNS queries. Th e display includes a DNS hit counter , which counts DNS look u ...

  • Cisco Systems OL-5650-02 - page 56

    Chapter 1 Controlling CSS Access Controlling CSS Network Traffic Thr ough Access Control Lists 1-32 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Setting the Show ACL Counters to Zero Use the zero counts com mand to reset the content and DNS hit coun ters in the show acl command screen to zero for a specif ic ACL. Y ou mu st ...

  • Cisco Systems OL-5650-02 - page 57

    1-33 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 1 Controlling CSS Access Controllin g CSS Network Tr affic Through Ac cess Control Lists T o enable logging on an existing A CL clause, us e the log en able option for th e clause command and enter: (config-acl[7])# clause 1 log enable If A CLs are globally enabled o ...

  • Cisco Systems OL-5650-02 - page 58

    Chapter 1 Controlling CSS Access Controlling CSS Network Traffic Thr ough Access Control Lists 1-34 Cisco Content Services Switch Security Configuration Guide OL-5650-02 5. Reapply the A CL to the circuit. (config-acl[7])# apply circuit-(VLAN1) 6. In global configuration m ode, reenable a ll A CLs on the CSS. (config)# acl enable T o globally disab ...

  • Cisco Systems OL-5650-02 - page 59

    1-35 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 1 Controlling CSS Access Configuring Network Qualifier Lists for ACLs !**************************** ACL *************************** acl 1 clause 20 permit any 172.16.107.0 255.255.255.0 destination 172.16.107.15 clause 30 permit any 172.16.107.0 255.255.255.0 destina ...

  • Cisco Systems OL-5650-02 - page 60

    Chapter 1 Controlling CSS Access Configuring Network Q ualifier Lists for ACLs 1-36 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Creating an NQL Enter the name of the ne w NQL you want to create or an e xisting NQL. Enter the name as an unquoted te xt string with no spaces and a maximum of 31 characters. Y ou can create a m ...

  • Cisco Systems OL-5650-02 - page 61

    1-37 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 1 Controlling CSS Access Configuring Network Qualifier Lists for ACLs The v ariables and options are: • ip_addr ess - The destination network addr ess. Enter the IP address in dotted-decimal notation (for e x ample, 192.168.0.0) . • subnet_pref ix | subnet_mask - ...

  • Cisco Systems OL-5650-02 - page 62

    Chapter 1 Controlling CSS Access Configuring Network Q ualifier Lists for ACLs 1-38 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Adding an NQL to an ACL Clause T o add an NQL to an A CL clause: 1. Create the A CL. For example, enter: (config)# acl 10 2. Define the clause, incl uding the NQ L as either a source or destinatio ...

  • Cisco Systems OL-5650-02 - page 63

    CH A P T E R 2-1 Cisco Content Services Switch Security Configuration Guide OL-5650-02 2 Configuring the Secure Shell Daemon Protocol The Secure Shell Daemon (SSHD) prot ocol provide s secure encr ypted communications between two hosts communicating o ver an insecure network. The CSS supports an implemen tation of OpenSSH to pr ovide this secure co ...

  • Cisco Systems OL-5650-02 - page 64

    Chapter 2 Configuring t he Secure Shell Daemon Protocol Enabling SSH 2-2 Cisco Content Services Switch Security Configuration Guide OL-5650-02 This chapter contains t he follo wing major sections: • Enabling SSH • Config uring SSH Access • Config uring SSHD in the CSS • Config uring T elnet Access When Using SSHD • Showing SSHD Configurat ...

  • Cisco Systems OL-5650-02 - page 65

    2-3 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 2 Configuring the Secure Shell Daemon Protocol Configuri ng SSH Access Configuring SSH Access SSH access to the CSS is enabled by default through the no restrict ssh command. Y ou can verify the SSH access se lection in the running-config f ile. T o enhance security w ...

  • Cisco Systems OL-5650-02 - page 66

    Chapter 2 Configuring t he Secure Shell Daemon Protocol Configuring SSHD in the CSS 2-4 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Use the sshd keepalive command to enable SSHD keepaliv e. SSHD keepali ve is enabled by default. T o enable sending SSHD keepali ves to the client, enter: (config)# sshd keepalive T o disable ...

  • Cisco Systems OL-5650-02 - page 67

    2-5 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 2 Configuring the Secure Shell Daemon Protocol Configuring SSHD in the CSS Note The valid range for this comma nd is 512 to 1024. Howe ver , to m aintain backward compatibility wi th version 5.00, the CSS allo ws you to enter a value from 512 to 32768. If you enter a ...

  • Cisco Systems OL-5650-02 - page 68

    Chapter 2 Configuring t he Secure Shell Daemon Protocol Configuring Telnet Acc ess When Using SSHD 2-6 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Configuring Telnet Access When Using SSHD By default, T elnet access to the CSS is enabled. When you use SSH D, you can disable nonsecure T elnet access to the CSS. T o enhance ...

  • Cisco Systems OL-5650-02 - page 69

    2-7 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 2 Configuring the Secure Shell Daemon Protocol Showing SSHD Configuratio ns T o display the SSHD sessions, enter: # show sshd sessions Listen Socket Count The number of sock ets that SSHD is cu rrently listen ing on (not currently co nfigurable, def ault is 1). Listen ...

  • Cisco Systems OL-5650-02 - page 70

    Chapter 2 Configuring t he Secure Shell Daemon Protocol Showing SSHD Configurations 2-8 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Ta b l e 2 - 2 describes the fields in the show sshd sessions command output. T o display the SSHD v ersion, enter: # show sshd version SSHield version 1.5, SSH version OpenSSH_3.0.2p1 T able ...

  • Cisco Systems OL-5650-02 - page 71

    CH A P T E R 3-1 Cisco Content Services Switch Security Configuration Guide OL-5650-02 3 Configuring the CSS as a Client of a RADIUS Server The Remote Authentication Dial-In User Servi ce (RADIUS) protocol is a distribu ted client/server pr otocol that protects networks ag ainst unauthorized access. RADIUS uses the User Data gram Protocol (UDP) to ...

  • Cisco Systems OL-5650-02 - page 72

    Chapter 3 Configuring the CSS as a Client of a RADIUS Server 3-2 Cisco Content Services Switch Security Configuration Guide OL-5650-02 In a conf iguration where b oth a primary RA DIUS serv er and a seco ndary RADIUS server are specified, and one or both of the RADIUS servers become unreachable, the CSS automatically tran smits a k eepalive authent ...

  • Cisco Systems OL-5650-02 - page 73

    3-3 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 3 Configuring the CSS as a Client of a RADIUS Server RADIUS Configuration Quick Start RADIUS Configuration Quick Start Ta b l e 3 - 1 provides a quic k overvie w of the steps required to c onfigure the RADIUS feature on a CSS. Each ste p includes the CLI command requi ...

  • Cisco Systems OL-5650-02 - page 74

    Chapter 3 Configuring the CSS as a Client of a RADIUS Server Configuring a RADIUS Serv er for Use with the CSS 3-4 Cisco Content Services Switch Security Configuration Guide OL-5650-02 The follo wing running-configurat ion example sh ows the resul ts of entering the commands in Ta b l e 3 - 1 . !*************************** GLOBAL ****************** ...

  • Cisco Systems OL-5650-02 - page 75

    3-5 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 3 Configuring the CSS as a Client of a RADIUS Server Configuring a RADIUS Server for Use with the CSS Configuring Authentication Settings T o configure the authentication settings on Cisco Secure A CS, go to the Network Config uration section of the Cisco Secure A CS ...

  • Cisco Systems OL-5650-02 - page 76

    Chapter 3 Configuring the CSS as a Client of a RADIUS Server Specifying a Primary RADIUS Server 3-6 Cisco Content Services Switch Security Configuration Guide OL-5650-02 T o add a user to a group, go to the User Setup sectio n of the Cisco Secure A CS HTML interface: • On the User Set up Select page, specify a username. • On the User Set up Edi ...

  • Cisco Systems OL-5650-02 - page 77

    3-7 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 3 Configuring the CSS as a Client of a RADIUS Server Specifying a Secondary RADIUS Server T o remove a primary RADIUS server , enter: (config)# no radius-server primary Specifying a Secondary RADIUS Server The CSS directs authentication requests to the secondary RADIU ...

  • Cisco Systems OL-5650-02 - page 78

    Chapter 3 Configuring the CSS as a Client of a RADIUS Server Configuring the RA DIUS Server Timeouts 3-8 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Configuring the RADIUS Server Timeouts By default, th e CSS waits 10 seco nds for the RADIUS serv er (primary or secondary) to repl y to an authentication request before retra ...

  • Cisco Systems OL-5650-02 - page 79

    3-9 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 3 Configuring the CSS as a Client of a RADIUS Server Configuring the RADIUS Server Dead-Time T o reset the RADIUS server retransmit request to the default of 3 r et ran sm is sio ns , enter: (config)# no radius-server retransmit Configuring the RADIUS Server Dead-Time ...

  • Cisco Systems OL-5650-02 - page 80

    Chapter 3 Configuring the CSS as a Client of a RADIUS Server Showing RADIUS Serve r Co nfiguration Information 3-10 Cisco Content Services Switch Security Configuration Guide OL-5650-02 T o view the authentication statistics for a RADI US secondary ser ver , enter: (config)# show radius statistics secondary Ta b l e 3 - 2 describes the fields in th ...

  • Cisco Systems OL-5650-02 - page 81

    3-11 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 3 Configuring the CSS as a Client of a RADIUS Server Showing RADIUS Server Configuration Infor mation Ta b l e 3 - 3 describes the fields in the show radius statistics output. T able 3-3 Field Descriptions f o r the show r adius statistics Command Field Description S ...

  • Cisco Systems OL-5650-02 - page 82

    Chapter 3 Configuring the CSS as a Client of a RADIUS Server Showing RADIUS Serve r Co nfiguration Information 3-12 Cisco Content Services Switch Security Configuration Guide OL-5650-02 ...

  • Cisco Systems OL-5650-02 - page 83

    CH A P T E R 4-1 Cisco Content Services Switch Security Configuration Guide OL-5650-02 4 Configuring the CSS as a Client of a TACACS+ Server The T erminal Access Controller Access Control System (T A CACS+) protocol provides access cont rol for routers, netw ork access servers (N AS), or other devices through one or mo re daemon se rvers. T A CA CS ...

  • Cisco Systems OL-5650-02 - page 84

    Chapter 4 Configu ring the CSS as a Client of a TACACS+ Server TACACS+ Configuration Quick Start 4-2 Cisco Content Services Switch Security Configuration Guide OL-5650-02 TACACS+ Configuration Quick Start Ta b l e 4 - 1 provides a quic k overvie w of the steps required to c onfigure the T ACA CS+ feature on a CSS. Each step include s the CLI comman ...

  • Cisco Systems OL-5650-02 - page 85

    4-3 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 4 Configuring the CSS as a Client of a TACACS+ Server Configuring TACACS+ Server User A ccounts for Use with the CSS The follo wing running-configurat ion example sh ows the resul ts of entering the commands in Ta b l e 4 - 1 . !************************** GLOBAL ***** ...

  • Cisco Systems OL-5650-02 - page 86

    Chapter 4 Configu ring the CSS as a Client of a TACACS+ Server Configuring TACACS+ Server User Accounts for Use with the CSS 4-4 Cisco Content Services Switch Security Configuration Guide OL-5650-02 • K ey - Enter the shared secret that the CSS and Cisco Se cure A CS us e to authenticate transactions . For correct operation , you must specify the ...

  • Cisco Systems OL-5650-02 - page 87

    4-5 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 4 Configuring the CSS as a Client of a TACACS+ Server Configuring Global TACACS+ Attrib utes 4. Proceed next to Unmatched Commands, either permit or d eny e xecution of the pri vilege command: • For a user that has SuperUser pri vileges on the CSS, click Perm it . A ...

  • Cisco Systems OL-5650-02 - page 88

    Chapter 4 Configu ring the CSS as a Client of a TACACS+ Server Configuring Global TACACS+ A ttributes 4-6 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Note The timeout, encryption k ey , or keepali ve frequency that you define wh en you configure a T ACA CS+ server o verrid es the global attribute (see the “Defining a TA ...

  • Cisco Systems OL-5650-02 - page 89

    4-7 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 4 Configuring the CSS as a Client of a TACACS+ Server Configuring Global TACACS+ Attrib utes Defining a Global Encryption Key The CSS allo ws you to def ine a global encryption ke y for communications with all configured T A CA CS+ servers. T o encrypt T A CACS+ packe ...

  • Cisco Systems OL-5650-02 - page 90

    Chapter 4 Configu ring the CSS as a Client of a TACACS+ Server Defining a TACACS+ Server 4-8 Cisco Content Services Switch Security Configuration Guide OL-5650-02 When it sends a keepaliv e to the T ACA CS+ server , the CSS attempts to use a persistent connection with the serv er . If the server is not conf igured for persistence, the CSS opens a n ...

  • Cisco Systems OL-5650-02 - page 91

    4-9 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 4 Configuring the CSS as a Client of a TACACS+ Server Defining a TACACS+ Server Note For general guideli nes on the recommended setup of a T A CA CS+ server (the Cisco Secure Access Control Serv er in this example), see the “ T AC AC S+ Config uration Quick Start” ...

  • Cisco Systems OL-5650-02 - page 92

    Chapter 4 Configu ring the CSS as a Client of a TACACS+ Server Defining a TACACS+ Server 4-10 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Defin ing this option o verrides the tacacs-server key command. F or more information on defining a gl obal encryption ke y , see the “Defining a Global Encryption Key” section. • ...

  • Cisco Systems OL-5650-02 - page 93

    4-11 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 4 Configuring the CSS as a Client of a TACACS+ Server Setting TACACS+ Authorization Setting TACACS+ Authorization T ACA CS+ authorization allo ws the T A CACS+ serv er to control specif ic CSS commands that the user can execute. C SS authorization di vides the comman ...

  • Cisco Systems OL-5650-02 - page 94

    Chapter 4 Configu ring the CSS as a Client of a TACACS+ Server Sending Full CSS Commands to the TACACS+ Server 4-12 Cisco Content Services Switch Security Configuration Guide OL-5650-02 In releases prior to 7.30.1.05 , if you transitioned from one CLI mod e to another (for ex ample, from conf ig mode to service mode), and a ser vice already ex iste ...

  • Cisco Systems OL-5650-02 - page 95

    4-13 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 4 Configuring the CSS as a Client of a TACACS+ Server Setting TACACS+ Accounting T o reenable the CSS to send t he full command syntax, use the taca cs-ser ver send-full-command command. F or example: #(config) tacacs-server send-full-command Setting TACACS+ Accounti ...

  • Cisco Systems OL-5650-02 - page 96

    Chapter 4 Configu ring the CSS as a Client of a TACACS+ Server Showing TACACS+ Server C onfiguration Information 4-14 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Showing TACACS+ Server Configuration Information Use the show tacacs-server command to display the T A CA CS+ server confi guration information. T o view this inf ...

  • Cisco Systems OL-5650-02 - page 97

    4-15 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Chapter 4 Configuring the CSS as a Client of a TACACS+ Server Showing TACACS+ Server Configuration Infor mation Authorize Conf ig Commands Indicates whether configuration commands receiv e authorization Authorize Non-Conf ig Indicates whether nonconfiguration commands recei ...

  • Cisco Systems OL-5650-02 - page 98

    Chapter 4 Configu ring the CSS as a Client of a TACACS+ Server Showing TACACS+ Server C onfiguration Information 4-16 Cisco Content Services Switch Security Configuration Guide OL-5650-02 ...

  • Cisco Systems OL-5650-02 - page 99

    CH A P T E R 5-1 Cisco Content Service s Switch Security Config uration Guide OL-5650-02 5 Configuring Firewall Load Balancing This chapter descri bes how to configure the CSS Firew all Load Balanc ing (FWLB) feature. Informati on in this chapte r applie s to all CSS mod els, except where noted. This chapter contains t he follo wing major sections: ...

  • Cisco Systems OL-5650-02 - page 100

    Chapter 5 Configurin g Firewall Load Balancing Overview of FWLB 5-2 Cisco Content Services Switch Security Configura tion Guide OL-5650-02 Overview of FWLB FWLB enables you to conf igure a maximum of 15 fire walls per CSS. Config uring multiple f irewalls can o vercome performance limitations and remov e the single point of fai lure when all traff ...

  • Cisco Systems OL-5650-02 - page 101

    5-3 Cisco Content Service s Switch Security Config uration Guide OL-5650-02 Chapter 5 Con figurin g Firewall Load Balancing Configuring FWLB Firewall Synchronization Fire wall solutions provi ding Stateful Inspectio n, such as Check Point ™ FireW all-1 ® , create and maintain virt ual state for all connections through their devices, e ven for st ...

  • Cisco Systems OL-5650-02 - page 102

    Chapter 5 Configurin g Firewall Load Balancing Configuring FWLB 5-4 Cisco Content Services Switch Security Configura tion Guide OL-5650-02 Y ou must define f irewal l parameters for each path through the f irewalls on bo th local and r emote CSSs. Us e the ip fi rewall command t o defin e fire wall parameters. The syntax for this glob al conf igura ...

  • Cisco Systems OL-5650-02 - page 103

    5-5 Cisco Content Service s Switch Security Config uration Guide OL-5650-02 Chapter 5 Con figurin g Firewall Load Balancing Configuring FWLB Use the ip fir ewall timeout number command to specify the number of seconds the CSS will wait to recei ve a keepali v e message from the remote CSS before declaring the firew all unreacha ble.The timeout rang ...

  • Cisco Systems OL-5650-02 - page 104

    Chapter 5 Configurin g Firewall Load Balancing Configuring FWLB 5-6 Cisco Content Services Switch Security Configura tion Guide OL-5650-02 • inde x - An ex isting inde x number for the f irew all route. For information on config uring a f ire wall inde x, see the ip f irewall command. • distance - The optional administrati ve distance. Ente r a ...

  • Cisco Systems OL-5650-02 - page 105

    5-7 Cisco Content Service s Switch Security Config uration Guide OL-5650-02 Chapter 5 Con figurin g Firewall Load Balancing Configuring FWLB T o stop adv ertising f irew all routes, enter: (config)# no ospf redistribute firewall Configuring RIP to Advertise Firewall Routes T o adver tise fire wall routes from other p rotocols through RIP , use the ...

  • Cisco Systems OL-5650-02 - page 106

    Chapter 5 Configurin g Firewall Load Balancing Configuring FWLB 5-8 Cisco Content Services Switch Security Configura tion Guide OL-5650-02 T o conf igure CSS-A (the client side of the network co nfiguratio n) as sho wn in Figure 5-1 : 1. Use the ip fir ewall command to define f irewall 1. For e xample: (config)# ip firewall 1 192.168.28.1 192.168.2 ...

  • Cisco Systems OL-5650-02 - page 107

    5-9 Cisco Content Service s Switch Security Config uration Guide OL-5650-02 Chapter 5 Con figurin g Firewall Load Balancing Configuring FWLB Figure 5-1 illu strates the configur ation def ined in the f irewall command s. Figur e 5-1 Example of FWLB CSS-B CSS-A Server1 Client Firew all 2 Firew all 1 Client Server2 Ser ver3 Internet Router Client 192 ...

  • Cisco Systems OL-5650-02 - page 108

    Chapter 5 Configurin g Firewall Load Balancing Configuring FWLB with VIP and Virtual Interface Redu ndancy 5-10 Cisco Content Services Switch Security Configura tion Guide OL-5650-02 Configuring FWLB with VIP and Virtual Interface Redundancy Config ure FWLB with VIP and virtual interf ace redundancy to provide the follo wing benefits: • V ery fas ...

  • Cisco Systems OL-5650-02 - page 109

    5-11 Cisco Content Service s Switch Security Config uration Guide OL-5650-02 Chapter 5 Con figurin g Firewall Load Balancing Configuring FWLB with VIP and Virtual Interface Redundan cy In Figure 5-2 , odd-numbered f irew alls are conn ected to the Layer 2 switches servicing the CSS-OUT -L and CSS-IN-L CSSs. Even-numb ered fire walls are connected t ...

  • Cisco Systems OL-5650-02 - page 110

    Chapter 5 Configurin g Firewall Load Balancing Configuring FWLB with VIP and Virtual Interface Redu ndancy 5-12 Cisco Content Services Switch Security Configura tion Guide OL-5650-02 If the f ire wall supports i t, you can use multinetting b y configuring mu ltiple addresses on the f i re wall. If the f irewa ll does not support multipl e addresses ...

  • Cisco Systems OL-5650-02 - page 111

    5-13 Cisco Content Service s Switch Security Config uration Guide OL-5650-02 Chapter 5 Con figurin g Firewall Load Balancing Configuring FWLB with VIP and Virtual Interface Redundan cy Example of Firewall and Route Configurations The follo wing ip fir ewall and ip route exampl e conf igurations are v alid for Figure 5-2 with four act iv e fire wall ...

  • Cisco Systems OL-5650-02 - page 112

    Chapter 5 Configurin g Firewall Load Balancing Configuring FWLB with VIP and Virtual Interface Redu ndancy 5-14 Cisco Content Services Switch Security Configura tion Guide OL-5650-02 CSS-IN-L Configuration ip firewall 1 10.3.200.1 10.2.200.1 10.2.1.254 ip firewall 2 10.3.200.2 10.2.200.2 10.2.1.254 ip firewall 3 10.3.200.3 10.2.200.3 10.2.1.254 ip ...

  • Cisco Systems OL-5650-02 - page 113

    5-15 Cisco Content Service s Switch Security Config uration Guide OL-5650-02 Chapter 5 Con figurin g Firewall Load Balancing Displaying Firewall Flow Summaries Displaying Firewall Flow Summaries Use the sh ow flow s command to display the flo w summary for a source IP address, or for a specific source address an d its destinatio n IP address on a S ...

  • Cisco Systems OL-5650-02 - page 114

    Chapter 5 Configurin g Firewall Load Balancing Displaying Firewall IP Routes 5-16 Cisco Content Services Switch Security Configura tion Guide OL-5650-02 Ta b l e 5 - 1 describes the fields in the show flo ws output. Displaying Firewall IP Routes Use the show i p ro u t es fi rew a ll command to display all static f irewa ll routes. For exa mpl e: ( ...

  • Cisco Systems OL-5650-02 - page 115

    5-17 Cisco Content Service s Switch Security Config uration Guide OL-5650-02 Chapter 5 Con figurin g Firewall Load Balancing Displaying Firewall IP Information Displaying Firewall IP Information Use the show ip f irewall command to display the conf igured v alues of the IP fire wall keepali ve timeout and the state of each f irewa ll path conf igur ...

  • Cisco Systems OL-5650-02 - page 116

    Chapter 5 Configurin g Firewall Load Balancing Displaying Firewa ll IP Information 5-18 Cisco Content Services Switch Security Configura tion Guide OL-5650-02 ...

  • Cisco Systems OL-5650-02 - page 117

    IN-1 Cisco Content Services Switch Security Configuration Guide OL-5650-02 INDEX A Access Control Lists. See ACLs ACLs adding an NQL to a clause 1-38 applying to a circuit 1-27 clause number 1-19 configuration example 1-34 configuring 1-15 configuring clauses 1-19 creating 1-17 definition 1-13 deletin g 1-18 disabling globally 1-30 disabling loggin ...

  • Cisco Systems OL-5650-02 - page 118

    Index IN-2 Cisco Content Services Switch Security Configuration Guide OL-5650-02 configuration example ACL 1-34 firewall load balancing 5-7 configuratio n quick start ACL 1-15 configuring ACL 1-12 CSS as RADIUS client 3-1 CSS as TACACS+ clien t 4-8 source group in an A CL 1-24 static proximity in ACL clause 1-25 user name and p assword 1-3 console ...

  • Cisco Systems OL-5650-02 - page 119

    IN-3 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Index FTP enabling access 1-10 restricting access to the CSS 1-11 I IP route firewall load balancing , displaying 5-16, 5-17 static, for firewall load balancing 5-5 K keepalive ACL example 1-34 L license ke y Enhanced feat ure set 2-2 Proximity Database 2-2 license key, Sec ...

  • Cisco Systems OL-5650-02 - page 120

    Index IN-4 Cisco Content Services Switch Security Configuration Guide OL-5650-02 R RADIUS Cisco Secure Access Control Server (ACS) 3-4 console authentication 1-8 CSS as RADIUS client, configuri ng 3-1 displaying c onfiguration i nformation 3-9 overview 3-1 primary RADIUS server 3-6 RADIUS server host parameters 3-1 running-config examp le 3-4 secon ...

  • Cisco Systems OL-5650-02 - page 121

    IN-5 Cisco Content Services Switch Security Configuration Guide OL-5650-02 Index T TACACS+ accounting, setting 4-13 authentication, setting 4-11 Cisco Secure Access Control Server (ACS) 4-3 console authentication 1-8 CSS as client, configuring 4-8 displaying c onfiguration i nformation 4-14 global encryptio n key 4-7 global keepalive f requency 4-7 ...

  • Cisco Systems OL-5650-02 - page 122

    Index IN-6 Cisco Content Services Switch Security Configuration Guide OL-5650-02 ...

Manufacturer Cisco Systems Category Switch

Documents that we receive from a manufacturer of a Cisco Systems OL-5650-02 can be divided into several groups. They are, among others:
- Cisco Systems technical drawings
- OL-5650-02 manuals
- Cisco Systems product data sheets
- information booklets
- or energy labels Cisco Systems OL-5650-02
All of them are important, but the most important information from the point of view of use of the device are in the user manual Cisco Systems OL-5650-02.

A group of documents referred to as user manuals is also divided into more specific types, such as: Installation manuals Cisco Systems OL-5650-02, service manual, brief instructions and user manuals Cisco Systems OL-5650-02. Depending on your needs, you should look for the document you need. In our website you can view the most popular manual of the product Cisco Systems OL-5650-02.

Similar manuals

A complete manual for the device Cisco Systems OL-5650-02, how should it look like?
A manual, also referred to as a user manual, or simply "instructions" is a technical document designed to assist in the use Cisco Systems OL-5650-02 by users. Manuals are usually written by a technical writer, but in a language understandable to all users of Cisco Systems OL-5650-02.

A complete Cisco Systems manual, should contain several basic components. Some of them are less important, such as: cover / title page or copyright page. However, the remaining part should provide us with information that is important from the point of view of the user.

1. Preface and tips on how to use the manual Cisco Systems OL-5650-02 - At the beginning of each manual we should find clues about how to use the guidelines. It should include information about the location of the Contents of the Cisco Systems OL-5650-02, FAQ or common problems, i.e. places that are most often searched by users in each manual
2. Contents - index of all tips concerning the Cisco Systems OL-5650-02, that we can find in the current document
3. Tips how to use the basic functions of the device Cisco Systems OL-5650-02 - which should help us in our first steps of using Cisco Systems OL-5650-02
4. Troubleshooting - systematic sequence of activities that will help us diagnose and subsequently solve the most important problems with Cisco Systems OL-5650-02
5. FAQ - Frequently Asked Questions
6. Contact detailsInformation about where to look for contact to the manufacturer/service of Cisco Systems OL-5650-02 in a specific country, if it was not possible to solve the problem on our own.

Do you have a question concerning Cisco Systems OL-5650-02?

Use the form below

If you did not solve your problem by using a manual Cisco Systems OL-5650-02, ask a question using the form below. If a user had a similar problem with Cisco Systems OL-5650-02 it is likely that he will want to share the way to solve it.

Copy the text from the picture

Captcha
New picture

Comments (0)