S12700 Series Agile Switches Product Use Precautions

This document provides the use precautions of the product, including licenses, software versions, feature dependencies, limitation, and involved network elements.
Rate and give feedback :
Чтобы помочь вам лучше понять содержимое этого документа, компания Huawei перевела его на разные языки, используя машинный перевод, отредактированный людьми. Примечание: даже самые передовые программы машинного перевода не могут обеспечить качество на уровне перевода, выполненного профессиональным переводчиком. Компания Huawei не несет ответственность за точность перевода и рекомендует ознакомиться с документом на английском языке (по ссылке, которая была предоставлена ранее).
About This Document

About This Document

Intended Audience

This document is intended for network engineers responsible for switch configuration and management. You should be familiar with basic Ethernet knowledge and have extensive experience in network deployment and management.

Symbol Conventions

The symbols that may be found in this document are defined as follows.

Symbol

Description

Indicates a potentially hazardous situation which, if not avoided, could result in equipment damage, data loss, performance deterioration, or unanticipated results.

NOTICE is used to address practices not related to personal injury.

Calls attention to important information, best practices and tips.

NOTE is used to address information not related to personal injury, equipment damage, and environment deterioration.

Command Conventions

The command conventions that may be found in this document are defined as follows.

Convention

Description

Boldface

The keywords of a command line are in boldface.

Italic

Command arguments are in italics.

[ ]

Items (keywords or arguments) in brackets [ ] are optional.

{ x | y | ... }

Optional items are grouped in braces and separated by vertical bars. One item is selected.

[ x | y | ... ]

Optional items are grouped in brackets and separated by vertical bars. One item is selected or no item is selected.

{ x | y | ... }*

Optional items are grouped in braces and separated by vertical bars. A minimum of one item or a maximum of all items can be selected.

[ x | y | ... ]*

Optional items are grouped in brackets and separated by vertical bars. Several items or no item can be selected.

&<1-n>

The parameter before the & sign can be repeated 1 to n times.

#

A line starting with the # sign is comments.

Interface Numbering Conventions

Interface numbers used in this manual are examples and may not exist on devices. In device configuration, use the existing interface numbers on devices.

Security Conventions

  • Password setting
    • To ensure device security, use ciphertext when configuring a password and change the password periodically.
    • The switch considers all passwords starting and ending with %^%#, %#%#, %@%@ or @%@% as ciphertext and attempts to decrypt them. If you configure a plaintext password that starts and ends with %^%#, %#%#, %@%@ or @%@%, the switch decrypts it and records it into the configuration file (plaintext passwords are not recorded for the sake of security). Therefore, do not set a password starting and ending with %^%#, %#%#, %@%@ or @%@%.
    • When you configure passwords in ciphertext, different features must use different ciphertext passwords. For example, the ciphertext password set for the AAA feature cannot be used for other features.
  • Encryption algorithms

    The switch currently supports the 3DES, AES, RSA, SHA1, SHA2, and MD5. 3DES, RSA, and AES are reversible, whereas SHA1, SHA2, and MD5 are irreversible. Using the encryption algorithms DES , 3DES, RSA (RSA-1024 or lower), MD5 (in digital signature scenarios and password encryption), or SHA1 (in digital signature scenarios) is a security risk. If protocols allow, use more secure encryption algorithms, such as AES, RSA (RSA-2048 or higher), SHA2, or HMAC-SHA2.

    An irreversible encryption algorithm must be used for the administrator password. SHA2 is recommended for this purpose.

  • Personal data

    Some personal data (such as MAC or IP addresses of terminals) may be obtained or used during operation or fault location of your purchased products, services, features, so you have an obligation to make privacy policies and take measures according to the applicable law of the country to protect personal data.

  • Mirroring

    The terms mirrored port, port mirroring, traffic mirroring, and mirroring in this document are mentioned only to describe the product's function of communication error or failure detection, and do not involve collection or processing of any personal information or communication data of users.

Disclaimer

This document is designed as a reference for you to configure your devices. Its contents, including web pages, command line input and output, are based on laboratory conditions. It provides instructions for general scenarios, but does not cover all use cases of all product models. The examples given may differ from your use case due to differences in software versions, models, and configuration files. When configuring your device, alter the configuration depending on your use case.

The specifications provided in this document are tested in lab environment (for example, the tested device has been installed with a certain type of boards or only one protocol is run on the device). Results may differ from the listed specifications when you attempt to obtain the maximum values with multiple functions enabled on the device.

Перевод
简体中文
Загрузить
Updated: 2018-06-15

№ документа:EDOC1000069464

Просмотры:5905

Загрузки: 260

Average rating:
Связанные документы
Share
Назад Далее