Secure ASE Communication: Difference between revisions
No edit summary |
No edit summary |
||
Line 22: | Line 22: | ||
{| border="1" cellpadding="1" cellspacing="1" style="width: 500px;" | {| border="1" cellpadding="1" cellspacing="1" style="width: 500px;" | ||
|- | |- | ||
| Parameter | | '''Parameter''' | ||
| Value | | '''Value''' | ||
| | | '''Remarks''' | ||
|- | |- | ||
| Security Level | | Security Level |
Revision as of 17:52, 3 September 2017
Introduction
Solution
Enabling secure communication between the ASE, PAC and TruView Central should be the same for all ASEs running firmware version 6.9 or higher. This procedure has been tested on ASE Series 1900 and Series 400.
Connect to the ASE
Telnet (tcp/23) Serial port (8N1, 19200)
Login to ASE
Default credentials admin/visual
Before secure communication can be configured, unsecure IP communication (Telnet) must be established between the ASE and TruView Central. If this is not allowed by your company's security policy, these steps must be completed in the lab.
Check for security command and enter the settings as follows. You can add Host Address Security at a later stage. Be prepared to set a passcode. For security reasons, this should be different from the login password.
Parameter | Value | Remarks |
Security Level | Partial | - |
SSL TCP Port | 2359 | - |
Change Management Passcode | Y | - |
Enter Management Passcode | <passcode> | - |
Change Host Address Security Table | None | Can be added later |
Check the setttings and notice that the field Managent Passcode reads None. This is expected.
CRT-DEV-ASE007> sh sec Security Level: Partial SSL TCP Port : 2359 Management passcode: None Pending passcode: Ready Remote Console Protocol: SSH Host Address Security: Disabled Host Address Security Table: EMPTY
Check the setttings and notice that the field Managent Passcode reads None. This is expected.
Locate and run IPTool located on TruView Central. IPTool is an unsupported utility for use by Fluke Networks technical support.
C:\Program Files (x86)\Fluke Networks\Visual Performance Manager Server\iptool.exe
From IPTool fetch any command for appflows or voip data by entering the passcode you have chosen in the previous step.
Click TFTP GET in the top left corner of the windows and enter the ASE's settings per this example.
<IPToolTFTPGet>
Click Go. The results you get are irellevant at this time. The procedure enables secure communication on the ASE.