JUNIPER NETWORKS Junos OS FIPS Ntuziaka onye ọrụ nyochara ngwaọrụ

Mfe Injinia
Junos® OS
Ntuziaka nhazi nhazi FIPS maka
Ngwa MX960, MX480 na MX240

ọdịnaya zoo

1 JUNIPER NETWORKS Junos OS FIPS Ngwaọrụ enyochala

2 gafereview

3 Na-ahazi nzere nchịkwa na ihe ùgwù

4 Na-ahazi ọrụ na ụzọ nyocha

5 Na-ahazi Njikọ SSH na Console

6 Na-ahazi MACsec

7 Ịhazi MACsec na keychain maka Layer 2 Traffic

8 Na-ahazi ndekọ ihe omume

9 Na-eme nnwale nke onwe na ngwaọrụ

10 Iwu arụ ọrụ

11 Akwụkwọ / akụrụngwa

11.1 Ntụaka

JUNIPER NETWORKS Junos OS FIPS Ngwaọrụ enyochala

MAKA
20.3X75-D30

Akụkọ ihe mere eme nke Juniper Networks, Inc.
1133 Ụzọ ọhụrụ
Sunnyvale, California 94089
USA
408-745-2000
www.juniper.net
Juniper Networks, akara Juniper Networks, Juniper na Junos bụ ụghalaahịa edenyere n'akwụkwọ ikikere nke Juniper Networks, Inc.
na United States na obodo ndị ọzọ. ụghalaahịa ndị ọzọ niile, akara ọrụ, akara edenyere n'akwụkwọ, ma ọ bụ akara ọrụ edebanyere aha bụ ihe onwunwe nke ndị nwe ha.
Juniper Networks anaghị ewere ọrụ maka ezighi ezi ọ bụla na akwụkwọ a. Netwọk Juniper nwere ikike ịgbanwe, gbanwee, nyefee, ma ọ bụ megharịa akwụkwọ a na-enweghị ọkwa.
Junos® OS FIPS enyochala ntuziaka nhazi maka ngwaọrụ MX960, MX480 na MX240 20.3X75-D30
Nwebiisinka © 2023 Juniper Networks, Inc. Ikike niile echekwabara.
Ozi dị n'akwụkwọ a dị ugbu a dịka ụbọchị dị na ibe aha.
IHE NDỊ MMADỤ AFỌ 2000
Ngwaike Juniper Networks na ngwaahịa ngwanrọ dabara na afọ 2000. Junos os enweghị amaara oke metụtara oge site na afọ 2038. Agbanyeghị, ngwa NTP mara na ọ nwere ihe isi ike n'afọ 2036.
Kwụsị Nkwekọrịta ikike ikike onye ọrụ
Ngwaahịa Juniper Networks bụ isiokwu nke akwụkwọ ọrụ nka nwere (ma ọ bụ ebum n'obi iji ya) ngwanrọ Juniper Networks. Iji ngwanro dị otú ahụ dabere na usoro na ọnọdụ nke Agreement ikike onye ọrụ (“EULA”) ezigara na https://support.juniper.net/support/eula/. Site na nbudata, wụnye ma ọ bụ iji ngwanro dị otú ahụ, ị kwenyere na usoro na ọnọdụ nke EULA ahụ.

Banyere Nduzi a
Jiri ntuziaka a iji rụọ ọrụ MX960, MX480, na MX240 ngwaọrụ na Federal Information Processing Standards (FIPS) 140-2 Ọkwa 1 gburugburu. FIPS 140-2 na-akọwa ọkwa nchekwa maka ngwaike na ngwanrọ na-arụ ọrụ cryptographic.
NDỤMỌDỤ emetụtara
Nkarịrị ndị nkịtị na asambodo FIPS

gafereview

Ịghọta Junos OS na ọnọdụ FIPS
N'akụkụ a

Platform akwadoro na ngwaike | 2
Banyere ókèala Cryptographic na ngwaọrụ gị | 3
Kedu ka ọnọdụ FIPS si dị iche na ọnọdụ na-abụghị FIPS | 3
Ụdị Junos OS kwadoro na ọnọdụ FIPS | 3

Federal Information Processing Standards (FIPS) 140-2 na-akọwa ọkwa nchekwa maka ngwaike na ngwanrọ na-arụ ọrụ cryptographic. Nke a Juniper Networks rawụta na-agba Juniper Networks Junos sistemụ arụmọrụ (Junos OS) na FIPS mode soro FIPS 140-2 Ọkwa 1 ọkọlọtọ.
Ịrụ ọrụ rawụta a na mpaghara FIPS 140-2 Ọkwa 1 chọrọ inye na ịhazi ọnọdụ FIPS na ngwaọrụ ndị sitere na Junos OS Command-line interface (CLI).
Onye ọrụ Crypto ahụ na-enyere ọnọdụ FIPS aka na Junos OS ma guzobe igodo na okwuntughe maka sistemụ na ndị ọrụ FIPS ndị ọzọ.
Platform na ngwaike akwadoro
Maka atụmatụ akọwara n'ime akwụkwọ a, a na-eji nyiwe ndị a iji tozuo asambodo FIPS:

Ngwa MX960, MX480 na MX240 arụnyere na RE-S-1800X4 na LC MPC7E-10G (https://www.juniper.net/us/en/products/routers/mx-series/mx960-universal-routing-platform.html,
https://www.juniper.net/us/en/products/routers/mx-series/mx480-universal-routing-platform.html, na
https://www.juniper.net/us/en/products/routers/mx-series/mx240-universal-routing-platform.html).
Ngwa MX960, MX480 na MX240 arụnyere na RE-S-X6 na LC MPC7E-10G (https://www.juniper.net/us/en/products/routers/mx-series/mx960-universal-routing-platform.html, https://www.juniper.net/us/en/products/routers/mx-series/mx480-universal-routing-platform.html, na
https://www.juniper.net/us/en/products/routers/mx-series/mx240-universal-routing-platform.html).

Banyere ókèala Cryptographic na ngwaọrụ gị
Nrube isi FIPS 140-2 chọrọ oke ala nzuzo akọwapụtara gburugburu modul cryptographic ọ bụla na ngwaọrụ. Junos OS dị na ọnọdụ FIPS na-egbochi modul cryptographic ime ngwa ngwa ọ bụla na-abụghị akụkụ nke nkesa ikike FIPS, ma na-enye ohere naanị FIPS kwadoro algọridim cryptographic. Ọ nweghị paramita nchekwa dị egwu (CSPs), dị ka okwuntughe na igodo, nwere ike gafere ókèala cryptographic nke modul ahụ n'ụdị ezoro ezo.
kpachara anya: Anaghị akwado atụmatụ chassis mebere na ọnọdụ FIPS. Hahazila chassis mebere na ọnọdụ FIPS.

Kedu ka ọnọdụ FIPS si dị iche na ọnọdụ na-abụghị FIPS
Junos OS na ọnọdụ FIPS dị iche n'ụzọ ndị a site na Junos OS na ọnọdụ na-abụghị FIPS:

A na-eme nyocha nke onwe nke algọridim cryptographic niile na mmalite.
A na-eme ule onwe nke nọmba random na ọgbọ igodo mgbe niile.
Algọridim nke cryptographic adịghị ike dị ka Data Encryption Standard (DES) na MD5 nwere nkwarụ.

Agaghị ahazi njikọ njikwa adịghị ike ma ọ bụ ezoro ezo.
A ga-ejirịrị algọridim siri ike otu ụzọ ezoro ezo okwuntughe na-anaghị ekwe ka nbibi.
Okwuntughe onye nchịkwa ga-enwerịrị opekata mpe mkpụrụedemede iri ogologo.

Ụdị Junos OS kwadoro na ọnọdụ FIPS
Iji chọpụta ma ntọhapụ Junos OS ọ bụ NIST kwadoro, hụ ibe ndụmọdụ nnabata na Juniper Networks. Web saịtị (https://apps.juniper.net/compliance/).
NDỤMỌDỤ emetụtara
Na-achọpụta nnyefe ngwaahịa echekwara | 7

Ịghọta Okwu FIPS na Algorithms Cryptographic akwadoro
N'akụkụ a
Okwu okwu | 4
Algorithms Cryptographic akwadoro | 5
Jiri nkọwa nke usoro FIPS, yana algọridim akwadoro iji nyere gị aka ịghọta Junos OS na ọnọdụ FIPS.

Okwu okwu
Oke nchekwa dị egwu (CSP)
Ozi metụtara nchekwa — maka example, igodo nzuzo na nzuzo yana data nyocha dị ka okwuntughe na nọmba njirimara onwe onye (PINs) - nke mkpughe ma ọ bụ mgbanwe ya nwere ike imebi nchekwa nke modul cryptographic ma ọ bụ ozi ọ na-echebe. Maka nkọwa, lee “Ịghọta gburugburu ebe ọrụ maka Junos OS na ọnọdụ FIPS” na ibe 16.
modul Cryptographic
Ntọala ngwaike, ngwanrọ na ngwa ngwa nke na-arụ ọrụ nchekwa akwadoro (gụnyere algọridim nke cryptographic na ọgbọ isi) ma dị n'ime oke ala cryptographic.
FIPS
Ụkpụrụ nhazi ozi Federal. FIPS 140-2 na-akọwapụta ihe achọrọ maka nchekwa na modul cryptographic. Junos OS na ọnọdụ FIPS na-akwado FIPS 140-2 Ọkwa 1.
Ọrụ mmezi FIPS
Ọrụ onye ọrụ Crypto na-ewere ịrụ ọrụ nlekọta anụ ahụ ma ọ bụ ọrụ nlekọta ezi uche dị ka ngwaike ma ọ bụ nchọpụta ngwanrọ. Maka nnabata FIPS 140-2, onye ọrụ Crypto zeroizes the Routing Engine na ntinye na pụọ na ọrụ mmezi FIPS iji kpochapụ ihe nzuzo nzuzo niile na igodo nzuzo yana CSP enweghị nchebe.
IHE: A naghị akwado ọrụ mmezi FIPS na Junos OS na ọnọdụ FIPS.
KAT
Nlele azịza amaara. Nnwale onwe sistemu nke na-akwado mmepụta nke algọridim cryptographic akwadoro maka FIPS wee nwalee iguzosi ike n'ezi ihe nke ụfọdụ modul Junos OS. Maka nkọwapụta, lee “Ịghọta ule onwe FIPS” na ibe 73.
SSH
Protocol nke na-eji nyocha siri ike na izo ya ezo maka ịnweta ohere n'ofe netwọk enweghị nchebe. SSH na-enye nbanye dịpụrụ adịpụ, mmemme mmemme dịpụrụ adịpụ, file oyiri, na ọrụ ndị ọzọ. Ezubere ya ka ọ bụrụ nnọchi echekwara maka rlogin, rsh na rcp na gburugburu UNIX. Iji chekwaa ozi ezitere na njikọ nhazi, jiri SSHv2 maka nhazi CLI. Na Junos OS, a na-enyere SSHv2 aka na ndabara, yana SSHv1, nke a na-echeghị na ọ dị nchebe, nwere nkwarụ. Zeroization
Ikpochapụ ihe niile CSP na data onye ọrụ ndị ọzọ mepụtara na ngwaọrụ tupu arụ ọrụ ya dị ka modul cryptographic FIPS ma ọ bụ na nkwadebe maka ịmegharị ngwaọrụ ndị ahụ maka ịrụ ọrụ na-abụghị FIPS.
Onye ọrụ Crypto nwere ike mebie sistemu ahụ site na iji iwu arụmọrụ CLI.
Algorithms Cryptographic akwadoro
Tebụl 1 na ibe 6 na-achịkọta nkwado algọridim protocol dị elu.
Tebụl 1: Usoro ekwenyere na ọnọdụ FIPS

Protocol	Igodo Mgbanwe	Nyocha	Cipher	Iguzosi ike n'ezi ihe
SSHv2	• dh-otu14-sha1 • ECDH-sha2-nistp256 • ECDH-sha2-nistp384 • ECDH-sha2-nistp521	Onye ọbịa (modul): • ECDSA P-256 • SSH-RSA Onye ahịa (onye ọrụ): • ECDSA P-256 • ECDSA P-384 • ECDSA P-521 • SSH-RSA	• AES CTR 128 • AES CTR 192 • AES CTR 256 • AES CBC 128 • AES CBC 256	• HMAC-SHA-1 • HMAC-SHA-256 • HMAC-SHA-512

Tebụl 2 na ibe 6 depụtara ciphers MACsec LC kwadoro.
Tebụl 2: MACsec LC akwadoro Ciphers
MACsec LC Ciphers kwadoro
AES-GCM-128
AES-GCM-256
A na-enyocha mmejuputa atumatu algọridim ọ bụla site na usoro nnwale azịza amaara ama (KAT) nke onwe. Ọdịda ule onwe onye ọ bụla na-ebute ọnọdụ njehie FIPS.
Omume Kasị Mma: Maka nnabata FIPS 140-2, jiri naanị FIPS kwadoro algọridim cryptographic na Junos OS na ọnọdụ FIPS.
A na-akwado algọridim nke cryptographic ndị a na ọnọdụ FIPS. Ụzọ Symmetric na-eji otu igodo maka izo ya ezo na ntupu, ebe ụzọ asymmetric na-eji igodo dị iche iche maka izo ya ezo na ntupu.
AES
The Advanced Encryption Standard (AES), nke akọwara na FIPS PUB 197. AES algọridim na-eji igodo nke 128, 192, ma ọ bụ 256 bits iji zoo ma decrypt data na ngọngọ nke 128 bits.
ECDH
Elliptic Curve Diffie-Hellman. Ọdịiche dị n'ụdị mgbanwe Algọridim igodo Diffie-Hellman nke na-eji cryptography dabere na usoro algebra nke akụkụ elliptik n'ofe mpaghara nwere oke. ECDH na-enye ohere ka ndị otu abụọ, nke ọ bụla nwere ụzọ igodo ụzọ ọha na nkeonwe, ka ha guzobe nzuzo na-ekekọrịta na ọwa enweghị nchebe. Enwere ike iji nzuzo kekọrịtara ma ọ bụ igodo ma ọ bụ nweta igodo ọzọ maka izo ya ezo ozi na-esote site na iji cipher igodo symmetric.
ECDSA
Algorithm mbinye aka dijitalụ Elliptic Curve. Ụdị Algorithm Digital Signature Algorithm (DSA) nke na-eji cryptography dabere na usoro algebra nke akụkụ elliptik n'elu mpaghara nwere oke. Nha ntakịrị nke eriri elliptik na-ekpebi ihe isi ike nke ibelata igodo. Igodo ọha kwenyere na ọ dị mkpa maka ECDSA dị ihe dị ka okpukpu abụọ nke ọkwa nchekwa, na ibe n'ibe. Enwere ike ịhazi ECDSA site na iji usoro P-256, P-384, na P-521 n'okpuru OpenSSH.
HMAC
Akọwapụtara dị ka "Keyed-Hashing for Authentication Ozi" na RFC 2104, HMAC na-ejikọta algọridim hashing na igodo cryptographic maka nyocha ozi. Maka Junos os na ọnọdụ FIPS, HMAC na-eji ọrụ hash cryptographic igerated SHA-1, SHA-256, na SHA-512 yana igodo nzuzo.
SHA-256 na SHA-512
Secure hash algọridim (SHA) bụ nke ọkọlọtọ SHA-2 akọwapụtara na FIPS PUB 180-2. NIST mebere ya, SHA-256 na-ewepụta mgbaze hash 256-bit, yana SHA-512 na-ewepụta mgbaze hash 512-bit.
NDỤMỌDỤ emetụtara
Ịghọta FIPS Nyocha onwe | 73
Ịghọta Zeroization iji kpochapụ data sistemụ maka ọnọdụ FIPS | 25
Ịmata nnyefe ngwaahịa echekwara
Enwere ọtụtụ usoro enyere na usoro nnyefe iji hụ na onye ahịa na-enweta ngwaahịa na-abụghị tampeji ya. Onye ahịa kwesịrị ime nlele ndị a mgbe ọ natachara ngwaọrụ iji chọpụta izi ezi nke ikpo okwu.

Labelụ mbupu — Gbaa mbọ hụ na akara mbupu na-achọpụta aha na adreesị ndị ahịa ziri ezi yana ngwaọrụ ahụ.

Nkwakọ ngwaahịa dị n'èzí - Nyochaa igbe mbupu na teepu. Gbaa mbọ hụ na ebipụbeghị teepu mbupu ma ọ bụ mebie ya. Gbaa mbọ hụ na ebipụbeghị ma ọ bụ mebie igbe ahụ ka ị nweta ohere ịnweta ngwaọrụ.
Nkwakọ ngwaahịa dị n'ime - Lelee akpa rọba ma mechie ya. Gbaa mbọ hụ na ebipụghị ma ọ bụ wepụ akpa ahụ. Gbaa mbọ hụ na akara ahụ ka dịgidere.

Ọ bụrụ na onye ahịa ahụ achọpụta nsogbu n'oge nyocha, ọ ga-akpọtụrụ onye na-ebubata ya ozugbo. Nye nọmba usoro, akara nsochi, na nkọwa nke nsogbu achọpụtara nye onye na-ebubata ya.
Na mgbakwunye, enwere ọtụtụ ndenye ego enwere ike ịme iji hụ na onye ahịa enwetala igbe Juniper Networks zitere ọ bụghị ụlọ ọrụ dị iche na-eme ka Juniper Networks. Onye ahịa kwesịrị ime nlele ndị a mgbe ọ natachara ngwaọrụ iji chọpụta izi ezi nke ngwaọrụ ahụ:

Nyochaa na enyere iwu ngwaọrụ ahụ site na iji usoro ịzụrụ ihe. Agaghị ebufe ngwaọrụ netwọk Juniper na-enweghị usoro ịzụrụ ihe.

Mgbe ebupu ngwaọrụ, a na-eziga ọkwa mbupu na adreesị ozi-e nke onye ahịa nyere mgbe ewepụtara ya. Chọpụta na enwetara ọkwa email a. Chọpụta na ozi-e ahụ nwere ozi ndị a:
Ịzụta nọmba
Juniper Networks nọmba iji soro mbupu
Nọmba nsochi ụgbọelu ejiri iji soro mbupu
Ndepụta ihe ezigara gụnyere nọmba nsonazụ
Adreesị na kọntaktị nke ma ndị na-ebubata ma ndị ahịa

Nyochaa na Juniper Networks butere mbupu a. Iji chọpụta na Juniper Networks butere mbupu, ị kwesịrị ịrụ ọrụ ndị a:
Tụlee nọmba nsochi ụgbọelu nke nọmba usoro Juniper Networks depụtara na ọkwa mbupu Juniper Networks yana nọmba nsochi dị na ngwugwu natara.

Banye na Juniper Networks dị n'ịntanetị nkwado ndị ahịa na https://support.juniper.net/support/ na view ọnọdụ ịtụ. Tụlee nọmba nsochi ụgbọelu ma ọ bụ nọmba usoro Juniper Networks edepụtara na ọkwa mbupu Juniper Networks yana nọmba nsochi dị na ngwugwu natara.

Ịghọta Interface Management
Enwere ike iji njikwa njikwa ndị a na nhazi enyochala:

Interfaces njikwa mpaghara—Ọdụ ụgbọ mmiri RJ-45 dị na ngwaọrụ a ka ahaziri dị ka ngwa ngwa data RS-232 (DTE). Ị nwere ike iji interface-line interface (CLI) n'elu ọdụ ụgbọ mmiri a iji hazie ngwaọrụ site na ọnụ.
Protocols Management Remote—Enwere ike ijikwa ngwaọrụ a n'ebe dịpụrụ adịpụ site na interface Ethernet ọ bụla. SSHv2 bụ naanị ụkpụrụ njikwa ime obodo anabatara nke enwere ike iji na nhazi enyochala. Usoro njikwa anya J-Web na Telnet adịghị maka ojiji na ngwaọrụ.

Na-ahazi nzere nchịkwa na ihe ùgwù

Ịghọta Iwu Paswọdu agbakwunyere maka onye nchịkwa ikike
Ejikọtara onye nchịkwa ikike na klaasị nbanye akọwapụtara, yana ikike niile ekenye onye nchịkwa. A na-echekwa data na mpaghara maka njirimara paswọọdụ edobere.
IHE: Ejila akara akara na okwuntughe.
Jiri ntuziaka na nhọrọ nhazi maka okwuntughe yana mgbe ị na-ahọpụta okwuntughe maka akaụntụ nchịkwa ikike. Okwuntughe kwesịrị ịbụ:

Ọ dị mfe icheta ka ndị ọrụ ghara ịnwa ide ya.

Na-agbanwe kwa oge.
Nkeonwe na anaghị ekenye onye ọ bụla.
Nwere opekata mpe mkpụrụedemede iri. Ogologo okwuntughe kacha nta bụ mkpụrụedemede iri.
[ edit ] administ @ onye ọbịa# setịpụrụ paswọọdụ nbanye sistemu opekempe-ogologo 10
Gụnye ma mkpụrụedemede mkpụrụedemede na akara edemede, mejupụtara nchikota nke mkpụrụedemede ukwu na obere mkpụrụedemede, ọnụọgụ na mkpụrụedemede pụrụ iche dịka, “!”, “@”, “#”, “$”, “%”, “^”, “ &", "*", "(" na ")".
Ekwesịrị inwe opekata mpe mgbanwe n'otu ikpe, otu mkpụrụ akwụkwọ ma ọ bụ karịa, yana otu akara edemede ma ọ bụ karịa.
Nwere tent agwa. Ntọala agwa dabara adaba gụnyere mkpụrụedemede ukwu, obere mkpụrụedemede, ọnụọgụ, akara edemede na mkpụrụedemede pụrụ iche ndị ọzọ.
[ edit ] administ @ onye ọbịa# setịpụrụ usoro nbanye paswọọdụ mgbanwe-ụdị agwa-sets
Nwere opekempe ọnụọgụ tent ma ọ bụ mgbanwe agwa. Opekempe ọnụọgụ mkpụrụedemede achọrọ na okwuntughe ederede dị na Junos FIPS bụ 3.
[ edit ] admin@host# setịpụrụ paswọọdụ nbanye sistemụ kacha nta-mgbanwe 3
Algọridim hashing maka okwuntughe onye ọrụ nwere ike ịbụ SHA256 ma ọ bụ SHA512 (SHA512 bụ algọridim hashing ndabara).
[edit ] onye nchịkwa @ onye ọbịa# setịpụrụ usoro paswọọdụ nbanye usoro sha512
IHE: Ngwaọrụ na-akwado ụdị igodo ECDSA (P-256, P-384, na P-521) na RSA (2048, 3072, na 4092 modulus bit length).
Okwuntughe adịghị ike bụ:
Okwu ndị enwere ike ịhụ na ma ọ bụ dị dị ka ụdị agbadoro n'usoro file dị ka /etc/passwd.
Aha nnabata nke sistemu (mgbe a na-eche na mbụ).
Okwu ọ bụla pụtara n'akwụkwọ ọkọwa okwu. Nke a gụnyere akwụkwọ ọkọwa okwu ndị ọzọ na-abụghị Bekee, yana okwu ndị a na-ahụ n'ọrụ dịka Shakespeare, Lewis Carroll, Roget's Thesaurus, na ndị ọzọ. Mmachibido iwu a gụnyere okwu na nkebiokwu nkịtị sitere na egwuregwu, okwu, ihe nkiri, na ihe nkiri telivishọn.
Permutations na nke ọ bụla n'ime ndị a dị n'elu. Maka example, okwu ọkọwa okwu nwere ụdaume jiri mkpụrụọnụ dochie (maka example f00t) ma ọ bụ jiri nkeji gbakwunyere na njedebe.
Okwuntughe nke igwe mepụtara. Algorithms na-ebelata ohere ọchụchọ nke mmemme ntule okwuntughe ma yabụ na ekwesighi iji ya.
Okwuntughe enwere ike ijigharị siri ike nwere ike dabere na mkpụrụedemede sitere na nkebiokwu ma ọ bụ okwu ọkacha mmasị, wee jikọta ya na okwu ndị ọzọ na-enweghị njikọ, yana nkeji na akara edemede agbakwunyere.

NDỤMỌDỤ emetụtara
Na-achọpụta nnyefe ngwaahịa echekwara | 7

Na-ahazi ọrụ na ụzọ nyocha

Ịghọta Ọrụ na Ọrụ maka Junos OS
N'akụkụ a
Ọrụ onye ọrụ Crypto na ọrụ | 15
Ọrụ FIPS Onye Ọrụ na Ọrụ | 15
Ihe a na-atụ anya ya n'aka ndị ọrụ FIPS niile | 16
Ejikọtara onye na-ahụ maka nchekwa na ngalaba nchekwa nchekwa klaasị akọwapụtara, nke nwere ikike edobere iji nye onye nchịkwa ohere ịrụ ọrụ niile dị mkpa iji jikwaa Junos OS. Ndị ọrụ nchịkwa (Onye nchịkwa nchekwa) ga-enyerịrị njirimara na data nyocha pụrụ iche tupu enye ohere nchịkwa ọ bụla na sistemụ ahụ.
Ọrụ na ọrụ ndị nchịkwa nchekwa bụ ndị a:

Onye na-ahụ maka nchekwa nwere ike ịhazi mpaghara na n'ime ime obodo.
Mepụta, gbanwee, hichapụ akaụntụ nchịkwa, gụnyere nhazi nke paramita ọdịda nyocha.
Tinyegharịa akaụntụ onye nchịkwa.
Na-ahụ maka nhazi na nhazi nke ihe ndị na-emepụta ihe na-ejikọta na nguzobe nke njikọ echekwara na na site na ngwaahịa enyochara.

Sistemụ arụmọrụ Juniper Networks Junos (Junos OS) na-agba ọsọ na ọnọdụ na-abụghị FIPS na-enye ikike dị ukwuu maka ndị ọrụ, yana nyocha dabere na njirimara. N'ụzọ dị iche, ọkọlọtọ FIPS 140-2 na-akọwa ọrụ onye ọrụ abụọ: Onye ọrụ Crypto na onye ọrụ FIPS. A kọwapụtara ọrụ ndị a n'usoro nke ike onye ọrụ Junos OS.
Ụdị onye ọrụ ndị ọzọ akọwapụtara maka Junos OS na ọnọdụ FIPS (onye ọrụ, onye ọrụ nchịkwa, na ihe ndị ọzọ) ga-adaba n'otu n'ime ụdị abụọ a: Onye ọrụ Crypto ma ọ bụ onye ọrụ FIPS. Maka nke a, njirimara onye ọrụ na ọnọdụ FIPS dabere na ọrụ kama dabere na njirimara.
Onye ọrụ Crypto na-arụ ọrụ nhazi niile metụtara ọnọdụ FIPS wee nye nkwupụta na iwu niile maka Junos OS na ọnọdụ FIPS. Onye ọrụ Crypto na nhazi onye ọrụ FIPS ga-agbasorịrị ntuziaka maka Junos OS na ọnọdụ FIPS.
Ọrụ na ọrụ onye ọrụ Crypto
Onye ọrụ Crypto bụ onye na-ahụ maka inye, ịhazi, nlekota na idowe Junos OS na ọnọdụ FIPS na ngwaọrụ. Onye ọrụ Crypto ahụ na-etinye Junos os n'enweghị ntụkwasị obi na ngwaọrụ ahụ, na-enyere ọnọdụ FIPS aka, guzobe igodo na okwuntughe maka ndị ọrụ ndị ọzọ yana modul sọftụwia, wee bido ngwaọrụ ahụ tupu njikọ netwọkụ.
Omume kacha mma: Anyị na-akwado ka onye ọrụ Crypto na-elekọta usoro ahụ n'ụzọ dị nchebe site na idobe okwuntughe na ịlele nyocha files.
Ikike nke na-ekewa onye ọrụ Crypto na ndị ọrụ FIPS ndị ọzọ bụ ihe nzuzo, nchekwa, mmezi, na njikwa. Maka nnabata FIPS, kenye onye ọrụ Crypto na klaasị nbanye nwere ikike ndị a niile. Onye ọrụ nwere ikike mmezi Junos OS nwere ike ịgụ ya files nwere paramita nchekwa dị egwu (CSPs).
IHE: Junos OS dị na ọnọdụ FIPS anaghị akwado ọrụ mmezi FIPS 140-2, nke dị iche na ikike ndozi Junos OS.
N'ime ọrụ ndị metụtara Junos OS na ọnọdụ FIPS, a na-atụ anya ka onye ọrụ Crypto:

Tọọ okwuntughe mgbọrọgwụ nke mbụ. Ogologo okwuntughe kwesịrị ịbụ opekata mpe mkpụrụedemede iri.
Tọgharịa okwuntughe onye ọrụ na algọridim FIPS kwadoro.
Nyochaa ndekọ na nyocha files maka ihe omume mmasị.
Hichapụ onye ọrụ mepụtara files, igodo, na data site n'izere ngwaọrụ ahụ.

Ọrụ FIPS na ọrụ dịịrị ya
Ndị ọrụ FIPS niile, gụnyere onye ọrụ Crypto, nwere ike view nhazi. Naanị onye ọrụ ekenyere dị ka onye ọrụ Crypto nwere ike gbanwee nhazi ahụ.
Ikike nke na-ekewa ndị ọrụ Crypto na ndị ọrụ FIPS ndị ọzọ bụ nzuzo, nchekwa, mmezi na njikwa. Maka nnabata FIPS, kenye onye ọrụ FIPS na klaasị na-enweghị nke ọ bụla n'ime ikike ndị a.
Onye ọrụ FIPS nwere ike view mmepụta ọkwa mana enweghị ike ịmalitegharị ma ọ bụ mebie ngwaọrụ ahụ.
Ihe a na-atụ anya ya n'aka ndị ọrụ FIPS niile
Ndị ọrụ FIPS niile, gụnyere onye ọrụ Crypto, ga-edeberịrị ntuziaka nchekwa oge niile.
Ndị ọrụ FIPS niile ga-:

Debe okwuntughe niile nzuzo.
Chekwaa ngwaọrụ na akwụkwọ na mpaghara echekwara.
Tinye ngwaọrụ na mpaghara echedoro.
Lelee nyocha files kwa oge.
Dabere na iwu nchekwa FIPS 140-2 ndị ọzọ.
Soro ntuziaka ndị a:
• A tụkwasịrị ndị ọrụ obi.
• Ndị ọrụ na-agbaso ụkpụrụ nchekwa niile.
• Ndị ọrụ anaghị ama ụma mebie nchekwa
• Ndị ọrụ na-akpa àgwà ọma mgbe niile.

NDỤMỌDỤ emetụtara
Ngwaọrụ Juniper Networks na-agba Juniper Networks Junos sistemụ arụmọrụ (Junos OS) na ọnọdụ FIPS na-etolite ụdị ngwaike pụrụ iche na gburugburu ebe arụ ọrụ ngwanrọ dị iche na gburugburu ngwaọrụ na-abụghị FIPS:

Gburugburu akụrụngwa maka Junos OS na ọnọdụ FIPS
Junos OS dị na ọnọdụ FIPS na-ewepụta oke nzuzo na ngwaọrụ ahụ nke na-enweghị paramita nchekwa dị egwu (CSP) nwere ike ịgafe site na iji ederede doro anya. Akụkụ ngwaike ọ bụla nke ngwaọrụ chọrọ oke mkpuchi maka nnabata FIPS 140-2 bụ modul cryptographic dị iche. Enwere ụdị ngwaike abụọ nwere oke cryptographic na Junos OS na ọnọdụ FIPS: otu maka Injin Routing ọ bụla yana otu chassis dum nke gụnyere kaadị LC MPC7E-10G. Akụkụ ọ bụla na-etolite modul cryptographic dị iche. Nkwukọrịta metụtara CSP n'etiti gburugburu ebe nchekwa ndị a ga-emerịrị site na iji nzuzo.
Ụzọ cryptographic abụghị ihe dochie anya nchekwa anụ ahụ. Akụrụngwa ga-adịrịrị na gburugburu anụ ahụ echedoro. Ndị na-eji ụdị ọ bụla agaghị ekpughe igodo ma ọ bụ okwuntughe, ma ọ bụ kwe ka ndị ọrụ na-enyeghị ikike hụ ndekọ ma ọ bụ ndetu ederede.
Gburugburu software maka Junos OS na ọnọdụ FIPS
Ngwaọrụ Juniper Networks na-agba Junos OS na ọnọdụ FIPS na-etolite ụdị pụrụ iche nke gburugburu ebe arụ ọrụ anaghị arụ ọrụ. Iji nweta gburugburu ebe a na ngwaọrụ ahụ, usoro ahụ na-egbochi igbu ọnụọgụ abụọ ọ bụla file nke ahụ esoghị na Junos OS enwetara na nkesa ọnọdụ FIPS. Mgbe ngwaọrụ dị na ọnọdụ FIPS, ọ nwere ike ịgba ọsọ naanị Junos OS.
Ewubere mpaghara sọftụwia Junos OS dị na ọnọdụ FIPS ka onye ọrụ Crypto nyere aka nke ọma ọnọdụ FIPS na ngwaọrụ. Onyonyo Junos OS nke gụnyere ọnọdụ FIPS dị na Juniper Networks websaịtị na enwere ike itinye ya na ngwaọrụ na-arụ ọrụ.
Maka nnabata FIPS 140-2, anyị na-akwado ka ihichapụ ihe niile onye ọrụ mepụtara files na data site na igbanwe ngwaọrụ ahụ tupu ị nwee ọnọdụ FIPS.
Ịrụ ngwaọrụ gị na ọkwa FIPS 1 chọrọ iji tampakara pụtara ìhè iji mechie Engines Routing n'ime chassis.
Ịkwado ọnọdụ FIPS na-ewepụ ọtụtụ n'ime usoro na ọrụ Junos OS na-emebu. Karịsịa, ịnweghị ike ịhazi ọrụ ndị a na Junos OS na ọnọdụ FIPS:

mkpịsị aka
ftp
rlogin
ekwentị
tftp
xnm-ederede doro anya

Mgbalị ịhazi ọrụ ndị a, ma ọ bụ ibu nhazi site na ahaziri ọrụ ndị a, na-ebute njehie nhazi syntax.
Ị nwere ike iji naanị SSH dị ka ọrụ ịnweta ohere.
Okwuntughe niile emebere maka ndị ọrụ ka emelitechara gaa na Junos OS na ọnọdụ FIPS ga-emerịrị Junos OS na nkọwapụta ọnọdụ FIPS. Okwuntughe ga-adị n'etiti mkpụrụedemede 10 na 20 n'ogologo ma chọọ ka ojiji nke opekata mpe atọ n'ime mkpụrụedemede ise akọwapụtara ( mkpụrụedemede ukwu na obere mkpụrụedemede, mkpụrụ ọnụọgụ, akara edemede na mkpụrụedemede ahụigodo, dị ka % na &, etinyeghị ya na nke ọzọ. ngalaba anọ).
Mgbalị ịhazi okwuntughe ndị na-adabaghị n'iwu ndị a na-ebute mperi. Okwuntughe niile na igodo ndị a na-eji achọpụta ndị ọgbọ ga-abụrịrị opekata mpe mkpụrụedemede 10 n'ogologo, na n'ọnọdụ ụfọdụ ogologo ga-adakọrịrị na nha mgbari.
IHE: Ejikwala ngwaọrụ ahụ na netwọk ruo mgbe onye ọrụ Crypto mezue nhazi site na njikọ njikwa mpaghara.
Maka nrubeisi siri ike, enyochala ozi bụ isi na mkpọka na njikwa mpaghara na Junos OS na ọnọdụ FIPS n'ihi na enwere ike igosi ụfọdụ CSP na ederede doro anya.
Oke nchekwa dị egwu
Ihe nchekwa dị egwu (CSPs) bụ ozi metụtara nchekwa dị ka igodo nzuzo na okwuntughe nke nwere ike imebi nchekwa nke modul cryptographic ma ọ bụ nchekwa ozi nke modul chekwara ma ọ bụrụ na ekpughere ma ọ bụ gbanwee ha.
Zeroization nke sistemu na-ehichapụ akara niile nke CSP na nkwadebe maka ịrụ ọrụ ngwaọrụ ma ọ bụ Routing Engine dị ka modul cryptographic.
Tebụl 3 na ibe 19 depụtara CSP na ngwaọrụ ndị na-agba Junos OS.
Tebụl 3: Oke nchekwa dị egwu

CSP	Nkọwa	Zeroize	Jiri
SSHv2 igodo nnabata nzuzo	Igodo ECDSA / RSA ejiri mata onye nnabata, emebere oge izizi SSH.	Zeroize iwu.	Eji achọpụta onye nnabata.
igodo oge SSHv2	Igodo nnọkọ ejiri SSHv2 yana dịka igodo nzuzo Diffie-Hellman. Ihe nzuzo: AES-128, AES-192, AES-256. MAC: HMAC-SHA-1, HMAC-SHA-2-256, HMAC-SHA2-512. Mgbanwe igodo: dh-group14-sha1, ECDH-sha2-nistp-256, ECDH-sha2-nistp-384, na ECDH-sha2-nistp-521.	Ike okirikiri ma kwụsị nnọkọ.	Igodo Symmetric ejiri ezoro data n'etiti onye ọbịa na onye ahịa.
Igodo njirimara onye ọrụ	Hash nke paswọọdụ onye ọrụ: SHA256, SHA512.	Zeroize iwu.	Ejiri iji gosi onye ọrụ na modul cryptographic.
Igodo nyocha onye ọrụ Crypto	Hash nke paswọọdụ onye ọrụ Crypto: SHA256, SHA512.	Zeroize iwu.	Ejiri ya nyochaa onye ọrụ Crypto na modul cryptographic.
HMAC DRBG mkpụrụ	Mkpụrụ maka deterministic randon bit generator (DRBG).	A naghị echekwa mkpụrụ site na modul cryptographic.	A na-eji maka mkpụrụ DRBG.
Ọnụ ego HMAC DRBG V	Uru (V) nke ogologo ngọngọ mmepụta (outlen) na ibe n'ibe, nke a na-emelite oge ọ bụla a na-emepụta ihe mmepụta ihe ọzọ.	okirikiri ike.	Uru dị oke egwu nke ọnọdụ ime DRBG.

CSP	Nkọwa	Zeroize	Jiri
uru igodo HMAC DRBG	Uru nke igodo outlen-bit dị ugbu a, nke a na-emelite opekata mpe otu oge na usoro DRBG na-ewepụta ibe n'ibe pseudorandom.	okirikiri ike.	Uru dị oke egwu nke ọnọdụ ime DRBG.
Ọnụ ego nke NDRNG	Ejiri ya dị ka eriri ntinye entropy na HMAC DRBG.	okirikiri ike.	Uru dị oke egwu nke ọnọdụ ime DRBG.

Na Junos OS na ọnọdụ FIPS, CSP niile ga-abanyerịrị ma hapụ modul cryptographic n'ụdị ezoro ezo.
CSP ọ bụla ezoro ezo na algọridim anaghị akwadoro ka FIPS na-ewere ederede dị larịị.
Omume kacha mma: Maka nnabata FIPS, hazie ngwaọrụ n'elu njikọ SSH n'ihi na ha bụ njikọ ezoro ezo.
A na-eji SHA256 ma ọ bụ SHA512 algọridim kụchie okwuntughe mpaghara. Iweghachi okwuntughe agaghị ekwe omume na Junos OS na ọnọdụ FIPS. Junos OS na ọnọdụ FIPS enweghị ike ịbanye n'ụdị onye ọrụ na-enweghị ezigbo paswọọdụ mgbọrọgwụ.
Ịghọta nkọwapụta okwuntughe na ntuziaka maka Junos OS na ọnọdụ FIPS
Okwuntughe niile hibere maka ndị ọrụ site n'aka onye ọrụ Crypto ga-agbasorịrị Junos OS ndị a na ọnọdụ FIPS chọrọ. Mgbalị ịhazi okwuntughe ndị na-adabaghị na nkọwapụta ndị a na-ebute mperi.

Ogologo. Okwuntughe ga-enwerịrị n'etiti mkpụrụedemede 10 na 20.
Ihe achọrọ setịpụrụ agwa. Okwuntughe ga-enwerịrị opekata mpe atọ n'ime mkpụrụedemede ise akọwapụtara:
mkpụrụedemede ukwu
mkpụrụedemede nta
Ọnụọgụ
Akara akara
Ederede ahụigodo etinyeghị na nhazi anọ ndị ọzọ - dị ka akara pasenti (%) na nke amperand (&)

Achọrọ nyocha. Okwuntughe na igodo niile a na-eji achọpụta ndị ọgbọ ga-enwerịrị opekata mpe mkpụrụedemede iri, na n'ọnọdụ ụfọdụ ọnụọgụ mkpụrụedemede ga-adakọrịrị na nha mgbari.
Izo ya ezo okwuntughe. Ka ịgbanwee usoro nzuzo nke ndabara (SHA512) gụnyere nkwupụta usoro na ọkwa ọkwa [edit sistemu nbanye] ọkwa.

Ntuziaka maka okwuntughe siri ike. Okwuntughe siri ike, enwere ike ịmegharị ọzọ nwere ike dabere na mkpụrụedemede sitere na nkebiokwu ma ọ bụ okwu ọkacha mmasị wee jikọta ya na okwu ndị ọzọ na-enweghị njikọ, yana nkeji agbakwunyere na akara edemede. N'ozuzu, okwuntughe siri ike bụ:

Ọ dị mfe icheta ka ndị ọrụ ghara ịnwa ide ya.
Ihe mejupụtara mkpụrụedemede mkpụrụedemede na akara edemede agwakọtara. Maka nnabata FIPS gụnyere opekata mpe otu mgbanwe nke ikpe, otu mkpụrụ akwụkwọ ma ọ bụ karịa, yana otu akara edemede ma ọ bụ karịa.
Na-agbanwe kwa oge.
Achọghị onye ọ bụla.
Njirimara okwuntughe adịghị ike. Ejila okwuntughe adịghị ike ndị a:

Okwu ndị enwere ike ịhụ na ma ọ bụ dị dị ka ụdị agbadoro n'usoro files dị ka /etc/passwd.
Aha nnabata nke sistemu (mgbe a na-eche na mbụ).
Okwu ma ọ bụ akpaokwu ọ bụla pụtara na akwụkwọ ọkọwa okwu ma ọ bụ ebe ọzọ amaara nke ọma, gụnyere akwụkwọ ọkọwa okwu na thesauruses n'asụsụ ndị ọzọ na-abụghị Bekee; na-arụ ọrụ nke oge gboo ma ọ bụ ndị edemede a ma ama; ma ọ bụ okwu nkịtị na nkebiokwu sitere na egwuregwu, okwu, ihe nkiri ma ọ bụ ihe nkiri telivishọn.
Nkwenye na nke ọ bụla n'ime ihe ndị a dị n'elu-maka example, okwu ọkọwa okwu nwere mkpụrụedemede ejiri nkeji (r00t) dochie ma ọ bụ jiri ọnụọgụ gbakwunyere na njedebe.

Okwuntughe igwe arụpụtara ọ bụla. Algorithms na-ebelata ohere ọchụchọ nke mmemme ntule okwuntughe ma yabụ na agaghị eji ya.

Nbudata ngwugwu ngwanrọ sitere na netwọkụ Juniper
Ị nwere ike ibudata ngwungwu ngwanrọ Junos OS maka ngwaọrụ gị site na Juniper Networks websaịtị.
Tupu ịmalite ibudata ngwanro a, hụ na ị nwere Juniper Networks Web akaụntụ na ezigbo nkwekọrịta nkwado. Iji nweta akaụntụ, dejupụta fọm ndebanye aha na Juniper Networks websaịtị: https://userregistration.juniper.net/.
Ka ibudata ngwungwu ngwanrọ na Juniper Networks:

Iji a Web nchọgharị, soro njikọ na nbudata URL na Juniper Networks webibe. https://support.juniper.net/support/downloads/

Banye na sistemụ nyocha Juniper Networks site na iji aha njirimara (n'ozuzu adreesị ozi-e gị) na paswọọdụ ndị nnọchite anya Juniper Networks wetara.
Budata ngwanrọ. Lee Nbudata ngwanrọ.

NDỤMỌDỤ emetụtara
Ntuziaka nwụnye na nkwalite
Ịwụnye ngwanrọ na ngwaọrụ nwere Single Routing Engine
Ị nwere ike iji usoro a kwalite Junos OS na ngwaọrụ site na iji otu Routing Engine.
Ka ịwụnye nkwalite sọftụwia na ngwaọrụ nwere otu Routing Engine:

Budata ngwungwu ngwanrọ dịka akọwara na ya Nbudata ngwugwu ngwanrọ sitere na netwọkụ Juniper.

Ọ bụrụ na imebeghị nke a, jikọọ na ọdụ ụgbọ mmiri dị na ngwaọrụ site na ngwaọrụ njikwa gị, wee banye na Junos OS CLI.
(Nhọrọ) Kwado nhazi ngwanrọ ugbu a na nhọrọ nchekwa nke abụọ. Lee ihe Ntuziaka ntinye na nkwalite ngwanrọ maka ntuziaka maka ịrụ ọrụ a.
(Nhọrọ) Detuo ngwungwu ngwanrọ na ngwaọrụ ahụ. Anyị na-akwado ka ị jiri FTP idetuo ya file gaa na /var/tmp/ ndekọ.
Nzọụkwụ a bụ nhọrọ n'ihi na Junos OS nwekwara ike kwalite mgbe echekwabara oyiyi software n'ebe dịpụrụ adịpụ. Ntuziaka ndị a na-akọwa usoro nkwalite ngwanrọ maka ọnọdụ abụọ ahụ.

Wụnye ngwungwu ọhụrụ na ngwaọrụ: Maka REMX2K-X8: onye ọrụ @ onye ọbịa> rịọ vmhost sọftụwia tinye
Maka RE1800: onye ọrụ @ onye ọbịa> gbakwunye ngwanrọ sistemụ arịrịọ
Dochie ngwugwu na otu n'ime ụzọ ndị a:
• Maka ngwugwu ngwanrọ na ndekọ mpaghara na ngwaọrụ ahụ, jiri /var/tmp/package.tgz.
• Maka ngwugwu ngwanrọ na sava dịpụrụ adịpụ, jiri otu n'ime ụzọ ndị a, jiri aha ngwugwu ngwanrọ dochie ngwugwu nhọrọ mgbanwe.
• ftp://hostname/pathname/package.tgz
• ftp://hostname/pathname/package.tgz
Malitegharịa ngwaọrụ ka ibunye nrụnye:
Maka REMX2K-X8:
user@host> rịọ vmhost reboot
Maka RE1800:
user@host> rịọgharịa sistemụ arịrịọ
Mgbe nrụgharị ahụ mechara, banye wee jiri iwu ụdị ngosi gosi na arụnyere ụdị ngwanro ọhụrụ ahụ nke ọma.
user@host> ngosi ụdị
Ụdị: mx960
Junos: 20.3X75-D30.1
JUNOS OS Kernel 64-bit [20210722.b0da34e0_builder_stable_11-204ab] JUNOS OS libs [20210722.b0da34e0_builder_stable_11-204ab] JUNOSab oge ịgba ọsọ [20210722] Ozi mpaghara oge JUNOS OS [0.b34da0e11_builder_stable_204-20210722ab] JUNOS nchịkọta netwọkụ na akụrụngwa. [0_builder_junos_34_x0_d11] JUNOS libs [204_builder_junos_20210812.200100_x203_d75] JUNOS OS libs compat30 [20210812.200100] Os os 203-bit ndakọrịta [75.b30da32e20210722_builder_stable_0-34ab] JUNOS libs compat0 [11_builder_junos_204_x32_d20210722] JUNOS oge ojiri gaa [0ilder_junos_34_x0_d11] _d204] JUNOS sflow mx [32_builder_junos_20210812.200100_x203_d75] JUNOS py extensions30 [20210812.200100_builder_junos_203_x75_d30] JUNOS py extensions [20210812.200100] UNOS py base203 [75_builder_junos_30_x2_d20210812.200100] JUNOS py base [203_builder_junos_75_x30_d20210812.200100] JUNOSbuilder_203 crypto [75. OS boot-ve files [20210722.b0da34e0_builder_stable_11-204ab] JUNOS na telemetry [20.3X75-D30.1] JUNOS Security Intelligence [20210812.200100_builder_junos_203_x75_d30m32_builder_junos_20210812.200100_x203_d75m30x20210812.200100 m203ilder_junos. 75_builder_junos_30_x20.3_d75] JUNOS mx oge ojiri gaa [30.1_builder_junos_20210812.200100_x203_d75] JUNOS RPD Telemetry Ngwa [30X20210812.200100-D203] .75] Redis [30_builder_junos_20210812.200100_x203_d75] JUNOS probe utility [30_builder_junos_20.3_x75_d30.1] JUNOS nkwado ikpo okwu nkịtị [20210812.200100_203_75]. d30] JUNOS Openconfig [20210812.200100X203-D75] JUNOS mtx netwọk modul [30_builder_junos_20210812.200100_x203_d75] JUNOS modul [30_20210812.200100ilderOS203_jux75 JUNOS modul. [30_builder_junos_20210812.200100_x203_d75] JUNOS mx libs [30_builder_junos_20210812.200100_x203_d75] JUNOS SQL Sync Daemon 30] JUNOS mtx Data Plane Crypto Nkwado [20210812.200100_builder_junos_203_x75_d30] JUNOS daemons [20210812.200100_builder_junos_203_x75_d30]em20210812.200100_x203_d75 JUN 30_xXNUMX_dXNUMX] JUNOS appidd-mx daemon njirimara ngwa [XNUMX_builder_junos_XNUMX_xXNUMX_dXNUMX] Ọrụ JUNOS URL Ngwungwu nzacha [20210812.200100_builder_junos_203_x75_d30] JUNOS Ọrụ TLB Ọrụ PIC ngwugwu [20210812.200100_builder_junos_203_x75_d30] JUNOS Services Telemetry [20210812.200100_203] 75] Ọrụ JUNOS TCP-LOG [30_builder_junos_20210812.200100_x203_d75] Ọrụ JUNOS SSL [30_builder_junos_20210812.200100_x203_d75] JUNOS30nos. x20210812.200100_d203] Ọrụ JUNOS Stateful Firewall [75_builder_junos_30_x20210812.200100_d203] JUNOS Services RTCOM [75_builder_junos_30_x20210812.200100_d203] JUNOS Services RPM [75_nos_30d JUNOS Services RPM [20210812.200100_nos_203 PCEF ngwugwu [75_builder_junos_30_x20210812.200100_d203] JUNOS Services NAT [75_builder_junos_30_x20210812.200100_d203] JUNOS Services Mobile debanyere aha ọrụ ngwugwu ngwugwu
[20210812.200100_builder_junos_203_x75_d30] JUNOS Services MobileNext Software ngwungwu [20210812.200100_builder_junos_203_x75_d30] JUNOS Ọrụ Ngwunye Ngwungwu Framework 20210812.200100. _d203] Ọrụ JUNOS LL-PDF ngwugwu ngwugwu [75_builder_junos_30_x20210812.200100_d203] JUNOS Ọrụ Jflow Container ngwugwu [75_builder_junos_30_20210812.200100_x203_Ngwungwu Inspection_UNOS. 75. Ọrụ IDP [30_builder_junos_20210812.200100_x203_d75] JUNOS Ọrụ HTTP njikwa ọdịnaya ngwugwu [30_builder_junos_20210812.200100_x203_d75] JUNOS Services Crypto [30_ju_20210812.200100] Ọrụ JUNOS ngwungwu Portal na nnyefe ọdịnaya
[20210812.200100_builder_junos_203_x75_d30] JUNOS Services COS [20210812.200100_builder_junos_203_x75_d30] JUNOS AppId Services [20210812.200100_x203_d_JUNOS] JUNOS AppId Services Ọnụ ụzọ ámá Ọkwa Ngwa Ọrụ [75_builder_junos_30_x20210812.200100_d203] JUNOS Ọrụ AACL ngwugwu ngwugwu [75_builder_junos_30_x20210812.200100_d203_75_x30_d20210812.200100] JUNOS 203_x75_d30 JUNOS 20210812.200100_203ilder_d75_30ilder_9ilder_20210812.200100ilder_203_75 Software_30_20210812.200100_203_75_30_3_20.3_75_30.1_2000_20210812.200100 Software_203_75_30_20.3_75_30.1_XNUMX_XNUMX_XNUMX_XNUMX_XNUMX_XNUMX_XNUMX_XNUMX_XNUMX_XNUMX_XNUMX . xXNUMX_dXNUMX] JUNOS ngwa ndọtị [XNUMX_builder_junos_XNUMX_xXNUMX_dXNUMX ] JUNOS Ngwungwu Mbugharị Engine Nkwado (wrlinuxXNUMX) [XNUMX_builder_junos_XNUMX_xXNUMX_dXNUMX] JUNOS Ngwungwu Mbugharị Engine Nkwado (ulc) [XNUMX_builder_junos_XNUMX_xXNUMX.UNOS Nkwado Forwarding Engine XNUMXXXNUMX-DXNUMX] JUNOS Ngwungwu Mbugharị Njin Nkwado (XXNUMX) [ XNUMX_builder_junos_XNUMX_xXNUMX_dXNUMX] JUNOS Packet Forwarding Engine FIPS Support [XNUMXXXNUMX-DXNUMX] JUNOS Packet Forwarding Engine Support (M/T Common)
[20210812.200100_builder_junos_203_x75_d30] JUNOS Ngwungwu Mbugharị Njin Nkwado (mgbe)

Ịghọta Zeroization iji kpochapụ data sistemụ maka ọnọdụ FIPS
N'akụkụ a
Gịnị kpatara Zeroize? | 26
Kedu mgbe a ga-eme zeroize? | 26
Zeroization na-ehichapụ ozi nhazi niile na Injin ụzọ, gụnyere okwuntughe ederede niile, ihe nzuzo na igodo nzuzo maka SSH, izo ya ezo mpaghara, nyocha mpaghara na IPsec.
Onye ọrụ Crypto na-amalite usoro zeroization site na ịbanye arịrịọ iwu arụ ọrụ vmhost zeroize no-forwarding for REMX2K-X8 yana rịọ sistemụ efu maka RE1800.
kpachara anya: Jiri nlezianya rụọ usoro zeroization. Mgbe usoro zeroization gwụchara, ọ nweghị data fọdụrụ na Ngin Routing. A na-eweghachite ngwaọrụ ahụ na steeti ndabara ụlọ nrụpụta, na-enweghị ndị ọrụ ahaziri ahazi ma ọ bụ nhazi files.
Zeroization nwere ike na-ewe oge. Ọ bụ ezie na e wepụrụ nhazi niile n'ime sekọnd ole na ole, usoro zeroization na-aga n'ihu na-edegharị mgbasa ozi niile, nke nwere ike iwepụta oge buru ibu dabere na nha mgbasa ozi.
Gịnị kpatara Zeroize?
A naghị ele ngwaọrụ gị anya dị ka modul cryptographic FIPS dị irè ruo mgbe abanyela ma ọ bụ abanyeghachi-mgbe ngwaọrụ ahụ nọ na ọnọdụ FIPS.
Maka nnabata FIPS 140-2, ị ga-emerịrị sistemụ ahụ iji wepu ozi nwere mmetụta tupu ị gbanyụọ ọnọdụ FIPS na ngwaọrụ ahụ.
Kedu mgbe a ga-eme zeroize?
Dị ka onye ọrụ Crypto, mee zeroization n'ọnọdụ ndị a:

Tupu ịme ka ọnọdụ FIPS rụọ ọrụ: Iji kwadebe ngwaọrụ gị maka ịrụ ọrụ dị ka modul cryptographic FIPS, mee zeroization tupu ịmalite ọnọdụ FIPS.
Tupu ị gbanyụọ ụdị ọrụ FIPS: Ka ịmalite ịmaliteghachi ngwaọrụ gị maka ọrụ na-abụghị FIPS, mee zeroization tupu ị gbanyụọ ọnọdụ FIPS na ngwaọrụ ahụ.
IHE: Netwọk Juniper anaghị akwado ịwụnye sọftụwia na-abụghị FIPS na gburugburu FIPS, mana ime nke a nwere ike ịdị mkpa na mpaghara ule ụfọdụ. Jide n'aka na ị ga-ebu ụzọ wepụ usoro ahụ.

Na-emezigharị sistemụ ahụ
Iji mebie ngwaọrụ gị, soro usoro a:

Banye na ngwaọrụ dị ka onye ọrụ Crypto na site na CLI, tinye iwu a.
Maka REMX2K-X8:
crypto-officer@host> rịọ vmhost zeroize enweghị ebugharị VMHost Zeroization : Hichapụ data niile, gụnyere nhazi na ndekọ files ? [ee, mba] (mba) ee
re0:
Maka REMX2K-X8:
crypto-officer @ onye ọbịa> rịọ sistemu zeroize
Zeroization Sistemu: Hichapụ data niile, gụnyere nhazi na ndekọ files ?
[ee, mba] (mba) ee
re0:
Iji bido usoro zeroization, pịnye ee na ozugbo:
Hichapụ data niile, gụnyere nhazi na ndekọ files? [ee, mba] (ee e) ee Hichapụ data niile, gụnyere nhazi na ndekọ files? [ee, mba] (mba) ee
re0: ————————ịdọ aka ná ntị: efu
re0 ……
Ọrụ niile nwere ike were ogologo oge dabere na nha mgbasa ozi, mana a na-ewepụ paramita nchekwa dị egwu (CSPs) n'ime sekọnd ole na ole. Gburugburu anụ ahụ ga-anọrịrị na nchekwa ruo mgbe usoro zeroization zuru ezu.

Na-eme ka ọnọdụ FIPS dị
Mgbe arụnyere Junos OS na ngwaọrụ ma gbanye ngwaọrụ ahụ, ọ dịla njikere ịhazi ya.
Na mbụ, ị na-abanye dị ka mgbọrọgwụ onye ọrụ na-enweghị paswọọdụ. Mgbe ị banyere dị ka mgbọrọgwụ, a na-enyere njikọ SSH gị aka na ndabara.
Dị ka Crypto Officer, ị ga-eguzobe mgbọrọgwụ okwuntughe kwekọrọ na FIPS paswọọdụ chọrọ na "Ịghọta okwuntughe nkọwa na ntuziaka maka Junos OS na FIPS Mode" na ibe 20. Mgbe ị na-enyere FIPS mode na Junos OS na ngwaọrụ, ị na-apụghị hazi okwuntughe. ọ gwụla ma ha ruru ọkọlọtọ a.
Eji hash algọridim SHA256 ma ọ bụ SHA512 kpuchie okwuntughe mpaghara. Iweghachi okwuntughe agaghị ekwe omume na Junos OS na ọnọdụ FIPS. Junos OS na ọnọdụ FIPS enweghị ike ịbanye n'ụdị onye ọrụ na-enweghị ezigbo paswọọdụ mgbọrọgwụ.
Iji mee ka ọnọdụ FIPS dị na Junos OS na ngwaọrụ:

Wepụ ngwaọrụ ahụ ka ihichapụ CSP niile tupu ịbanye ọnọdụ FIPS. Rụtụ aka na "Ịghọta Zeroization iji kpochapụ data sistemụ maka ọnọdụ FIPS" na ibe 25 ngalaba maka nkọwa.
Mgbe ngwaọrụ ahụ pụtachara na 'Amnesiac mode', nbanye site na iji mgbọrọgwụ aha njirimara na paswọọdụ "" (oghe).
FreeBSD/amd64 (Amnesiac) (ttyu0) nbanye: mgbọrọgwụ
- JUNOS 20.3X75-D30.1 Kernel 64-bit JNPR-11.0-20190701.269d466_ewu mgbọrọgwụ @: ~ # cli mgbọrọgwụ>

Hazie mgbọrọgwụ mgbọrọgwụ na paswọọdụ opekata mpe mkpụrụedemede 10 ma ọ bụ karịa.
mgbọrọgwụ> dezie Ịbanye ọnọdụ nhazi [edit] mgbọrọgwụ # setịpụrụ usoro mgbọrọgwụ-athentication plain-text-password.
Okwuntughe Ọhụrụ:
Tinyegharịa okwuntughe ọhụrụ: [edit] mgbọrọgwụ# ime zuru oke
Budata nhazi na ngwaọrụ wee mee nhazi ọhụrụ. Hazie onye ọrụ crypto wee jiri nzere crypto-officer banye.
Wụnye ngwungwu ụdị fips achọrọ maka Injin Routing KATS.
mgbọrọgwụ @ hostname> rịọ maka sọftụwia sistemụ tinye nhọrọ://fips-mode.tgz
Ụdị fips enwetara abịanye aka na usoro PackageDevelopmentEc_2017 ECDSA256+SHA256

Maka ngwaọrụ MX Series,
• Hazie fips ókèala chassis site na ịtọ ntọala sistemụ fips chassis larịị 1 wee mee.
• Hazie FIps ókèala RE site na ịtọ ntọala sistemụ fips larịị 1 wee mee.
Ngwaọrụ nwere ike igosipụta okwuntughe ezoro ezo ga-ahazigharị ka ọ jiri ịdọ aka na ntị hash kwadoro FIPS ka ihichapụ CSP ochie na nhazi eburu.
Mgbe ihichapụ na reconfiguring CSPs, ime ga-agafe na ngwaọrụ chọrọ reboot ịbanye FIPS mode. [edit] crypto-office @ hostname# eme
Na-emepụta igodo RSA /etc/ssh/fips_ssh_host_key
Na-emepụta igodo RSA2 /etc/ssh/fips_ssh_host_rsa_key
Na-emepụta igodo ECDSA /etc/ssh/fips_ssh_host_ecdsa_key
[edit] usoro
Achọrọ reboot iji gbanwee gaa na ọkwa FIPS 1 zuru ezu [edit] crypto-officer@hostname# ọsọ arịrịọ vmhost reboot
Mgbe ịmaliteghachi ngwaọrụ ahụ, FIPS nnwale onwe ya ga-agba ọsọ na ngwaọrụ na-abanye na ọnọdụ FIPS. crypto-officer @ aha nnabata: fips>

NDỤMỌDỤ emetụtara
Ịghọta nkọwapụta okwuntughe na ntuziaka maka Junos OS na ọnọdụ FIPS | 20
Na-ahazi onye ọrụ Crypto na njirimara FIPS na nnweta
N'akụkụ a
Ịhazi ohere onye ọrụ Crypto | 30
Ịhazi ohere nbanye FIPS | 32
Onye ọrụ Crypto na-enyere ọnọdụ FIPS aka na ngwaọrụ gị ma rụọ ọrụ nhazi niile maka Junos OS na ọnọdụ FIPS wee wepụta Junos OS niile na nkwupụta na iwu ọnọdụ FIPS. Onye ọrụ Crypto na nhazi onye ọrụ FIPS ga-agbaso Junos OS na ụkpụrụ FIPS.
Na-ahazi nnweta onye ọrụ Crypto
Junos OS dị na ọnọdụ FIPS na-enye ikike ikike onye ọrụ mara mma karịa nke FIPS 140-2 nyere iwu.
Maka nnabata FIPS 140-2, onye ọrụ FIPS ọ bụla nwere ihe nzuzo, nchekwa, nrụzi na ikike njikwa bụ onye ọrụ Crypto. N'ọtụtụ oge, klaasị onye ọrụ zuru oke maka onye ọrụ Crypto.
Iji hazie ohere nbanye maka onye ọrụ Crypto:

Banye na ngwaọrụ ahụ na paswọọdụ mgbọrọgwụ ma ọ bụrụ na i mebeghị nke a, wee tinye ọnọdụ nhazi: mgbọrọgwụ@hostname> dezie Ịbanye ọnọdụ nhazi [edit] mgbọrọgwụ@hostname#
Kpọọ onye ọrụ crypto-office wee nye onye ọrụ Crypto ihe ID onye ọrụ (maka example, 6400, nke ga-abụrịrị ọnụọgụ pụrụ iche jikọtara ya na akaụntụ nbanye n'ogo nke 100 ruo 64000) yana klas (maka ex.ample, ibu-onye ọrụ). Mgbe ị na-ekenye klas, ị na-ekenye ikike - maka example, nzuzo, nchekwa, mmezi, na njikwa.
Maka ndepụta ikike, hụ Ịghọta ọkwa nnweta Junos OS.
[edit] mgbọrọgwụ @ aha nnabata # setịpụrụ usoro nbanye aha njirimara uid uru klaasị-aha
Maka exampLe:
[edit] mgbọrọgwụ @ aha nnabata # setịpụrụ onye ọrụ nbanye sistemụ crypto-officer uid 6400 class super-user

N'ịgbaso ntuziaka dị na "Ịghọta nkọwa okwuntughe na ntuziaka maka Junos OS na ọnọdụ FIPS" na ibe 20, nye onye ọrụ Crypto okwuntughe ederede doro anya maka nyocha nbanye. Tọọ paswọọdụ site na ịpị okwuntughe ka emechara okwuntughe ọhụrụ wee pịgharịa paswọọdụ ọhụrụ.
[edit] mgbọrọgwụ @ aha nnabata# setịpụrụ usoro nbanye aha njirimara klaasị-aha njirimara (plain-testpassword |
ezoro ezo-paswọọdụ)
Maka exampLe:
[edit] mgbọrọgwụ @ aha nnabata # setịpụ onye ọrụ nbanye sistemụ crypto-officer klaasị super-user authentication plaintext-password
Nhọrọ, gosi nhazi:
[edit] mgbọrọgwụ @ aha nnabata # sistemụ ndezi
[edit sistemu] mgbọrọgwụ @ aha nnabata # ihe ngosi
banye {
onye ọrụ crypto-officer {
6400;
nyocha {
ezoro ezo-paswọọdụ" ”; ## SECRET-DATA
}
klas super-onye ọrụ;
}
}
Ọ bụrụ na ịmechara nhazi ngwaọrụ ahụ, mee nhazi ahụ wee pụọ:
[edit] mgbọrọgwụ @ aha nnabata # mee zuru oke
mgbọrọgwụ @ aha nnabata # ọpụpụ

Na-ahazi nnweta nbanye FIPS
A kọwapụtara onye ọrụ fips dị ka onye ọrụ FIPS ọ bụla nke na-enweghị ihe nzuzo, nchekwa, nrụzi, na ikike njikwa.
Dị ka onye ọrụ Crypto ị hibere ndị ọrụ FIPS. Enweghị ike ịnye ndị ọrụ FIPS ikike echekwabara maka onye ọrụ Crypto-maka example, ikike ime ka sistemu efu ghara.
Iji hazie ohere nbanye maka onye ọrụ FIPS:

Jiri paswọọdụ Crypto Officer banye na ngwaọrụ ahụ ma ọ bụrụ na i mebeghị nke a, wee tinye ọnọdụ nhazi:
crypto-officer @ aha nnabata: fips> dezie
Ịbanye ụdị nhazi
[edit] crypto-office @ aha nnabata:fips#
Nye onye ọrụ, aha njirimara, ma kenye onye ọrụ ID onye ọrụ (maka example, 6401, nke ga-abụrịrị ọnụọgụ pụrụ iche n'etiti 1 ruo 64000) na klaasị. Mgbe ị na-ekenye klas, ị na-ekenye ikike - maka example, doro anya, netwọk, nrụpụtaview, na view-nhazi.
[edit] crypto-officer@hostname:fips# setịpụ usoro nbanye aha njirimara uid uru klaasị aha maka exampLe:
[edit] crypto-officer@hostname:fips# setịpụrụ usoro nbanye onye ọrụ fips-user1 uid 6401 klas na-agụ naanị

Na-eso ntuziaka dị na “Ịghọta nkọwapụta okwuntughe na ntuziaka maka Junos OS in
Ọnọdụ FIPS" na ibe 20, kenye onye ọrụ FIPS paswọọdụ ederede doro anya maka nyocha nbanye. Tọọ paswọọdụ site na ịpị okwuntughe ka emechara okwuntughe ọhụrụ wee pịgharịa paswọọdụ ọhụrụ.
[edit] crypto-officer@hostname:fips# setịpụrụ usoro nbanye aha njirimara klaasị aha njirimara (plain-text-password | ezoro ezo-paswọọdụ)
Maka exampLe:
[edit] crypto-officer@hostname:fips# setịpụrụ usoro nbanye onye ọrụ fips-user1 klaasị naanị nyocha larịị-ederede-paswọọdụ
Nhọrọ, gosi nhazi:
[edit] crypto-officer@hostname:fips# edit system [edit system] crypto-officer@hostname:fips# show
banye {
onye ọrụ fips-onye ọrụ1 {
6401;
nyocha {
ezoro ezo-paswọọdụ" ”; ## SECRET-DATA
}
naanị ọgụgụ klas;
}
}
Ọ bụrụ na ịmechara nhazi ngwaọrụ ahụ, mee nhazi ahụ wee pụọ:
[edit] crypto-officer@hostname:fips# eme
crypto-officer @ aha nnabata: fips# ọpụpụ

Na-ahazi Njikọ SSH na Console

Ịhazi SSH na Nhazi enyochara maka FIPS
SSH site na interface njikwa dịpụrụ adịpụ ekwenyere na nhazi enyochala. Isiokwu a na-akọwa otu esi ahazi SSH site na njikwa anya.
Algọridim ndị a kwesịrị ịhazi iji kwado SSH maka FIPS.
Iji hazie SSH na DUT:

Ezipụta algọridim ndị nnabata SSH anabatara maka ọrụ sistemụ.
[edit] onye ọrụ @ onye ọbịa# setịpụrụ ọrụ sistemụ ssh hostkey-algorithm ssh-ecdsa
onye ọrụ @ onye ọbịa# setịpụrụ ọrụ sistemụ ssh hostkey-algorithm no-ssh-dss
onye ọrụ @ onye ọbịa# setịpụrụ ọrụ sistemụ ssh hostkey-algorithm ssh-rsa
Ezipụta mgbanwe igodo SSH maka igodo Diffie-Hellman maka ọrụ sistemụ.
[edit] onye ọrụ @ onye ọbịa# setịpụrụ ọrụ sistemụ ssh igodo-exchange dh-group14-sha1
onye ọrụ @ onye ọbịa# setịpụrụ ọrụ sistemụ ssh igodo-exchange ecdh-sha2-nistp256
onye ọrụ @ onye ọbịa# setịpụrụ ọrụ sistemụ ssh igodo-exchange ecdh-sha2-nistp384
onye ọrụ @ onye ọbịa# setịpụrụ ọrụ sistemụ ssh igodo-exchange ecdh-sha2-nistp521

Kọwaa algọridim koodu nkwenye ozi niile anabatara maka SSHv2
[edit] onye ọrụ @ onye ọbịa # setịpụ ọrụ sistemụ ssh macs hmac-sha1
onye ọrụ @ onye ọbịa# setịpụrụ ọrụ sistemụ ssh macs hmac-sha2-256
onye ọrụ @ onye ọbịa# setịpụrụ ọrụ sistemụ ssh macs hmac-sha2-512
Ezipụta ciphers ekwenyere maka ụdị protocol 2.
[edit] onye ọrụ @ onye ọbịa# setịpụrụ ọrụ sistemụ ssh ciphers aes128-cbc
onye ọrụ @ onye ọbịa# setịpụrụ ọrụ sistemụ ssh ciphers aes256-cbc
onye ọrụ @ onye ọbịa# setịpụrụ ọrụ sistemụ ssh ciphers aes128-ctr
onye ọrụ @ onye ọbịa# setịpụrụ ọrụ sistemụ ssh ciphers aes256-ctr
onye ọrụ @ onye ọbịa# setịpụrụ ọrụ sistemụ ssh ciphers aes192-cbc
onye ọrụ @ onye ọbịa# setịpụrụ ọrụ sistemụ ssh ciphers aes192-ctr
Algọridim nke akwadoro SSH hostkey:
ssh-ecdsa Kwe ka ọgbọ nke igodo nnabata ECDSA
ssh-rsa Kwe ka ọgbọ nke igodo nnabata RSA
Algọridim ngbanwe igodo SSH akwadoro:
ecdh-sha2-nistp256 The EC Diffie-Hellman na nistp256 nwere SHA2-256
ecdh-sha2-nistp384 The EC Diffie-Hellman na nistp384 nwere SHA2-384
ecdh-sha2-nistp521 The EC Diffie-Hellman na nistp521 nwere SHA2-512
Algọridim MAC akwadoro:
hmac-sha1 MAC dabeere na Hash site na iji Secure Hash Algorithm (SHA1)
hmac-sha2-256 MAC dabeere na Hash site na iji Secure Hash Algorithm (SHA2)
hmac-sha2-512 MAC dabeere na Hash site na iji Secure Hash Algorithm (SHA2)
Algorithm ciphers SSH akwadoro:
aes128-cbc 128-bit AES nwere Cipher Block Chaining
aes128-ctr 128-bit AES nwere ọnọdụ Counter
aes192-cbc 192-bit AES nwere Cipher Block Chaining
aes192-ctr 192-bit AES nwere ọnọdụ Counter
aes256-cbc 256-bit AES nwere Cipher Block Chaining
aes256-ctr 256-bit AES nwere ọnọdụ Counter

Na-ahazi MACsec

Ịghọta Nchekwa Njikwa Nweta Media (MACsec) na ọnọdụ FIPS
Nchekwa njikwa nnweta Media (MACsec) bụ teknụzụ nchekwa ọkọlọtọ ụlọ ọrụ 802.1AE IEEE nke na-enye nzikọrịta ozi echekwara maka okporo ụzọ niile na njikọ Ethernet. MACsec na-enye nchebe n'ókè na njikọ Ethernet n'etiti ọnụ ọnụ ndị ejikọrọ kpọmkwem ma nwee ike ịchọpụta na igbochi ọtụtụ ihe egwu nchekwa, gụnyere ịgọnarị ọrụ, ntinye aka, mmadụ-na-etiti, masquerading, passive wiretapping, and playback.
MACsec na-enye gị ohere idobe isi ihe na-atụ aka njikọ Ethernet maka ihe fọrọ nke nta ka ọ bụrụ okporo ụzọ niile, gụnyere okpokolo agba sitere na Link Layer Discovery Protocol (LLDP), Njikọ Aggregation Control Protocol (LACP), Dynamic Host Configuration Protocol (DHCP), Adreesị Mkpebi Protocol (ARP), na usoro ndị ọzọ na-anaghị echekwaba na njikọ Ethernet n'ihi oke na ngwọta nchekwa ndị ọzọ. Enwere ike iji MACsec yana usoro nchekwa ndị ọzọ dị ka IP Security (IPsec) na Secure Sockets Layer (SSL) iji nye nchebe netwọk njedebe na njedebe.
Ahaziri MACsec na IEEE 802.1AE. Enwere ike ịhụ ọkọlọtọ IEEE 802.1AE na nzukọ IEEE websaịtị na IEEE 802.1: Mkpuchi & njikwa.
A na-enyocha mmejuputa ọ bụla nke algọridim site na usoro nyocha azịza amaara (KAT) nke onwe yana nkwenye algọridim nke crypto (CAV). A na-agbakwunye algọridim cryptographic ndị a kpọmkwem maka MACsec.

Ọkọlọtọ nzuzo dị elu (AES) - Koodu njirimara ozi Cipher (CMAC)
Ọkọlọtọ nzuzo dị elu (AES) Kechie igodo
Maka MACsec, na ọnọdụ nhazi, jiri iwu ngwa ngwa tinye uru igodo nzuzo nke mkpụrụedemede hexadecimal 64 maka nyocha.
[edit] crypto-officer @ aha nnabata: fips# ozugbo nchekwa macsec connectivity-otu pre-Shared-key cak
Cak ọhụrụ (ihe nzuzo):
Tinyegharịa achicha ọhụrụ (nzuzo):

Ịhazi oge
Iji hazie oge, gbanyụọ NTP wee tọọ ụbọchị.

Gbanyụọ NTP.
[edit] crypto-officer@hostname:fips# deactivate otu zuru ụwa ọnụ ntp
crypto-officer@hostname:fips# deactivate system ntp
crypto-officer @ aha nnabata: fips# eme
crypto-officer @ aha nnabata: fips# ọpụpụ

Ịtọ ụbọchị na oge. Ụdị ụbọchị na oge bụ YYYYMMDDHHMM.ss
[edit] crypto-office @ aha nnabata: fips# setịpụrụ ụbọchị 201803202034.00
crypto-officer @ aha nnabata: fips# setịpụrụ cli timestamp
Tọọ Agreement igodo MACsec (MKA) nkọwa ọwa echedoro.
[edit] crypto-officer @ aha nnabata: fips# setịpụrụ nchekwa macsec njikọta-mmekọrịta njikọ njikọta-aha nchekwa-ọwa nchekwa aha-aha ụzọ (inbound | outbound) crypto-officer @ aha nnabata: fips# setịpụrụ nchekwa macsec njikọta-mmekọrịta njikọ njikọ. -name security-channel safe-channel-name encryption (MACsec) crypto-officer @ aha nnabata: fips# setịpụ nchekwa macsec connectivity-association connectivity mkpakọrịta-aha secure-channel secure-channel-name id mac-address /”mac-address crypto- onye ọrụ @ aha nnabata: fips # setịpụ nchekwa macsec njikọta-mmekọrịta njikọ mkpakọrịta-aha echekwara-ọwa echekwara-ọwa-aha id port-id port-id-nọmba crypto-officer @ aha nnabata: fips# setịpụrụ nchekwa macsec njikọta-mmekọrịta njikọ njikọ-aha echekwara. -channel secure-channel-name offset “(0|30|50) crypto-officer@hostname:fips# set security macsec connectivity-association connectivityassociationassociation-name secure-channel secure-channel-name security-association security-association number key- eriri
Tọọ MKA na ọnọdụ nchekwa.
[edit] crypto-officer @ aha nnabata: fips# setịpụ nchekwa macsec njikọta-mmekọrịta njikọ mkpakọrịta-aha nche-mode nchekwa nchekwa.

Kenye njikọ njikọta ahaziri ya na interface MACsec akọwapụtara.
[edit] crypto-officer @ aha nnabata: fips # setịpụ nchekwa macsec interfaces interface-aha njikọ njikọ njikọta-aha-aha

Na-ahazi Macsec Static na okporo ụzọ ICMP
Iji hazie Static MACsec site na iji okporo ụzọ ICMP n'etiti ngwaọrụ R0 na ngwaọrụ R1:
Na R0:

Mepụta igodo ekekọrịtara site na ịhazi aha igodo njikọ njikọta (CKN) na igodo njikọ njikọ (CAK)
[edit] crypto-officer @ aha nnabata: fips # setịpụ nchekwa macsec njikọta-otu CA1 pre-sharedkey ckn 2345678922334455667788992223334445556667778889992222333344445555
crypto-officer @ aha nnabata: fips # setịpụ nchekwa macsec njikọta-otu CA1 pre-sharedkey cak 23456789223344556677889922233344 crypto-officer @ aha nnabata: fips # setịpụ nchekwa macsec njikọta-otu CA1 offset 30

Tọọ ụkpụrụ nhọrọ ọchụchọ.
[edit] crypto-officer@hostname:fips# setịpụrụ nchekwa nchekwa macsec traceoptions file MACsec.log
crypto-officer @ aha nnabata: fips# setịpụrụ nchekwa traceoptions macsec file nha 4000000000
crypto-officer@hostname:fips# setịpụrụ nchekwa macsec traceoptions ọkọlọtọ niile
Kenye akara ahụ na interface.
[edit] crypto-officer @ aha nnabata: fips # setịpụrụ nchekwa macsec interfaces interface-aha traceoptions file mka_xe size 1g crypto-officer @ aha nnabata: fips# setịpụrụ nche macsec interfaces interface-aha traceoptions ọkọlọtọ niile.
Hazie ọnọdụ nchekwa MACsec dị ka static-cak maka njikọ njikọta. [edit] crypto-officer @ aha nnabata: fips# setịpụrụ nchekwa macsec njikọta-otu CA1 nche-mode static-cak

Tọọ ihe nkesa igodo MKA mkpa.
[edit] crypto-officer @ aha nnabata:fips# setịpụrụ nchekwa macsec njikọta-otu CA1 mka isi-ihe nkesa 1
Tọọ oge mbufe MKA.
[edit] crypto-officer @ aha nnabata: fips# setịpụ nchekwa macsec njikọta-otu CA1 mka transmitinterval 3000
Kwado nchekwa MKA.
[edit] crypto-officer @ aha nnabata: fips # setịpụrụ nchekwa macsec njikọta-otu CA1 mka kwesịrị ichebe
crypto-officer @ aha nnabata: fips # setịpụrụ nchekwa macsec njikọta-otu CA1 gụnyere-sci

Kenye njikọ njikọta na interface.
[edit] crypto-officer @ aha nnabata: fips# setịpụ nchekwa macsec interfaces interface-aha njikọ njikọ
CA1
crypto-officer @ aha nnabata:fips# set interfaces interface-name unit 0 ezinụlọ inet adreesị 10.1.1.1/24

Na R1:

Mepụta igodo ekekọrịtara site na ịhazi aha igodo njikọ njikọta (CKN) na igodo njikọ njikọ (CAK)
[edit] crypto-officer @ aha nnabata: fips# setịpụrụ nchekwa macsec njikọta-otu CA1 pre-sharedkey ckn 2345678922334455667788992223334445556667778889992222333344445555 cryptoname-association-associfición CA1 pre-sharedkey cak 23456789223344556677889922233344 crypto-office @ aha nnabata:fips # setịpụ nchekwa macsec njikọta-otu CA1 offset 30
Tọọ ụkpụrụ nhọrọ ọchụchọ.
[edit] crypto-officer@hostname:fips# setịpụrụ nchekwa nchekwa macsec traceoptions file MACsec.log crypto-officer@hostname:fips# tọọ traceoptions macsec nchekwa file nha 4000000000 crypto-officer@hostname:fips# setịpụrụ nchekwa macsec traceoptions ọkọlọtọ niile

Kenye akara ahụ na interface. [edit] crypto-officer @ aha nnabata: fips # setịpụrụ nchekwa macsec interfaces interface-aha traceoptions file mka_xe size 1g crypto-officer @ aha nnabata: fips# setịpụrụ nche macsec interfaces interface-aha traceoptions ọkọlọtọ niile.
Hazie ọnọdụ nchekwa MACsec dị ka static-cak maka njikọ njikọta. [edit] crypto-officer @ aha nnabata: fips# setịpụrụ nchekwa macsec njikọta-otu CA1 nche-mode static-cak
Tọọ oge mbufe MKA.
[edit] crypto-officer @ aha nnabata: fips# setịpụ nchekwa macsec njikọta-otu CA1 mka transmitinterval 3000

Kwado nchekwa MKA. [edit] crypto-officer @ aha nnabata: fips # setịpụrụ nchekwa macsec njikọta-otu CA1 mka kwesịrị ichebe crypto-officer @ aha nnabata: fips # setịpụrụ nchekwa macsec njikọta-otu CA1 gụnyere-sci
Kenye njikọ njikọta na interface. [edit] crypto-officer@hostname:fips# set nche macsec interfaces interface-name connectivityassociation CA1 crypto-officer@hostname:fips# set interfaces interface-name unit 0 ezinụlọ inet adreesị 10.1.1.2/24

Ịhazi MACsec na keychain site na iji okporo ụzọ ICMP
Iji hazie MACsec na keychain iji okporo ụzọ ICMP n'etiti ngwaọrụ R0 na ngwaọrụ R1:
Na R0:

Kenye uru nnabata na yinye igodo nyocha. [edit] crypto-officer@hostname:fips# setịpụ nyocha nchekwa-key-chains key-chain macsec-kc1 ndidi 20
Mepụta paswọọdụ nzuzo iji. Ọ bụ eriri mkpụrụ ọnụọgụ hexadecimal ruru mkpụrụedemede 64 n'ogologo. Okwuntughe nwere ike ịgụnye oghere ma ọ bụrụ na agbanyere eriri agwa na akara ngụ. A na-eji data nzuzo keychain dị ka CAK.
[edit] crypto-officer@hostname:fips# setịpụrụ nche nyocha-key-chains key-chain macsec-kc1 igodo 0 igodo-aha 2345678922334455667788992223334445556667778889992222333344445551 cryptoname echere-igodo-agbụ igodo-agbụ macsec- kc1 igodo 0 mmalite oge 2018-03-20.20:35 crypto-officer@hostname:fips# setịpụrụ nche nyocha-key-chains key-chain macsec-kc1 igodo 1 igodo-aha 2345678922334455667788992223334445556667778889992222333344445552 1 crypto-office @ aha nnabata: fips# setịpụrụ nchekwa Nyochaa-key-chains igodo-agbụ macsec-kc1 igodo 2018 mmalite oge 03-20.20-37:1 crypto-officer@hostname:fips# setịpụrụ nche nyocha-key-chains igodo-chain macsec-kc2 igodo 2345678922334455667788992223334445556667778889992222333344445553 igodo-aha 1 2 crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains isi-chain macsec-kc2018 igodo 03 mmalite oge 20.20-39-1:3 crypto-officer@hostname:fips# setịpụrụ nchekwa nyocha-key-chains igodo- yinye macsec-kc2345678922334455667788992223334445556667778889992222333344445554 igodo 1 igodo-aha 3 crypto-officer@hostname:sektị # set nche-igodo-chaktime2018 keychak-time-03 keychain key20.20 41-1:4 crypto-office @ aha nnabata: fips # setịpụ nyocha nchekwa-key-chains key-chain macsec-kc2345678922334455667788992223334445556667778889992222333344445555 igodo 1 igodo-aha 4 igodo nchekwa aha-ntịta aha njirimara-cryptchains -kc2018 igodo 03 mmalite oge 20.20-43- 1:5 crypto-officer@hostname:fips# setịpụ nyocha nchekwa-key-chains key-chain macsec-kc2345678922334455667788992223334445556667778889992222333344445556 igodo 1 igodo-aha 5off ps# setịpụrụ nyocha nchekwa-key-chains igodo-agbụ macsec- kc2018 igodo 03 mmalite oge 20.20-45-1:6 crypto-officer@hostname:fips# setịpụrụ nche nyocha-key-chains key-chain macsec-kc2345678922334455667788992223334445556667778889992222333344445557 igodo 1 igodo-aha 6 2018 crypto-office @ aha nnabata: fips# setịpụrụ nchekwa Nyochaa-key-chains igodo-agbụ macsec-kc03 igodo 20.20 mmalite oge 47-1-7:2345678922334455667788992223334445556667778889992222333344445558 crypto-officer@hostname:fips# setịpụrụ nche nyocha-key-chains igodo-agbụ macsec-kc1 igodo 7 igodo-aha 2018. 03 crypto-officer@hostname:fips# setịpụrụ nche nyocha-key-chains key-chain macsec-kc20.20 igodo 49 mmalite oge XNUMX-XNUMX-XNUMX:XNUMX Jiri iwu ngwa ngwa tinye uru igodo nzuzo. Maka example, uru igodo nzuzo bụ 2345678922334455667788992223334123456789223344556677889922233341. [edit] crypto-officer@hostname:fips# ozugbo nche macchatins-key-keydị keyse1 ọhụrụ cauthentication-key-key. k (nzuzo): onye ọrụ crypto @hostname:fips# ozugbo nchekwa nyocha-key-chains key-chain macseckc0 igodo 1 nzuzo cak ọhụrụ (nzuzo):
Tinyegharịa cak ọhụrụ (nzuzo): crypto-officer@hostname:fips# ozugbo nche nyocha-key-chains key-chain macseckc1 igodo 2 nzuzo cak ọhụrụ (nzuzo):
Tinyegharịa cak ọhụrụ (nzuzo): crypto-officer@hostname:fips# ozugbo nche nyocha-key-chains key-chain macseckc1 igodo 3 nzuzo Cak ọhụrụ (nzuzo): Megharịa cak ọhụrụ (nzuzo): crypto-officer@hostname:fips# ngwa ngwa nche authentication-key-chains key-chain macseckc1 igodo 4 nzuzo Cak ọhụrụ (nzuzo): Tinyegharịa cak ọhụrụ (nzuzo): crypto-officer@hostname:fips# ozugbo nche nyocha-key-chains key-chain macseckc1 igodo 5 nzuzo ọhụrụ. cak (nzuzo): Tinyegharịa cak ọhụrụ (nzuzo): crypto-officer@hostname:fips# quick security authentication-key-chains key-chain macseckc1 igodo 6 nzuzo cak ọhụrụ (nzuzo): Megharịa cak ọhụrụ (nzuzo): crypto-officer @hostname:fips# ozugbo nche nyocha-key-chains key-chain macseckc1 igodo 7 nzuzo cak ọhụrụ (nzuzo): Megharịa cak ọhụrụ (nzuzo):
Jikọọ aha keychain ekekọrịtara na njikọ njikọta.
[edit] crypto-officer @ aha nnabata: fips # setịpụ nchekwa macsec njikọta-otu CA1 pre-sharedkey-chain macsec-kc1 crypto-officer @ aha nnabata: fips # setịpụrụ nchekwa macsec connectivity-otu CA1 offset 50 crypto-officer @ aha nnabata: fips # tọọ nchekwa Macsec njikọta-otu CA1 cipher-suite gcm-aes-256
IHE: Enwere ike ịtọ uru cipher dị ka cipher-suite gcm-aes-128.

Tọọ ụkpụrụ nhọrọ ọchụchọ.
[edit] crypto-officer@hostname:fips# setịpụrụ nchekwa nchekwa macsec traceoptions file MACsec.log crypto-officer@hostname:fips# tọọ traceoptions macsec nchekwa file nha 4000000000 crypto-officer@hostname:fips# setịpụrụ nchekwa macsec traceoptions ọkọlọtọ niile
Kenye akara ahụ na interface. [edit] crypto-officer @ aha nnabata: fips # setịpụrụ nchekwa macsec interfaces interface-aha traceoptions file mka_xe size 1g crypto-officer @ aha nnabata: fips# setịpụrụ nche macsec interfaces interface-aha traceoptions ọkọlọtọ niile.
Hazie ọnọdụ nchekwa MACsec dị ka static-cak maka njikọ njikọta. [edit] crypto-officer @ aha nnabata: fips # setịpụrụ nchekwa macsec njikọta-otu CA1 securitymode static-cak

Tọọ ihe nkesa igodo MKA mkpa.
[edit] crypto-officer @ aha nnabata:fips# setịpụrụ nchekwa macsec njikọta-otu CA1 mka keyserver-priority 1
Tọọ oge mbufe MKA.
[edit] crypto-officer @ aha nnabata: fips# setịpụ nchekwa macsec njikọta-otu CA1 mka transmitinterval 3000
Kwado nchekwa MKA.
[edit] crypto-officer @ aha nnabata: fips # setịpụrụ nchekwa macsec njikọta-otu CA1 gụnyere-sci

Kenye njikọ njikọta na interface.
[edit] crypto-officer @ aha nnabata: fips # setịpụ nche macsec interfaces interface-name connectivityassociation CA1
crypto-officer @ aha nnabata: fips#
set interfaces interface-aha unit 0 ezinụlọ inet adreesị 10.1.1.1/24

Iji hazie MACsec na keychain maka okporo ụzọ ICMP:
Na R1:

Kenye uru nnabata na yinye igodo nyocha.
[edit] crypto-officer@hostname:fips# setịpụ nyocha nchekwa-key-chains key-chain macsec-kc1 ndidi 20

Mepụta paswọọdụ nzuzo iji. Ọ bụ eriri mkpụrụ ọnụọgụ hexadecimal ruru mkpụrụedemede 64 n'ogologo. Okwuntughe nwere ike ịgụnye oghere ma ọ bụrụ na agbanyere eriri agwa na akara ngụ. A na-eji data nzuzo keychain dị ka CAK.
[edit] crypto-officer@hostname:fips# setịpụrụ nche nyocha-key-chains key-chain macsec-kc1 igodo 0 igodo-aha 2345678922334455667788992223334445556667778889992222333344445551 cryptoname echere-igodo-agbụ igodo-agbụ macsec- kc1 igodo 0 mmalite oge 2018-03-20.20:35 crypto-officer@hostname:fips# setịpụrụ nche nyocha-key-chains key-chain macsec-kc1 igodo 1 igodo-aha 2345678922334455667788992223334445556667778889992222333344445552 1 crypto-office @ aha nnabata: fips# setịpụrụ nchekwa Nyochaa-key-chains igodo-agbụ macsec-kc1 igodo 2018 mmalite oge 03-20.20-37:1 crypto-officer@hostname:fips# setịpụrụ nche nyocha-key-chains igodo-chain macsec-kc2 igodo 2345678922334455667788992223334445556667778889992222333344445553 igodo-aha 1 2 crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains isi-chain macsec-kc2018 igodo 03 mmalite oge 20.20-39-1:3 crypto-officer@hostname:fips# setịpụrụ nchekwa nyocha-key-chains igodo- yinye macsec-kc2345678922334455667788992223334445556667778889992222333344445554 igodo 1 igodo-aha 3 crypto-officer@hostname:sektị # set nche-igodo-chaktime2018 keychak-time-03 keychain key20.20 41-1:4 crypto-office @ aha nnabata: fips # setịpụ nyocha nchekwa-key-chains key-chain macsec-kc2345678922334455667788992223334445556667778889992222333344445555 igodo 1 igodo-aha 4 igodo nchekwa aha-ntịta aha njirimara-cryptchains -kc2018 igodo 03 mmalite oge 20.20-43- 1:5 crypto-officer@hostname:fips# setịpụ nyocha nchekwa-key-chains key-chain macsec-kc345678922334455667788992223334445556667778889992222333344445556 igodo 1 igodo-aha 5 # tọọ nyocha-igodo-agbụ igodo-agbụ macsec- kc2018 igodo 03 mmalite oge 20.20-45-1:6 crypto-officer@hostname:fips# setịpụrụ nche nyocha-key-chains key-chain macsec-kc2345678922334455667788992223334445556667778889992222333344445557 igodo 1 igodo-aha 6 2018 crypto-office @ aha nnabata: fips# setịpụrụ nchekwa Nyochaa-key-chains igodo-agbụ macsec-kc03 igodo 20.20 mmalite oge 47-1-7:2345678922334455667788992223334445556667778889992222333344445558 crypto-officer@hostname:fips# setịpụrụ nche nyocha-key-chains igodo-agbụ macsec-kc1 igodo 7 igodo-aha 2018. 03 crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc20.20 igodo 49 mmalite oge XNUMX-XNUMX-XNUMX:XNUMX
Jiri iwu ngwa ngwa tinye uru igodo nzuzo. Maka example, nzuzo isi uru bụ 2345678922334455667788992223334123456789223344556677889922233341.
[edit] crypto-officer @ aha nnabata:fips# ozugbo nchekwa nyocha-key-chains key-chain macseckc1 igodo 0 nzuzo
Cak ọhụrụ (ihe nzuzo):
Tinyegharịa cak ọhụrụ (nzuzo): crypto-officer@hostname:fips# ozugbo nche nyocha-key-chains key-chain macseckc1 igodo 1 nzuzo Cak ọhụrụ (nzuzo): Megharịa cak ọhụrụ (nzuzo): crypto-officer@hostname:fips# ngwa ngwa nche authentication-key-chains key-chain macseckc1 igodo 2 nzuzo ọhụrụ cak (nzuzo): Tinyegharịa cak ọhụrụ (nzuzo): crypto-officer@hostname:fips# ozugbo nche nyocha-key-chains key-chain macseckc1 igodo 3 nzuzo ọhụrụ cak (nzuzo): Tinyegharịa cak ọhụrụ (nzuzo): crypto-officer@hostname:fips# quick security authentication-key-chains key-chain macseckc1 igodo 4 nzuzo cak ọhụrụ (nzuzo): Megharịa cak ọhụrụ
(nzuzo):
crypto-officer @ aha nnabata:fips# ozugbo nche nyocha-key-chains key-chain macseckc1 igodo 5 nzuzo cak ọhụrụ (nzuzo): Tinyegharịa cak ọhụrụ (nzuzo):
crypto-officer @ aha nnabata:fips# ozugbo nche nyocha-key-chains key-chain macseckc1 igodo 6 nzuzo cak ọhụrụ (nzuzo):
Tinyegharịa achicha ọhụrụ (nzuzo):
crypto-officer @ aha nnabata:fips# ozugbo nche nyocha-key-chains key-chain macseckc1 igodo 7 nzuzo cak ọhụrụ (nzuzo):
Tinyegharịa achicha ọhụrụ (nzuzo):
Jikọọ aha keychain ekekọrịtara na njikọ njikọta.
[edit] crypto-officer @ aha nnabata: fips # setịpụ nchekwa macsec connectivity-association CA1 pre-shared- key-chain macsec-kc1
crypto-officer @ aha nnabata: fips# setịpụ nchekwa macsec njikọta-otu CA1 offset 50 crypto-officer @ aha nnabata: fips# set nche macsec connectivity-association CA1 cipher-suite gcm-aes-256
Tọọ ụkpụrụ nhọrọ ọchụchọ.
[edit] crypto-officer@hostname:fips# setịpụrụ nchekwa nchekwa macsec traceoptions file MACsec.log crypto-officer@hostname:fips# tọọ traceoptions macsec nchekwa file nha 4000000000 crypto-officer@hostname:fips# setịpụrụ nchekwa macsec traceoptions ọkọlọtọ niile

Kenye akara ahụ na interface.
[edit] crypto-officer @ aha nnabata: fips # setịpụrụ nchekwa macsec interfaces interface-aha traceoptions file mka_xe size 1g crypto-officer @ aha nnabata: fips# setịpụrụ nche macsec interfaces interface-aha traceoptions ọkọlọtọ niile.
Hazie ọnọdụ nchekwa MACsec dị ka static-cak maka njikọ njikọta.
[edit] crypto-officer @ aha nnabata: fips # setịpụrụ nchekwa macsec njikọta-otu CA1 securitymode static-cak
Tọọ ihe nkesa igodo MKA mkpa.
[edit] crypto-officer @ aha nnabata:fips# setịpụrụ nchekwa macsec njikọta-otu CA1 mka keyserver-priority 1

Tọọ oge mbufe MKA.
[edit] crypto-officer @ aha nnabata: fips# setịpụ nchekwa macsec njikọta-otu CA1 mka transmitinterval 3000
Kwado nchekwa MKA.
[edit] crypto-officer @ aha nnabata: fips # setịpụrụ nchekwa macsec njikọta-otu CA1 gụnyere-sci
Kenye njikọ njikọta na interface.
[edit] crypto-officer @ aha nnabata: fips# setịpụ nchekwa macsec interfaces interface-aha njikọ njikọ
CA1
crypto-officer @ aha nnabata:fips# set interfaces interface-name unit 0 ezinụlọ inet adreesị 10.1.1.2/24

Na-ahazi MACsec Static maka Layer 2 Traffic
Iji hazie MACsec static maka okporo ụzọ Layer 2 n'etiti ngwaọrụ R0 na ngwaọrụ R1:
Na R0:

Tọọ ihe nkesa igodo MKA mkpa.
[edit] crypto-officer @ aha nnabata:fips# setịpụ nchekwa macsec njikọta-otu CA1 mka isi ihe nkesa-ebute ụzọ 1
Mepụta paswọọdụ nzuzo iji. Ọ bụ eriri mkpụrụ ọnụọgụ hexadecimal ruru mkpụrụedemede 64 n'ogologo. Okwuntughe nwere ike ịgụnye oghere ma ọ bụrụ na agbanyere eriri agwa na akara ngụ. A na-eji data nzuzo keychain dị ka CAK.
[edit] crypto-officer@hostname:fips# ozugbo nche nyocha-key-chains key-chain macseckc1 igodo 0 nzuzo cak ọhụrụ (nzuzo):
Tinyegharịa achicha ọhụrụ (nzuzo):
Maka example, nzuzo isi uru bụ 2345678922334455667788992223334123456789223344556677889922233341.

Jikọọ aha keychain ekekọrịtara na njikọ njikọta. [edit] crypto-officer @ aha nnabata: fips # setịpụ nchekwa macsec njikọta-otu CA1 pre-sharedkey-chain macsec-kc1 crypto-officer @ aha nnabata: fips # setịpụrụ nchekwa macsec connectivity-otu CA1 offset 50 crypto-officer @ aha nnabata: fips # tọọ nchekwa Macsec njikọta-otu CA1 cipher-suite gcm-aes-256
Tọọ ụkpụrụ nhọrọ ọchụchọ. [edit] crypto-officer@hostname:fips# setịpụrụ nchekwa nchekwa macsec traceoptions file MACsec.log crypto-officer@hostname:fips# tọọ traceoptions macsec nchekwa file nha 4000000000 crypto-officer@hostname:fips# setịpụrụ nchekwa macsec traceoptions ọkọlọtọ niile
Kenye akara ahụ na interface. [edit] crypto-officer @ aha nnabata: fips # setịpụrụ nchekwa macsec interfaces interface-aha traceoptions file mka_xe size 1g crypto-officer @ aha nnabata: fips# setịpụrụ nche macsec interfaces interface-aha traceoptions ọkọlọtọ niile.
Hazie ọnọdụ nchekwa MACsec dị ka static-cak maka njikọ njikọta.
[edit] crypto-officer @ aha nnabata: fips # setịpụrụ nchekwa macsec njikọta-otu CA1 securitymode static-cak
Tọọ ihe nkesa igodo MKA mkpa. [edit] crypto-officer @ aha nnabata:fips# setịpụ nchekwa macsec njikọta-otu CA1 mka isi ihe nkesa-ebute ụzọ 1
Tọọ oge mbufe MKA.
[edit] crypto-officer @ aha nnabata: fips# setịpụ nchekwa macsec njikọta-otu CA1 mka transmitinterval 3000
Kwado nchekwa MKA.
[edit] crypto-officer @ aha nnabata: fips # setịpụrụ nchekwa macsec njikọta-otu CA1 gụnyere-sci
Kenye njikọ njikọta na interface.
[edit] crypto-officer @ aha nnabata: fips# setịpụ nchekwa macsec interfaces interface-aha njikọ njikọ
CA1
Hazie VLAN tagging.
[edit] crypto-officer @ aha nnabata: fips# set interfaces interface-name1 mgbanwe-vlan-tagging
crypto-officer @ aha nnabata:fips# set interfaces interface-name1 encapsulation na-agbanwe Ethernet-ọrụ
crypto-officer @ aha nnabata: fips#
set interfaces interface-name1 unit 100 encapsulation vlanbridge
crypto-officer @ aha nnabata: fips#
set interfaces interface-name1 unit 100 vlan-id 100
crypto-officer @ aha nnabata: fips# set interfaces interface-name2 mgbanwe-vlan-tagging
crypto-officer @ aha nnabata:fips# set interfaces interface-name2 encapsulation na-agbanwe Ethernet-ọrụ
crypto-officer @ aha nnabata: fips#
set interfaces interface-name2 unit 100 encapsulation vlanbridge
crypto-officer @ aha nnabata: fips#
set interfaces interface-name2 unit 100 vlan-id 100
Hazie ngalaba akwa mmiri.
[edit] crypto-officer @ aha nnabata: fips# set bridge-domains BD-110 ngalaba ụdị akwa.
crypto-officer @ aha nnabata: fips# set bridge-domains BD-110 vlan-id 100
crypto-officer @ aha nnabata: fips# set bridge-domains BD-110 interface interface-name1 100
crypto-officer @ aha nnabata: fips# set bridge-domains BD-110 interface interface-name2 100

Na R1:

Mepụta paswọọdụ nzuzo iji. Ọ bụ eriri mkpụrụ ọnụọgụ hexadecimal ruru mkpụrụedemede 64 n'ogologo. Nke
paswọọdụ nwere ike ịgụnye oghere ma ọ bụrụ na agbanyere eriri agwa na akara ngụ. The keychain
A na-eji data nzuzo dị ka CAK.
[edit] crypto-officer @ aha nnabata:fips# ozugbo nchekwa nyocha-key-chains key-chain macseckc1 igodo 0 nzuzo
Cak ọhụrụ
(nzuzo):
Tinyegharịa achicha ọhụrụ
(nzuzo):
Maka example, nzuzo isi uru bụ
2345678922334455667788992223334123456789223344556677889922233341.
Jikọọ aha keychain ekekọrịtara na njikọ njikọta.
[edit] crypto-officer @ aha nnabata: fips# setịpụrụ nchekwa macsec connectivity-association CA1 pre-sharedkey-chain
macsec-kc1 crypto-office @ aha nnabata: fips#
setịpụ nchekwa macsec njikọta-otu CA1 offset 50
crypto-officer @ aha nnabata: fips # setịpụ nchekwa macsec connectivity-association CA1 cipher-suite gcm-aes-256
Tọọ ụkpụrụ nhọrọ ọchụchọ.
[edit] crypto-officer@hostname:fips# setịpụrụ nchekwa nchekwa macsec traceoptions file MACsec.log
crypto-officer @ aha nnabata: fips# setịpụrụ nchekwa traceoptions macsec file nha 4000000000
crypto-officer@hostname:fips# setịpụrụ nchekwa macsec traceoptions ọkọlọtọ niile
Kenye akara ahụ na interface.
[edit] crypto-officer @ aha nnabata: fips # setịpụrụ nchekwa macsec interfaces interface-aha traceoptions file maka_xe nha 1g
crypto-officer @ aha nnabata: fips# setịpụrụ nchekwa macsec interfaces interface-aha traceoptions
ọkọlọtọ niile
Hazie ọnọdụ nchekwa MACsec dị ka static-cak maka njikọ njikọta.
[edit] crypto-officer @ aha nnabata: fips # setịpụrụ nchekwa macsec njikọta-otu CA1 nchemode
static-cak
Tọọ ihe nkesa igodo MKA mkpa.
[edit] crypto-officer @ aha nnabata:fips# setịpụ nchekwa macsec njikọta-otu CA1 mka isi ihe nkesa-ebute ụzọ 1
Tọọ oge mbufe MKA.
[edit] crypto-officer @ aha nnabata:fips# setịpụrụ nchekwa macsec njikọta-otu CA1 mka transmitinterval
3000
Kwado nchekwa MKA.
[edit] crypto-officer @ aha nnabata: fips # setịpụrụ nchekwa macsec njikọta-otu CA1 gụnyere-sci
Kenye njikọ njikọta na interface.
[edit] crypto-officer @ aha nnabata: fips # setịpụ nche macsec interfaces interface-name connectivityassociation CA1
Hazie VLAN tagging.
[edit] crypto-officer @ aha nnabata: fips# set interfaces interface-name1 mgbanwe-vlan-tagging
crypto-officer @ aha nnabata:fips# set interfaces interface-name1 encapsulation na-agbanwe Ethernet-ọrụ
crypto-officer @ aha nnabata:fips# set interfaces interface-name1 unit 100 encapsulation vlanbridge
crypto-officer @ aha nnabata: fips#
set interfaces interface-name1 unit 100 vlan-id 100
crypto-officer @ aha nnabata: fips# set interfaces interface-name2 mgbanwe-vlan-tagging
crypto-officer @ aha nnabata:fips# set interfaces interface-name2 encapsulation na-agbanwe Ethernet-ọrụ
crypto-officer @ aha nnabata: fips#
set interfaces interface-name2 unit 100 encapsulation vlanbridge
crypto-officer @ aha nnabata: fips#
set interfaces interface-name2 unit 100 vlan-id 100
Hazie ngalaba akwa mmiri.
[edit] crypto-officer @ aha nnabata: fips# set bridge-domains BD-110 ngalaba ụdị akwa.
crypto-officer @ aha nnabata: fips# set bridge-domains BD-110 vlan-id 100
crypto-officer @ aha nnabata: fips# set bridge-domains BD-110 interface interface-name1 100
crypto-officer @ aha nnabata: fips# set bridge-domains BD-110 interface interface-name2 100

Ịhazi MACsec na keychain maka Layer 2 Traffic

Iji hazie MACsec na keychain maka okporo ụzọ ICMP n'etiti ngwaọrụ R0 na ngwaọrụ R1:
Na R0:

Kenye uru nnabata na yinye igodo nyocha.
[edit] crypto-officer@hostname:fips# setịpụ nyocha nchekwa-key-chains key-chain macsec-kc1 ndidi 20
Mepụta paswọọdụ nzuzo iji. Ọ bụ eriri mkpụrụ ọnụọgụ hexadecimal ruru mkpụrụedemede 64 n'ogologo. Okwuntughe nwere ike ịgụnye oghere ma ọ bụrụ na agbanyere eriri agwa na akara ngụ. A na-eji data nzuzo keychain dị ka CAK.
[edit] crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc1
igodo 0 igodo-aha 2345678922334455667788992223334445556667778889992222333344445551
crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc1
igodo 0 mmalite oge 2018-03-20.20:35
crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc1
igodo 1 igodo-aha 2345678922334455667788992223334445556667778889992222333344445552
crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc1
igodo 1 mmalite oge 2018-03-20.20:37
crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc1
igodo 2 igodo-aha 2345678922334455667788992223334445556667778889992222333344445553
crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc1
igodo 2 mmalite oge 2018-03-20.20:39
crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc1
igodo 3 igodo-aha 2345678922334455667788992223334445556667778889992222333344445554
crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc1
igodo 3 mmalite oge 2018-03-20.20:41
crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc1
igodo 4 igodo-aha 2345678922334455667788992223334445556667778889992222333344445555
crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc1
igodo 4 mmalite oge 2018-03-20.20:43
crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc1
igodo 5 igodo-aha 2345678922334455667788992223334445556667778889992222333344445556
crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc1
igodo 5 mmalite oge 2018-03-20.20:45
crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc1
igodo 6 igodo-aha 2345678922334455667788992223334445556667778889992222333344445557
crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc1
igodo 6 mmalite oge 2018-03-20.20:47
crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc1
igodo 7 igodo-aha 2345678922334455667788992223334445556667778889992222333344445558
crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc1
igodo 7 mmalite oge 2018-03-20.20:49
Jiri iwu ngwa ngwa tinye uru igodo nzuzo. Maka example, nzuzo isi uru bụ
2345678922334455667788992223334123456789223344556677889922233341.
[edit] crypto-officer @ aha nnabata:fips# ozugbo nchekwa nyocha-key-chains key-chain macseckc1 igodo 0 nzuzo
Cak ọhụrụ
(nzuzo):
Tinyegharịa achicha ọhụrụ
(nzuzo):
crypto-officer @ aha nnabata: fips#
ngwa ngwa nche nyocha-key-chains isi-chain macseckc1 igodo 1 nzuzo
Cak ọhụrụ
(nzuzo):
Tinyegharịa achicha ọhụrụ
(nzuzo):
crypto-officer @ aha nnabata: fips# ozugbo nchekwa nyocha-key-chains key-chain macseckc1 igodo 2 nzuzo
Cak ọhụrụ
(nzuzo):
Tinyegharịa achicha ọhụrụ
(nzuzo):
crypto-officer @ aha nnabata: fips#
ngwa ngwa nche nyocha-key-chains isi-chain macseckc1 igodo 3 nzuzo
Cak ọhụrụ
(nzuzo):
Tinyegharịa achicha ọhụrụ
(nzuzo):
crypto-officer @ aha nnabata: fips#
ngwa ngwa nche nyocha-key-chains isi-chain macseckc1 igodo 4 nzuzo
Cak ọhụrụ
(nzuzo):
Tinyegharịa achicha ọhụrụ
(nzuzo):
crypto-officer @ aha nnabata: fips#
ngwa ngwa nche nyocha-key-chains isi-chain macseckc1 igodo 5 nzuzo
Cak ọhụrụ
(nzuzo):
Tinyegharịa achicha ọhụrụ
(nzuzo):
crypto-officer @ aha nnabata: fips#
ngwa ngwa nche nyocha-key-chains isi-chain macseckc1 igodo 6 nzuzo
Cak ọhụrụ
(nzuzo):
Tinyegharịa achicha ọhụrụ
(nzuzo):
crypto-officer @ aha nnabata: fips#
ngwa ngwa nche nyocha-key-chains isi-chain macseckc1 igodo 7 nzuzo
Cak ọhụrụ
(nzuzo):
Tinyegharịa achicha ọhụrụ
(nzuzo):
Jikọọ aha keychain ekekọrịtara na njikọ njikọta.
[edit] crypto-officer @ aha nnabata: fips# setịpụrụ nchekwa macsec connectivity-association CA1 pre-sharedkey-chain
macsec-kc1
crypto-officer @ aha nnabata: fips#
tọọ nchekwa macsec njikọta-otu CA1 cipher-suite
gcm-aes-256
Tọọ ụkpụrụ nhọrọ ọchụchọ.
[edit] crypto-officer@hostname:fips# setịpụrụ nchekwa nchekwa macsec traceoptions file MACsec.log
crypto-officer @ aha nnabata: fips# setịpụrụ nchekwa traceoptions macsec file nha 4000000000
crypto-officer@hostname:fips# setịpụrụ nchekwa macsec traceoptions ọkọlọtọ niile
Kenye akara ahụ na interface.
[edit] crypto-officer @ aha nnabata: fips # setịpụrụ nchekwa macsec interfaces interface-aha traceoptions
file maka_xe nha 1g
crypto-officer @ aha nnabata: fips# setịpụrụ nchekwa macsec interfaces interface-aha traceoptions
ọkọlọtọ niile
Hazie ọnọdụ nchekwa MACsec dị ka static-cak maka njikọ njikọta.
[edit] crypto-officer @ aha nnabata: fips # setịpụrụ nchekwa macsec njikọta-otu CA1 nchemode
static-cak
Tọọ ihe nkesa igodo MKA mkpa.
[edit] crypto-officer @ aha nnabata:fips# setịpụ nchekwa macsec njikọta-otu CA1 mka isi ihe nkesa-ebute ụzọ 1
Tọọ oge mbufe MKA.
[edit] crypto-officer @ aha nnabata:fips# setịpụrụ nchekwa macsec njikọta-otu CA1 mka transmitinterval
3000
Kwado nchekwa MKA.
[edit] crypto-officer @ aha nnabata: fips # setịpụrụ nchekwa macsec njikọta-otu CA1 gụnyere-sci
Kenye njikọ njikọta na interface.
[edit] crypto-officer @ aha nnabata: fips# setịpụ nchekwa macsec interfaces interface-aha njikọ njikọ
CA1
Hazie VLAN tagging.
[edit] crypto-officer @ aha nnabata: fips# set interfaces interface-name1 mgbanwe-vlan-tagging
crypto-officer @ aha nnabata:fips# set interfaces interface-name1 encapsulation na-agbanweethernet-ọrụ
crypto-officer @ aha nnabata: fips#
set interfaces interface-name1 unit 100 encapsulation vlanbridge
crypto-officer @ aha nnabata: fips#
set interfaces interface-name1 unit 100 vlan-id 100
crypto-officer @ aha nnabata: fips# set interfaces interface-name2 mgbanwe-vlan-tagging
crypto-officer @ aha nnabata:fips# set interfaces interface-name2 encapsulation na-agbanweethernet-ọrụ
crypto-officer @ aha nnabata: fips#
set interfaces interface-name2 unit 100 encapsulation vlanbridge
crypto-officer @ aha nnabata: fips#
set interfaces interface-name2 unit 100 vlan-id 100
Hazie ngalaba akwa mmiri.
[edit] crypto-officer @ aha nnabata: fips# set bridge-domains BD-110 ngalaba ụdị akwa.
crypto-officer @ aha nnabata: fips# set bridge-domains BD-110 vlan-id 100
crypto-officer @ aha nnabata: fips# set bridge-domains BD-110 interface interface-name1 100
crypto-officer @ aha nnabata: fips# set bridge-domains BD-110 interface interface-name2 100

Na R1:

Kenye uru nnabata na yinye igodo nyocha.
[edit] crypto-officer@hostname:fips# setịpụ nyocha nchekwa-key-chains key-chain macsec-kc1 ndidi 20
Mepụta paswọọdụ nzuzo iji. Ọ bụ eriri mkpụrụ ọnụọgụ hexadecimal ruru mkpụrụedemede 64 n'ogologo. Okwuntughe nwere ike ịgụnye oghere ma ọ bụrụ na agbanyere eriri agwa na akara ngụ. A na-eji data nzuzo keychain dị ka CAK.
[edit] crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc1
igodo 0 igodo-aha 2345678922334455667788992223334445556667778889992222333344445551
crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc1
igodo 0 mmalite oge 2018-03-20.20:35
crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc1
igodo 1 igodo-aha 2345678922334455667788992223334445556667778889992222333344445552
crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc1
igodo 1 mmalite oge 2018-03-20.20:37
crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc1
igodo 2 igodo-aha 2345678922334455667788992223334445556667778889992222333344445553
crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc1
igodo 2 mmalite oge 2018-03-20.20:39
crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc1
igodo 3 igodo-aha 2345678922334455667788992223334445556667778889992222333344445554
crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc1
igodo 3 mmalite oge 2018-03-20.20:41
crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc1
igodo 4 igodo-aha 2345678922334455667788992223334445556667778889992222333344445555
crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc1
igodo 4 mmalite oge 2018-03-20.20:43
crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc1
igodo 5 igodo-aha 2345678922334455667788992223334445556667778889992222333344445556
crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc1
igodo 5 mmalite oge 2018-03-20.20:45
crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc1
igodo 6 igodo-aha 2345678922334455667788992223334445556667778889992222333344445557
crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc1
igodo 6 mmalite oge 2018-03-20.20:47
crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc1
igodo 7 igodo-aha 2345678922334455667788992223334445556667778889992222333344445558
crypto-officer @ aha nnabata: fips# setịpụrụ nyocha nchekwa-key-chains key-chain macsec-kc1
igodo 7 mmalite oge 2018-03-20.20:49
Jiri iwu ngwa ngwa tinye uru igodo nzuzo. Maka example, nzuzo isi uru bụ
2345678922334455667788992223334123456789223344556677889922233341.
[edit] crypto-officer @ aha nnabata:fips# ozugbo nchekwa nyocha-key-chains key-chain macseckc1 igodo 0 nzuzo
Cak ọhụrụ
(nzuzo):
Tinyegharịa achicha ọhụrụ
(nzuzo):
crypto-officer @ aha nnabata: fips#
ngwa ngwa nche nyocha-key-chains isi-chain macseckc1 igodo 1 nzuzo
Cak ọhụrụ
(nzuzo):
Tinyegharịa achicha ọhụrụ (nzuzo):
crypto-officer @ aha nnabata: fips# ozugbo nchekwa nyocha-key-chains key-chain macseckc1 igodo 2 nzuzo
Cak ọhụrụ
(nzuzo):
Tinyegharịa achicha ọhụrụ
(nzuzo):
crypto-officer @ aha nnabata: fips#
ngwa ngwa nche nyocha-key-chains isi-chain macseckc1 igodo 3 nzuzo
Cak ọhụrụ
(nzuzo):
Tinyegharịa achicha ọhụrụ
(nzuzo):
crypto-officer @ aha nnabata: fips#
ngwa ngwa nche nyocha-key-chains isi-chain macseckc1 igodo 4 nzuzo
Cak ọhụrụ
(nzuzo):
Tinyegharịa achicha ọhụrụ
(nzuzo):
crypto-officer @ aha nnabata: fips#
ngwa ngwa nche nyocha-key-chains isi-chain macseckc1 igodo 5 nzuzo
Cak ọhụrụ
(nzuzo):
Tinyegharịa achicha ọhụrụ
(nzuzo):
crypto-officer @ aha nnabata: fips#
ngwa ngwa nche nyocha-key-chains isi-chain macseckc1 igodo 6 nzuzo
Cak ọhụrụ
(nzuzo):
Tinyegharịa achicha ọhụrụ
(nzuzo):
crypto-officer @ aha nnabata: fips#
ngwa ngwa nche nyocha-key-chains isi-chain macseckc1 igodo 7 nzuzo
Cak ọhụrụ
(nzuzo):
Tinyegharịa achicha ọhụrụ (nzuzo):
Jikọọ aha keychain ekekọrịtara na njikọ njikọta.
[edit] crypto-officer @ aha nnabata: fips# setịpụrụ nchekwa macsec connectivity-association CA1 pre-sharedkey-chain
macsec-kc1
crypto-officer @ aha nnabata: fips#
tọọ nchekwa macsec njikọta-otu CA1 cipher-suite
gcm-aes-256
Tọọ ụkpụrụ nhọrọ ọchụchọ.
[edit] crypto-officer@hostname:fips# setịpụrụ nchekwa nchekwa macsec traceoptions file MACsec.log
crypto-officer @ aha nnabata: fips# setịpụrụ nchekwa traceoptions macsec file nha 4000000000
crypto-officer@hostname:fips# setịpụrụ nchekwa macsec traceoptions ọkọlọtọ niile
Kenye akara ahụ na interface.
[edit] crypto-officer @ aha nnabata: fips # setịpụrụ nchekwa macsec interfaces interface-aha traceoptions
file maka_xe nha 1g
crypto-officer @ aha nnabata: fips# setịpụrụ nchekwa macsec interfaces interface-aha traceoptions
ọkọlọtọ niile
Hazie ọnọdụ nchekwa MACsec dị ka static-cak maka njikọ njikọta.
[edit] crypto-officer @ aha nnabata: fips # setịpụrụ nchekwa macsec njikọta-otu CA1 nchemode
static-cak
Tọọ ihe nkesa igodo MKA mkpa.
[edit] crypto-officer @ aha nnabata:fips# setịpụrụ nchekwa macsec njikọta-otu CA1 mka keyserver-priority
Tọọ oge mbufe MKA.
[edit] crypto-officer @ aha nnabata:fips# setịpụrụ nchekwa macsec njikọta-otu CA1 mka transmitinterval
3000
Kwado nchekwa MKA.
[edit] crypto-officer @ aha nnabata: fips # setịpụrụ nchekwa macsec njikọta-otu CA1 gụnyere-sci
Kenye njikọ njikọta na interface.
[edit] crypto-officer @ aha nnabata: fips# setịpụ nchekwa macsec interfaces interface-aha njikọ njikọ
CA1
Hazie VLAN tagging.
[edit] crypto-officer @ aha nnabata: fips# set interfaces interface-name1 mgbanwe-vlan-tagging
crypto-officer @ aha nnabata:fips# set interfaces interface-name1 encapsulation na-agbanweethernet-ọrụ
crypto-officer @ aha nnabata: fips#
set interfaces interface-name1 unit 100 encapsulation vlanbridge
crypto-officer @ aha nnabata: fips#
set interfaces interface-name1 unit 100 vlan-id 100
crypto-officer @ aha nnabata: fips# set interfaces interface-name2 mgbanwe-vlan-tagging
crypto-officer @ aha nnabata:fips# set interfaces interface-name2 encapsulation na-agbanwe Ethernet-ọrụ
crypto-officer @ aha nnabata: fips#
set interfaces interface-name2 unit 100 encapsulation vlanbridge
crypto-officer @ aha nnabata: fips#
set interfaces interface-name2 unit 100 vlan-id 100
Hazie ngalaba akwa mmiri.
[edit] crypto-officer @ aha nnabata: fips# set bridge-domains BD-110 ngalaba ụdị akwa.
crypto-officer @ aha nnabata: fips# set bridge-domains BD-110 vlan-id 100
crypto-officer @ aha nnabata: fips# set bridge-domains BD-110 interface interface-name1 100
crypto-officer @ aha nnabata: fips# set bridge-domains BD-110 interface interface-name2 100

Na-ahazi ndekọ ihe omume

Ndebanye ihe omume gafereview
Nhazi a na-enyocha chọrọ nyocha nke mgbanwe nhazi site na ndekọ usoro.
Na mgbakwunye, Junos OS nwere ike:

Zipu nzaghachi akpaghị aka na mmemme nyocha (mmepụta ntinye syslog).
Hapụ ndị njikwa ikike ka ha nyochaa ndekọ ndekọ ego.
Zipu nyocha files na mpụga sava.
Kwe ka ndị njikwa ikike iweghachi sistemụ ahụ na steeti amaara.

Ndebanye aha maka nhazi enyochala ga-ejiderịrị mmemme ndị a:

Mgbanwe na data igodo nzuzo na nhazi.
Mgbanwe agbanweela.
Nbanye/ ọpụpụ nke ndị ọrụ.
Mmalite sistemụ.
Ọdịda ịtọlite nnọkọ SSH.
Ntọlite/nkwụsị nke nnọkọ SSH.
Mgbanwe na oge (usoro).
Nkwụsị nke oge dịpụrụ adịpụ site na usoro mkpọchi nnọkọ.
Nkwụsị nke nnọkọ mmekọrịta.

Na mgbakwunye, Juniper Networks na-atụ aro ka ịbanyekwa:

Weghara mgbanwe niile na nhazi ahụ.
Chekwaa ozi ndekọ n'ebe dị anya.

Na-ahazi ndebanye ihe omume na mpaghara File
Ị nwere ike hazie ịchekwa ozi nyocha na mpaghara file na nkwupụta syslog. Nke a example na-echekwa ndekọ na a file aha ya bụ Audit-File:
[edit sistemu] syslog {
file Nyocha-File;
}
Ozi mmemme na-atụgharị asụsụ
Ihe mmepụta na-egosi dị kaample ihe omume ozi.
Feb 27 02:33:04 bm-a mgd[6520]: UI_LOGIN_EVENT: Nbanye onye ọrụ 'security-officer', klas 'j-superuser'
[6520],
ssh-njikọ”, ndị ahịa-ụkpụrụ
'cli'
Feb 27 02:33:49 bm-a mgd[6520]: UI_DBASE_LOGIN_EVENT: Onye ọrụ 'onye ọrụ nchekwa' na-abanye nhazi
ọnọdụ
Feb 27 02:38:29 bm-a mgd[6520]: UI_CMDLINE_READ_LINE: Onye ọrụ 'security-officer', nye iwu 'run show'
ndekọ
Ndekọ nyocha | grep LOGIN
Tebụl nke 4 na ibe 69 na-akọwa mpaghara maka ozi mmemme. Ọ bụrụ na akụrụngwa ndekọ sistemụ enweghị ike ikpebi uru ọ bara n'otu mpaghara, akara akara (-) pụtara kama.
Tebụl 4: Ubi dị na ozi mmemme

Ubi	Nkọwa	Examples
ogeamp	Oge ewepụtara ozi ahụ, n'otu n'ime ihe ngosi abụọ: • MMM-DD HH:MM:SS.MS+/-HH:MM, bụ ọnwa, ụbọchị, elekere, nkeji, nke abụọ na millisecond n'oge ime obodo. Oge elekere na nkeji na-esote akara gbakwunyere (+) ma ọ bụ akara mwepu (-) bụ nbido nke mpaghara oge mpaghara site na Oge Achịkọbara Nile (UTC). • YYYY-MM-DDTHH:MM:SS.MSZ bụ afọ, ọnwa, ụbọchị, elekere, nkeji, nke abụọ na millisecond na UTC.	Febụwarị 27 02:33:04 bụ ogeamp ekwuputara dị ka oge mpaghara na United States. 2012-02-27T03:17:15.713Z is 2:33 UTC na 27 Feb 2012.
aha nnabata	Aha onye ọbịa nke butere ozi ahụ na mbụ.	rawụta1
usoro	Aha usoro Junos OS nke butere ozi ahụ.	mgd
usoro ID	UNIX usoro ID (PID) nke usoro Junos OS nke mepụtara ozi ahụ.	4153
TAG	Junos OS ndekọ ozi tag, nke na-akọwapụta ozi ahụ n'ụzọ pụrụ iche.	UI_DBASE_LOGOUT_EVENT
aha njirimara	Aha njirimara nke onye ọrụ na-ebido mmemme ahụ.	"admin"
ozi-ederede	Nkọwa asụsụ Bekee nke mmemme .	setịpụrụ: [usoro radius-server 1.2.3.4 nzuzo]

Mgbanwe ntinye na data nzuzo
Ndị a bụ examples nke ndekọ ndekọ nke ihe omume na-agbanwe data nzuzo. Mgbe ọ bụla enwere mgbanwe na nhazi examplee, ihe omume syslog kwesịrị ijide ndekọ ndị a:
Jul 24 17:43:28 router1 mgd[4163]: UI_CFG_AUDIT_SET_SECRET: Onye ọrụ 'admin' set:
[Sistemụ radius-ihe nkesa 1.2.3.4 nzuzo] Jul 24 17:43:28 router1 mgd[4163]: UI_CFG_AUDIT_SET_SECRET: Onye ọrụ 'admin' set:
[Sistemụ nbanye onye ọrụ nchịkwa ezoro ezo-paswọọdụ] Jul 24 17:43:28 router1 mgd[4163]: UI_CFG_AUDIT_SET_SECRET: Onye ọrụ 'admin' set:
[onye ọrụ nbanye sistemụ admin2 authentication encrypted-password] Oge ọ bụla emelitere ma ọ bụ gbanwee nhazi, syslog kwesịrị ijide ndekọ ndị a:
Jul 24 18:29:09 router1 mgd[4163]: UI_CFG_AUDIT_SET_SECRET: Onye ọrụ 'admin' dochie:
[Sistemụ radius-ihe nkesa 1.2.3.4 nzuzo] Jul 24 18:29:09 router1 mgd[4163]: UI_CFG_AUDIT_SET_SECRET: Onye ọrụ 'admin' dochie:
[Sistemụ nbanye onye ọrụ nchịkwa ezoro ezo-paswọọdụ] Jul 24 18:29:09 router1 mgd[4163]: UI_CFG_AUDIT_SET_SECRET: Onye ọrụ 'admin' dochie:
[Sistemụ nbanye onye ọrụ nchịkwa ezoro ezo-paswọọdụ] Maka ozi ndị ọzọ gbasara ịhazi paramita na ijikwa log files, lee Junos OS Sistemu
Ntuziaka Ozi ndekọ.
Nbanye wee wepu mmemme site na iji SSH
A na-ewepụta ozi ndekọ ndekọ sistemụ mgbe ọ bụla onye ọrụ nwara ịnweta SSH nke ọma ma ọ bụ na ọ gaghị eme nke ọma. Edekọkwara mmemme ọpụpụ. Maka examplee, ndekọ ndị a bụ nsonaazụ nke mbọ nyocha abụọ dara ada, emesia nke na-aga nke ọma, na n'ikpeazụ a logout:
Dec 20 23:17:35 bilbo sshd[16645]: Okwuntughe dara ada maka op si na ọdụ ụgbọ mmiri 172.17.58.45 1673 ssh2
Dec 20 23:17:42 bilbo sshd[16645]: Okwuntughe dara ada maka op si na ọdụ ụgbọ mmiri 172.17.58.45 1673 ssh2
Dec 20 23:17:53 bilbo sshd[16645]: Okwuntughe anabatara maka op si na ọdụ ụgbọ mmiri 172.17.58.45 1673 ssh2
Dec 20 23:17:53 bilbo mgd[16648]: UI_AUTH_EVENT: Onye ọrụ enwetara 'op' na ọkwa ikike
'j-operator'
Dec 20 23:17:53 bilbo mgd[16648]: UI_LOGIN_EVENT: Nbanye 'op' onye ọrụ, klas 'j-operator' [16648] Dec 20 23:17:56 bilbo mgd[16648]: UI_CMDLINE_READ_LINE: Onye ọrụ 'op iwu 'kwụsị'
Dec 20 23:17:56 bilbo mgd[16648]: UI_LOGOUT_EVENT: Nwepu 'op' nke onye ọrụ.
Ndebanye aha mmalite nyocha
Ozi nyocha nke etinyere gụnyere mmalite nke Junos OS. Nke a na-egosipụtakwa ihe omume mmalite nke sistemụ nyocha, nke enweghị ike ịnwe nkwarụ ma ọ bụ mee ka ọ rụọ ọrụ. Maka examplee, ọ bụrụ na amalitegharịrị Junos OS, ndekọ nyocha nwere ozi ndị a:
Dec 20 23:17:35 bilbo syslogd: ịpụ na mgbama 14
Dec 20 23:17:35 bilbo syslogd: malitegharịa
Dec 20 23:17:35 bilbo syslogd /kernel: Dec 20 23:17:35 init: syslogd (PID 19128) jiri pụọ
ọnọdụ =1
Dec 20 23:17:42 bilbo /kernel:
Dec 20 23:17:53 mmalite: syslogd (PID 19200) malitere

Na-eme nnwale nke onwe na ngwaọrụ

Ịghọta FIPS Nnwale Onwe Onye
Modul cryptographic na-akwado iwu nchekwa iji hụ na Juniper Networks Junos na-arụ ọrụ
Sistemu (Junos OS) na ọnọdụ FIPS na-emezu ihe nchekwa chọrọ nke FIPS 140-2 Ọkwa 1. Iji kwadoo
mmepụta nke algọridim nke cryptographic akwadoro maka FIPS wee nwalee iguzosi ike n'ezi ihe nke ụfọdụ modul sistemụ,
Ngwa a na-eme usoro nnwale azịza amaara (KAT) ndị a:

kernel_kats-KAT maka usoro ihe omimi nke kernel
md_kats—KAT maka aka na libc
openssl_kats—KAT maka mmejuputa cryptographic OpenSSL
quicksec_kats—KAT maka ngwa ngwa ngwa ngwa ngwa ngwa ngwa cryptographic mmejuputa iwu
ssh_ipsec_kats—KAT maka SSH IPsec Toolkit mmejuputa cryptographic
macsec_kats-KAT maka mmejuputa cryptographic MACsec

A na-eme ule onwe onye KAT na-akpaghị aka na mmalite. A na-emekwa nnwale onwe ọnọdụ na-akpaghị aka iji nyochaa ngwungwu sọftụwia ejiri aka dijitalụ bịanyere aka n'akwụkwọ, nọmba random, RSA na ECDSA igodo ụzọ abụọ, na iji aka tinye igodo.
Ọ bụrụ na emechara KAT nke ọma, ndekọ sistemụ (syslog) file emelitere iji gosipụta ule emere.
Ọ bụrụ na ọdịda KAT dị, ngwaọrụ ahụ na-ede nkọwa na ndekọ usoro file, na-abanye FIPS njehie steeti (ụjọ) na reboots.
Nke file show /var/log/ozi iwu na-egosiputa ndekọ usoro.
Ị nwekwara ike ịgba ọsọ FIPS n'onwe gị site na ịnye arịrịọ vmhost reboot iwu. Ị nwere ike ịhụ ndekọ nyocha onwe FIPS na njikwa mgbe sistemụ na-abịa.
Example: Hazie FIPS onwe-ule
Nke a example na-egosi otú e si ahazi FIPS onwe-ule na-agba ọsọ oge.
Achọrọ ngwaike na ngwanrọ

Ị ga-enwerịrị ikike nchịkwa iji hazie FIPS nyocha onwe ya.
Ngwaọrụ ahụ ga-enwerịrị ụdị Junos OS enyochala na sọftụwia ọnọdụ FIPS.

gafereview
Nnwale onwe onye FIPS nwere ụlọ nyocha azịza amaara (KAT):

kernel_kats-KAT maka usoro ihe omimi nke kernel
md_kats—KAT maka libmd na libc
quicksec_kats—KAT maka ngwa ngwa ngwa ngwa ngwa ngwa ngwa cryptographic mmejuputa iwu
openssl_kats—KAT maka mmejuputa cryptographic OpenSSL
ssh_ipsec_kats—KAT maka SSH IPsec Toolkit mmejuputa cryptographic
macsec_kats-KAT maka mmejuputa cryptographic MACsec
Na nke a examplee, FIPS nnwale onwe onye na-egbu na 9:00 AM na New York City, USA, kwa Wednesday.

IHE: Kama ule kwa izu, ị nwere ike hazie ule kwa ọnwa site na itinye nkwupụta ọnwa na ụbọchị nke ọnwa.
Mgbe nyocha onwe onye KAT dara, a na-edegara ozi ndekọ aha na ozi ndekọ sistemụ file na nkọwa nke ọdịda ule. Mgbe ahụ sistemụ ahụ na-ama jijiji ma malitegharịa.
Nhazi ngwa ngwa CLI
Iji hazie ex a ngwa ngwaample, detuo iwu ndị a, mado ha n'ime ederede file, wepụ ihe nkwụsịtụ ahịrị ọ bụla, gbanwee nkọwa ọ bụla dị mkpa iji kwekọọ nhazi netwọk gị, wee detuo na mado iwu n'ime CLI na ọkwa ọkwa [edit].
setịpụ fips nwale onwe onye n'oge mmalite oge 09:00
setịpụ sistemu fips nwale onwe ya kwa ụbọchị nke izu 3
Usoro nzọụkwụ-site-nzọụkwụ
Iji hazie ule onwe FIPS, jiri nzere crypto-officer banye na ngwaọrụ a:

Hazie FIPS nnwale onwe onye ka ọ rụọ n'elekere 9:00 nke ụtụtụ na Wednesde ọ bụla.
[edit usoro fips onwe-ule] crypto-officer@hostname:fips# setịpụrụ oge mmalite oge 09:00
crypto-officer@hostname:fips# setịpụrụ ụbọchị izu ụka 3
Ọ bụrụ na ịmechara nhazi ngwaọrụ ahụ, tinye nhazi ahụ.
[edit usoro fips onwe-ule] crypto-officer@hostname:fips# eme

Nsonaazụ
Site na ọnọdụ nhazi, kwado nhazi gị site na ịnye iwu usoro ihe ngosi. Ọ bụrụ na mmepụta ahụ egosighi nhazi echere, kwugharịa ntuziaka na example iji dozie nhazi ahụ.
crypto-officer @ aha nnabata: fips # usoro ihe ngosi
fips {
nwale onwe onye {
nke oge {
oge mmalite "09:00";
ụbọchị-izu 3;
}
}
}

Nyocha

Kwenye na nhazi ahụ na-arụ ọrụ nke ọma.
Na-enyocha ule onwe FIPS

Ebumnuche
Nyochaa na agbanyere FIPS ule onwe ya.
Omume
Jiri aka gị gbaa FIPS nnwale onwe ya site n'inye arịrịọ sistemụ fips iwu nyocha onwe onye ma ọ bụ malitegharịa ngwaọrụ ahụ.
Mgbe ịnyechara sistemụ arịrịọ fips iwu nyocha onwe onye ma ọ bụ malitegharịa ngwaọrụ ahụ, ndekọ sistemụ file emelitere iji gosipụta KAT ndị a na-egbu. Iji view ndekọ usoro file, nye ya file show /var/log/ ozi iwu.
onye ọrụ @ onye ọbịa# file show /var/log/messages
RE KATS:
mgd: Na-agba ọsọ FIPS nyocha onwe
mgd: Nnwale kernel KATS:
mgd: NIST 800-90 HMAC DRBG Mara Azịza Ule: Gafere
mgd: DES3-CBC Mara Azịza Ule: Gafere
mgd: HMAC-SHA1 Mara Azịza Ule: Gafere
mgd: HMAC-SHA2-256 Mara Azịza Ule: Gafere
mgd: SHA-2-384 Mara Azịza Ule: Gafere
mgd: SHA-2-512 Mara Azịza Ule: Gafere
mgd: AES128-CMAC Mara Azịza Ule: Gafere
mgd: AES-CBC Mara Azịza Ule: Gafere
mgd: Nnwale MACSec KATS:
mgd: AES128-CMAC Mara Azịza Ule: Gafere
mgd: AES256-CMAC Mara Azịza Ule: Gafere
mgd: AES-ECB Mara Azịza Ule: Gafere
mgd: AES-KEYWRAP Mara Azịza Ule: Gafere
mgd: KBKDF Mara Azịza Ule: Gafere
mgd: Nnwale libmd KATS:
mgd: HMAC-SHA1 Mara Azịza Ule: Gafere
mgd: HMAC-SHA2-256 Mara Azịza Ule: Gafere
mgd: SHA-2-512 Mara Azịza Ule: Gafere
mgd: Nnwale OpenSSL KATS:
mgd: NIST 800-90 HMAC DRBG Mara Azịza Ule: Gafere
mgd: FIPS ECDSA Mara Azịza Ule: Gafere
mgd: FIPS ECDH Mara Azịza Ule: Gafere
mgd: FIPS RSA Mara Azịza Ule: Gafere
mgd: DES3-CBC Mara Azịza Ule: Gafere
mgd: HMAC-SHA1 Mara Azịza Ule: Gafere
mgd: HMAC-SHA2-224 Mara Azịza Ule: Gafere
mgd: HMAC-SHA2-256 Mara Azịza Ule: Gafere
mgd: HMAC-SHA2-384 Mara Azịza Ule: Gafere
mgd: HMAC-SHA2-512 Mara Azịza Ule: Gafere
mgd: AES-CBC Mara Azịza Ule: Gafere
mgd: AES-GCM Mara Azịza Ule: Gafere
mgd: ECDSA-SIGN Mara Azịza Nnwale: Gafere
mgd: KDF-IKE-V1 Mara Azịza Ule: Gafere
mgd: KDF-SSH-SHA256 Mara Azịza Ule: Gafere
mgd: KAS-ECC-EPHEM-UNIFIED-NOKC Mara azịza Ule: Gafere
mgd: KAS-FFC-EPHEM-NOKC Mara Azịza Ule: Gafere
mgd: Na-anwale QuickSec 7.0 KATS:
mgd: NIST 800-90 HMAC DRBG Mara Azịza Ule: Gafere
mgd: DES3-CBC Mara Azịza Ule: Gafere
mgd: HMAC-SHA1 Mara Azịza Ule: Gafere
mgd: HMAC-SHA2-224 Mara Azịza Ule: Gafere
mgd: HMAC-SHA2-256 Mara Azịza Ule: Gafere
mgd: HMAC-SHA2-384 Mara Azịza Ule: Gafere
mgd: HMAC-SHA2-512 Mara Azịza Ule: Gafere
mgd: AES-CBC Mara Azịza Ule: Gafere
mgd: AES-GCM Mara Azịza Ule: Gafere
mgd: SSH-RSA-ENC Mara Azịza Ule: Gafere
mgd: SSH-RSA-SIGN Mara Azịza Ule: Gafere
mgd: SSH-ECDSA-SIGN Mara Azịza Ule: Gafere
mgd: KDF-IKE-V1 Mara Azịza Ule: Gafere
mgd: KDF-IKE-V2 Mara Azịza Ule: Gafere
mgd: Na-anwale QuickSec KATS:
mgd: NIST 800-90 HMAC DRBG Mara Azịza Ule: Gafere
mgd: DES3-CBC Mara Azịza Ule: Gafere
mgd: HMAC-SHA1 Mara Azịza Ule: Gafere
mgd: HMAC-SHA2-224 Mara Azịza Ule: Gafere
mgd: HMAC-SHA2-256 Mara Azịza Ule: Gafere
mgd: HMAC-SHA2-384 Mara Azịza Ule: Gafere
mgd: HMAC-SHA2-512 Mara Azịza Ule: Gafere
mgd: AES-CBC Mara Azịza Ule: Gafere
mgd: AES-GCM Mara Azịza Ule: Gafere
mgd: SSH-RSA-ENC Mara Azịza Ule: Gafere
mgd: SSH-RSA-SIGN Mara Azịza Ule: Gafere
mgd: KDF-IKE-V1 Mara Azịza Ule: Gafere
mgd: KDF-IKE-V2 Mara Azịza Ule: Gafere
mgd: Na-anwale SSH IPsec KATS:
mgd: NIST 800-90 HMAC DRBG Mara Azịza Ule: Gafere
mgd: DES3-CBC Mara Azịza Ule: Gafere
mgd: HMAC-SHA1 Mara Azịza Ule: Gafere
mgd: HMAC-SHA2-256 Mara Azịza Ule: Gafere
mgd: AES-CBC Mara Azịza Ule: Gafere
mgd: SSH-RSA-ENC Mara Azịza Ule: Gafere
mgd: SSH-RSA-SIGN Mara Azịza Ule: Gafere
mgd: KDF-IKE-V1 Mara Azịza Ule: Gafere
mgd: Nnwale file iguzosi ike n'ezi ihe:
mgd: File Nnwale Azịza Amụma nke iguzosi ike n'ezi ihe: Agafere
mgd: Na-anwale iguzosi ike n'ezi ihe nke crypto:
mgd: Crypto iguzosi ike n'ezi ihe Mara Azịza Ule: Gafere
mgd: Na-atụ anya exec AuthenticatiMAC/veriexec: enweghị akara mkpisiaka (file=/sbin/kats/enweghị ike-exec
fsid=246 fileid = 49356 gen = 1 uid = 0 pid = 9384 ppid = 9354 gppid = 9352) na njehie…
mgd: /sbin/kats/run-ule: /sbin/kats/cannot-exec: Njehie nyocha
mgd: FIPS Nnwale onwe onye gafere
LC KATS:
Sep 12 10:50:44 netwọk_macsec_kats_ntinye xe- /0/0:0:
mba> foto: 0 ọdụ ụgbọ mmiri: 0 cha: 0 FIPS AES-256-GCM MACsec KATS izo ya ezo gafere
Sep 12 10:50:50 netwọk_macsec_kats_ntinye xe- /0/1:0:
mba> foto: 0 ọdụ ụgbọ mmiri: 1 cha: 0 FIPS AES-256-GCM MACsec KATS izo ya ezo gafere
Sep 12 10:50:55 netwọk_macsec_kats_ntinye xe- /0/0:0:
mba> foto: 0 ọdụ ụgbọ mmiri: 0 cha: 0 FIPS AES-256-GCM MACsec KATS decryption gafere
Sep 12 10:50:56 netwọk_macsec_kats_ntinye xe- /0/2:0:
mba> foto: 0 ọdụ ụgbọ mmiri: 2 cha: 0 FIPS AES-256-GCM MACsec KATS izo ya ezo gafere
Sep 12 10:51:01 netwọk_macsec_kats_ntinye xe- /0/1:0:
mba> foto: 0 ọdụ ụgbọ mmiri: 1 cha: 0 FIPS AES-256-GCM MACsec KATS decryption gafere
Sep 12 10:51:02 netwọk_macsec_kats_ntinye xe- /0/2:0:
mba> foto: 0 ọdụ ụgbọ mmiri: 2 cha: 0 FIPS AES-256-GCM MACsec KATS decryption gafere
Sep 12 10:51:06 netwọk_macsec_kats_ntinye xe- /0/3:0:
mba> foto: 0 ọdụ ụgbọ mmiri: 3 cha: 0 FIPS AES-256-GCM MACsec KATS izo ya ezo gafere
Sep 12 10:51:12 netwọk_macsec_kats_ntinye xe- /0/3:0:
mba> foto: 0 ọdụ ụgbọ mmiri: 3 cha: 0 FIPS AES-256-GCM MACsec KATS decryption gafere
Sep 12 10:51:17 netwọk_macsec_kats_ntinye xe- /0/4:0:
mba> foto: 0 ọdụ ụgbọ mmiri: 4 cha: 0 FIPS AES-256-GCM MACsec KATS izo ya ezo gafere
Sep 12 10:51:17 netwọk_macsec_kats_ntinye xe- /0/4:0:
mba> foto: 0 ọdụ ụgbọ mmiri: 4 cha: 0 FIPS AES-256-GCM MACsec KATS decryption gafere
Sep 12 10:51:26 netwọk_macsec_kats_ntinye xe- /0/5:0:
mba> foto: 0 ọdụ ụgbọ mmiri: 5 cha: 0 FIPS AES-256-GCM MACsec KATS izo ya ezo gafere
Sep 12 10:51:27 netwọk_macsec_kats_ntinye xe- /0/5:0:
mba> foto: 0 ọdụ ụgbọ mmiri: 5 cha: 0 FIPS AES-256-GCM MACsec KATS decryption gafere
Sep 12 10:51:36 netwọk_macsec_kats_ntinye xe- /0/6:0:
mba> foto: 0 ọdụ ụgbọ mmiri: 6 cha: 0 FIPS AES-256-GCM MACsec KATS izo ya ezo gafere
Sep 12 10:51:36 netwọk_macsec_kats_ntinye xe- /0/6:0:
mba> foto: 0 ọdụ ụgbọ mmiri: 6 cha: 0 FIPS AES-256-GCM MACsec KATS decryption gafere
Sep 12 10:51:44 netwọk_macsec_kats_ntinye xe- /0/7:0:
mba> foto: 0 ọdụ ụgbọ mmiri: 7 cha: 0 FIPS AES-256-GCM MACsec KATS izo ya ezo gafere
Sep 12 10:51:44 netwọk_macsec_kats_ntinye xe- /0/7:0:
mba> foto: 0 ọdụ ụgbọ mmiri: 7 cha: 0 FIPS AES-256-GCM MACsec KATS decryption gafere
Sep 12 10:51:51 netwọk_macsec_kats_ntinye xe- /0/8:0:
mba> foto: 0 ọdụ ụgbọ mmiri: 8 cha: 0 FIPS AES-256-GCM MACsec KATS izo ya ezo gafere
Sep 12 10:51:51 netwọk_macsec_kats_ntinye xe- /0/8:0:
mba> foto: 0 ọdụ ụgbọ mmiri: 8 cha: 0 FIPS AES-256-GCM MACsec KATS decryption gafere
Sep 12 10:51:58 netwọk_macsec_kats_ntinye xe- /0/9:0:
mba> foto: 0 ọdụ ụgbọ mmiri: 9 cha: 0 FIPS AES-256-GCM MACsec KATS izo ya ezo gafere
Sep 12 10:51:58 netwọk_macsec_kats_ntinye xe- /0/9:0:
mba> foto: 0 ọdụ ụgbọ mmiri: 9 cha: 0 FIPS AES-256-GCM MACsec KATS decryption gafere
Sep 12 10:52:05 netwọk_macsec_kats_ntinye xe- /0/10:0:
Oghere oghere> foto: 0 ọdụ ụgbọ mmiri: 10 cha: 0 FIPS AES-256-GCM MACsec KATS nzuzo gafere
Sep 12 10:52:05 netwọk_macsec_kats_ntinye xe- /0/10:0:
Oghere oghere> foto: 0 ọdụ ụgbọ mmiri: 10 cha: 0 FIPS AES-256-GCM MACsec KATS decryption gafere
Sep 12 10:52:12 netwọk_macsec_kats_ntinye xe- /0/11:0:
Oghere oghere> foto: 0 ọdụ ụgbọ mmiri: 11 cha: 0 FIPS AES-256-GCM MACsec KATS nzuzo gafere
Sep 12 10:52:12 netwọk_macsec_kats_ntinye xe- /0/11:0:
Oghere oghere> foto: 0 ọdụ ụgbọ mmiri: 11 cha: 0 FIPS AES-256-GCM MACsec KATS decryption gafere
Sep 12 10:52:20 netwọk_macsec_kats_ntinye xe- /1/0:0:
mba> foto: 1 ọdụ ụgbọ mmiri: 0 cha: 0 FIPS AES-256-GCM MACsec KATS izo ya ezo gafere
Sep 12 10:52:20 netwọk_macsec_kats_ntinye xe- /1/0:0:
mba> foto: 1 ọdụ ụgbọ mmiri: 0 cha: 0 FIPS AES-256-GCM MACsec KATS decryption gafere
Sep 12 10:52:27 netwọk_macsec_kats_ntinye xe- /1/1:0:
mba> foto: 1 ọdụ ụgbọ mmiri: 1 cha: 0 FIPS AES-256-GCM MACsec KATS izo ya ezo gafere
Sep 12 10:52:28 netwọk_macsec_kats_ntinye xe- /1/1:0:
mba> foto: 1 ọdụ ụgbọ mmiri: 1 cha: 0 FIPS AES-256-GCM MACsec KATS decryption gafere
Sep 12 10:52:34 netwọk_macsec_kats_ntinye xe- /1/2:0:
mba> foto: 1 ọdụ ụgbọ mmiri: 2 cha: 0 FIPS AES-256-GCM MACsec KATS izo ya ezo gafere
Pụtara
Ndekọ sistemụ file na-egosiputa ụbọchị na oge e gburu ndị KAT na ọnọdụ ha.

Iwu arụ ọrụ

Syntax
Sistemụ arịrịọ zeroize
Nkọwa
Maka RE1800, wepụ ozi nhazi niile dị na Injin Roting wee tọgharịa ụkpụrụ isi niile. Ọ bụrụ na ngwaọrụ ahụ nwere Injin Routing dual, a na-agbasa iwu ahụ na Injin ụzọ niile dị na ngwaọrụ ahụ. Iwu ahụ na-ewepụ data niile files, gụnyere nhazi ahaziri na ndekọ files, site n'iwepụ njikọ ahụ files site na akwụkwọ ndekọ aha ha. Iwu a na-ewepụ ihe niile ejiri rụọ ọrụ files sitere na sistemụ gụnyere okwuntughe ederede niile, ihe nzuzo na igodo nzuzo maka SSH, izo ya ezo mpaghara, nyocha mpaghara, IPsec, RADIUS, TACACS+ na SNMP.
Iwu a na-amalitegharị ngwaọrụ ahụ wee debe ya na nhazi ndabere ụlọ ọrụ. Mgbe ịmalitegharịrị, ị nweghị ike ịnweta ngwaọrụ site na njikwa Ethernet interface. Banye na njikwa njikwa dị ka mgbọrọgwụ wee malite Junos OS CLI site na ịpị cli na ozugbo.
Ọkwa ihe ùgwù achọrọ
mmezi
ịrịọ vmhost zeroize enweghị mbugharị
Syntax
ịrịọ vmhost zeroize enweghị mbugharị
Nkọwa
Maka REMX2K-X8, wepụ ozi nhazi niile na Injin Roting wee tọgharịa ụkpụrụ isi niile. Ọ bụrụ na ngwaọrụ ahụ nwere Injin Routing abụọ, a na-agbasa iwu ahụ na Injin Routing abụọ na ngwaọrụ ahụ.
Iwu ahụ na-ewepụ data niile files, gụnyere nhazi ahaziri na ndekọ files, site n'iwepụ njikọ ahụ files site na akwụkwọ ndekọ aha ha. Iwu a na-ewepụ ihe niile ejiri rụọ ọrụ files sitere na sistemụ gụnyere okwuntughe ederede niile, ihe nzuzo na igodo nzuzo maka SSH, izo ya ezo mpaghara, nyocha mpaghara, IPsec, RADIUS, TACACS+ na SNMP.
Iwu a na-amalitegharị ngwaọrụ ma debe ya na nhazi ụlọ nrụpụta-ndabara. Mgbe ịmalitegharịrị, ị nweghị ike ịnweta ngwaọrụ site na njikwa Ethernet interface. Banye site na console dị ka onye ọrụ mgbọrọgwụ wee malite Junos OS CLI site na ịpị cli na ozugbo.
Sample mmepụta
ịrịọ vmhost zeroize enweghị mbugharị
user@host> rịọ vmhost zeroize enweghị ebugharị
Zeroization VMHost: Hichapụ data niile, gụnyere nhazi na ndekọ files ?
[ee, mba] (mba) ee
re0:
ịdọ aka ná ntị: Vmhost ga-amalitegharị ma ọ nwere ike ọ gaghị buut na-enweghị
nhazi
ịdọ aka ná ntị: na-aga n'ihu na vmhost
zeroize
Disk ime nke abụọ efu
Na-aga n'ihu na zeroize na nke abụọ
diski
Ịkwado ngwaọrụ na nkwadebe maka
efu…
Na-ehicha diski ebumnuche maka efu
Emere zeroize na ebumnuche
diski.
Zeroize nke abụọ disk
emechara
Zeroize isi diski ime
Na-aga n'ihu na zeroize na mbụ
diski
/etc/ssh/ssh_host_ecdsa_key.pub
/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_dsa_key.pub
/etc/ssh/ssh_host_rsa_key.pub
/etc/ssh/ssh_host_ecdsa_key
/etc/ssh/ssh_host_dsa_key
Ịkwado ngwaọrụ na nkwadebe maka
efu…
Na-ehicha diski ebumnuche maka efu
Emere zeroize na ebumnuche
diski.
Zeroize nke isi diski
emechara
Zeroize
emela
— (ọzọ) — Nkwụsị
cron.
Na-eche PIDS:
6135.
.
Feb 16 14:59:33 jlaunchd: ọrụ-packet-oge (PID 6181) akwụsị akara 15 zitere
Feb 16 14:59:33 jlaunchd: smg-service (PID 6234) akwụsị akara 15 zitere
Feb 16 14:59:33 jlaunchd: njirimara-ngwa (PID 6236) kwụsị akara 15 ezigara
Feb 16 14:59:33 jlaunchd: ifstate-tracing-process (PID 6241) kwụsị akara 15 zitere
Feb 16 14:59:33 jlaunchd: njikwa akụrụngwa (PID 6243) akwụsị akara 15 zitere
Feb 16 14:59:33 jlaunchd: ebubo (PID 6246) nkwụsị mgbama 15 ezigara
Feb 16 14:59:33 jlaunchd: ọrụ ikike (PID 6255) kwusi mgbama 15 ezigara
Feb 16 14:59:33 jlaunchd: ntp (PID 6620) kwusi mgbama 15 ezigara
Feb 16 14:59:33 jlaunchd: gkd-chassis (PID 6621) mgbama kwụsị 15 ezigara
Feb 16 14:59:33 jlaunchd: gkd-lchassis (PID 6622) mgbama kwụsị 15 zitere
Feb 16 14:59:33 jlaunchd: routing (PID 6625) kwusi mgbama 15 ezigara
Feb 16 14:59:33 jlaunchd: sonet-aps (PID 6626) kwusi akara 15 ezigara
Feb 16 14:59:33 jlaunchd: remote-operations (PID 6627) kwụsị akara 15 ezigara
Feb 16 14:59:33 jlaunchd: klaasị-ọrụ
……..
99

Akwụkwọ / akụrụngwa

JUNIPER NETWORKS Junos OS FIPS Ngwaọrụ enyochala [pdf] Ntuziaka onye ọrụ
Ngwa Junos OS FIPS enyochala, Junos OS, Ngwa FIPS enyochala, Ngwa elebara, Ngwa.

Ntụaka

Akwụkwọ ntuziaka onye ọrụ

JUNIPER NETWORKS Junos OS FIPS Ngwaọrụ enyochala

gafereview

Na-ahazi nzere nchịkwa na ihe ùgwù

Na-ahazi ọrụ na ụzọ nyocha

Na-ahazi Njikọ SSH na Console

Na-ahazi MACsec

Ịhazi MACsec na keychain maka Layer 2 Traffic

Na-ahazi ndekọ ihe omume

Na-eme nnwale nke onwe na ngwaọrụ

Iwu arụ ọrụ

Akwụkwọ / akụrụngwa

Ntụaka

Hapụ ikwu

Kagbuo nzaghachi