Configuring SSH on the 5000 Series switch for NSNA

The Secure Shell (SSH) protocol provides secure and encrypted communication between the NSNAS 4050 and the network access devices. For secure communication between the NSNAS 4050 and the network access device, each must have knowledge of the other’s public SSH key.

Configure SSH communication between the Ethernet Routing Switch 5000 Series and the NSNAS 4050, by following this procedure:

Procedure steps

  1. Download the SSH public key from the NSNAS 4050 to the switch:

    ImportantImportant

    Ensure you have generated the NSNAS 4050 key. Use the following command on the NSNAS 4050 to generate the SSH public and private keys for the NSNAS 4050: cfg/domain #/sshkey/generate

    1. On the NSNAS 4050, use the /cfg/domain #/sshkey/export command to upload the key to a TFTP server, for manual retrieval from the switch.

    2. On the 5000 Series switch, load the NSNAS 4050 public key to the switch using the following commands from the Global Configuration mode:

      ssh download-auth-key address <ipaddr> key-name <filename>

      where

      • <ipaddr> is the IP address of the server (entered as A.B.C.D) where you placed the key.

  2. On the 5000 Series switch, enable SSH using the following command from the Global Configuration mode:

    ssh

  3. On the NSNAS 4050, import the 5000 Series switch public key:

    /cfg/domain #/switch #/sshkey/import apply

    For more information about, see Avaya Secure Network Access Switch 4050 User Guide, 320818-A.

    ImportantImportant

    If you subsequently reset the switch to factory defaults, a new public key is generated on the switch. Consequently, this procedure must be repeated each time the switch is set to factory default settings. Note that you must reimport the switch key on the NSNAS 4050 and apply this change.