BigIron RX Series Configuration Guide xxvii53-1001986-01Chapter 30 Configuring Secure ShellOverview of Secure Shell (SSH) . . . . . . . . . . . . . . . . . . . . . . . . . . . .905SSH version 2 support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .905Supported features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .906Configuring SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .906Generating a host key pair . . . . . . . . . . . . . . . . . . . . . . . . . . . .907Configuring DSA challenge-response authentication . . . . . . .908Disabling 3-DES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .913Displaying SSH connection information . . . . . . . . . . . . . . . . . . . . .913Using secure copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .914Chapter 31 Configuring Multi-Device Port AuthenticationHow multi-device port authentication works. . . . . . . . . . . . . . . . . . 917RADIUS authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 917Authentication-failure actions . . . . . . . . . . . . . . . . . . . . . . . . . .918Supported RADIUS attributes . . . . . . . . . . . . . . . . . . . . . . . . . .918Dynamic VLAN and ACL assignments. . . . . . . . . . . . . . . . . . . .918Support for authenticating multiple MAC addresseson an interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .919Support for multi-device port authentication and 802.1xon the same interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .919Configuring multi-device port authentication . . . . . . . . . . . . . . . . .919Enabling multi-device port authentication . . . . . . . . . . . . . . . .919Configuring an authentication method list for 802.1x . . . . . .920Setting RADIUS parameters . . . . . . . . . . . . . . . . . . . . . . . . . . .920Specifying the format of the MAC addresses sent to theRADIUS server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .921Specifying the authentication-failure action . . . . . . . . . . . . . .921Defining MAC address filters. . . . . . . . . . . . . . . . . . . . . . . . . . .922Configuring dynamic VLAN assignment . . . . . . . . . . . . . . . . . .922Specifying to which VLAN a port is moved after itsRADIUS-specified VLAN assignment expires . . . . . . . . . . . . . .923Saving dynamic VLAN assignments to the runningconfiguration file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .924Clearing authenticated MAC addresses . . . . . . . . . . . . . . . . . .924Disabling aging for authenticated MAC addresses . . . . . . . . .925Specifying the aging time for blocked MAC addresses . . . . . .925Displaying multi-device port authentication information . . . . . . . .926Displaying authenticated MAC address information . . . . . . . .926Displaying multi-device port authentication configurationinformation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .927Displaying multi-device port authentication information fora specific MAC address or port . . . . . . . . . . . . . . . . . . . . . . . . .929Displaying the authenticated MAC addresses . . . . . . . . . . . . .930Displaying the non-authenticated MAC addresses . . . . . . . . .930