Cisco Rfgw1d Manual

 
 
 Authentication 
 
78-4025112-01 Rev H0 207 
 
 Single user access is supported and a successful login attempt from a different 
network web client IP address results in terminating the previous session, 
allowing one RF Gateway user at a time. The following message provides a 
warning before this action is taken. 
 
 
Remote Authentication 
Muliple-user authentication is provided using the RADIUS protocol for network 
authentication. A RADIUS server needs to be accessible on the RF Gateway 1...

 
Chapter 14    Secuirty Features  
 
 
208 78-4025112-01 Rev H0 
Result: The following window is displayed. 
 
7 Click OK. 
8 Click Login on the main menu bar. 
The following screen is displayed. 
 
9 Enter User Name and Password provisioned on the RADIUS server.  
Remote User Management 
 When logged in as rfgw1 or any RADIUS user (in Remote mode), the user can 
access all configurable RF Gateway 1 web pages.  
 In the Radius users configuration file in RADIUS server, set the cisco-avpair as...

 
 
 Authentication 
 
78-4025112-01 Rev H0 209 
 
then local authentication will be tried with the same user credential details 
entered.  
 Single read-write user access is supported and a successful login attempt from a 
different network web client IP address results in terminating the previous 
session, allowing one user at a time to be logged in and make changes. The 
following message box provides a warning before action is taken. 
 
 
Password Recovery 
A password reset and recovery feature is...

 
Chapter 14    Secuirty Features  
 
 
210 78-4025112-01 Rev H0 
Enabling HTTPS on the RF Gateway 1 
Steps for Enabling HTTPS 
The following steps for enabling HTTPS are explained in detail in the following 
sections. 
 Create a CA  
 Create a unique key and CSR for each RF Gateway 1 unit required to support 
HTTPS 
 Sign each CSR with the CA 
 Download each key and certificate from the FTP server to each RF Gateway 1 
unit  
 Import the CA certificate into each browser that you plan to use with...

 
 
 Enabling HTTPS on the RF Gateway 1 
 
78-4025112-01 Rev H0 211 
 
Organizational Unit Name (eg, section) []:Log Cabin 
Common Name (eg, YOUR name) []:Abraham 
Email Address []:[email protected] 
OpenSSL>  
Creating a Server Key 
Create a server.key and an unprotected server key name server.pem.  
Server.pem, which youll create below, is not password protected. Guard it well 
because it contains your private RSA key in the clear for all to see. 
OpenSSL> genrsa -des3 -out server.key 4096 
Loading screen...

 
Chapter 14    Secuirty Features  
 
 
212 78-4025112-01 Rev H0 
Loading screen into random state - done 
You are about to be asked to enter information that will be incorporated 
into your certificate request. 
What you are about to enter is what is called a Distinguished Name or a DN. 
There are quite a few fields but you can leave some blank 
For some fields there will be a default value, 
If you enter ., the field will be left blank. 
----- 
Country Name (2 letter code) [AU]:US 
State or Province...

 
 
 Enabling HTTPS on the RF Gateway 1 
 
78-4025112-01 Rev H0 213 
 
rnity/CN=10.90.149.80/[email protected] 
Getting CA Private Key 
Enter pass phrase for ca.key: 
OpenSSL> 
  
Downloading Key and Certificate Files to the RF Gateway 1 
The SSL Configuration menu is used to set the FTP server IP address, user name, 
and password. It is also used to set the path to the key and certificate file and the key 
and certificate filename. The Server Key(server.pem) must not be password 
protected....

 
Chapter 14    Secuirty Features  
 
 
214 78-4025112-01 Rev H0 
Result: The following details can be noted. 
 
 
 
4 In the SSL Certificate File Information box, enter SSL Certificate File Path and the 
SSL Certificate File Name. 
Note: It is recommended that the file be named public.crt. 
5 Click Download SSL Certificate. 
Result: The status window indicates whether the files are valid or invalid. 
 
 
 
6 Once the files are validated, click Install Certificate to restart the server.  

 
 
 Enabling HTTPS on the RF Gateway 1 
 
78-4025112-01 Rev H0 215 
 
Result: After a few seconds, firewall permitting, the server responds to both 
HTTP and HTTPS requests.  
Note: Invalid files are automatically deleted. 
 
 
 
7 Click UnInstall/Delete Certificate to disable HTTPS.  
Result: The key and certificate files are deleted and the web server restarts.  
Importing the CA Certificate 
Follow the instructions below to import the CA certificate into Firefox. 
1 Launch Firefox. 
Result: The...

 
Chapter 14    Secuirty Features  
 
 
216 78-4025112-01 Rev H0 
2 Click Tools - Options - Advanced - Encryption - View Certificates - Authorities. 
Result: The following screen is displayed. 
 
3 Click Import. 
Result: The following screen is displayed. 
 
4 Search for and select your ca.crt file. 
5 Click Open. 
Result: The following screen is displayed.