Cisco Rfgw1d Manual

							 
 
 Enabling HTTPS on the RF Gateway 1 
 
78-4025112-01 Rev H0 217 
 
6 Check the Trust this CA to identify web sites box. 
7 Click View to examine your CA certificate. 
Result: The following screen is displayed. 
 
   
						

							 
Chapter 14    Secuirty Features  
 
 
218 78-4025112-01 Rev H0 
SFTP Support 
For SFTP client and server, SSHv2 with DSA key is used as the security protocol. 
SFTP client and server will be operational only after the DSA key is downloaded and 
installed (firewall permitting for SFTP server) and provided the transfer mode is set 
to SFTP (for SFTP client). 
Note: By default, the firewall for FTP and SFTP is enabled and the default file 
transfer method is set to FTP  
GUI Changes for SFTP 
The following GUI changes have been added for SFTP support.  
System Tab Changes 
1 System Configuration page now includes an option to select FTP or SFTP for file 
download/upload.  
2 Firewall Settings now include an option to enable/disable the SFTP port. 
3 SSH Configuration page has been added to provide access to the new security 
features. See screen below. 
 
Generating a DSA Key 
Overview 
The RFGW-1 is shipped from the factory with SFTP disabled. To enable SFTP, you 
will need the following:  
 FTP server to download the required DSA key    
						

							 
 
 SFTP Support 
 
78-4025112-01 Rev H0 219 
 
 Open Source toolkit for SSH to generate the DSA key  
 Software containing SSH/SFTP kernel support such as 2.6.x or 6.1.x.  
Important: It is recommended that you consult your IT and security departments 
before installing on live RFGW-1 systems. The key files you’ll be creating contain a 
private key and must be handled in accordance with your company’s security 
procedures, especially the unprotected key known as dsa_key.pem.  
Creating an Unprotected DSA Key: 
The dsa_key.pem is not password protected. It contains your private DSA key in the 
open for all to see. Generating a DSA key requires an openssh shell (Cygwin is used 
in our example). Follow the instructions below to create a DSA key. 
1 Enter the following command at the shell prompt: 
ssh-keygen -t dsa  (the -t flag is used to specify the key type).  
Result: You will be prompted for the location to save the file. The default 
location is ~/.ssh/id_dsa.  
2 Click Enter to save the file to the default location, or specify a different location.  
Result: You will then be prompted for a passphrase. 
3 Click Enter twice to generate an unprotected file. 
Result: The following 2  files are created:  
- dsa_key.pem - the private key (to be downloaded to the RFGW-1) 
- dsa_key.pem.pub - the public key (may be downloaded to the server 
 
Note: You can specify the filename on the command line by inserting an -f. This 
flag forces the path for storing the key file. See example below. 
ssh-keygen -t dsa -f /path/to/my_dsa  
Installing SFTP 
By default, SFTP is disabled and FTP is used as the default file transfer method.  
Follow the steps below to enable and configure SFTP.  
						

							 
Chapter 14    Secuirty Features  
 
 
220 78-4025112-01 Rev H0 
Step 1: 
-  Download DSA Key to RFGW-1 
- Navigate to the System/SSH Configuration page. Set the FTP Server IP 
Address, User Name, and Password. You can also enter the DSA Key Path 
and DSA Key Name for downloading the DSA key file. The key file must not 
be password protected. 
- Once all the parameters have been set, click Download DSA Key to 
download and validate the files.  
Result: The status window indicates whether the download and validation was 
successful. 
Step 2: Install SFTP in RFGW-1 
- Once the files are validated, click Install Key to install the files. Invalid key 
files are automatically deleted. 
Results:  
 SFTP Server: Once the key is installed (firewall for SFTP port must be set to 
enable), the RFGW-1 responds to both SFTP and FTP requests.  
 SFTP client: Once the key is installed (file transfer mode must be set to SFTP), all 
further download/upload operations (such as release, license download, 
configuration backup, etc.) are done using SFTP.  
 
Step 3: Select SFTP as File Transfer mode 
- The user can switch between FTP and SFTP client for file transfer.   
						

							 
 
 SFTP Support 
 
78-4025112-01 Rev H0 221 
 
Note: When the SFTP is selected as the file transfer mode, before downloading and 
installing the DSA key, a message appears indicating that the configuration will not 
be allowed. 
 
  
Uninstalling SFTP 
To uninstall SFTP, follow the step below. 
Step 1: Uninstall SFTP in RFGW-1 
On the SSH Configuration page, click Uninstall.  
Results:  
The key is deleted 
All existing SFTP connections are closed  
						

							 
Chapter 14    Secuirty Features  
 
 
222 78-4025112-01 Rev H0 
SFTP server and client are disabled 
Note: The File transfer method remains unaltered. If set to SFTP, change to FTP 
manually.   
						

							 
 
 Firewall Settings 
 
78-4025112-01 Rev H0 223 
 
Firewall Settings 
The various ports can be enabled/disabled using the following screen. 
 
 Notes:  
 HTTP port cannot be disabled when HTTPS port is disabled. 
 HTTPS port cannot be disabled when HTTP port is disabled 
 
  
						

							 
 
78-4025112-01 Rev H0 225 
 
The Cisco RF Gateway 1 Chassis supports 96-QAM channel software 
upgradeability with no changes to its existing hardware configuration. 
Users considering this mode of operation continue to receive full 
support of all features and backward compatibility as with the 48-
QAM channel operation. Cha pte r 1 
 
 
15 Chapter 
15 
96 QAM Channel Software 
In This Chapter 
 Licensing .............................................................................................. 226 
 Release Management .......................................................................... 227 
 Configuration Management .............................................................. 229 
 Operational Considerations .............................................................. 230 
 Network Management ....................................................................... 235  
						

							 
Chapter 15    96 QAM Channel Software  
 
 
226 78-4025112-01 Rev H0 
Licensing 
The RF Gateway 1 can be licensed for 96-QAM channel support by applying a 
license that can be procured using the procedures detailed in Chapter 8: Licensing 
(see Licensing on page 155).   
When the user successfully applies a 96-QAM channel license, the license 
information is displayed under the System/License Management menu.  
 
A reboot is necessary after applying the 96-QAM channel license to activate the 
license.  Users can verify the application of a valid license by viewing the 
8_CHANNELS_PER_PORT license entry as displayed above.  Currently, software 
release V03.00.XX and above support the 96-QAM channel license.