BugZero | Dell BugID 201898 - Connectrix Brocade: "starttls" parameter is missin...

Dell - Defect ID: 201898

Connectrix Brocade: "starttls" parameter is missing in the "aaaconfig" command on the switches

Dell - Defect ID: 201898

Connectrix Brocade: "starttls" parameter is missing in the "aaaconfig" command on the switches

Last updated on 9/15/2022

Overall: 0N/A

Severity: 0N/A

Community: 0N/A

Lifecycle: 0N/A

What is the BugZero Risk Score?

Vendor details

Support Case Count: 1
Article View Count: 148
Impact Category:

Overall: 0N/A

Severity: 0N/A

Community: 0N/A

Lifecycle: 0N/A

What is the BugZero Risk Score?

Vendor details

Support Case Count: 1
Article View Count: 148
Impact Category:

Symptoms

STARTTLS is an alternative approach that is now the preferred method of encrypting an LDAP connection. STARTTLS "upgrades" a nonencrypted connection by wrapping it with SSL/TLS after or during the connection process. It works by establishing a normal - that is unsecured - connection with the LDAP server before a handshake negotiation between the server and the web services is carried out. Here, the server sends its certificate to prove that its identity before the secure connection is established. If negotiation for a secure connection is unsuccessful, then a standard LDAP connection may be opened. Whether this occurs depends on the LDAP server and its configuration.

Cause

Since Broadcom does not support Secure LDAP with port #636, a secure connection is tried to be established by enabling the"STARTTLS" parameter while configuring the AAA Services using "LDAP"This option is not available in both the FOS v8.2.3 and FOS v9.0.0x as it was not tested.Screenshot for reference: FOS v9.0.0x: FOS v8.2.3:

Resolution

Since the "starttls" option was not tested in FOS v8.2.3 and v9,0.x you will not get it while configuring the "aaaconfig" command on the switch.The FOSv9.0.x was released prior to FOS v8.2.3a and above, hence the "starttls" option is missing in "aaaconfig" command.The "starttls" option is only available from FOS starting with v8.2.3a and above. This information is updated in the Release Notes of FOS v8.2.3a.In FOS v9.1, the "starttls" option is available while configuring the "aaaconfig."Command to configure it: aaaconfig --add | --change server -conf radius | ldap | tacacs+ [-p port] [-d domain] [-t timeout] [-s secret] [-a chap | pap | peap-mschapv2] [-e -encr_type none | aes256] [-tls_mode starttls | ldaps] Post configuring the same can be checked under the command: switch:admin> aaaconfig --show -conf ldap LDAP CONFIGURATIONS =================== Position : 1 Server : 1.2.3.4 Port : 389 Domain : local Timeout(s) : 3 LDAP TLS Mode : STARTTLS Position : 2 Server : 5.6.7.8 Port : 389 Domain : local Timeout(s) : 3 LDAP TLS Mode : STARTTLS Primary AAA Service: LDAP Secondary AAA Service: Switch database Log Primary Authentication Status: Yes

Support Cases

Original Vendor Announcement

No bugs this month

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Dell - Defect ID: 201898

Connectrix Brocade: "starttls" parameter is missing in the "aaaconfig" command on the switches

Dell - Defect ID: 201898

Connectrix Brocade: "starttls" parameter is missing in the "aaaconfig" command on the switches

Last updated on 9/15/2022

Vendor details

Vendor details

Description

Symptoms

Cause

Resolution

Support Cases

Links

Top Dell defects by risk score

Ready to prevent the next vendor outage?