Disable device encryption

You can disable the cryptography on your EX15 device. This can be used to ship unused devices from overseas without needing export licenses from the country from which the device is being shipped.

When device encryption is disabled, the following occurs:

• The device is reset to the default configuration and rebooted.

• After the reboot:

  • Access to the device via the WebUI and SSH are disabled.
  • All internet connectivity is disabled, including WAN and WWAN. Connectivity to central management software is also disabled.
  • All IP networks and addresses are disabled except for the default 192.168.210.1/24 network on the local LAN Ethernet port. DHCP server is also disabled.

    The device can only be accessed by using telnet from a local machine connecting to the 192.168.210.1/24 network.

Disabling device encryption is not available in the WebUI. It can only be performed from the Admin CLI.

 

  Command line

1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX15 local command line as a user with full Admin access rights.

   Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

2. Disable encryption with the following command:

   > system disable-cryptography
   >

3. Type exit to exit the Admin CLI.

   Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device.

Re-enable cryptography after it has been disabled.

To re-enable cryptography:

1. Configure your PC network to connect to the 192.168.210 subnet. For example, on a Windows PC:
   1. Select the Properties of the relevant network connection on the Windows PC.

      

   2. Click the Internet Protocol Version 4 (TCP/IPv4) parameter.
   3. Click Properties. The Internet Protocol Version 4 (TCP/IPv4) Properties dialog appears.

   4. Configure with the following details:

      • IP address for PC: 192.168.210.2
      • Subnet: 255.255.255.0
      • Gateway: 192.168.210.1

      

2. Connect the PC's Ethernet port to the 1/PoE Ethernet port on your EX15 device.

3. Open a telnet session and connect to the EX15 device at the IP address of 192.168.210.1.

4. Log into the device:

   • Username: admin

   • Password: The default unique password for your device is printed on the device label.

5. At the shell prompt, type:

   # rm /etc/config/.nocrypt
   # flatfsd -i

This will re-enable encryption and leave the device at its factory default setting.