EasyManuals Logo

Cisco 500 Series Administration Guide

Cisco 500 Series
653 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #572 background imageLoading...
Page #572 background image
Security: Secure Sensitive Data Management
SSD Properties
Cisco 500 Series Stackable Managed Switch Administration Guide 570
26
• Unrestricted (default)—The device includes its passphrase when creating a
configuration file. This enables any device accepting the configuration file
to learn the passphrase from the file.
• Restricted—The device restricts its passphrase from being exported into a
configuration file. Restricted mode protects the encrypted sensitive data in
a configuration file from devices that do not have the passphrase. This
mode should be used when a user does not want to expose the passphrase
in a configuration file.
After a device is reset to the factory default, its local passphrase is reset to the
default passphrase. As a result, the device will be not able to decrypt any
sensitive data encrypted based on a user-defined passphrase entered from a
management session (GUI/CLI), or in any configuration file with restricted mode,
including the files created by the device itself before it is reset to factory default.
This remains until the device is manually reconfigured with the user-defined
passphrase, or learns the user-defined passphrase from a configuration file.
Configuration File Integrity Control
A user can protect a configuration file from being tampered or modified by
creating the configuration file with Configuration File Integrity Control. It is
recommended that Configuration File Integrity Control be enabled when a device
uses a user-defined passphrase with Unrestricted Configuration File Passprhase
Control.
!
CAUTION Any modification made to a configuration file that is integrity protected is
considered tampering.
A device determines whether the integrity of a configuration file is protected by
examining the File Integrity Control command in the file's SSD Control block. If a
file is integrity protected but a device finds the integrity of the file is not intact, the
device rejects the file. Otherwise, the file is accepted for further processing.
A device checks for the integrity of a text-based configuration file when the file is
downloaded or copied to the Startup Configuration file.

Table of Contents

Other manuals for Cisco 500 Series

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 500 Series and is the answer not in the manual?

Cisco 500 Series Specifications

General IconGeneral
ModelCisco 500 Series
CategorySwitch
MountingRack-mountable
ManagementWeb-based, CLI, SNMP
Ports24, 48
Port Speed10/100/1000 Mbps
PoE SupportAvailable on some models
Switching CapacityUp to 176 Gbps
MAC Address Table Size16, 000 entries
SecurityACLs, 802.1X
Quality of Service (QoS)Yes
DimensionsVaries by model
WeightVaries by model
Humidity10% to 90% non-condensing
Power SupplyInternal
Power ConsumptionVaries by model
Jumbo Frame SupportUp to 9216 bytes

Related product manuals