EasyManua.ls Logo

Cisco 500 Series - Ssd Control Block; Startup Configuration File

Cisco 500 Series
653 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Security: Secure Sensitive Data Management
Configuration Files
Cisco 500 Series Stackable Managed Switch Administration Guide 572
26
The SSD indicator in a file is set according to the user’s instruction, during copy, to
include encrypted, plaintext or exclude sensitive data from a file.
SSD Control Block
When a device creates a text-based configuration file from its Startup or Running
Configuration file, it inserts an SSD control block into the file if a user requests the
file is to include sensitive data. The SSD control block, which is protected from
tampering, contains SSD rules and SSD properties of the device creating the file.
A SSD control block starts and ends with "ssd-control-start" and "ssd-control-end"
respectively.
Startup Configuration File
The device currently supports copying from the Running, Backup, Mirror, and
Remote Configuration files to a Startup Configuration file. The configurations in the
Startup Configuration are effective and become the Running Configuration after
reboot. A user can retrieve the sensitive data encrypted or in plaintext from a
startup configuration file, subject to the SSD read permission and the current SSD
read mode of the management session.
Read access of sensitive data in the startup configuration in any forms is excluded
if the passphrase in the Startup Configuration file and the local passphrase are
different.
SSD adds the following rules when copying the Backup, Mirror, and Remote
Configuration files to the Startup Configuration file:
After a device is reset to factory default, all of its configurations, including
the SSD rules and properties are reset to default.
If a source configuration file contains encrypted sensitive data, but is
missing an SSD control block, the device rejects the source file and the
copy fails.
If there is no SSD control block in the source configuration file, the SSD
configuration in the Startup Configuration file is reset to default.
If there is a passphrase in the SSD control block of the source configuration
file, the device will reject the source file, and the copy fails if there is
encrypted sensitive data in the file not encrypted by the key generated
from the passphrase in the SSD control block.

Table of Contents

Other manuals for Cisco 500 Series

Preview: Quick Start Guide
Quick Start Guide72 pages
Preview: User Guide
User Guide6 pages
Preview: Troubleshooting And Maintenance
Troubleshooting And Maintenance14 pages
Preview: Safety Information
Safety Information42 pages
Preview: Datasheet
Datasheet5 pages
Preview: Quick Reference Guide
Quick Reference Guide7 pages
Preview: Quick Start Quide
Quick Start Quide12 pages

Related product manuals