IPsec Configuration
26-4 Configuring Security Features
how to enable security audit logging. Refer to Chapter 14, Configuring Syslog for more
information about system logging in general.
Table 26-3 lists the logging commands that require different user access permissions when the
security mode is set to C2.
Security Mode and File Management
The “secure.log” file is stored in the secure/logs directory. This directory is only visible to and
accessible by super user accounts. Super-users can create, edit, and delete files in the secure
directory, and can copy files to and from the secure directory.
The secure.log file stored in the secure/logs directory cannot be deleted, edited, or renamed.
Super-users can copy the secure.log file using SCP, SFTP, or TFTP.
Table 26-4 on page 26-4 describes the security mode implications for the show config, and
configure commands.
IPsec Configuration
About IPsec
The Security Architecture for IP (IPsec), defined in RFC 4301, describes how to provide a set of
security services for traffic at the IP layer in both IPv4 and IPv6 environments. As described in the
RFC, most of the security services are provided through use of two traffic security protocols, the
Authentication Header (AH) and the Encapsulating Security Payload (ESP), and through the use
of cryptographic key management procedures and protocols.
The current IPsec implementation on the Fixed Switches provides the following functionality:
Table 26-3 Logging Commands Affected by Security Mode Settings
Commands
Access When Security Mode Setting Is:
Normal C2
set/clear logging server Read-Write Super User
set/clear logging default Read-Write Super User
set/clear logging application Read-Write Super User
set/clear logging local Read-Write Super User
show logging buffer Read-Only Super User
Table 26-4 File Management Commands Affected by Security Mode Settings
Commands
Command Behavior When Security Mode Setting Is:
Normal C2
show config Output of command obfuscates user
passwords for all access modes.
For Read-Only and Read-Write users,
user passwords are redacted entirely.
The line containing the password is
also commented out in the output.
For Super Users, user passwords are
obfuscated.
configure Command is available for Read-Write
user access.
Command is available only for Super
User access
To Next Page
Loading...
Need help?
General