Ssd File Passphrase Control - Cisco 300 Series Cli Manual

SSD Commands
OL-32830-01 Command Line Interface Reference Guide
User Read Permission:
Current Session Read mode: Plaintext
47.7

ssd file passphrase control

To provide an additional level of protection when copying configuration files to the
startup configuration file, use ssd file passphrase control in SSD Configuration
mode. The passphrase in a configuration file is always encrypted with the default
passphrase key
Syntax
ssd file passphrase control {
no ssd file passphrase control
Parameters
•
Restricted—In this mode, a device restricts its passphrase from being
exported into a configuration file. Restricted mode protects the encrypted
sensitive data in a configuration file from devices that do not have the
passphrase. The mode should be used when a user does not want to
expose the passphrase in a configuration file.
•
Unrestricted—In this mode, a device will include its passphrase when
creating a configuration file. This allows any devices accepting the
configuration file to learn the passphrase from the file.
Default
The default is unrestricted.
Command Mode
SSD Configuration mode.
User Guidelines
To revert to the default state, use the no ssd file passphrase control command.
Note that after a device is reset to the factory default, its local passphrase is set to
the default passphrase. As a result, the device will not be able to decrypted
sensitive data encrypted with a user-defined passphrase key in its own
configuration files until the device is manually configured with the
user-passphrase again or the files are created in unrestricted mode.
Both
restricted unrestricted
| }
47
934