Configuring Strict Mode; Limitations - Lenovo Flex System Fabric CN4093 Application Manual

Configuring Strict Mode

Limitations

56
CN4093 Application Guide for N/OS 8.4
To change the switch mode to boot strict mode, use the following command:
CN 4093(config)# [no] boot strict enable
When strict mode is enabled, you will see the following message:
Warning, security strict mode limits the cryptographic algorithms used by
secure protocols on this switch. Please see the documentation for full
details, and verify that peer devices support acceptable algorithms
before enabling this mode. The mode change will take effect after
reloading the switch and the configuration will be wiped during the
reload. System will enter security strict mode with default factory
configuration at next boot up.
Do you want SNMPV3 support old default users in strict mode (y/n)?
For SNMPv3 default users, see "SNMP Version 3" on page
When strict mode is disabled, the following message is displayed:
Warning, disabling security strict mode. The mode change will take effect
after reloading the switch.
You must reboot the switch for the boot strict mode enable/disable to take effect.
In Enterprise NOS 8.4, consider the following limitation/restrictions if you need to
operate the switch in boot strict mode:
 Power ITEs and High‐Availability features do not comply with NIST SP
800‐131A specification.
 The CN4093 will not discover Platform agents/Common agents that are not in
strict mode.
Web browsers that do not use TLS 1.2 cannot be used.

 Limited functions of the switch managing Windows will be available.
557.