Configuring Strict Mode
Configuring No-Prompt Mode
SSL/TLS Version Limitation
Limitations
© Copyright Lenovo 2017
To change the switch mode to boot strict mode, use the following command:
RS 8264CS(config)# [no] boot strict enable
When strict mode is enabled, you will see the following message:
Warning, security strict mode limits the cryptographic algorithms used by
secure protocols on this switch. Please see the documentation for full
details, and verify that peer devices support acceptable algorithms
before enabling this mode. The mode change will take effect after
reloading the switch and the configuration will be wiped during the
reload. System will enter security strict mode with default factory
configuration at next boot up.
Do you want SNMPV3 support old default users in strict mode (y/n)?
For SNMPv3 default users, see "SNMP Version 3" on page
When strict mode is disabled, the following message is displayed:
Warning, disabling security strict mode. The mode change will take effect
after reloading the switch.
You must reboot the switch for the boot strict mode enable/disable to take effect.
If you expect to administer the switch using SNSC or another browser‐based
interface, you need to turn off confirmation prompts. To accomplish this, use the
command:
RS 8264CS(config)# [no] terminal dont-ask
In no‐prompt mode, confirmation prompts are disabled for this and future
sessions.
Each of the following successive encryption protocol versions provide more
security and less compatibility: SSLv3, TLS1.0, TLS1.1, TLS1.2. When negotiating
the encryption protocol during the SSL handshake, the switch will accept, by
default, the latest (and most secure) protocol version supported by the client
equipment. To enforce a minimal level of security acceptable for the connections,
use the following command:
RS 8264CS(config)# ssl minimum-version {ssl|tls10|tls11|tls12}
In Enterprise NOS 8.4, consider the following limitation/restrictions if you need to
operate the switch in boot strict mode:
550.
Chapter 1: Switch Administration
57