Setting An Siom Security Policy; Enabling And Disabling The Siom; Using Protocols With Siom; Insecure Protocols - Lenovo RackSwitch G8264CS Application Manual

Setting an SIOM Security Policy

Enabling and Disabling the SIOM

Using Protocols With SIOM

Insecure Protocols

© Copyright Lenovo 2017
The SIOM feature introduces the following levels of security policy:
 Legacy Mode
Legacy Mode maintains the existing security behavior of the IOM or switch. All
communication protocols currently supported by the IOM software continue to
be allowed and supported in this mode. All behaviors of the IOM remain the
same; the only difference is you can set the mode which will take effect after the
next reboot of the switch.
Secure Mode

In Security Mode or SIOM, only secure communication protocols are allowed to
be enabled. Communication protocols that are deemed to be not secure are
disabled and not allowed to run on the switch.
Note: Once a switch has entered Secure Mode, it cannot return to Legacy Mode
without a reboot.
To enable Secure Mode on the G8264CS, enter:
RS 8264CS(config)# boot security-policy secure-mode
Note: The switch will remain in Legacy Mode until you reboot.
To disable Secure Mode on the G8264CS, enter:
RS 8264CS(config)# boot security-policy legacy-mode
Note: The switch will remain in Secure Mode until you reboot.
To display the running security policy, enter:
RS 8264CS(config)# show boot security-policy
Some protocols can be used with SIOM. This section explains which protocols can
and cannot operate with SIOM on the RackSwitch G8264CS.
When you are in Secure Mode, the following protocols are deemed "insecure" and
are disabled:
 HTTP
 LDAP Client
 SNMPv1
 SNMPv2
 Telnet (server and client)
Chapter 37: Secure Input/Output Module
571