1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Switch
  5. SD208T-NA
  6. Administration manual

Cisco SD208T-NA Administration Manual page 262

Administration guide
Hide thumbs
Table of Contents

Advertisement

Secure Sensitive Data
Configuration Files
Cisco Small Business 200 Series Smart Switch Administration Guide
SSD Control Block
When a device creates a text-based configuration file from its Startup or Running
Configuration file, it inserts an SSD control block into the file if a user requests the
file is to include sensitive data. The SSD control block, which is protected from
tampering, contains SSD rules and SSD properties of the device creating the file.
A SSD control block starts and ends with "ssd-control-start" and "ssd-control-end"
respectively.
Startup Configuration File
The device currently supports copying from the Running, Backup, Mirror, and
Remote Configuration files to a Startup Configuration file. The configurations in the
Startup Configuration are effective and become the Running Configuration after
reboot. A user can retrieve the sensitive data encrypted or in plaintext from a
startup configuration file, subject to the SSD read permission and the current SSD
read mode of the management session.
Read access of sensitive data in the startup configuration in any forms is excluded
if the passphrase in the Startup Configuration file and the local passphrase are
different.
SSD adds the following rules when copying the Backup, Mirror, and Remote
Configuration files to the Startup Configuration file:
After a device is reset to factory default, all of its configurations, including
the SSD rules and properties are reset to default.
If a source configuration file contains encrypted sensitive data, but is
missing an SSD control block, the device rejects the source file and the
copy fails.
If there is no SSD control block in the source configuration file, the SSD
configuration in the Startup Configuration file is reset to default.
If there is a passphrase in the SSD control block of the source configuration
file, the device will reject the source file, and the copy fails if there is
encrypted sensitive data in the file not encrypted by the key generated
from the passphrase in the SSD control block.
If there is an SSD control block in the source configuration file and the file
fails the SSD integrity check, and/or file integrity check, the device rejects
the source file and fails the copy.
19
263
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Cisco SD208T-NA

Related Products for Cisco SD208T-NA

This manual is also suitable for:

Sr224tSr224t-naSrw208mpSrw224Srw248g4pSmall business 200 series

Table of Contents