Setting An Siom Security Policy; Enabling And Disabling The Siom; Using Protocols With Siom; Insecure Protocols - Lenovo RackSwitch G8264 Application Manual

Setting an SIOM Security Policy

Enabling and Disabling the SIOM

Using Protocols With SIOM

Insecure Protocols

© Copyright Lenovo 2016
The SIOM feature introduces the following levels of security policy:
 Legacy Mode
Legacy Mode maintains the existing security behavior of the IOM or switch. All
communication protocols currently supported by the IOM software continue to
be allowed and supported in this mode. All behaviors of the IOM remain the
same; the only difference is you can set the mode which will take effect after the
next reboot of the switch.
Secure Mode

In Security Mode or SIOM, only secure communication protocols are allowed to
be enabled. Communication protocols that are deemed to be not secure are
disabled and not allowed to run on the switch.
Note: Once a switch has entered Secure Mode, it cannot return to Legacy Mode
without a reboot.
To enable Secure Mode on the G8264, enter:
RS G8264(config)# boot security­policy secure­mode
Note: The switch will remain in Legacy Mode until you reboot.
To disable Secure Mode on the G8264, enter:
RS G8264(config)# boot security­policy legacy­mode
Note: The switch will remain in Secure Mode until you reboot.
To display the running security policy, enter:
RS G8264(config)# show boot security­policy
Note: In stacking mode, the Master and the Backup switches control the security
policy.
Some protocols can be used with SIOM. This section explains which protocols can
and cannot operate with SIOM on the RackSwitch G8264.
When you are in Secure Mode, the following protocols are deemed "insecure" and
are disabled:
 HTTP
LDAP Client

 SNMPv1
Chapter 8: Secure Input/Output Module
143