Setting an SIOM Security Policy
Enabling and Disabling the SIOM
Using Protocols With SIOM
Insecure Protocols
© Copyright Lenovo 2016
The SIOM feature introduces the following levels of security policy:
Legacy Mode
Legacy Mode maintains the existing security behavior of the IOM or switch. All
communication protocols currently supported by the IOM software continue to
be allowed and supported in this mode. All behaviors of the IOM remain the
same; the only difference is you can set the mode which will take effect after the
next reboot of the switch.
Secure Mode
In Security Mode or SIOM, only secure communication protocols are allowed to
be enabled. Communication protocols that are deemed to be not secure are
disabled and not allowed to run on the switch.
Note: Once a switch has entered Secure Mode, it cannot return to Legacy Mode
without a reboot.
To enable Secure Mode on the G8264, enter:
RS G8264(config)# boot securitypolicy securemode
Note: The switch will remain in Legacy Mode until you reboot.
To disable Secure Mode on the G8264, enter:
RS G8264(config)# boot securitypolicy legacymode
Note: The switch will remain in Secure Mode until you reboot.
To display the running security policy, enter:
RS G8264(config)# show boot securitypolicy
Note: In stacking mode, the Master and the Backup switches control the security
policy.
Some protocols can be used with SIOM. This section explains which protocols can
and cannot operate with SIOM on the RackSwitch G8264.
When you are in Secure Mode, the following protocols are deemed "insecure" and
are disabled:
HTTP
LDAP Client
SNMPv1
Chapter 8: Secure Input/Output Module
143