Security Policy Configuration
700
G8264 Command Reference for ENOS 8.4
The switch can be configured to use two different security modes:
Legacy policy mode
Secure policy mode
Legacy Policy mode allows the switch to use all communication protocols with no
regards to the security level of the protocol.The switch will be able to use both
protocols that encrypt and do not encrypt their communication across the network.
Secure Policy mode allows the switch to use only secure communication protocols.
Protocols that are regarded as being insecure are disabled and cannot be run on the
switch. The commands associated with such protocols are unavailable.
The following protocols are disabled and are not available on the switch if Secure
Policy mode is enabled:
HTTP
LDAP Client
SNMPv1 and SNMPv2
Telnet Client and Telnet Server
Telnet IPv6 Client and Telnet IPv6 Server
FTP Client and FTP Server
Radius Client
TACACS+ Client
Syslog Server
The following protocols are enabled and available on the switch if Secure Policy
mode is enabled:
DHCP Client
DHCPv6 Client
Syslog
The following protocols are disabled, but are available on the switch even if Secure
Policy mode is enabled:
TFTP Server and TFTP Client (only for signed software images)
The following protocols are regarded as secure. They are enabled on the switch in
both security modes and can be disabled:
SCP Server
SNMPv3 Client
SFTP Client
SSHv2 Client and SSHv2 Server
HTTPS Server