Security Policy Configuration - Lenovo RackSwitch G8264 Command Reference Manual

Security Policy Configuration

700
G8264 Command Reference for ENOS 8.4
The switch can be configured to use two different security modes:
 Legacy policy mode
 Secure policy mode
Legacy Policy mode allows the switch to use all communication protocols with no
regards to the security level of the protocol.The switch will be able to use both
protocols that encrypt and do not encrypt their communication across the network.
Secure Policy mode allows the switch to use only secure communication protocols.
Protocols that are regarded as being insecure are disabled and cannot be run on the
switch. The commands associated with such protocols are unavailable.
The following protocols are disabled and are not available on the switch if Secure
Policy mode is enabled:
 HTTP
LDAP Client

 SNMPv1 and SNMPv2
Telnet Client and Telnet Server

 Telnet IPv6 Client and Telnet IPv6 Server
FTP Client and FTP Server

 Radius Client
TACACS+ Client

 Syslog Server
The following protocols are enabled and available on the switch if Secure Policy
mode is enabled:
 DHCP Client
 DHCPv6 Client
 Syslog
The following protocols are disabled, but are available on the switch even if Secure
Policy mode is enabled:
TFTP Server and TFTP Client (only for signed software images)

The following protocols are regarded as secure. They are enabled on the switch in
both security modes and can be disabled:
 SCP Server
 SNMPv3 Client
 SFTP Client
 SSHv2 Client and SSHv2 Server
 HTTPS Server