Cisco SR224T-NA Administration Guide - Page 263
Running Configuration File, configuration in the Running Configuration
View all Cisco SR224T-NA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 263 highlights
Secure Sensitive Data Configuration Files 19 • If there is no passphrase in the SSD control block of the source configuration file, all the encrypted sensitive data in the file must be encrypted by either the key generated from the local passphrase, or the key generated from the default passphrase, but not both. Otherwise, the source file is rejected and the copy fails. • The device configures the passphrase, passphrase control, and file integrity, if any, from the SSD Control Block in the source configuration file to the Startup Configuration file. It configures the Startup Configuration file with the passphrase that is used to generate the key to decrypt the sensitive data in the source configuration file. Any SSD configurations that are not found are reset to the default. • If there is an SSD control block in the source configuration file and the file contains plaintext, sensitive data excluding the SSD configurations in the SSD control block, the file is accepted. Running Configuration File A Running Configuration file contains the configuration currently being used by the device. A user can retrieve the sensitive data encrypted or in plaintext from a running configuration file, subject to the SSD read permission and the current SSD read mode of the management session. The user can change the Running Configuration by copying the Backup or Mirror Configuration files through other management actions via CLI, XML, and so on. A device applies the following rules when a user directly changes the SSD configuration in the Running Configuration: • If the user that opened the management session does not have SSD permissions (meaning read permissions of either Both or Plaintext Only), the device rejects all SSD commands. • When copied from a source file, File SSD indicator, SSD Control Block Integrity, and SSD File Integrity are neither verified nor enforced. • When copied from a source file, the copy will fail if the passphrase in the source file is in plaintext. If the passphrase is encrypted, it is ignored. • When directly configuring the passphrase, (non file copy), in the Running Configuration, the passphrase in the command must be entered in plaintext. Otherwise, the command is rejected. Cisco Small Business 200 Series Smart Switch Administration Guide 264