Home > Cisco > Switch > Cisco Sg3008 Manual

Cisco Sg3008 Manual

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Sg3008 Manual. The Cisco manuals for Switch are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 471

    Page 471 Security: IPV6 First Hop Security Configuring First Hop Security through Web GUI Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 433 20 Policy Attachment (Port) To attach a policy to one or more ports or LAGs: STEP 1Click Security > First Hop Security > Policy Attachment (Port). The list of policies that are already attached are displayed along with their Interface number, Policy Type, Policy Name and VLAN List. STEP 2To attach a policy to a port... 
    Security: IPV6 First Hop Security
Configuring First Hop Security through Web GUI
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)  433
20
 
Policy Attachment (Port)
To attach a policy to one or more ports or LAGs: 
STEP 1Click Security > First Hop Security > Policy Attachment (Port).
The list of policies that are already attached are displayed along with their 
Interface number, Policy Type, Policy Name and VLAN List.
STEP  2To attach a policy to a port...

    Page 472

    Page 472 Security: IPV6 First Hop Security Configuring First Hop Security through Web GUI 434 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 20 FHS Status To display the global configuration for the FHS features: STEP 1Click Security > First Hop Security > FHS Status. STEP 2Select a port, LAG or VLAN for which the FHS state is reported. STEP 3The following fields are displayed for the selected interface: •FHS Status -FHS State on Current VL AN:—Is FHS... 
    Security: IPV6 First Hop Security
Configuring First Hop Security through Web GUI
434 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 
20
FHS Status
To display the global configuration for the FHS features: 
STEP 1Click Security > First Hop Security > FHS Status.
STEP  2Select a port, LAG or VLAN for which the FHS state is reported.
STEP  3The following fields are displayed for the selected interface:
•FHS Status
-FHS State on Current VL AN:—Is FHS...

    Page 473

    Page 473 Security: IPV6 First Hop Security Configuring First Hop Security through Web GUI Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 435 20 -Device Role:—ND Inspection device role. -Drop Unsecure:—Are unsecure messages dropped. -Minimal Securit y Level:—If unsecure messages are not dropped, what is the minimum security level for packets to be forwarded. -Validate Source MAC:—Is source MAC address verification enabled. •DHCP Guard Status -DHCPv6 Guard... 
    Security: IPV6 First Hop Security
Configuring First Hop Security through Web GUI
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)  435
20
 
-Device Role:—ND Inspection device role.
-Drop Unsecure:—Are unsecure messages dropped.
-Minimal Securit y Level:—If unsecure messages are not dropped, what 
is the minimum security level for packets to be forwarded.
-Validate Source MAC:—Is source MAC address verification enabled.
•DHCP Guard Status
-DHCPv6 Guard...

    Page 474

    Page 474 Security: IPV6 First Hop Security Configuring First Hop Security through Web GUI 436 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 20 FHS Statistics To display FHS statistics: STEP 1Click Security > First Hop Security > FHS Statistics: STEP 2The following fields are displayed: •NDP (Neighbor Discovery Protocol) Messages—The number of received and bridged messages are displayed for the following types of messages: -RA—Router Advertisement messages... 
    Security: IPV6 First Hop Security
Configuring First Hop Security through Web GUI
436 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 
20
FHS Statistics
To display FHS statistics: 
STEP 1Click Security > First Hop Security > FHS Statistics:
STEP  2The following fields are displayed:
•NDP (Neighbor Discovery Protocol) Messages—The number of received 
and bridged messages are displayed for the following types of messages:
-RA—Router Advertisement messages...

    Page 475

    Page 475 Security: IPV6 First Hop Security Configuring First Hop Security through Web GUI Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 437 20 
    Security: IPV6 First Hop Security
Configuring First Hop Security through Web GUI
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)  437
20

    Page 476

    Page 476 21 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 438 Security: Secure Sensitive Data Management Secure Sensitive Data (SSD) is an architecture that facilitates the protection of sensitive data on a device, such as passwords and keys. The facility makes use of passphrases, encryption, access control, and user authentication to provide a secure solution to managing sensitive data. The facility is extended to protect the integrity of configuration... 
    21
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)  438
 
Security: Secure Sensitive Data Management
Secure Sensitive Data (SSD) is an architecture that facilitates the protection of 
sensitive data on a device, such as passwords and keys. The facility makes use of 
passphrases, encryption, access control, and user authentication to provide a 
secure solution to managing sensitive data.
The facility is extended to protect the integrity of configuration...

    Page 477

    Page 477 Security: Secure Sensitive Data Management SSD Rules Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 439 21 SSD grants read permission to sensitive data only to authenticated and authorized users, and according to SSD rules. A device authenticates and authorizes management access to users through the user authentication process. Whether or not SSD is used, it is recommended that the administrator secure the authentication process by using the... 
    Security: Secure Sensitive Data Management
SSD Rules
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)  439
21
 
SSD grants read permission to sensitive data only to authenticated and authorized users, and 
according to SSD rules. A device authenticates and authorizes management access to users 
through the user authentication process.
 
Whether or not SSD is used, it is recommended that the administrator secure the 
authentication process by using the...

    Page 478

    Page 478 Security: Secure Sensitive Data Management SSD Rules 440 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 21 NOTEA device may not support all the channels defined by SSD. Elements of an SSD Rule An SSD rule includes the following elements: •User type—The user types supported in order of most preference to least preference are as follows: (If a user matches multiple SSD rules, the rule with the most preference User Type will be applied). -Specific—The... 
    Security: Secure Sensitive Data Management
SSD Rules
440 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 
21
NOTEA device may not support all the channels defined by SSD.
Elements of an SSD Rule
An SSD rule includes the following elements: 
•User type—The user types supported in order of most preference to least 
preference are as follows: (If a user matches multiple SSD rules, the rule 
with the most preference User Type will be applied).
-Specific—The...

    Page 479

    Page 479 Security: Secure Sensitive Data Management SSD Rules Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 441 21 -(Higher) Plaintext Only—Users are permitted to access sensitive data in plaintext only. Users will also have read and write permission to SSD parameters as well. -(Highest) Both—Users have both encrypted and plaintext permissions and are permitted to access sensitive data as encrypted and in plaintext. Users will also have read and write... 
    Security: Secure Sensitive Data Management
SSD Rules
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)  441
21
 
-(Higher) Plaintext Only—Users are permitted to access sensitive data in 
plaintext only. Users will also have read and write permission to SSD 
parameters as well.
-(Highest) Both—Users have both encrypted and plaintext permissions 
and are permitted to access sensitive data as encrypted and in 
plaintext. Users will also have read and write...

    Page 480

    Page 480 Security: Secure Sensitive Data Management SSD Rules 442 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 21 NOTENote the following: •The default Read mode for the Secure XML SNMP and Insecure XML SNMP management channels must be identical to their read permission. •Read permission Exclude is allowed only for Secure XML SNMP and Insecure XML SNMP management channels; Exclude is not allowed for regular secure and insecure channels. •Exclude sensitive... 
    Security: Secure Sensitive Data Management
SSD Rules
442 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 
21
NOTENote the following: 
•The default Read mode for the Secure XML SNMP and Insecure XML SNMP 
management channels must be identical to their read permission.
•Read permission Exclude is allowed only for Secure XML SNMP and 
Insecure XML SNMP management channels; Exclude is not allowed for 
regular secure and insecure channels.
•Exclude sensitive...
    Start reading Cisco Sg3008 Manual

    Related Manuals for Cisco Sg3008 Manual

    All Cisco manuals