KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

501

502

503

504

505

506

507

508

509

510

SSH changes

There are fewer options available for the ip ssh cipher command in enhanced secure mode.

The following options are unavailable:

• 3des-cbc

• rijndael-dbd@lysator.liu.se

The only option available for the ip ssh mac <mac-type>command in enhanced secure mode is

hmac-sha1.

See “About configuring SSH” (page 243) for more information about SSH.

SSL changes

When operating in enhanced secure mode, the SSL server will not allow protocol versions lower

than TLS 1.0.

See “Secure web management” (page 256) for more information about SSL.

Zeroizing with HA

For the 8200 switch, when zeroization is triggered by a secure mode transition, HA handles

zeroization on the AMM and SMM automatically.

When zeroization is started from the ROM console, there is no synchronization performed between

the AMM and SMM, as zeroization from the ROM console is treated as a recovery facility. Each

MM has to be zeroized individually.

Opacity shields command

CAUTION: You can only use this command for the 5200 and 8200 switches

Certification efforts are in progress for the 3800 switch.

Syntax

[no]opacity-shields

Indicates that opacity shields have been installed. This causes the system threshold

temperature to be decreased to 35 degrees Centigrade. Default: Disabled

Overview

Secure Mode allows the transition between standard secure mode and enhanced secure mode for

several security functions. Standard secure mode is the existing, default security mode on the switch.

Enhanced secure mode provides an additional level of switch security.

CAUTION: For the 3800, 5400zl, and 8200zl switches, when transitioning between standard

and enhanced secure mode, the switch must be removed from production and commands must be

executed from a serial terminal connected to the switch. Executing the secure-mode command

initiates a switch reboot which erases all the configuration files and everything on the compact

flash card except the firmware images, similar to the erase all zeroize command. (See “Switch

Memory and Configuration” in the Basic Operation Guide for your switch). After the system reboots,

the switch must be power-cycled.

NOTE: For the 3800 switch, stacking and enhanced secure mode are mutually exclusive. If

enhanced secure mode is enabled, you cannot enable stacking. If stacking is enabled, you cannot

enable enhanced secure mode.

502 Secure Mode (3800, 5400zl, and 8200zl Switches)