Manualshelf

Concept Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4048T-ON
901902903904905906907908909910
Startup Conguration Verication
Dell EMC Networking OS comes with startup conguration verication feature. When enabled, it checks the integrity of the startup
conguration that the system uses while the system reboots and loads only if it is intact.
Important Points to Remember
The startup conguration verication feature is disabled by default on the Dell EMC Networking OS.
The feature is supported for startup conguration les stored in the local system only.
The feature is not supported when the fastboot or the warmboot features are enabled on the system.
If the startup conguration verication fails after a reload, the system does not load your startup conguration.
After enabling the startup conguration verication feature, use the verified boot hash command to verify and store the hash
value. If you don’t store the hash value, you cannot reboot the device until you verify the image hash.
If OS image verication fails, the system does not load your startup conguration and displays an error message until you remove the
verified boot command from the conguration.
Dell EMC Networking OS Behavior after System Power-Cycle
If the system reboots due reasons such as power-cycle, the current startup conguration may be dierent than the one you veried the
hash using the verified boot hash command. When the system comes up, the system may use the last-veried startup
conguration.
Dell EMC Networking recommends backing up the startup conguration to a safe location after you use the verified boot hash
command. When the startup conguration verication fails, you can restore it from the backup.
The system continues to display a message stating that startup conguration verication failed. You can disable the startup conguration
feature either by disabling startup conguration verication or save the running conguration to the startup conguration and update the
hash for the startup conguration.
Enabling and Conguring Startup Conguration Hash Verication
To enable and congure startup conguration hash verication, follow these steps:
1 Enable the startup conguration hash verication feature.
CONFIGURATION mode
verified startup-config
2 Generate the hash checksum for your startup conguration le.
EXEC Privilege
generate hash {md5 | sha1 | sha256} {flash://filename | startup-config}
3 Verify the hash checksum of the current startup conguration on the local le system.
EXEC Privilege
verified boot hash startup—config hash-value
NOTE
: The verified boot hash command is only applicable for the startup conguration le in the local le
system.
908 Security