Cisco Systems SF300-24P, SG30052PK9NA, SRW2024PK9NA, SRW224G4K9AR, SRW224G4PK9NA, SRW248G4PK9NA Configuration Files

Security: Secure Sensitive Data Management

Configuration Files

369 Cisco Small Business 300 Series Managed Switch Administration Guide

A device determines whether the integrity of a configuration file is protected by

examining the File Integrity Control command in the file's SSD Control block. If a

file is integrity protected but a device finds the integrity of the file is not intact, the

device rejects the file. Otherwise, the file is accepted for further processing.

A device checks for the integrity of a text-based configuration file when the file is

downloaded or copied to the Startup Configuration file.

Each session has a Read mode. This determines how sensitive data appears. The

Read mode can be either Plaintext, in which case sensitive data appears as

regular text, or Encrypted, in which sensitive data appears in its encrypted form.

Configuration Files

A configuration file contains the configuration of a device. A device has a Running

Configuration file, a Startup Configuration file, a Mirror Configuration file

(optionally), and a Backup Configuration file. A user can manually upload and

download a configuration file to and from a remote file-server. A device can

automatically download its Startup Configuration from a remote file server during

the auto configuration stage using DHCP. Configuration files stored on remote file

servers are referred to as remote configuration files.

A Running Configuration file contains the configuration currently being used by a

device. The configuration in a Startup Configuration file becomes the Running

Configuration after reboot. Running and Startup Configuration files are formatted

in internal format. Mirror, Backup, and the remote configuration files are text-based

files usually kept for archive, records, or recovery. During copying, uploading, and

downloading a source configuration file, a device automatically transforms the

source content to the format of the destination file if the two files are of different

formats .

When copying the Running or Startup Configuration file into a text-based

configuration file, the device generates and places the file SSD indicator in the

text-based configuration file to indicate whether the file contains encrypted

sensitive data, plaintext sensitive data or excludes sensitive data.

•The SSD indicator, if it exists, must be in the configuration header file.

Cisco Systems Configuration Files