Cisco Cisco SG300-28 28-Port Gigabit Managed Switch Maintenance Manual

SSD Rules

501

Cisco 300 Series Managed Switches Administration Guide

is recommended that the user authentication process on a device is secured. To 
secure the user authentication process, you can use the local authentication 
database, as well as secure the communication through external authentication 
servers, such as a RADIUS server. The configuration of the secure communication 
to the external authentication servers are sensitive data and are protected under 
SSD. 

The user credential in the local authenticated database is already protected by a 
non SSD related mechanism

If a user from a channel issues an action that uses an alternate channel, the device 
applies the read permission and default read mode from the SSD rule that match 
the user credential and the alternate channel. For example, if a user logs in via a 
secure channel and starts a TFTP upload session, the SSD read permission of the 
user on the insecure channel (TFTP) is applied 

The device has the following factory default rules: 

The default rules can be modified, but they cannot be deleted. If the SSD default 
rules have been changed, they can be restored. 

Level 
15 

Secure XML 
SNMP 

Plaintext Only 

Plaintext 

Level 
15 

Secure Both 

Encrypted 

Level 
15 

Insecure Both 

Encrypted 

All Insecure 

XML 

SNMP 

Exclude Exclude 

All Secure 

Encrypted 

Only 

Encrypted 

All Insecure 

Encrypted 

Only 

Encrypted