security command

This command sets and displays the chassis security policy level for the CMM.

Note:
  • You cannot access the CMM CLI through Telnet while using the Secure chassis security policy setting.
  • When the CMM is set to "Secure" security mode, only secure file transfer methods, such as HTTPS and SFTP, can be used for tasks involving file transfer when the CMM is acting as a server. Unsecure file transfer protocols, such as HTTP, FTP, and TFTP, are disabled when the CMM is acting as a server when the security mode is set to "Secure". Unsecure file transfer protocols remain available for a CMM acting as a client for all commands when the security mode is set to "Secure".
  • The CMM HTTP and HTTPS ports are open at all times. Port behavior is determined by the CMM HTTPS port setting, which can be affected by the CMM chassis security policy setting:
    • When the CMM HTTPS port is enabled, the HTTP port (port 80) remains open and redirects to the HTTPS port (port 443). When the chassis security policy is set to secure, the CMM HTTPS port is automatically enabled and its setting cannot be changed.
    • When the CMM HTTPS port is disabled, the HTTPS port (port 443) remains open and redirects to the HTTP port (port 80).

If command syntax is not correctly entered, or if a command fails to run, an error message is returned. See Common errors for a list of error messages that apply to all commands or security command errors for a list of error messages that are specific to the security command.

Table 1. security command.

The command table is a multi-row, four-column table where each row describes a CMM CLI command option: column one lists command function, column two provides a detailed command description, column three shows command-option syntax, and column four lists valid command targets.

Function What it does Command Target (see paths in Command targets)
Display CMM chassis security policy Displays the chassis security policy information for the CMM:
  • Security policy level (legacy or secure).
  • Security policy state:
    • Active indicates that the security policy is in force.
    • Pending indicates that the changes are needed, such as disabling non-secure protocols, before the policy can become active.
  • Version of the security policy rule definitions being enforced.
security
Primary CMM:
  • mm[p]
  • mm[P]
  • mm[x]
  • where x is the primary CMM bay number.
Set CMM chassis security policy level Sets the chassis security policy level for the CMM.
Note:
  • To set the chassis security policy level to secure, accseccfg command options must be set as follows:
    • -cp (complex password): on
    • -de (default account password change at next login): on
    • -pc (password change on first access): on
  • The following interfaces must be disabled, using the ports command, before setting the CMM chassis security level to secure:
    • HTTP
    • FTP
    • SNMPv1
    • Telnet
    • TFTP
    • Non-secure TCP command mode
security -p level

where level is legacy or secure .

This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis configuration
See Commands and user authority for additional information.
Primary CMM:
  • mm[p]
  • mm[P]
  • mm[x]
  • where x is the primary CMM bay number.

Example:

To display the chassis security policy level setting for the CMM, while the primary CMM in bay 2 is set as the persistent command environment, at the system:mm[2]> prompt, type
security

The following example shows the information that is returned from this command:

system:mm[2]> security
-p legacy
State: active
Version: 01.00
system:mm[2]>