Device Security Settings

Apply the security hardening configuration on the device. You can use this command for enabling security hardening on devices that are already registered in EFA or if there is any update in the security settings.

  1. The following command applies the security settings on the SLX devices:

    efa inventory device secure settings apply [ --ip device-ips | --fabric fabric |
    
    --ip device-ip       Specifies a comma-separated range of device IP addresses. Example: 1.1.1.1-3,1.1.1.2,2.2.2.2.
    --fabric fabric      Specifies fabric name.
    

    Example:

    efa inventory device secure settings apply --ip 1.1.1.1-3,2.2.2.2
    efa inventory device secure settings apply --fabric fabric1
  2. The following command shows the current settings on an SLX device:

    efa inventory device secure settings show [ --ip device-ip |
    
    --ip device-ip      Specifies a device IP address. Example: 1.1.1.1.

    Example:

    efa inventory device secure settings show -–ip 1.1.1.1
    +----------------------------+---------------------------------------+
    |           NAME             | VALUE                                 |
    +----------------------------+---------------------------------------+
    | Min-tls-version            | 1.2                                   |
    +----------------------------+---------------------------------------+
    | Mac-algorithm              | hmac-sha2-512-etm@openssh.com         |
    |                            | hmac-sha2-256-etm@openssh.com         |
    |                            | hmac-sha2-512                         |
    |                            | hmac-sha2-256                         |
    +----------------------------+---------------------------------------+
    | Key-exchange-algorithm     | curve25519-sha256                     |
    |                            | curve25519-sha256@libssh.org          |
    |                            | diffie-hellman-group14-sha256         |
    |                            | diffie-hellman-group16-sha512         |
    |                            | diffie-hellman-group18-sha512         |
    |                            | diffie-hellman-group-exchange-sha256  |
    +----------------------------+---------------------------------------+
    | Cipher                     | non-cbc                               |
    +----------------------------+---------------------------------------+
    | Telnet                     | Disable                               |
    +----------------------------+---------------------------------------+
    | Max-password-age           | 365                                   |
    +----------------------------+---------------------------------------+