cipherset

Configures FIPS-compliant ciphers for the Lightweight Directory Access Protocol (LDAP).

Syntax

cipherset { ldap | radius }

Command Default

There are no restrictions on LDAP ciphers.

Parameters

radius
Specifies secure RADIUS ciphers.
ldap
Specifies secure LDAP ciphers.

Modes

Privileged EXEC mode

Usage Guidelines

A device must be configured with secure ciphers for SSH before that device can be FIPS compliant. If LDAP authentication is to be used, the LDAP ciphers are also required before a device can be FIPS compliant.

The secure LDAP ciphers are EAS128-SHA and DES-CBC3-SHA.

This command can be used only from a user account to which an administrative role is assigned.

Note

Note

Use the ssh client cipher or the ssh server cipher commands to set the SSH client's cipher lists for SSH clients and servers.

Examples

This example configures secure RADIUS ciphers. 

device# cipherset radius
 
RADIUS cipher list configured successfully.
RADIUS Cipher List(FIPS 140-2 Approved) : AES256-SHA256 AES256-SHA AES128-SHA256 AES128-SHA

This example configures secure LDAP ciphers. 

device# cipherset ldap
 
ldap cipher list configured successfully.
LDAP Cipher List(FIPS 140-2 Approved) : AES256-SHA256 AES256-SHA AES128-SHA256 AES128-SHA
9036689-01 Rev AA