Manualshelf

System information

ManualsBrandsCisco ManualsComputer equipmentCatalyst 3750X-48PF
11121314151617181920
Cisco Cat3K ST 6 June 2012
18
1.7.7 TOE Access
The TOE can terminate inactive sessions after an authorized administrator configurable
time-period. Once a session has been terminated the TOE requires the user to re-
authenticate to establish a new session.
The TOE can also display a Security Administrator specified banner on the CLI
management interface prior to allowing any administrative access to the TOE.
1.8 Excluded Functionality
The Cisco IOS contains a collection of features that build on the core components of the
system. Those features that are not within the scope of the evaluated configuration
include:
HTTP Server for web user interface management sends authentication data in the
clear and does not enforce the required privilege levels. This feature is enabled
by default. The HTTP Server needs to be disabled and should not be configured
for use. Not including this feature does not interfere with the management of
TOE as defined in the Security Target. .
IEEE 802.11 Wireless Standards the evaluated configuration of Catalyst Switches
as described is this Security Target does not support implementing wireless local
area network as it requires additional hardware beyond what is included in the
evaluated configuration.
MAC address filtering restricts a port's ingress traffic by limiting the MAC
addresses that are allowed to send traffic into the port. The SFPs in the Security
Target are defined as information flow polices, not access polices that allow
access based on MAC address. This feature is disabled by default and cannot be
configured for use, as it may interfere with the enforcement of the security
policies as defined in the Security Target.
SNMP does not enforce the required privilege levels. This feature is disabled by
default and cannot be configured for use in the evaluated configuration.
Including this feature would not meet the security policies as defined in the
Security Target.
Telnet sends authentication data in the clear. This feature is enabled by default
and must be disabled in the evaluated configuration. Including this feature would
not meet the security policies as defined in the Security Target.
VPN secure remote access is provided by SSHv2 and therefore VPN access is
not supported in the evaluated configuration of Catalyst Switches as described is
this Security Target. VPN requires additional licenses beyond what is included
in the evaluated configuration.
Flexible NetFlow - is used for a traffic optimization, and SFRs do not include
performance/optimization features. This feature is disabled by default and should
remain disabled in the evaluated configuration. Not including this feature does