EasyManuals Logo
Home>Cisco>Network Router>ASR 1000 Series

Cisco ASR 1000 Series User Manual

Cisco ASR 1000 Series
72 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #20 background imageLoading...
Page #20 background image
Page 20 of 72
6. Configure vty lines to accept ‘ssh’ login services
TOE-common-criteria(config-line)# transport input ssh
7. Configure a SSH client to support only the following specific encryption algorithms:
o AES-CBC-128
o AES-CBC-256
peer#ssh -l cisco -c aes128-cbc 1.1.1.1
peer#ssh -l cisco -c aes256-cbc 1.1.1.1
8. Configure a SSH client to support message authentication. Only the following MACs are
allowed and “None” for MAC is not allowed:
a. hmac-sha1-96
b. hmac-sha1
peer#ssh -l cisco -m hmac-sha1-96 1.1.1.1
9. Configure the SSH rekey time-based rekey and volume-based rekey values (values can be
configured to be lower than the default values if a shorter interval is desired):
a. ip ssh rekey time 60
b. ip ssh rekey volume 1000000
HTTP and HTTPS servers were not evaluated and must be disabled: no ip http server
no ip http secure-server
SNMP server was not evaluated and must be disabled: no snmp-server
3.3.2 Authentication Server Protocols
RADIUS (outbound) for authentication of TOE administrators to remote authentication
servers are disabled by default but should be enabled by administrators in the evaluated
configuration.
o To configure RADIUS refer to [17] Under Configure Click on Configuration
Guides Security, Services, and VPN Click on Securing User Services
Configuration Guide Library click on Authentication, Authorization, and
Accounting (AAA) Configuration Guide Configuring Authentication How to
Configure AAA Authentication Methods Configuring Login Authentication
Using AAA Login Authentication Using Group RADIUS. Use best practices
for the selection and protection of a key to ensure that the key is not easily
guessable and is not shared with unauthorized users.
This protocol is to be tunneled over an IPsec connection in the evaluated configuration. The
instructions for setting up this communication are the same as those for protecting
communications with a syslog server, detailed in Section 3.3.4 below.
3.3.3 Logging Configuration
Logging of command execution must be enabled: [10] Cisco IOS Configuration Fundamentals
Command Reference and Cisco IOS Debug Command References

Table of Contents

Other manuals for Cisco ASR 1000 Series

Preview: Software Configuration Guide
Software Configuration Guide602 pages
Preview: Configuration Guide
Configuration Guide126 pages
Preview: Replacing
Replacing120 pages
Preview: Hardware Installation Guide
Hardware Installation Guide594 pages
Preview: Installation And Configuration Guide
Installation And Configuration Guide292 pages
Preview: Quick Start Guide
Quick Start Guide48 pages
Preview: Hardware Installation And Configuration Guide
Hardware Installation And Configuration Guide32 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASR 1000 Series and is the answer not in the manual?

Cisco ASR 1000 Series Specifications

General IconGeneral
BrandCisco
ModelASR 1000 Series
CategoryNetwork Router
LanguageEnglish

Related product manuals