Name: Cisco ASR 1002
Brand: Cisco
Rating: 5 (1 reviews)

To Next Page

To Previous Page

Page 20 of 72

6. Configure vty lines to accept ‘ssh’ login services

TOE-common-criteria(config-line)# transport input ssh

7. Configure a SSH client to support only the following specific encryption algorithms:

o AES-CBC-128

o AES-CBC-256

peer#ssh -l cisco -c aes128-cbc 1.1.1.1

peer#ssh -l cisco -c aes256-cbc 1.1.1.1

8. Configure a SSH client to support message authentication. Only the following MACs are

allowed and “None” for MAC is not allowed:

a. hmac-sha1-96

b. hmac-sha1

peer#ssh -l cisco -m hmac-sha1-96 1.1.1.1

9. Configure the SSH rekey time-based rekey and volume-based rekey values (values can be

configured to be lower than the default values if a shorter interval is desired):

a. ip ssh rekey time 60

b. ip ssh rekey volume 1000000

 HTTP and HTTPS servers were not evaluated and must be disabled: no ip http server

no ip http secure-server

 SNMP server was not evaluated and must be disabled: no snmp-server

3.3.2 Authentication Server Protocols

 RADIUS (outbound) for authentication of TOE administrators to remote authentication

servers are disabled by default but should be enabled by administrators in the evaluated

configuration.

o To configure RADIUS refer to [17] Under Configure  Click on Configuration

Guides  Security, Services, and VPN  Click on Securing User Services

Configuration Guide Library  click on Authentication, Authorization, and

Accounting (AAA) Configuration Guide Configuring Authentication  How to

Configure AAA Authentication Methods  Configuring Login Authentication

Using AAA  Login Authentication Using Group RADIUS. Use best practices

for the selection and protection of a key to ensure that the key is not easily

guessable and is not shared with unauthorized users.

This protocol is to be tunneled over an IPsec connection in the evaluated configuration. The

instructions for setting up this communication are the same as those for protecting

communications with a syslog server, detailed in Section 3.3.4 below.

3.3.3 Logging Configuration

Logging of command execution must be enabled: [10] Cisco IOS Configuration Fundamentals

Command Reference and Cisco IOS Debug Command References

Other manuals for Cisco ASR 1002

Replacing120 pages

Hardware Installation Guide702 pages

Quick Start Guide36 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco ASR 1002 and is the answer not in the manual?

Cisco ASR 1002 Specifications

General

Ethernet LAN	Yes
Cabling technology	10/100/1000Base-T(X)
Networking standards	IEEE 802.3
Ethernet LAN data rates	10, 100, 1000 Mbit/s
Ethernet interface type	Gigabit Ethernet
DHCP client	-
Supported network protocols	BGP, GRE, OSPF, DVMRP, EIGRP, IS-IS, IGMPv3, PIM-SM, PIM-SSM
Ethernet LAN (RJ-45) ports	4
Security algorithms	SSH
VPN tunnels quantity	8000
Safety	UL60950-1 CSA, C22.2 No. 60950-1-03, EN 60950-1, IEC 60950-1, AS/NZS 60950.1
Certification	FCC 47CFR15 Class A AS/NZS CISPR 22 CISPR 22 Class A EN55022 Class A ICES-003 Class A VCCI Class A CNS-13438 Class A EN61000-3-2 EN61000-3-3
Internal memory	4096 MB
AC input voltage	85 - 264 V
Power source type	AC
AC input frequency	50 - 60 Hz
Power consumption (typical)	560 W
Operating altitude	0 - 3048 m
Storage temperature (T-T)	0 - 50 °C
Operating temperature (T-T)	0 - 40 °C
Storage relative humidity (H-H)	5 - 95 %
Operating relative humidity (H-H)	5 - 90 %
Product color	Gray
Rack capacity	2U