EasyManuals Logo
Home>Cisco>Network Router>ISR 4000 series

Cisco ISR 4000 series User Manual

Cisco ISR 4000 series
66 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #19 background imageLoading...
Page #19 background image
Cisco ISR 4000 Family Routers Administrator Guidance
Page 19 of 66
Recovery from an event where the connection is unintentionally broken is to follow the steps to
establish a connection as listed above.
3.3.2 Authentication Server Protocols
RADIUS (outbound) for authentication of TOE administrators to remote authentication servers are
disabled by default but should be enabled by administrators in the evaluated configuration.
To configure RADIUS refer to [5]. Use best practices for the selection and protection of a
key to ensure that the key is not easily guessable and is not shared with unauthorized users.
These protocols are to be tunneled over an IPSec connection in the evaluated configuration. The
instructions for setting up this communication are the same as those for protecting communications
with a syslog server, detailed in Section 3.3.5below.
3.3.3 Logging Configuration
1. Logging of command execution must be enabled:
TOE-common-criteria(config)#archive
TOE-common-criteria(config)#no logging console
TOE-common-criteria(config-archive)#log config
TOE-common-criteria(config-archive-log-cfg)#logging enable
TOE-common-criteria(config-archive-log-cfg)#hidekeys
TOE-common-criteria(config-archive-log-cfg)#notify syslog
TOE-common-criteria(config-archive-log-cfg)#exit
TOE-common-criteria(config-archive)#exit
2. Add year to the timestamp:
3. TOE-common-criteria(config)# service timestamps log datetime year
4. Enable any required debugging. Debugging is needed for radius (if used), isakmp (if using
ikev1), ipsec, ikev2 (if using ikev2), and ntp to generate the events required in the Security
Target, however administrators should use discretion when enabling a large number of
debugs on an on-going basis:
5. TOE-common-criteria# debug radius authentication
TOE-common-criteria# debug crypto isakmp
TOE-common-criteria# debug crypto ipsec
TOE-common-criteria# debug crypto ikev2
TOE-common-criteria# debug ntp all
6. Set the size of the logging buffer. It is recommended to set it to at least 150000000:
7. TOE-common-criteria(config)# logging buffer 150000000

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ISR 4000 series and is the answer not in the manual?

Cisco ISR 4000 series Specifications

General IconGeneral
BrandCisco
ModelISR 4000 series
CategoryNetwork Router
LanguageEnglish

Related product manuals