EasyManuals Logo
Home>Cisco>Network Router>ISR 4000 series

Cisco ISR 4000 series User Manual

Cisco ISR 4000 series
66 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #26 background imageLoading...
Page #26 background image
Cisco ISR 4000 Family Routers Administrator Guidance
Page 26 of 66
4. Secure Management
4.1 User Roles
The ISR 4000 Family Routers have both privileged and semi-privileged administrator roles as well
as non-administrative access. Non-administrative access is granted to authenticated neighbor
routers for the ability to receive updated routing tables per the information flow rules. There is no
other access or functions associated with non-administrative access. These privileged and semi-
privileged roles are configured in the Access Control and Session Termination section above. The
TOE also allows for customization of other levels. Privileged access is defined by any privilege
level entering an enable secret 5after their individual login. Note: The command ‘enable secret
is a replacement for the ‘enable password’ command since the ‘enable secret creates the password
and stores it in encrypted. Privilege levels are number 0-15 that specifies the various levels for the
user. The privilege levels are not necessarily hierarchical. Privilege level 15 has access to all
commands on the TOE. Privilege levels 0 and 1 are defined by default, while levels 2-14 are
undefined by default. Levels 0-14 can be set to include any of the commands available to the level
15 administrator, and are considered the semi-privileged administrator for purposes of this
evaluation. The privilege level determines the functions the user can perform; hence the authorized
administrator with the appropriate privileges.
To establish a username-based authentication system, use the username command in global
configuration mode.
TOE-common-criteria(config)# username name [privilege level]
When a user no longer requires access to the TOE, the user account can be removed. To remove
an established username-based authentication account, use the “no” form of the command.
TOE-common-criteria(config)# no username name
Refer to the IOS Command Reference Guide for available commands and associated roles and
privilege levels.
4.2 Passwords
The password complexity is not enforced by the router by default, and must be administratively
set in the configuration. To prevent administrators from choosing insecure passwords, each
password must be:
1. At least 15 characters long. Use the following command to set the minimum length to 15
or greater.
TOE-common-criteria (config)#security passwords min-length length
Example: TOE-common-criteria (config)# security passwords min-length 15

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ISR 4000 series and is the answer not in the manual?

Cisco ISR 4000 series Specifications

General IconGeneral
BrandCisco
ModelISR 4000 series
CategoryNetwork Router
LanguageEnglish

Related product manuals