1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Network Router
  5. ASR 1000 Series
  6. Common criteria operational user guidance and preparative procedures

Enabling Fips Mode; Administrator Configuration And Credentials; Session Termination - Cisco ASR 1000 Series Common Criteria Operational User Guidance And Preparative Procedures

Aggregation services router
Hide thumbs Also See for ASR 1000 Series:
Table of Contents

Advertisement

configuration of the Router. If the Router reboots and resumes operation when uncommitted
changes have been made, these changes will be lost and the Router will revert to the last
configuration saved.
3.2.3

Enabling FIPS Mode

The TOE must be run in the FIPS mode of operation. The use of the cryptographic engine in any
other mode was not evaluated nor tested during the CC evaluation of the TOE. This is done by
setting the following in the configuration:
The value of the boot field must be 0x0102. This setting disables break from the console to the
ROM monitor and automatically boots the IOS image. From the ROMMON command line enter
the following:
confreg 0x0102 [3] under section "C commands"
The self-tests for the cryptographic functions in the TOE are run automatically during power-on
as part of the POST. The same POST self-tests for the cryptographic operations can also be
executed manually at any time by the privileged administrator using the command:
test crypto self-test [10] Cisco IOS Security Command Reference: Commands S to Z
3.2.4

Administrator Configuration and Credentials

The ASR must be configured to use a username and password for each administrator and one
password for the enable command. Ensure all passwords are stored encrypted by using the
following command:
service password-encryption [10] Cisco IOS Security Command Reference: Commands
S to Z
Configures local AAA authentication:
aaa authentication login default local [10] Cisco IOS Security Command Reference:
Commands A to C
aaa authorization exec default local [10] Cisco IOS Security Command Reference:
Commands A to C
When creating administrator accounts, all individual accounts are to be set to a privilege level of
one. This is done by using the following commands:
username <name> password <password> [10] Cisco IOS Security Command
Reference: Commands S to Z
to create a new username and password combination, and
username <name> privilege 1 [10] Cisco IOS Security Command Reference:
Commands S to Z
to set the privilege level of <name> to 1.
3.2.5

Session Termination

Inactivity settings must trigger termination of the administrator session. These settings are
configurable by setting
Page 17 of 72
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Cisco ASR 1000 Series

Related Content for Cisco ASR 1000 Series

This manual is also suitable for:

Asr 1001Asr 1002xAsr 1004Asr 1006Asr 1013Asr 1001hx ... Show all

Table of Contents