Table of Contents
Advertisement
The Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, 3745, and 7206 VXR NPE-400 Routers
Table 18
25
CSP 25
26
CSP 26
27
CSP 27
28
CSP 28
29
CSP 29
30
CSP 30
31
CSP 31
The services accessing the CSPs, the type of access and which role accesses the CSPs are listed in
Table
19.
Table 19
SRDI/Role/Service Access Policy
Security Relevant Data Item
CSP 1
CSP 2
Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary
38
Critical Security Parameters (Continued)
This key is used by the router to authenticate itself to the peer. The
key is identical to #22 except that it is retrieved from the local
database (on the router itself). Issuing the "no username
password" zeroizes the password (that is used as this key) from
the local database.
This is the SSH session key. It is zeroized when the SSH session
is terminated.
The password of the User role. This password is zeroized by
overwriting it with a new password.
The plaintext password of the CO role. This password is zeroized
by overwriting it with a new password.
The ciphertext password of the CO role. However, the algorithm
used to encrypt this password is not FIPS approved. Therefore,
this password is considered plaintext for FIPS purposes. This
password is zeroized by overwriting it with a new password.
The RADIUS shared secret. This shared secret is zeroized by
executing the "no" form of the RADIUS shared secret set
command.
The TACACS+ shared secret. This shared secret is zeroized by
executing the "no" form of the TACACS+ shared secret set
command.
Role and Service Access to CSPs
r
r
NVRAM
(plaintext)
DRAM
(plaintext)
NVRAM
(plaintext)
NVRAM
(plaintext)
NVRAM
(plaintext)
NVRAM
(plaintext),
DRAM
(plaintext)
NVRAM
(plaintext),
DRAM
(plaintext)
d
r
w
d
r
w
d
OL-6083-01
Hide quick links:
Advertisement
Table of Contents
