System Security; Per-Chassis Key Identifier; Chapter - Cisco ASR 5000 Administration Manual

System Security

This chapter describes the security features supported on the ASR 5000 platform.
•
•
•
•
•
•
•

Per-Chassis Key Identifier

A user can set a unique chassis key which will work only for a chassis or for any set of chassis that will share
the same configuration information.
The chassis key consists of 1 to 16 alphanumeric ASCII characters. The chassis key plain-text value is never
displayed to the user; it is entered interactively and not echoed to the user.
On the ASR5000 the encrypted chassis key is stored in the Compact Flash card on each SMC.
If the chassis key identifier stored in the header comment line of the configuration file does not match the
chassis key, an error message is displayed to the user. The user can change the chassis key value simply by
entering the chassis key again. The previous chassis key is replaced by a new chassis key. The user is not
required to enter a chassis key.
If the user does not configure a chassis key, the system generates a unique value for that chassis.
Important
Per-Chassis Key Identifier, page 111
Protection of Passwords, page 112
Support for ICSR Configurations, page 114
Encrypted SNMP Community Strings, page 114
Lawful Intercept Restrictions, page 114
Adding, Modifying and Removing Users, page 115
Test-Commands, page 116
Changing a chassis key may invalidate previously generated configurations. This is because any secret
portions of the earlier generated configuration will have used a different encryption key. For this reason
the configuration needs to be recreated and restored.
C H A P T E R
ASR 5000 System Administration Guide, StarOS Release 21.1
8
111