Trusted Builds - Cisco ASR 5000 Series Administration Manual
Staros release 21.4
Hide thumbs
Also See for ASR 5000 Series:
- Product overview (992 pages) ,
- Installation manual (317 pages) ,
- Administration manual (234 pages)
Table of Contents
Advertisement
Trusted Builds
• Local Subscribers: These are subscribers, primarily used for testing purposes, that are configured and
• Management Subscribers: A management user is an authorized user who can monitor, control, and
Trusted Builds
A Trusted build is a starfile image from which non-secure or low security features have been deleted or
disabled. However, the binaries in the Trusted starfile image are are identical to those found in other starfiles
for a particular StarOS release-build number. In general, a Trusted build is more restrictive than a Normal
build image.
You can identify whether your platform is running a Trusted build via the Exec mode show version command.
The output of the command displays the word "Trusted" as part of the image description text.
The following non-secure programs and features are disabled/removed from a Trusted build:
• Telnet
• FTP (File Transfer Protocol)
• Local user database access
• tcpdump utility
• rlogin (Remote Login) utility and rlogind (Remote Login daemon)
• rsh (Remote Shell) and rcp (Remote Copy) utilities
ASR 5500 System Administration Guide, StarOS Release 21.4
6
authenticated within a specific context. Unlike RADIUS-based subscribers, the local subscriber's user
profile (containing attributes like those used by RADIUS-based subscribers) is configured within the
context where they are created.
When local subscriber profiles are first created, attributes for that subscriber are set to the system's
default settings. The same default settings are applied to all subscriber profiles, including the subscriber
named default which is created automatically by the system for each system context. When configuring
local profile attributes, the changes are made on a subscriber-by-subscriber basis.
Important
Attributes configured for local subscribers take precedence over context-level parameters.
However, they could be over-ridden by attributes returned from a RADIUS AAA server.
configure the system through the CLI. Management is performed either locally, through the system
Console port, or remotely through the use of the Telnet or secure shell (SSH) protocols. Management
users are typically configured as a local subscriber within the Local context, which is used exclusively
for system management and administration. As with a local subscriber, a management subscriber's user
profile is configured within the context where the subscriber was created (in this case, the Local context).
However, management subscribers may also be authenticated remotely via RADIUS, if an AAA
configuration exists within the local context, or TACACS+.
System Operation and Configuration
Advertisement
Table of Contents
Troubleshooting
