Secure Installation And Configuration; Physical Installation; Initial Setup Via Direct Console Connection; Options To Be Chosen During The Initial Setup Of The Asr - Cisco ASR 1000 Series Common Criteria Operational User Guidance And Preparative Procedures

3 Secure Installation and Configuration

3.1 Physical Installation

Follow the Cisco ASR 1000 Series Router Hardware Installation Guide
hardware installation instructions.

3.2 Initial Setup via Direct Console Connection

The ASR must be given basic configuration via console connection prior to being connected to
any network.
3.2.1

Options to be chosen during the initial setup of the ASR

When you run the "setup" command, or after initially turning on the router you are free to choose
answers that fit your policies with the exception of the following values.
1 – Enable Secret – Must adhere to the password complexity requirements. Note that this setting
can be confirmed after "setup" is complete by examining the configuration file for "enable secret
5 ..." [4] Under Configure  Click on Configuration Guides  System Management  Click
on Using Setup Mode to Configure a Cisco Networking Device  Click on subsection "Using
the System Configuration Dialog to Create an Initial Configuration File"
2 – Enable Password - Must adhere to the password complexity requirements. Note that this must
be set to something different than the enable secret during "setup", however after setup this will
not be used within the evaluated configuration. [10] Under Reference Guides  Command
References  Security and VPN  See manual Cisco IOS Security Command Reference:
Commands D to L.
3 – Virtual Terminal Password - Must adhere to the password complexity requirements. Note
that securing the virtual terminal (or vty) lines with a password in the evaluated configuration is
suggested. This password allows access to the device through only the console port. Later in this
guide steps will be given to allow ssh into the vty lines. [4] Under Configure  Click on
Configuration Guides  System Management  Click on Using Setup Mode to Configure a
Cisco Networking Device  Click on subsection "Using the System Configuration Dialog to
Create an Initial Configuration File"
4 – Configure SNMP Network Management – NO (this is the default). Note that this setting can
be confirmed after "setup" is complete by examining the configuration file to ensure that there is
no "snmp-server" entry. [4] Under Configure Click on Configuration Guides System
Management Click on Using Setup Mode to Configure a Cisco Networking Device Click on
subsection "Using the System Configuration Dialog to Create an Initial Configuration File"
3.2.2

Saving Configuration

IOS uses both a running configuration and a starting configuration. Configuration changes affect
the running configuration, in order to save that configuration the running configuration (held in
memory) must be copied to the startup configuration. This may be achieved by either using the
write memory command [3] or the copy system:running-config nvram:startup-config
command [3] under section "C commands" (Note: A short hand version of the command is copy
run start). These commands should be used frequently when making changes to the
[2] and [20] for
,
Page 16 of 72