Cisco ASR 1000 Series Common Criteria Operational User Guidance And Preparative Procedures page 64

Service or Description
Protocol
NTP Network Time
Protocol
RADIUS Remote
Authentication Dial In
User Service
SDI (RSA RSA SecurID
SecureID) authentication
SNMP Simple Network
Management Protocol
SSH Secure Shell
Telnet A protocol used for
terminal emulation
TFTP Trivial File Transfer
Protocol
CDP Cisco Discovery
Protocol
DTP Dynamic Trunking
Protocol
Frame Relay Standardized wide
area network
technology that
specifies the physical
and logical link layers
of digital
telecommunications
channels using a
packet switching
methodology
Client Allowed
(initiating)
Yes Yes
Yes Yes
Yes Over IPsec
Yes (snmp-trap) Yes
Yes Yes
Yes Yes
Yes Yes
n/a n/a
n/a n/a
n/a n/a
Server Allowed
(terminating)
No n/a
No n/a
No n/a
Yes No
Yes Yes
Yes Yes
No n/a
n/a n/a
n/a n/a
n/a n/a
Allowed use in the certified configuration
Any configuration. Use of key-based
authentication is recommended.
If used for authentication of ASA
administrators, secure through IPsec.
If used for authentication of ASA
administrators, secure through IPsec.
Outbound (traps) only. Recommended to
tunnel through IPsec.
As described in the section 3.3.1 of this
document.
Use of SSH is recommended.
Recommend using SCP instead, or tunneling
through IPsec.
Follow best practices for the secure usage as
there are no restrictions on use of these
protocols
Follow best practices for the secure usage as
there are no restrictions on use of these
protocols
Follow best practices for the secure usage as
there are no restrictions on use of these
protocols
Page 64 of 72