Crypto Officer Services; User Services - Cisco 2651 User Manual

The Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, 3745, and 7206 VXR NPE-400 Routers
If only integers 0-9 are used without repetition for an 8 digit PIN, the probability of randomly guessing
the correct sequence is 1 in 1,814,400. Including the rest of the alphanumeric characters drastically
decreases the odds of guessing the correct sequence.

Crypto Officer Services

During initial configuration of the router, the Crypto Officer password (the "enable" password) is
defined. A Crypto Officer may assign permission to access the Crypto Officer role to additional
accounts, thereby creating additional Crypto Officers.
The Crypto Officer role is responsible for the configuration and maintenance of the router. The Crypto
Officer services consist of the following:
•
•
•
•
•
•

User Services

A User enters the system by accessing the console port with a terminal program. The IOS prompts the
User for their password. If the password is correct, the User is allowed entry to the IOS executive
program. The services available to the User role consist of the following:
•
•
•
•
Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary
28
Configure the router—define network interfaces and settings, create command aliases, set the
protocols the router will support, enable interfaces and network services, set system date and time,
and load authentication information.
Define Rules and Filters—create packet Filters that are applied to User data streams on each
interface. Each Filter consists of a set of Rules, which define a set of packets to permit or deny based
characteristics such as protocol ID, addresses, ports, TCP connection establishment, or packet
direction.
Status Functions—view the router configuration, routing tables, active sessions, use Gets to view
SNMP MIB II statistics, health, temperature, memory status, voltage, packet statistics, review
accounting logs, and view physical interface status.
Manage the router—log off users, shutdown or reload the outer, manually back up router
configurations, view complete configurations, manager user rights, and restore router
configurations.
Set Encryption/Bypass—set up the configuration tables for IP tunneling. Set keys and algorithms
to be used for each IP range or allow plaintext packets to be set from specified IP address.
Change WAN Interface Cards/Network Modules—insert and remove WICs or NMs as described
in the second bullet in the
Status Functions—view state of interfaces, state of layer 2 protocols, version of IOS currently
running
Network Functions—connect to other network devices through outgoing telnet, PPP, etc. and
initiate diagnostic network services (i.e., ping, mtrace)
Terminal Functions—adjust the terminal session (e.g., lock the terminal, adjust flow control)
Directory Services—display directory of files kept in flash memory
"Initial Setup" section on page 43 of this document.
OL-6083-01