Cisco ASR 1004 - Enabling FIPS Mode; Administrator Configuration and Credentials

72 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

Page 17 of 72

configuration of the Router. If the Router reboots and resumes operation when uncommitted

changes have been made, these changes will be lost and the Router will revert to the last

configuration saved.

3.2.3 Enabling FIPS Mode

The TOE must be run in the FIPS mode of operation. The use of the cryptographic engine in any

other mode was not evaluated nor tested during the CC evaluation of the TOE. This is done by

setting the following in the configuration:

The value of the boot field must be 0x0102. This setting disables break from the console to the

ROM monitor and automatically boots the IOS image. From the ROMMON command line enter

the following:

confreg 0x0102 [3] under section “C commands”

The self-tests for the cryptographic functions in the TOE are run automatically during power-on

as part of the POST. The same POST self-tests for the cryptographic operations can also be

executed manually at any time by the privileged administrator using the command:

test crypto self-test [10] Cisco IOS Security Command Reference: Commands S to Z

3.2.4 Administrator Configuration and Credentials

The ASR must be configured to use a username and password for each administrator and one

password for the enable command. Ensure all passwords are stored encrypted by using the

following command:

service password-encryption [10] Cisco IOS Security Command Reference: Commands

S to Z

Configures local AAA authentication:

aaa authentication login default local [10] Cisco IOS Security Command Reference:

Commands A to C

aaa authorization exec default local [10] Cisco IOS Security Command Reference:

Commands A to C

When creating administrator accounts, all individual accounts are to be set to a privilege level of

one. This is done by using the following commands:

username <name> password <password> [10] Cisco IOS Security Command

Reference: Commands S to Z

to create a new username and password combination, and

username <name> privilege 1 [10] Cisco IOS Security Command Reference:

Commands S to Z

to set the privilege level of <name> to 1.

3.2.5 Session Termination

Inactivity settings must trigger termination of the administrator session. These settings are

configurable by setting

Table of Contents

Other manuals for Cisco ASR 1004

Hardware Installation Guide702 pages

Replacing120 pages

Quick Start Guide38 pages

Install Guide32 pages

Overview And Installation38 pages

Related product manuals

Preview: Cisco ASR 1002

Preview: Cisco ASR 1006

Preview: Cisco ASR 1000

Preview: Cisco ASR 1001-X

Cisco ASR 1001-X

Preview: Cisco ASR 1002-X

Cisco ASR 1002-X

Preview: Cisco ASR 1001-HX

Cisco ASR 1001-HX

Preview: Cisco ASR 1002-HX

Cisco ASR 1002-HX

Preview: Cisco ASR 1000 Series

Cisco ASR 1000 Series

Preview: Cisco ASR1002 - ASR 1002 Router

Cisco ASR1002 - ASR 1002 Router

Preview: ASR1000-RP1 - ASR 1000 Series Route Processor 1 Router

ASR1000-RP1 - ASR 1000 Series Route Processor 1 Router