Cisco Catalyst 4503-E

To Next Page

To Previous Page

Cisco Cat4K NDPP ST 11 March 2014

EDCS-1228241

TOE SFRs

How the SFR is Met

exchanged and entered electronically. Persistent keys are entered

by the privileged administrator via the console port CLI, transient

keys are generated or established and stored in DRAM. If present,

a VSS link can export all DRAM and NVRAM keys to another

switch over a secure connection for high availability purposes.

The module supports the following critical security parameters

(CSPs). It is noted that there may be keys and CSPs that are not

applicable to this evaluation and should not be reviewed. They

are included for completeness of the module.

Algorit

Size

Description

Storag

Zeroizati

Method

General Keys/CSPs

User

Password

Passwo

Variable

(8+

characters)

Used to

authenticate

local users

NVRA

(plainte

xt)

Zeroized

overwriti

ng with

new

password

Enable

Password

Passwo

Variable

(8+

characters)

Used to

authenticate

local users at a

higher privilege

level

NVRA

(plainte

xt)

Zeroized

overwriti

ng with

new

password

RADIUS

secret

Shared

Secret

Variable

(8+

characters)

The RADIUS

Shared Secret

NVRA

(plainte

xt)

Zeroized

using the

following

command

# no

radius-

server key

Overwritt

en with:

0x0d

RADIUS

Key wrap

key

AES

128/256

bits

Used to protect

SAK

DRAM

(plainte

xt)

Zeroized

when data

structure

is freed

TACACS

+ secret

Shared

Secret

Variable

(8+

characters)

The TACACS+

shared secret

NVRA

(plainte

xt)

Zeroized

using the

following

command

# no

tacacs-

Unless specifically noted, the zeroization method used for secrets, keys, etc is to overwrite with zeros

(0x00).

Main Page

Cisco Catalyst 4503-E - Page 63

Table of Contents

Related product manuals