Cisco IOS XR System Security Configuration Guide, Release 3.3
Index
Downloads: This chapterpdf (PDF - 243.0KB) The complete bookPDF (PDF - 1.83MB) | Feedback

Index

Table Of Contents

A - C - D - E - H - I - K - L - M - N - O - P - R - S -

Index

A

AAA (authentication, authorization, and accounting)

accounting method lists, configuring SC-137

accounting services, enabling SC-142

authentication SC-103

authentication method lists, configuring SC-130

authorization, enabling SC-140

authorization method lists, configuring SC-134

configuration SC-102

database SC-101

login parameters, configuring SC-144

RADIUS server groups, configuring SC-126

remote configuration SC-102

router to RADIUS server communication, configuring SC-118

services, configuration (examples) SC-145

TACACS+ server, configuring SC-124

TACACS+ server groups, configuring SC-128

task-based authorization

task groups SC-100

task IDs SC-106

task groups

configuration SC-112

user and group attributes SC-98

user groups

configuring SC-114

definition SC-99

inheritance SC-99

predefined SC-99

prerequisites SC-97

privilege level mapping SC-109

restrictions SC-97

users, configuring SC-116

XML schema SC-109

accept-lifetime command SC-50

algorithms

See IKE, algorithms

C

CAs (certification authorities)

authenticating SC-10

declaring SC-8

description SC-3, SC-88

domain names, configuring (example) SC-6

host names SC-6

RSA (Rivest, Shamir, and Adelman) key pairs

generating SC-7

supported standards SC-2

trusted point, configuring SC-8

See also certificates; CRLs; IPSec; RAs

certificates SC-3

requests SC-11

See also CAs; CRLs; RSA keys

clock set command SC-151

config-isakmp command mode, enabling SC-29

D

dead-server detection

RADIUS SC-122

radius-server dead-criteria time command SC-123

radius-server dead-criteria tries command SC-123

radius-server deadtime command SC-122

deadtime command SC-127

DES (Data Encryption Standard) SC-19

IKE policy parameter SC-21

domain names

certification authority interoperability, configuring SC-6

E

encrypted nonces

See RSA encrypted nonces

encryption algorithm

See IKE, algorithms

end-time, key chain SC-44

H

hash algorithm

See IKE, algorithms

host names

certification authority interoperability, configuring (examples) SC-6

I

IKE (Internet Key Exchange) security protocol

algorithms

encryption SC-29

hash SC-29

options SC-22

authentication

methods SC-22, SC-29

DH (Diffie-Hellman)

group identifier, specifying SC-29

IKE policy parameter SC-21

enabling and disabling SC-27

extended authentication SC-26

group identifier, specifying SC-29

ISAKMP identity, configuring SC-24

keys

See keys, preshared; keys, preshared using AAA server; RSA keys

mode configuration SC-26

negotiations SC-21

policies

configuring (example) SC-38

identifying SC-29

multiple SC-23

parameters SC-21, SC-22

purpose SC-20

viewing SC-30

policies, configuring SC-28

requirements

RSA encrypted nonces method SC-23

RSA signatures method SC-23

supported standards SC-18

See also IPSec; RSA encrypted nonces; SAs

IPSec (IPSec Network Security Protocol)

CAs

implementing with SC-5

implementing without SC-5

IPSec (IP Security)

checkpointing

configuring SC-62

description SC-60

crypto access lists SC-58

cautions, creating SC-58

creating SC-63

purpose SC-58

crypto profiles SC-56

applying to transport SC-71

applying to tunnel interfaces SC-70

static or dynamic, configuring SC-67

dynamic crypto profiles SC-57

group policy definition

mode configuration SC-66

lifetimes

global, setting SC-60

prerequisites, implementing SC-56

transform sets

defining SC-65

transform sets, description SC-59

IPSec, implementing SC-5

ISAKMP SC-19

See also IKE SC-17

K

key (key chain) command SC-47

key chain

configuration (example) SC-53

configuring SC-44

end-time SC-44

key identifier, configuring SC-46

lifetime SC-44

outbound traffic, configuring SC-51

overview SC-43

start-time SC-44

text, configuring SC-47

valid key, determining SC-49

key chain command SC-45

key identifier, configuring SC-46

keys

mask preshared SC-24

configuring (example) SC-37

preshared

configuring (example) SC-34, SC-38

IKE policy parameter SC-21

preshared using AAA server SC-25

key string, configuring SC-47

key-string command SC-49

key validation, determining SC-49

L

lifetime, key chain SC-44

M

MD5 (Message Digest 5) algorithm SC-19

IKE policy parameter SC-21

N

nonces

See RSA encrypted nonces

O

Oakley key exchange protocol SC-19

See also IKE

outbound traffic (key chain), configuring SC-51

P

preshared keys

See keys, preshared; keys, preshared using AAA server

public key configuration mode, enabling SC-32

R

RADIUS

configuring

dead-server detection SC-122

UDP ports SC-119

operation SC-111

radius-server dead-criteria time command SC-123

radius-server dead-criteria tries command SC-123

radius-server deadtime command SC-122

RAs (registration authorities)

See CAs

RFC 2408, ISAKMP SC-19

RFC 2409, The Internet Key Exchange SC-18

RSA (Rivest, Shamir, and Adelman)

encrypted nonces SC-19

keys SC-3

deleting SC-8

signatures SC-19

RSA (Rivest, Shamir, and Adelman) encrypted nonces

IKE policy parameter SC-21

requirements SC-22, SC-23

RSA (Rivest, Shamir, and Adelman) keys

configuring, manually SC-30

generating SC-30

peer configuration SC-32

RSA (Rivest, Shamir, and Adelman) signatures

IKE policy parameter SC-21

requirements SC-22

IKE configuration SC-23

S

SAM (Software Authentication Manager)

description SC-151

SAs (security associations)

lifetimes

configuring SC-29

global values, configuring SC-59

how they work SC-59

IKE policy parameter SC-21

send-lifetime command SC-52

SHA (Secure Hash Algorithm) SC-19

IKE policy parameter SC-21

show key chain command SC-46

show radius dead-criteria host command SC-123

Skeme key exchange protocol SC-19

See also IKE

SSH (Secure Shell)

client

configuring SC-82

DES and 3DES support SC-79

description SC-79

server support SC-79

configuring SC-80

prerequisites, configuring SC-78

restrictions, implementing SC-78

server SC-79

SFTP

overview SC-79

supported versions SC-77

troubleshooting SC-83

SSL (Secure Socket Layer)

configuring SC-89

description SC-87

prerequisites, implementing SC-88

start-time, key chain SC-44