Cisco IOS XR System Security Configuration Guide for the Cisco XR 12000 Series Router
Downloads: This chapterpdf (PDF - 379.0 KB) The complete bookPDF (PDF - 3.58 MB) | Feedback


Table Of Contents

A - C - D - I - L - M - O - P - R - S - V -



AAA (authentication, authorization, and accounting)

accounting services, enabling SC-52

authentication SC-9

authorization, enabling SC-50


AAA service restrictions SC-3

accounting method lists SC-45

authentication method lists SC-39

authorization method lists SC-41

individual users SC-22

login parameters SC-54

RADIUS server groups SC-35

remote AAA SC-8

router to RADIUS server communication SC-24

services (examples) SC-55

TACACS+ server SC-32

TACACS+ server groups, SC-37

task groups for task-based authorization SC-18

user groups SC-20

database SC-7

interim accounting records, generating SC-47

per VRF (VPN routing and forwarding) definition SC-30

task-based authorization

task groups, definition SC-6

task IDs SC-12

user and group attributes SC-4

user groups

definition SC-5

inheritance SC-5

predefined SC-5

privilege level mapping as an alternative to task IDs SC-15

XML schema SC-15

aaa accounting command SC-47

aaa accounting update command SC-47

address ipv4 (MPP) command SC-93

address ipv6 (MPP) command SC-96

allow command SC-93, SC-96


CAs (certification authorities)

description SC-120

See also certificates; CRLs; IPSec; RAs

certification authority interoperability

See also certificates; CRLs; IPSec; RAs

authenticating the CA SC-69

CA description SC-61


domain names (example) SC-64

host names (examples) SC-64

trusted points SC-67

description SC-120

generating RSA (Rivest, Shamir, and Adelman) key pairs SC-65

manual enrollment, cutting and pasting SC-71

requesting certificates from the CA SC-70

supported standards

Internet Key Exchange (IKE) Security protocol SC-61

IP Network Security (IPSec) protocol SC-61

Public-Key Cryptography Standard #10 (PKCS#10) SC-61

Public-Key Cryptography Standard #7(PKCS#7) SC-61

RSA (Rivest, Shamir, and Adelman) keys SC-61

Secure Socket Layer (SSL) protocol SC-61

X.509v3 certificate SC-61

clock set command SC-103

control-plane command SC-93

control plane protection, MPP

definition SC-91


deadtime command SC-36


inband management interface, MPP

allow command SC-93

definition SC-91

inband command SC-93

interface command SC-93

IPSec (IP Network Security Protocol)


implementing with SC-63

implementing without SC-63


lawful intercept, implementing SC-77


management plane

MPP feature SC-92

management-plane command SC-93

MPP (Management Plane Protection)

benefits SC-92

control plane protection SC-91

description SC-89, SC-92

device configuration SC-93

management interface

inband SC-91

out-of-band SC-91

management plane

description SC-91

peer-filtering option SC-91


out-of-band command SC-96

out-of-band management interface, MPP

definition SC-91


peer-filtering option

definition SC-91

peer keyword

inband interface SC-94

out-of-band interface SC-97

per VRF (VPN routing and forwarding) AAA

procedure SC-30

server-private command SC-31

supported VSAs SC-30




dead-server detection SC-28

UDP ports SC-25

operation SC-17

radius-server dead-criteria time command SC-29

radius-server dead-criteria tries command SC-29

radius-server deadtime command SC-28

RAs (registration authorities)

See CAs

RSA (Rivest, Shamir, and Adelman)


deleting SC-66


SAM (Software Authentication Manager) description SC-103

server-private command SC-31, SC-35

show mgmt-plane command SC-93

show radius dead-criteria host command SC-29

SSH (Secure Shell)


3DES support SC-110

configuring SC-115

description SC-110

server support SC-110

configuring SC-112

prerequisites SC-108

restrictions SC-108

server SC-109

SFTP (Standard File Transfer Protocol) description SC-110

supported versions SC-107

troubleshooting SC-116

SSL (Secure Socket Layer)

configuring SC-121

description SC-119

prerequisites SC-120


vrf (AAA) command SC-31

vrf (MPP) command SC-96

VSAs (vendor-specific attributes)

per VRF AAA SC-30

supported VSAs SC-30