Cisco IOS XR System Security Configuration Guide, Release 3.3 - Index [Cisco IOS XR Software (End-of-Sale)]

Table Of Contents

A - C - D - E - H - I - K - L - M - N - O - P - R - S -

Index

A

AAA (authentication, authorization, and accounting)

accounting method lists, configuring SC-137

accounting services, enabling SC-142

authentication SC-103

authentication method lists, configuring SC-130

authorization, enabling SC-140

authorization method lists, configuring SC-134

configuration SC-102

database SC-101

login parameters, configuring SC-144

RADIUS server groups, configuring SC-126

remote configuration SC-102

router to RADIUS server communication, configuring SC-118

services, configuration (examples) SC-145

TACACS+ server, configuring SC-124

TACACS+ server groups, configuring SC-128

task-based authorization

task groups SC-100

task IDs SC-106

task groups

configuration SC-112

user and group attributes SC-98

user groups

configuring SC-114

definition SC-99

inheritance SC-99

predefined SC-99

prerequisites SC-97

privilege level mapping SC-109

restrictions SC-97

users, configuring SC-116

XML schema SC-109

accept-lifetime command SC-50

algorithms

See IKE, algorithms

C

CAs (certification authorities)

authenticating SC-10

declaring SC-8

description SC-3, SC-88

domain names, configuring (example) SC-6

host names SC-6

RSA (Rivest, Shamir, and Adelman) key pairs

generating SC-7

supported standards SC-2

trusted point, configuring SC-8

See also certificates; CRLs; IPSec; RAs

certificates SC-3

requests SC-11

See also CAs; CRLs; RSA keys

clock set command SC-151

config-isakmp command mode, enabling SC-29

D

dead-server detection

RADIUS SC-122

radius-server dead-criteria time command SC-123

radius-server dead-criteria tries command SC-123

radius-server deadtime command SC-122

deadtime command SC-127

DES (Data Encryption Standard) SC-19

IKE policy parameter SC-21

domain names

certification authority interoperability, configuring SC-6

E

encrypted nonces

See RSA encrypted nonces

encryption algorithm

See IKE, algorithms

end-time, key chain SC-44

H

hash algorithm

See IKE, algorithms

host names

certification authority interoperability, configuring (examples) SC-6

I

IKE (Internet Key Exchange) security protocol

algorithms

encryption SC-29

hash SC-29

options SC-22

authentication

methods SC-22, SC-29

DH (Diffie-Hellman)

group identifier, specifying SC-29

IKE policy parameter SC-21

enabling and disabling SC-27

extended authentication SC-26

group identifier, specifying SC-29

ISAKMP identity, configuring SC-24

keys

See keys, preshared; keys, preshared using AAA server; RSA keys

mode configuration SC-26

negotiations SC-21

policies

configuring (example) SC-38

identifying SC-29

multiple SC-23

parameters SC-21, SC-22

purpose SC-20

viewing SC-30

policies, configuring SC-28

requirements

RSA encrypted nonces method SC-23

RSA signatures method SC-23

supported standards SC-18

See also IPSec; RSA encrypted nonces; SAs

IPSec (IPSec Network Security Protocol)

CAs

implementing with SC-5

implementing without SC-5

IPSec (IP Security)

checkpointing

configuring SC-62

description SC-60

crypto access lists SC-58

cautions, creating SC-58

creating SC-63

purpose SC-58

crypto profiles SC-56

applying to transport SC-71

applying to tunnel interfaces SC-70

static or dynamic, configuring SC-67

dynamic crypto profiles SC-57

group policy definition

mode configuration SC-66

lifetimes

global, setting SC-60

prerequisites, implementing SC-56

transform sets

defining SC-65

transform sets, description SC-59

IPSec, implementing SC-5

ISAKMP SC-19

See also IKE SC-17

K

key (key chain) command SC-47

key chain

configuration (example) SC-53

configuring SC-44

end-time SC-44

key identifier, configuring SC-46

lifetime SC-44

outbound traffic, configuring SC-51

overview SC-43

start-time SC-44

text, configuring SC-47

valid key, determining SC-49

key chain command SC-45

key identifier, configuring SC-46

keys

mask preshared SC-24

configuring (example) SC-37

preshared

configuring (example) SC-34, SC-38

IKE policy parameter SC-21

preshared using AAA server SC-25

key string, configuring SC-47

key-string command SC-49

key validation, determining SC-49

L

lifetime, key chain SC-44

M

MD5 (Message Digest 5) algorithm SC-19

IKE policy parameter SC-21

N

nonces

See RSA encrypted nonces

O

Oakley key exchange protocol SC-19

See also IKE

outbound traffic (key chain), configuring SC-51

P

preshared keys

See keys, preshared; keys, preshared using AAA server

public key configuration mode, enabling SC-32

R

RADIUS

configuring

dead-server detection SC-122

UDP ports SC-119

operation SC-111

radius-server dead-criteria time command SC-123

radius-server dead-criteria tries command SC-123

radius-server deadtime command SC-122

RAs (registration authorities)

See CAs

RFC 2408, ISAKMP SC-19

RFC 2409, The Internet Key Exchange SC-18

RSA (Rivest, Shamir, and Adelman)

encrypted nonces SC-19

keys SC-3

deleting SC-8

signatures SC-19

RSA (Rivest, Shamir, and Adelman) encrypted nonces

IKE policy parameter SC-21

requirements SC-22, SC-23

RSA (Rivest, Shamir, and Adelman) keys

configuring, manually SC-30

generating SC-30

peer configuration SC-32

RSA (Rivest, Shamir, and Adelman) signatures

IKE policy parameter SC-21

requirements SC-22

IKE configuration SC-23

S

SAM (Software Authentication Manager)

description SC-151

SAs (security associations)

lifetimes

configuring SC-29

global values, configuring SC-59

how they work SC-59

IKE policy parameter SC-21

send-lifetime command SC-52

SHA (Secure Hash Algorithm) SC-19

IKE policy parameter SC-21

show key chain command SC-46

show radius dead-criteria host command SC-123

Skeme key exchange protocol SC-19

See also IKE

SSH (Secure Shell)

client

configuring SC-82

DES and 3DES support SC-79

description SC-79

server support SC-79

configuring SC-80

prerequisites, configuring SC-78

restrictions, implementing SC-78

server SC-79

SFTP

overview SC-79

supported versions SC-77

troubleshooting SC-83

SSL (Secure Socket Layer)

configuring SC-89

description SC-87

prerequisites, implementing SC-88

start-time, key chain SC-44

	Cisco IOS XR System Security Configuration Guide, Release 3.3
	Index
Cisco IOS XR System Security Configuration Guide, Release 3.3 Preface Implementing Certification Authority Interoperability on Cisco IOS XR Software Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software Implementing Key Chain Management on Cisco IOS XR Software Implementing IPSec Network Security on Cisco IOS XR Software Implementing Secure Shell on Cisco IOS XR Software Implementing Secure Socket Layer on Cisco IOS XR Software Configuring AAA Services on Cisco IOS XR Software Configuring Software Authentication Manager on Cisco IOS XR Software Index	Download this chapter Index Download the complete book Book-level PDF: Cisco IOS XR System Security Configuration Guide (PDF - 2 MB) Feedback Table Of Contents A - C - D - E - H - I - K - L - M - N - O - P - R - S - Index A AAA (authentication, authorization, and accounting) accounting method lists, configuring SC-137 accounting services, enabling SC-142 authentication SC-103 authentication method lists, configuring SC-130 authorization, enabling SC-140 authorization method lists, configuring SC-134 configuration SC-102 database SC-101 login parameters, configuring SC-144 RADIUS server groups, configuring SC-126 remote configuration SC-102 router to RADIUS server communication, configuring SC-118 services, configuration (examples) SC-145 TACACS+ server, configuring SC-124 TACACS+ server groups, configuring SC-128 task-based authorization task groups SC-100 task IDs SC-106 task groups configuration SC-112 user and group attributes SC-98 user groups configuring SC-114 definition SC-99 inheritance SC-99 predefined SC-99 prerequisites SC-97 privilege level mapping SC-109 restrictions SC-97 users, configuring SC-116 XML schema SC-109 accept-lifetime command SC-50 algorithms See IKE, algorithms C CAs (certification authorities) authenticating SC-10 declaring SC-8 description SC-3, SC-88 domain names, configuring (example) SC-6 host names SC-6 RSA (Rivest, Shamir, and Adelman) key pairs generating SC-7 supported standards SC-2 trusted point, configuring SC-8 See also certificates; CRLs; IPSec; RAs certificates SC-3 requests SC-11 See also CAs; CRLs; RSA keys clock set command SC-151 config-isakmp command mode, enabling SC-29 D dead-server detection RADIUS SC-122 radius-server dead-criteria time command SC-123 radius-server dead-criteria tries command SC-123 radius-server deadtime command SC-122 deadtime command SC-127 DES (Data Encryption Standard) SC-19 IKE policy parameter SC-21 domain names certification authority interoperability, configuring SC-6 E encrypted nonces See RSA encrypted nonces encryption algorithm See IKE, algorithms end-time, key chain SC-44 H hash algorithm See IKE, algorithms host names certification authority interoperability, configuring (examples) SC-6 I IKE (Internet Key Exchange) security protocol algorithms encryption SC-29 hash SC-29 options SC-22 authentication methods SC-22, SC-29 DH (Diffie-Hellman) group identifier, specifying SC-29 IKE policy parameter SC-21 enabling and disabling SC-27 extended authentication SC-26 group identifier, specifying SC-29 ISAKMP identity, configuring SC-24 keys See keys, preshared; keys, preshared using AAA server; RSA keys mode configuration SC-26 negotiations SC-21 policies configuring (example) SC-38 identifying SC-29 multiple SC-23 parameters SC-21, SC-22 purpose SC-20 viewing SC-30 policies, configuring SC-28 requirements RSA encrypted nonces method SC-23 RSA signatures method SC-23 supported standards SC-18 See also IPSec; RSA encrypted nonces; SAs IPSec (IPSec Network Security Protocol) CAs implementing with SC-5 implementing without SC-5 IPSec (IP Security) checkpointing configuring SC-62 description SC-60 crypto access lists SC-58 cautions, creating SC-58 creating SC-63 purpose SC-58 crypto profiles SC-56 applying to transport SC-71 applying to tunnel interfaces SC-70 static or dynamic, configuring SC-67 dynamic crypto profiles SC-57 group policy definition mode configuration SC-66 lifetimes global, setting SC-60 prerequisites, implementing SC-56 transform sets defining SC-65 transform sets, description SC-59 IPSec, implementing SC-5 ISAKMP SC-19 See also IKE SC-17 K key (key chain) command SC-47 key chain configuration (example) SC-53 configuring SC-44 end-time SC-44 key identifier, configuring SC-46 lifetime SC-44 outbound traffic, configuring SC-51 overview SC-43 start-time SC-44 text, configuring SC-47 valid key, determining SC-49 key chain command SC-45 key identifier, configuring SC-46 keys mask preshared SC-24 configuring (example) SC-37 preshared configuring (example) SC-34, SC-38 IKE policy parameter SC-21 preshared using AAA server SC-25 key string, configuring SC-47 key-string command SC-49 key validation, determining SC-49 L lifetime, key chain SC-44 M MD5 (Message Digest 5) algorithm SC-19 IKE policy parameter SC-21 N nonces See RSA encrypted nonces O Oakley key exchange protocol SC-19 See also IKE outbound traffic (key chain), configuring SC-51 P preshared keys See keys, preshared; keys, preshared using AAA server public key configuration mode, enabling SC-32 R RADIUS configuring dead-server detection SC-122 UDP ports SC-119 operation SC-111 radius-server dead-criteria time command SC-123 radius-server dead-criteria tries command SC-123 radius-server deadtime command SC-122 RAs (registration authorities) See CAs RFC 2408, ISAKMP SC-19 RFC 2409, The Internet Key Exchange SC-18 RSA (Rivest, Shamir, and Adelman) encrypted nonces SC-19 keys SC-3 deleting SC-8 signatures SC-19 RSA (Rivest, Shamir, and Adelman) encrypted nonces IKE policy parameter SC-21 requirements SC-22, SC-23 RSA (Rivest, Shamir, and Adelman) keys configuring, manually SC-30 generating SC-30 peer configuration SC-32 RSA (Rivest, Shamir, and Adelman) signatures IKE policy parameter SC-21 requirements SC-22 IKE configuration SC-23 S SAM (Software Authentication Manager) description SC-151 SAs (security associations) lifetimes configuring SC-29 global values, configuring SC-59 how they work SC-59 IKE policy parameter SC-21 send-lifetime command SC-52 SHA (Secure Hash Algorithm) SC-19 IKE policy parameter SC-21 show key chain command SC-46 show radius dead-criteria host command SC-123 Skeme key exchange protocol SC-19 See also IKE SSH (Secure Shell) client configuring SC-82 DES and 3DES support SC-79 description SC-79 server support SC-79 configuring SC-80 prerequisites, configuring SC-78 restrictions, implementing SC-78 server SC-79 SFTP overview SC-79 supported versions SC-77 troubleshooting SC-83 SSL (Secure Socket Layer) configuring SC-89 description SC-87 prerequisites, implementing SC-88 start-time, key chain SC-44
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks