Cisco IOS XR System Security Configuration Guide, Release 3.3 - Index [Cisco IOS XR Software]

Table Of Contents

A - C - D - E - H - I - K - L - M - N - O - P - R - S -

Index

A

AAA (authentication, authorization, and accounting)

accounting method lists, configuring     SC-137

accounting services, enabling     SC-142

authentication     SC-103

authentication method lists, configuring     SC-130

authorization, enabling     SC-140

authorization method lists, configuring     SC-134

configuration     SC-102

database     SC-101

login parameters, configuring     SC-144

RADIUS server groups, configuring     SC-126

remote configuration     SC-102

router to RADIUS server communication, configuring     SC-118

services, configuration (examples)     SC-145

TACACS+ server, configuring     SC-124

TACACS+ server groups, configuring     SC-128

task-based authorization

task groups     SC-100

task IDs     SC-106

task groups

configuration     SC-112

user and group attributes     SC-98

user groups

configuring     SC-114

definition     SC-99

inheritance     SC-99

predefined     SC-99

prerequisites     SC-97

privilege level mapping     SC-109

restrictions     SC-97

users, configuring     SC-116

XML schema     SC-109

accept-lifetime command     SC-50

algorithms

See IKE, algorithms

C

CAs (certification authorities)

authenticating     SC-10

declaring     SC-8

description     SC-3, SC-88

domain names, configuring (example)     SC-6

host names     SC-6

RSA (Rivest, Shamir, and Adelman) key pairs

generating     SC-7

supported standards     SC-2

trusted point, configuring     SC-8

See also certificates; CRLs; IPSec; RAs

certificates     SC-3

requests     SC-11

See also CAs; CRLs; RSA keys

clock set command     SC-151

config-isakmp command mode, enabling     SC-29

D

dead-server detection

RADIUS     SC-122

radius-server dead-criteria time command     SC-123

radius-server dead-criteria tries command     SC-123

radius-server deadtime command     SC-122

deadtime command     SC-127

DES (Data Encryption Standard)     SC-19

IKE policy parameter     SC-21

domain names

certification authority interoperability, configuring     SC-6

E

encrypted nonces

See RSA encrypted nonces

encryption algorithm

See IKE, algorithms

end-time, key chain     SC-44

H

hash algorithm

See IKE, algorithms

host names

certification authority interoperability, configuring (examples)     SC-6

I

IKE (Internet Key Exchange) security protocol

algorithms

encryption     SC-29

hash     SC-29

options     SC-22

authentication

methods     SC-22, SC-29

DH (Diffie-Hellman)

group identifier, specifying     SC-29

IKE policy parameter     SC-21

enabling and disabling     SC-27

extended authentication     SC-26

group identifier, specifying     SC-29

ISAKMP identity, configuring     SC-24

keys

See keys, preshared; keys, preshared using AAA server; RSA keys

mode configuration     SC-26

negotiations     SC-21

policies

configuring (example)     SC-38

identifying     SC-29

multiple     SC-23

parameters     SC-21, SC-22

purpose     SC-20

viewing     SC-30

policies, configuring     SC-28

requirements

RSA encrypted nonces method     SC-23

RSA signatures method     SC-23

supported standards     SC-18

See also IPSec; RSA encrypted nonces; SAs

IPSec (IPSec Network Security Protocol)

CAs

implementing with     SC-5

implementing without     SC-5

IPSec (IP Security)

checkpointing

configuring     SC-62

description     SC-60

crypto access lists     SC-58

cautions, creating     SC-58

creating     SC-63

purpose     SC-58

crypto profiles     SC-56

applying to transport     SC-71

applying to tunnel interfaces     SC-70

static or dynamic, configuring     SC-67

dynamic crypto profiles     SC-57

group policy definition

mode configuration     SC-66

lifetimes

global, setting     SC-60

prerequisites, implementing     SC-56

transform sets

defining     SC-65

transform sets, description     SC-59

IPSec, implementing     SC-5

ISAKMP     SC-19

See also IKE     SC-17

K

key (key chain) command     SC-47

key chain

configuration (example)     SC-53

configuring     SC-44

end-time     SC-44

key identifier, configuring     SC-46

lifetime     SC-44

outbound traffic, configuring     SC-51

overview     SC-43

start-time     SC-44

text, configuring     SC-47

valid key, determining     SC-49

key chain command     SC-45

key identifier, configuring     SC-46

keys

mask preshared     SC-24

configuring (example)     SC-37

preshared

configuring (example)     SC-34, SC-38

IKE policy parameter     SC-21

preshared using AAA server     SC-25

key string, configuring     SC-47

key-string command     SC-49

key validation, determining     SC-49

L

lifetime, key chain     SC-44

M

MD5 (Message Digest 5) algorithm     SC-19

IKE policy parameter     SC-21

N

nonces

See RSA encrypted nonces

O

Oakley key exchange protocol     SC-19

See also IKE

outbound traffic (key chain), configuring     SC-51

P

preshared keys

See keys, preshared; keys, preshared using AAA server

public key configuration mode, enabling     SC-32

R

RADIUS

configuring

dead-server detection     SC-122

UDP ports     SC-119

operation     SC-111

radius-server dead-criteria time command     SC-123

radius-server dead-criteria tries command     SC-123

radius-server deadtime command     SC-122

RAs (registration authorities)

See CAs

RFC 2408, ISAKMP     SC-19

RFC 2409, The Internet Key Exchange     SC-18

RSA (Rivest, Shamir, and Adelman)

encrypted nonces     SC-19

keys     SC-3

deleting     SC-8

signatures     SC-19

RSA (Rivest, Shamir, and Adelman) encrypted nonces

IKE policy parameter     SC-21

requirements     SC-22, SC-23

RSA (Rivest, Shamir, and Adelman) keys

configuring, manually     SC-30

generating     SC-30

peer configuration     SC-32

RSA (Rivest, Shamir, and Adelman) signatures

IKE policy parameter     SC-21

requirements     SC-22

IKE configuration     SC-23

S

SAM (Software Authentication Manager)

description     SC-151

SAs (security associations)

lifetimes

configuring     SC-29

global values, configuring     SC-59

how they work     SC-59

IKE policy parameter     SC-21

send-lifetime command     SC-52

SHA (Secure Hash Algorithm)     SC-19

IKE policy parameter     SC-21

show key chain command     SC-46

show radius dead-criteria host command     SC-123

Skeme key exchange protocol     SC-19

See also IKE

SSH (Secure Shell)

client

configuring     SC-82

DES and 3DES support     SC-79

description     SC-79

server support     SC-79

configuring     SC-80

prerequisites, configuring     SC-78

restrictions, implementing     SC-78

server     SC-79

SFTP

overview     SC-79

supported versions     SC-77

troubleshooting     SC-83

SSL (Secure Socket Layer)

configuring     SC-89

description     SC-87

prerequisites, implementing     SC-88

start-time, key chain     SC-44

	Cisco IOS XR System Security Configuration Guide, Release 3.3
	Index
Cisco IOS XR System Security Configuration Guide, Release 3.3 Preface Implementing Certification Authority Interoperability on Cisco IOS XR Software Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software Implementing Key Chain Management on Cisco IOS XR Software Implementing IPSec Network Security on Cisco IOS XR Software Implementing Secure Shell on Cisco IOS XR Software Implementing Secure Socket Layer on Cisco IOS XR Software Configuring AAA Services on Cisco IOS XR Software Configuring Software Authentication Manager on Cisco IOS XR Software Index	Download this chapter Index Download the complete book Book-level PDF: Cisco IOS XR System Security Configuration Guide (PDF - 2 MB) Table Of Contents A - C - D - E - H - I - K - L - M - N - O - P - R - S - Index A AAA (authentication, authorization, and accounting) accounting method lists, configuring SC-137 accounting services, enabling SC-142 authentication SC-103 authentication method lists, configuring SC-130 authorization, enabling SC-140 authorization method lists, configuring SC-134 configuration SC-102 database SC-101 login parameters, configuring SC-144 RADIUS server groups, configuring SC-126 remote configuration SC-102 router to RADIUS server communication, configuring SC-118 services, configuration (examples) SC-145 TACACS+ server, configuring SC-124 TACACS+ server groups, configuring SC-128 task-based authorization task groups SC-100 task IDs SC-106 task groups configuration SC-112 user and group attributes SC-98 user groups configuring SC-114 definition SC-99 inheritance SC-99 predefined SC-99 prerequisites SC-97 privilege level mapping SC-109 restrictions SC-97 users, configuring SC-116 XML schema SC-109 accept-lifetime command SC-50 algorithms See IKE, algorithms C CAs (certification authorities) authenticating SC-10 declaring SC-8 description SC-3, SC-88 domain names, configuring (example) SC-6 host names SC-6 RSA (Rivest, Shamir, and Adelman) key pairs generating SC-7 supported standards SC-2 trusted point, configuring SC-8 See also certificates; CRLs; IPSec; RAs certificates SC-3 requests SC-11 See also CAs; CRLs; RSA keys clock set command SC-151 config-isakmp command mode, enabling SC-29 D dead-server detection RADIUS SC-122 radius-server dead-criteria time command SC-123 radius-server dead-criteria tries command SC-123 radius-server deadtime command SC-122 deadtime command SC-127 DES (Data Encryption Standard) SC-19 IKE policy parameter SC-21 domain names certification authority interoperability, configuring SC-6 E encrypted nonces See RSA encrypted nonces encryption algorithm See IKE, algorithms end-time, key chain SC-44 H hash algorithm See IKE, algorithms host names certification authority interoperability, configuring (examples) SC-6 I IKE (Internet Key Exchange) security protocol algorithms encryption SC-29 hash SC-29 options SC-22 authentication methods SC-22, SC-29 DH (Diffie-Hellman) group identifier, specifying SC-29 IKE policy parameter SC-21 enabling and disabling SC-27 extended authentication SC-26 group identifier, specifying SC-29 ISAKMP identity, configuring SC-24 keys See keys, preshared; keys, preshared using AAA server; RSA keys mode configuration SC-26 negotiations SC-21 policies configuring (example) SC-38 identifying SC-29 multiple SC-23 parameters SC-21, SC-22 purpose SC-20 viewing SC-30 policies, configuring SC-28 requirements RSA encrypted nonces method SC-23 RSA signatures method SC-23 supported standards SC-18 See also IPSec; RSA encrypted nonces; SAs IPSec (IPSec Network Security Protocol) CAs implementing with SC-5 implementing without SC-5 IPSec (IP Security) checkpointing configuring SC-62 description SC-60 crypto access lists SC-58 cautions, creating SC-58 creating SC-63 purpose SC-58 crypto profiles SC-56 applying to transport SC-71 applying to tunnel interfaces SC-70 static or dynamic, configuring SC-67 dynamic crypto profiles SC-57 group policy definition mode configuration SC-66 lifetimes global, setting SC-60 prerequisites, implementing SC-56 transform sets defining SC-65 transform sets, description SC-59 IPSec, implementing SC-5 ISAKMP SC-19 See also IKE SC-17 K key (key chain) command SC-47 key chain configuration (example) SC-53 configuring SC-44 end-time SC-44 key identifier, configuring SC-46 lifetime SC-44 outbound traffic, configuring SC-51 overview SC-43 start-time SC-44 text, configuring SC-47 valid key, determining SC-49 key chain command SC-45 key identifier, configuring SC-46 keys mask preshared SC-24 configuring (example) SC-37 preshared configuring (example) SC-34, SC-38 IKE policy parameter SC-21 preshared using AAA server SC-25 key string, configuring SC-47 key-string command SC-49 key validation, determining SC-49 L lifetime, key chain SC-44 M MD5 (Message Digest 5) algorithm SC-19 IKE policy parameter SC-21 N nonces See RSA encrypted nonces O Oakley key exchange protocol SC-19 See also IKE outbound traffic (key chain), configuring SC-51 P preshared keys See keys, preshared; keys, preshared using AAA server public key configuration mode, enabling SC-32 R RADIUS configuring dead-server detection SC-122 UDP ports SC-119 operation SC-111 radius-server dead-criteria time command SC-123 radius-server dead-criteria tries command SC-123 radius-server deadtime command SC-122 RAs (registration authorities) See CAs RFC 2408, ISAKMP SC-19 RFC 2409, The Internet Key Exchange SC-18 RSA (Rivest, Shamir, and Adelman) encrypted nonces SC-19 keys SC-3 deleting SC-8 signatures SC-19 RSA (Rivest, Shamir, and Adelman) encrypted nonces IKE policy parameter SC-21 requirements SC-22, SC-23 RSA (Rivest, Shamir, and Adelman) keys configuring, manually SC-30 generating SC-30 peer configuration SC-32 RSA (Rivest, Shamir, and Adelman) signatures IKE policy parameter SC-21 requirements SC-22 IKE configuration SC-23 S SAM (Software Authentication Manager) description SC-151 SAs (security associations) lifetimes configuring SC-29 global values, configuring SC-59 how they work SC-59 IKE policy parameter SC-21 send-lifetime command SC-52 SHA (Secure Hash Algorithm) SC-19 IKE policy parameter SC-21 show key chain command SC-46 show radius dead-criteria host command SC-123 Skeme key exchange protocol SC-19 See also IKE SSH (Secure Shell) client configuring SC-82 DES and 3DES support SC-79 description SC-79 server support SC-79 configuring SC-80 prerequisites, configuring SC-78 restrictions, implementing SC-78 server SC-79 SFTP overview SC-79 supported versions SC-77 troubleshooting SC-83 SSL (Secure Socket Layer) configuring SC-89 description SC-87 prerequisites, implementing SC-88 start-time, key chain SC-44
	© 1992-2008 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.