System Security Configuration Guide for Cisco ASR 9000 Series Routers, IOS XR Release 6.7.x

Contents

< - A - B - C - D - E - F - G - H - I - K - L - M - O - P - R - S - T - U - V - X - Z

Index

<

<$nopage>CAs (certification authorities)

<Emphasis>See also<Default Para Font> certificates\ 1

<$nopage>certificates

<Emphasis>See also <italic>CAs\ 1

<$nopage>certification authority interoperability

<I_Italic>See also<Default Para Font> certificates\ 1

<Emphasis>See also <italic>CAs\ 1

<Emphasis>See also<Default Para Font> certificates\ 1

<I_Italic>See also<Default Para Font> certificates\ 1

A

AAA (authentication, authorization, and accounting)

accounting services, enabling 1

authentication 1

authorization, enabling 1

configuring

AAA service restrictions 1

accounting method lists 1

authentication method lists 1

authorization method lists 1

individual users 1

login parameters 1

RADIUS server groups 1

remote AAA 1

router to RADIUS server communication 1

services (examples) 1

TACACS+ server 1

TACACS+ server groups, 1

task groups for task-based authorization 1

user groups 1

database 1

interim accounting records, generating 1

interim accounting records, procedure 1

per VRF (VPN routing and forwarding) 1

per VRF (VPN routing and forwarding) definition 1

router to RADIUS server communication, configuring 1

task-based authorization

task IDs 1

user and group attributes 1

user groups

definition 1

inheritance 1

predefined 1

privilege level mapping as an alternative to task IDs 1

XML schema 1

aaa accounting command 1

aaa accounting update command 1

AAA service restrictions 1

accept-lifetime command 1

accounting method lists 1

accounting records, interim

procedure 1

accounting services, enabling 1

Additional References command 1 2 3 4 5 6 7

admin configure command 1 2

admin-config submode 1 2

See admin configure command 1 2

authenticating 1

authenticating the CA 1

authentication 1

Authentication 1

authentication method lists 1

authentication option 1

authorization method lists 1

authorization, enabling 1

B

benefits 1

broadcast traffic, traffic storm control support 1

C

CA description 1

Call Interception 1

CAs

implementing with 1

implementing without 1

CAs (certification authorities)

authenticating 1

declaring 1

description 1

domain names, configuring (example) 1

host names 1

manual enrollment, how to cut-and-paste 1

RSA (Rivest, Shamir, and Adelman) key pairs

generating 1

supported standards 1

trusted point, configuring 1

certificates 1

requests 1

certification authority interoperability

authenticating the CA 1

CA description 1

configuring

domain names (example) 1

host names (examples) 1

trusted points 1

generating RSA (Rivest, Shamir, and Adelman) key pairs 1

manual enrollment, cutting and pasting 1

requesting certificates from the CA 1

supported standards

Internet Key Exchange (IKE) Security protocol 1

IP Network Security (IPSec) protocol 1

Public-Key Cryptography Standard #10 (PKCS#10) 1

Public-Key Cryptography Standard #7(PKCS#7) 1

RSA (Rivest, Shamir, and Adelman) keys 1

Secure Socket Layer (SSL) protocol 1

X.509v3 certificate 1

clearing 1

clearing drop counters 1

client

configuring 1

description 1

server support 1

clock set command 1

Configuration Example for Inband Management Plane Feature Enablement command 1

Configuration Examples for Configuring AAA Services command 1

Configuration Examples for Implementing Certification Authority Interoperability command 1

Configuration Examples for Implementing Keychain Management command 1

Configuration Examples for Implementing Management Plane Protection command 1

Configuration Examples for Implementing Secure Shell command 1

Configuration Examples for Traffic Storm Control command 1

configuring 1 2 3 4

AAA service restrictions 1

accounting method lists 1

authentication method lists 1

authorization method lists 1

dead-server detection 1

domain names (example) 1

host names (examples) 1

individual users 1

key identifiers 1

key string text 1

login parameters 1

outbound traffic 1

outbound traffic (key chain) 1

RADIUS server groups 1

remote AAA 1

router to RADIUS server communication 1

TACACS+ server 1

TACACS+ server groups, 1

task groups for task-based authorization 1

trusted points 1

UDP ports 1

user groups 1

Configuring

FIPS 1

Configuring AAA Services: Example command 1

Configuring Certification Authority Interoperability: Example command 1

configuring cryptographic algorithm 1

Configuring Keychain Management: Example command 1

Configuring Management Plane Protection: Example command 1

Configuring Secure Shell: Example command 1

Configuring the Inband Management Plane Protection Feature: Example command 1

Configuring Traffic Storm Control on an AC: Example command 1

Configuring Traffic Storm Control on an Access PW: Example command 1

control plane protection 1

control plane protection, MPP

definition 1

CRLs\ 1 2

D

Data Interception 1

database 1

dead-server detection 1

RADIUS 1

radius-server dead-criteria time command 1

radius-server dead-criteria tries command 1

deadtime command 1

declaring 1

defaults 1

definition 1 2 3 4 5 6

deleting 1

description 1 2 3 4 5 6 7 8

device configuration 1

device configuration, MPP 1

Disabling Lawful Intercept 1

domain names (example) 1

domain names, configuring (example) 1

domain names, configuring CA interoperability 1

drop counters 1

drop counters, traffic storm control

clearing 1

description 1

E

enabling on a bridge domain 1

enabling on a PW under a bridge 1

enabling on an AC under a bridge 1

enabling traffic storm control on a bridge domain 1

enabling traffic storm control on an AC 1

enabling traffic storm control on an PW 1

F

Failure 1

FIPS Overview 1

flooding 1

G

generating 1

generating RSA (Rivest, Shamir, and Adelman) key pairs 1

H

hitless key rollover

procedure 1

hitless key rollover, configuring 1

host names 1

host names (examples) 1

host names, configuring CA interoperability (examples) 1

I

Implementing Lawful Intercept, Restrictions 1

implementing with 1

implementing with CAs 1

implementing without 1

implementing without CAs 1

inband 1

inband interface 1

inband management interface, MPP

definition 1

individual users 1

inheritance 1

Intercepting IPv6 Packets Based on Flow ID 1

interim accounting records, generating 1

interim accounting records, procedure 1

Internet Key Exchange (IKE) Security protocol 1

IP Network Security (IPSec) protocol 1

IPSec (IP Network Security Protocol)

CAs

implementing with 1

implementing without 1

IPSec (IPSec Network Security Protocol)

implementing with CAs 1

implementing without CAs 1

IPSec\ 1

K

key (key chain) command 1

key chain

configuring 1

key chain command 1

overview 1

key chain command 1

key chain management

configuring 1

key identifiers 1

key string text 1

outbound traffic 1

description 1

key validation 1

key identifiers 1

key string

key-string command 1

key string text 1

key validation 1

key-string command 1

keyboard-interactive authentication 1

keys

definition 1

deleting 1

L

Lawful Intercept High Availability 1

Lawful Intercept Implementation 1

Lawful Intercept Topology 1

lawful intercept, implementing 1

login parameters 1

M

MAC (message authentication code)

authentication option 1

configuring cryptographic algorithm 1

management interface

inband 1

out-of-band 1

management plane 1

description 1

MPP feature 1

overview 1

manual enrollment, cutting and pasting 1

manual enrollment, how to cut-and-paste 1

MPP (Management Plane Protection)

benefits 1

control plane protection 1

description 1 2

device configuration 1

management interface

inband 1

out-of-band 1

management plane 1

description 1

peer-filtering option 1

MPP feature 1

multicast traffic, traffic storm control support 1

O

operation 1

out-of-band 1

out-of-band interface 1

out-of-band management interface, MPP

definition 1

outbound traffic 1

outbound traffic (key chain) 1

overview 1 2

P

peer keyword

inband interface 1

out-of-band interface 1

peer-filtering option 1

definition 1

peer keyword

inband interface 1

out-of-band interface 1

per VRF (VPN routing and forwarding) 1

per VRF (VPN routing and forwarding) AAA

procedure 1

supported VSAs 1

per VRF (VPN routing and forwarding) definition 1

per VRF AAA 1

predefined 1

prerequisite for traffic storm control 1

prerequisites 1

Prerequisites for Configuring FIPS 1

prerequisites, configuring 1

Preserving TAP and MD Tables 1

privilege level mapping as an alternative to task IDs 1

procedure 1 2 3

Public-Key Cryptography Standard #10 (PKCS#10) 1

Public-Key Cryptography Standard #7(PKCS#7) 1

R

RADIUS 1

configuring

dead-server detection 1

UDP ports 1

operation 1

RADIUS server groups 1

radius-server dead-criteria time command 1

radius-server dead-criteria tries command 1

radius-server deadtime command 1

RAs (registration authorities) 1

RAs[CAs (certification authorities)

zzz] 1

remote AAA 1

Replay Timer 1

requesting certificates from the CA 1

requests 1

restrictions 1 2

restrictions, implementing 1

router to RADIUS server communication 1

router to RADIUS server communication, configuring 1

RSA (Rivest, Shamir, and Adelman)

keys

definition 1

deleting 1

RSA (Rivest, Shamir, and Adelman) key pairs

generating 1

RSA (Rivest, Shamir, and Adelman) keys 1

RSA keys[certificates

zzz] 1

S

SAM (Software Authentication Manager) 1

SAM (Software Authentication Manager) description 1

Secure Socket Layer (SSL) protocol 1

send-lifetime command 1

server 1

server support 1

SFTP (Standard File Transfer Protocol) description 1

show key chain command 1

show radius dead-criteria host command 1

SSH (Secure Shell)

client

3DES support 1

configuring 1

description 1

server support 1

configuring 1

prerequisites 1

prerequisites, configuring 1

restrictions 1

restrictions, implementing 1

server 1

SFTP (Standard File Transfer Protocol) description 1

supported versions 1

troubleshooting 1

supported ports 1

supported standards 1

Internet Key Exchange (IKE) Security protocol 1

IP Network Security (IPSec) protocol 1

Public-Key Cryptography Standard #10 (PKCS#10) 1

Public-Key Cryptography Standard #7(PKCS#7) 1

RSA (Rivest, Shamir, and Adelman) keys 1

Secure Socket Layer (SSL) protocol 1

X.509v3 certificate 1

supported traffic types 1

supported versions 1

supported VSAs 1

T

TACACS+ server 1

TACACS+ server groups, 1

task groups for task-based authorization 1

task IDs 1

task-based authorization

task IDs 1

thresholds 1

traffic storm control

clearing drop counters 1

configuring 1

defaults 1

drop counters 1

enabling on a bridge domain 1

enabling on a PW under a bridge 1

enabling on an AC under a bridge 1

restrictions 1

supported ports 1

supported traffic types 1

thresholds 1

understanding 1

troubleshooting 1

trusted point, configuring 1

trusted points 1

type 6

description 1

Type6, primary key 1 2 3

U

UDP ports 1

understanding 1

unicast traffic, traffic storm control support 1

user and group attributes 1

user groups 1

definition 1

inheritance 1

predefined 1

privilege level mapping as an alternative to task IDs 1

V

VPLS bridge

enabling traffic storm control on a bridge domain 1

enabling traffic storm control on an AC 1

enabling traffic storm control on an PW 1

flooding 1

prerequisite for traffic storm control 1

VSAs (vendor-specific attributes)

per VRF AAA 1

supported VSAs 1

X

X.509v3 certificate 1

XML schema 1

Z

zzz] 1 2