Cisco WS-C6509 Podręcznik użytkownika - Strona 23

Przeglądaj online lub pobierz pdf Podręcznik użytkownika dla Sprzęt sieciowy Cisco WS-C6509. Cisco WS-C6509 28 stron. Catalyst 6500 series
Również dla Cisco WS-C6509: Instrukcja aktualizacji (24 strony), Arkusz danych (30 strony)

Drukuj stronę

1. Catalyst 6509 Switch and Cisco 7606 and Cisco 7609 Routers

Table 3

CSP

Number

Table 4

Catalyst 6509 Switch, Cisco 7606 Router, and Cisco 7609 Router with VPN Services Module Certification Note

OL-6334-01

Critical Security Parameters (continued)

Key or CSP Name

Description

authentication key

This key is used by the router to authenticate itself to the

peer. The router or switch gets the password (that is used

as this key) from the AAA server and sends it onto the

peer. The password retrieved from the AAA server is

zeroized upon completion of the authentication attempt.

ssh server key

The RSA public key used in SSH. It is zeroized after the

termination of the SSH session. This key does not need to

be zeroized because it is a public key.

PPP authentication

The authentication key used in PPP. This key is in the

key

DRAM and not zeroized at runtime. To zeroize the key,

you can turn off the switch or the router.

authentication key2 This key is used by the router to authenticate itself to the

peer. The key is identical to key 22 except that it is

retrieved from the local database (on the switch or

router). Issuing the command no username password

zeroizes the password (that is used as this key) from the

local database.

ssh encryption key

This is the SSH session key. It is zeroized when the SSH

session is terminated.

User Password

The password of the user role. This password is zeroized

by overwriting it with a new password.

CO Enable

The plaintext password of the cryptographic officer (CO)

Password

role. This password is zeroized by overwriting it with a

new password.

CO Enable Secret

The ciphertext password of the cryptographic officer

Password

(CO) role. The algorithm used to encrypt this password is

not FIPS approved; this password is considered plaintext

for FIPS purposes. This password is zeroized by

overwriting it with a new password.

Radius shared

The RADIUS shared secret. This shared secret is

secret

zeroized by executing the no form of the RADIUS

shared-secret set command.

TACACS+ shared

The TACACS+ shared secret. This shared secret is

secret

zeroized by executing the no form of the TACACS+

shared-secret set command.

lists the services accessing the CSPs, the type of access and which role accesses the CSPs.

Cryptographic Key Management

Storage

DRAM

(plaintext)

DRAM

(plaintext)

DRAM

(plaintext)

NVRAM

(plaintext)

DRAM

(plaintext)

NVRAM

(plaintext)

NVRAM

(plaintext)

NVRAM

(plaintext)

NVRAM

(plaintext)

DRAM

(plaintext)

NVRAM

(plaintext)

DRAM

(plaintext)