Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipmentCISCO3825
21222324252627282930
© Copyright 2007 Cisco Systems, Inc. 30
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
3 Secure Operation of the Cisco 3825 or 3845 router
The Cisco 3825 and 3845 routers meet all the Level 2 requirements for FIPS 140-2. Follow the
instructions provided below to place the module in FIPS-approved mode. Operating this router
without maintaining the following settings will remove the module from the FIPS approved
mode of operation.
3.1 Initial Setup
1. The Crypto Officer must apply tamper evidence labels as described in Section 2.4 of this
document.
2. The Crypto Officer must disable IOS Password Recovery by executing the following
commands:
configure terminal
no service password-recovery
end
show version
NOTE: Once Password Recovery is disabled, administrative access to the module
without the password will not be possible.
3.2 System Initialization and Configuration
1. The Crypto Officer must perform the initial configuration. IOS version IOS 12.4 (15) T3,
Advanced Security build (advsecurity) is the only allowable image; no other image
should be loaded.
2. The value of the boot field must be 0x0102. This setting disables break from the console
to the ROM monitor and automatically boots the IOS image. From the “configure
terminal” command line, the Crypto Officer enters the following syntax:
config-register 0x0102
3. The Crypto Officer must create the “enable” password for the Crypto Officer role. The
password must be at least 8 characters to include at least one number and one letter and is
entered when the Crypto Officer first engages the “enable” command. The Crypto Officer
enters the following syntax at the “#” prompt:
enable secret [PASSWORD]
4. The Crypto Officer must always assign passwords (of at least 8 characters) to users.
Identification and authentication on the console port is required for Users. From the
“configure terminal” command line, the Crypto Officer enters the following syntax:
line con 0
password [PASSWORD]
login local
5. RADIUS and TACACS+ shared secret key sizes must be at least 8 characters long, and