Cisco Catalyst 4503-E Manual page 71
Catalyst 4500 series
Hide thumbs
Also See for Catalyst 4503-E:
- Brochure (2 pages) ,
- Configuration manual (612 pages) ,
- Installation manual (172 pages)
Table of Contents
Advertisement
Cisco Cat4K NDPP ST
EDCS-1228241
TOE SFRs
FIA_UAU_EXT.5
FIA_UAU.6
How the SFR is Met
connected console or remotely through an SSHv2 connection, the
TOE prompts the user for a user name and password. Only after
the administrative user presents the correct authentication
credentials will access to the TOE administrative functionality be
granted. No access is allowed to the administrative functionality
of the TOE until an administrator is successfully identified and
authenticated.
For neighbor routers, which do not have access to the CLI, the
neighbor router must present the correct hashed password prior to
exchanging routing table updates with the TOE. The TOE
authenticates the neighbor router using its supplied password
hash, and the source IP address from the IP packet header. The
supported routing protocols BGPv4, EIGRP, EIGRPv6 for IPv6,
RIPv2, and OSPFv2 use MD5 hashes to authenticate
communications as specified in FCS_COP.1(4).1. For additional
security, router protocol traffic can also be isolated to separate
VLANs.
The TOE can be configured to require local authentication and/or
remote authentication via a RADIUS or TACACS+ server as
defined in the authentication policy for interactive (human) users.
Neighbor routers are authenticated only to passwords stored
locally.
The policy for interactive (human) users (Administrators) can be
authenticated to the local user database, or have redirection to a
remote authentication server. Interfaces can be configured to try
one or more remote authentication servers, and then fail back to
the local user database if the remote authentication servers are
inaccessible.
If the interactive (human) users (Administrators) password is
expired, the user is locked out until the password is reset by the
administrator.
Users changing their passwords are first prompted to enter their
old password. Users are also required to provide their password
when re-establishing a remote session due to a session
termination of inactivity.
The TOE does not provide the capability for an administrator
(level 1) to change their own password. However the
administrator (level 1) can change their password when required
by the TOE (e.g. when expired). At which time the administrator
is required to enter their current password before entering a new
password. System administrators (level 15) can change any
user's password, including their own as required for TOE
71
11 March 2014
Hide quick links:
Advertisement
Table of Contents
