Cisco ISR 4000 Family Routers Administrator Guidance
Page
29
of
66
4.3
Clock Management
Clock management is restricted to the privileged administrator.
For instructions to set the clock, refer to
[4]
Under Configure
Click on Configuration Guides
Network Management
Click on
Network Management
Configuration Guide Library
Under section
“Basic System Management Configuration Guide”
“Setting Time and Calendar
Services”.
This section contains information on setting the local hardware clock or NTP sources. When
Network Time Protocol (NTP) is configured, the time is synchronized with a NTP server over
NTPv3. NTP runs on UDP, which in turn runs on IP. NTP Version 3 (NTPv3) is documented in
RFC 1305.
4.4
Identification and Authentication
Configuration of Identification and Authentication settings is restricted to the privileged
administrator.
The ISR 4000 Family Routers can be configured to use any of the following authentication
methods:
Remote authentication (RADIUS)
Refer to “Authentication Server Protocols” elsewhere in this document for more
details.
Local authentication (password or SSH public key authentication);
Note: this should only be configured for local fallback if the remote
authentication server is not available.
X.509v3 certificates
Refer to “X.509 Certificates” in Section 4.6.3 below for more details.
4.5
Login Banners
The TOE may be configured by the privileged administrators with banners using the
banner login
command. This banner is displayed before the username and password prompts. To create a banner
of text “This is a banner” use the command
banner login d This is a banner d
where d is the delimiting character. The delimiting character may be any character except ‘?’, and
it must not be part of the banner message.
4.6
Virtual Private Networks (VPN)
4.6.1 IPsec Overview
The TOE allows all privileged administrators to configure Internet Key Exchange (IKE) and
IPSEC policies. IPsec provides the following network security services:
