Cisco Cisco Packet Data Gateway (PDG) Guia Do Administrador
System Security
▀ Per-Chassis Key Identifier
▄ Cisco ASR 5000 System Administration Guide
110
Selectable Password/Secrets Encryption Algorithm
An administrator can specify the type of encryption algorithm to be used for passwords and secrets. The default
algorithm will be the MD5-based cipher (algorithm “A”) described above. Another option specifies the use of AES-
CBC-128 for encryption and HMAC-SHA1 for authentication (algorithm “B”).
algorithm will be the MD5-based cipher (algorithm “A”) described above. Another option specifies the use of AES-
CBC-128 for encryption and HMAC-SHA1 for authentication (algorithm “B”).
Use the Global Configuration mode cli-encrypt-algorithm command to specify the desired encryption algorithm – A
(default) or B. For additional information, refer to the Command Line Interface Reference.
(default) or B. For additional information, refer to the Command Line Interface Reference.
Support for ICSR Configurations
Inter-Chassis Session Recovery (ICSR) is a redundancy configuration that employs two identically configured ASR
5x00 chassis as a redundant pair.
5x00 chassis as a redundant pair.
ICSR chassis share the same chassis key. If the ISCR detects that the two chassis have incompatible chassis keys, an
error message is logged but the ICSR system will continue to run. Without the matching chassis key, the standby ICSR
chassis can recover services if the active chassis goes out of service; the standby chassis will still have access to the
passwords in their decrypted form.
error message is logged but the ICSR system will continue to run. Without the matching chassis key, the standby ICSR
chassis can recover services if the active chassis goes out of service; the standby chassis will still have access to the
passwords in their decrypted form.
ICSR chassis use Service Redundancy Protocol (SRP) to periodically check to see if the redundancy configuration
matches with either decrypted passwords or DES-based two-way encryption strings. Since the configuration is
generated internally to the software, users are not able to access the configuration used to check ICSR compatibility.
matches with either decrypted passwords or DES-based two-way encryption strings. Since the configuration is
generated internally to the software, users are not able to access the configuration used to check ICSR compatibility.