Filter
Top Products
6
Connection Methods
Some connection methods require additional configuration on the router, as described in Table 4. For the connection methods
that require cryptographic (crypto) set up, see the “Setting Up the Minimum Crypto Requirements” section on page 6.
Setting Up the Minimum Crypto Requirements
This section describes the essential crypto requirements to enable the various secure communication options. If you want to run
CWI in a nonsecure (for example, Telnet- or CORBA-based) environment, this configuration is not required. For more detailed
information, see Cisco IOS XR System Security Configuration Guide.
Setting Up the Minimum Crypto Configuration for SSHv1 or SSHv2
To set up the minimum crypto configuration for SSHv1, use the crypto key generate rsa command in EXEC mode to generate a
RSA key pair. You must accept all prompted defaults. For more detailed information, see Cisco IOS XR System Security
Configuration Guide.
To set up the minimum crypto configuration for SSHv2, use the crypto key generate dsa command in EXEC mode to generate
a DSA key pair. For more detailed information, see Cisco IOS XR System Security Configuration Guide.
Setting Up the Minimum Crypto Configuration for SSL
To set up the minimum crypto configuration for SSL (CORBA, HTTP, or both), perform the following steps:
Step 1 Generate an RSA key pair. Accept all prompted defaults. If the key pair label is not specified, “the_default” is used.
RP/0/RP0/CPU0:router# crypto key generate rsa
Step 2 Configure the certification authority (CA) trust point.
RP/0/RP0/CPU0:router(config)# crypto ca trustpoint ca-name
RP/0/RP0/CPU0:router(config-trustp)# enrollment url ca-URL
RP/0/RP0/CPU0:router(config-trustp)# rsakeypair keypair-label (If your RSA key pair was assigned a label)
RP/0/RP0/CPU0:router(config-trustp)# exit
RP/0/RP0/CPU0:router(config)# commit
The following example shows how to configure the CA trust point:
RP/0/RP0/CPU0:router(config)# crypto ca trustpoint myca
RP/0/RP0/CPU0:router(config-trustp)# enrollment url http://myca/mydomain.com
RP/0/RP0/CPU0:router(config-trustp)# rsakeypair keypair-label
RP/0/RP0/CPU0:router(config-trustp)# exit
RP/0/RP0/CPU0:router(config)# commit
Step 3 Exit configuration mode.
RP/0/RP0/CPU0:router(config)# commit
Table 4 Connection Methods and Requirements
Connection Method
Additional Router
Configuration Command
Manageability PIE
Requirement Crypto Setup Requirement
Serial port — — —
Terminal server (all types) — — —
CLI over Telnet/SSHv1/SSHv2 — — Yes
XML over Telnet xml agent tty Yes —
XML over SSHv1/SSHv2 xml agent tty Yes Yes
XML over CORBA xml agent corba Yes —
XML over CORBA SSL xml agent corba ssl Yes Yes