hit counter script
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Network Router
  5. ASR 1000 Series
  6. Common criteria operational user guidance and preparative procedures

Routing Protocols; Macsec And Mka Configuration - Cisco ASR 1000 Series Common Criteria Operational User Guidance And Preparative Procedures

Aggregation services router
Hide thumbs Also See for ASR 1000 Series:
Table of Contents

Advertisement

Note: Logging of all traffic hitting the default deny acl can generate a large number of logs, and
a determination should be made whether it is necessary prior to entering this at the end of all
access lists.
To apply the acls to the interfaces:
TOE-common-criteria(config)# interface GigabitEthernet0/0
TOE-common-criteria(config-if)# ip access-group 199 in
TOE-common-criteria(config)# interface GigabitEthernet0/1
TOE-common-criteria(config-if)# ip access-group 100 in
Additional information on creation of packet filtering and VPN information flow policies is
given in Section 4.6.4 below.
The following ACL in the running-configuration can be used to block unknown protocols
(Explicitly permitting and logging specific IPv6 protocols then explicitly denying any other IPv6
packet) -
permit 1 <source> <destination> log
permit 2 <source> <destination> log
permit 3 <source> <destination> log
permit 4 <source> <destination> log
permit 5 <source> <destination> log
permit tcp <source> <destination> log
permit 7 <source> <destination> log
permit 8 <source> <destination> log
!.... continue the ACL entries to include all IPv6 protocol numbers listed in the PP.
deny ipv6 <source> <destination> log
3.3.6

Routing Protocols

The routing protocols are used to maintain routing tables. The routing tables can also be
configured and maintained manually. Refer to the applicable sections in [3] for configuration of
the routing protocols.
3.3.7

MACSEC and MKA Configuration

The detailed steps to configure MKA, configure MACsec and MKA on interfaces are listed in
[24] -
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/macsec/configuration/xe-16/macsec-xe-
16-book/wan-macsec-mka-support-enhance.html#d74e990a1635
Note: For 256-bit encryption, the key-string length will be 64-characters. For 128-bit encryption,
the key-string length will be 32 characters.
Page 26 of 72

Advertisement

Table of Contents
loading

Related Manuals for Cisco ASR 1000 Series

Related Content for Cisco ASR 1000 Series

This manual is also suitable for:

Asr 1001Asr 1002xAsr 1004Asr 1006Asr 1013Asr 1001hx ... Show all

Table of Contents