Cisco Systems Craft Works Interface quick start Connection Methods

Page 6

Connection Methods

Some connection methods require additional configuration on the router, as described in Table 4. For the connection methods that require cryptographic (crypto) set up, see the “Setting Up the Minimum Crypto Requirements” section on page 6.

Table 4

Connection Methods and Requirements

 

 

 

 

 

 

 

 

 

Additional Router

Manageability PIE

 

Connection Method

Configuration Command

Requirement

Crypto Setup Requirement

 

 

 

 

 

Serial port

 

 

 

 

 

Terminal server (all types)

 

 

 

 

CLI over Telnet/SSHv1/SSHv2

Yes

 

 

 

 

XML over Telnet

xml agent tty

Yes

 

 

 

 

XML over SSHv1/SSHv2

xml agent tty

Yes

Yes

 

 

 

 

XML over CORBA

xml agent corba

Yes

 

 

 

 

XML over CORBA SSL

xml agent corba ssl

Yes

Yes

 

 

 

 

 

Setting Up the Minimum Crypto Requirements

This section describes the essential crypto requirements to enable the various secure communication options. If you want to run CWI in a nonsecure (for example, Telnet- or CORBA-based) environment, this configuration is not required. For more detailed information, see Cisco IOS XR System Security Configuration Guide.

Setting Up the Minimum Crypto Configuration for SSHv1 or SSHv2

To set up the minimum crypto configuration for SSHv1, use the crypto key generate rsa command in EXEC mode to generate a RSA key pair. You must accept all prompted defaults. For more detailed information, see Cisco IOS XR System Security Configuration Guide.

To set up the minimum crypto configuration for SSHv2, use the crypto key generate dsa command in EXEC mode to generate a DSA key pair. For more detailed information, see Cisco IOS XR System Security Configuration Guide.

Setting Up the Minimum Crypto Configuration for SSL

To set up the minimum crypto configuration for SSL (CORBA, HTTP, or both), perform the following steps:

Step 1 Generate an RSA key pair. Accept all prompted defaults. If the key pair label is not specified, “the_default” is used.

RP/0/RP0/CPU0:router# crypto key generate rsa

Step 2 Configure the certification authority (CA) trust point.

RP/0/RP0/CPU0:router(config)# crypto ca trustpoint ca-nameRP/0/RP0/CPU0:router(config-trustp)# enrollment url ca-URL

RP/0/RP0/CPU0:router(config-trustp)# rsakeypair keypair-label(If your RSA key pair was assigned a label) RP/0/RP0/CPU0:router(config-trustp)# exit

RP/0/RP0/CPU0:router(config)# commit

The following example shows how to configure the CA trust point:

RP/0/RP0/CPU0:router(config)# crypto ca trustpoint myca

RP/0/RP0/CPU0:router(config-trustp)# enrollment url http://myca/mydomain.com

RP/0/RP0/CPU0:router(config-trustp)# rsakeypair keypair-label

RP/0/RP0/CPU0:router(config-trustp)# exit

RP/0/RP0/CPU0:router(config)# commit

Step 3 Exit configuration mode.

RP/0/RP0/CPU0:router(config)# commit

6

Page 5 Page 7
Image 6
Page 5 Page 7
Contents Cisco Craft Works Interface Quick Start Guide Prerequisites IntroductionAbout CWI Related DocumentationCWI Client System Requirements Router PrerequisitesCWI Client Prerequisites Task Additional InformationConfiguring the Router and CWI Client Hardware RequirementsSoftware Requirements Enabling the Http Server Enabling the Telnet ServerEnabling the SSH Server Setting Up the Minimum Crypto Requirements Setting Up the Minimum Crypto Configuration for SSLConnection Methods Installing, Launching, and Uninstalling CWI Installing CWIScripted Login Capability Overview Launching CWILaunching CWI Without Using the Device Tree CWI Login WindowLaunching CWI from the Device Tree Adding or Editing a Device Adding or Editing a Device Group Page Progress Window Specifying the User Login Script Field DescriptionClosing CWI Wait For SendGetting Started with the Operation of CWI Uninstalling CWIInstalling and Accessing Online Help Click CloseCapabilities of the CWI Desktop Understanding the Admin Planes and Device PlanesConfiguring a Router with CWI Node Application InventoryCWI Desktop Window Element DescriptionApplication Description CWI DesktopReference Information Network ConsiderationsType Function Login Modes and Requirements Component Port DirectionMode Description CWI Supported Connection Methods and ApplicationsTesting the CWI Client Troubleshooting Basic IP ConnectivityTelnet/SSH, or Corba Cisco Product Security Overview Obtaining DocumentationDocumentation Feedback Cisco.comReporting Security Problems in Cisco Products Product Alerts and Field NoticesObtaining Technical Assistance Submitting a Service Request Definitions of Service Request SeverityCisco Technical Support & Documentation Website Obtaining Additional Publications and Information Page Page USA
Top Page Image Contents