Description: This document describes how you commission a LANCOM router from the Common Criteria range of products using the CC Start-up Wizard from LANconfig. Requirements: A LANCOM router from the Common Criteria product range LANCOM CC Start-up Kit LCOS 8.70 CC (download) LANconfig (download) LANmonitor (download) Procedure: 1) Preparations: 1.1) First of all, download the certified firmware for your LANCOM CC router. 1.2) In addition, you will need the corresponding SHA-256 checksum. The checksums are listed in the table below. Please use the BSI certificate reports for an independent check that the information is correct. 1.3) Ensure that the USB card reader is properly connected to the configuration computer. In order to generate random numbers, the smartcard included in the scope of delivery of the LANCOM CC Start-up Kit has to be inserted into the USB card reader. Alternatively, you can use also a new ID card (nPA – Germany only) instead of the smart card. 1.4) To run the wizard, your PC must be directly connected to the router by serial cable and via LAN (without intermediary infrastructure) for SSH key generation to work. No other connections (Internet, LAN, WLAN, UMTS, etc.) are permitted. 2) Commissioning with the CC Start-up Wizard 2.1) There are various different ways to start the wizard. Either after LANconfig automatically discovers the device, or manually, you can click on Tools-> Start CC Start-up wizard... . 2.2) You specify the necessary settings in the drop-down menus and input fields. COM port Select the COM port used for the connection to the LANCOM CC router. To find out which COM ports Windows uses, navigate to the Device Manager and access the item Ports (COM & LPT). Firmware Specify the location of the firmware file here. Checksum Here you enter the checksum for the firmware as taken from the BSI certificate report. Configuration Here, you select whether the device is to be configured from scratch or whether a configuration is already available in the form of a script or configuration file. Device name Enter the new device name for the LANCOM CC router. This box is grayed out if a script or configuration file has been selected. IP address In this field you give the device a unique IP address where it is to be available after commissioning. This box is grayed out if a script or configuration file has been selected. IP mask Enter the subnet mask appropriate for your IP address. This box is grayed out if a script or configuration file has been selected. Password You set the password for the LANCOM CC router here. The minimum length for the password is 8 characters and it must include uppercase and lowercase letters, numbers, and special characters. If you activate the Show check box, the password will be displayed in plain text and you do not have to enter it twice. This box is grayed out if a script or configuration file has been selected. Repeat Repeat the password here. This box is grayed out if a script or configuration file has been selected. Seed A highly secure seed has to be entered in order to initialize the random number generator. Ensure that USB card reader is properly connected to the configuration computer. In order to generate random numbers, the smartcard included in the scope of delivery of the LANCOM CC Start-up Kit has to be inserted into the USB card reader. This creates a secure random number, which is ready for upload to the device. Alternatively, you can use also a new ID card (nPA – Germany only) instead of the smart card. SSH key For CC-compliant operation, every LANCOM CC device requires its own SSH host key. Here you have the option of using the wizard to create a new SSH key, or of selecting your own SSH key for upload. The configuration computer must have a static IP address from the network of the LANCOM CC router, otherwise you cannot upload the SSH key. Config file If you activated the item Existing configuration or script file, enter the location of the corresponding file here. This item is only visible if the appropriate option was selected. The validity of your entries is displayed by the status in the right margin, next to the corresponding menu items. A green square shows a valid entry, a red square an invalid one. 2.3) Press the Start button and the wizard will transfer the specified information to the device. From the status display you can see which item is currently being edited, and a green checkmark shows you which items have been set successfully. 2.4) After successfully completing the CC Start-up Wizard, further wizards are available for you to continue with the configuration of your device, such as for the basic configuration, setting up Internet access, or VPN CC.