User Guide
Page 2
... to branch offices. "Secure Operation of the Cisco router easily allows interfaces to be found at: http://www.cisco.com/en/US/products/hw/routers/ps221/index.html • For answers to technical or sales related questions please refer to reduce costs. With over 100 Network Modules (NMs) and WAN Interface Cards (WICs), the modular architecture of the...
... to branch offices. "Secure Operation of the Cisco router easily allows interfaces to be found at: http://www.cisco.com/en/US/products/hw/routers/ps221/index.html • For answers to technical or sales related questions please refer to reduce costs. With over 100 Network Modules (NMs) and WAN Interface Cards (WICs), the modular architecture of the...
User Guide
Page 4
... dial concentration, and high-density serial options All Cisco 2600 series routers include an auxiliary port supporting 115Kbps Dial-On-Demand Routing, ideal for data transfers in and out. WICs interface directly with the cryptographic card; WICs cannot perform cryptographic functions; The 10/100Base...security parameters pass through them. The router has two Fast Ethernet (10/100 RJ-45) connectors for back-up WAN connectivity. The physical interfaces include a power plug for remote system access or dial backup using a modem. WAN interface cards support a variety of two slots,...
... dial concentration, and high-density serial options All Cisco 2600 series routers include an auxiliary port supporting 115Kbps Dial-On-Demand Routing, ideal for data transfers in and out. WICs interface directly with the cryptographic card; WICs cannot perform cryptographic functions; The 10/100Base...security parameters pass through them. The router has two Fast Ethernet (10/100 RJ-45) connectors for back-up WAN connectivity. The physical interfaces include a power plug for remote system access or dial backup using a modem. WAN interface cards support a variety of two slots,...
User Guide
Page 8
...executive program. Cisco 2621XM and Cisco 2651XM Modular Access Routers with a terminal program. Each Filter consists of a set of Rules, which define a set from specified IP address. • Change Network Modules-insert and remove modules in the Network Module slot as described in the WAN interface slot as protocol... port with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy 8 OL-6262-01 The rear of this document. • Change WAN Interface Cards-insert and remove WICs in the "Initial Setup" section of the unit provides 1 Network Module slot, 2 WIC slots, on each IP ...
...executive program. Cisco 2621XM and Cisco 2651XM Modular Access Routers with a terminal program. Each Filter consists of a set of Rules, which define a set from specified IP address. • Change Network Modules-insert and remove modules in the Network Module slot as described in the WAN interface slot as protocol... port with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy 8 OL-6262-01 The rear of this document. • Change WAN Interface Cards-insert and remove WICs in the "Initial Setup" section of the unit provides 1 Network Module slot, 2 WIC slots, on each IP ...
User Guide
Page 9
...Security Policy OL-6262-01 9 The temperature of the label covers the enclosure and the other half covers the WAN interface card slot. Place the second label on the router as shown in Figure 6. The tamper evidence label should be placed so that one half of the tamper evidence ... half covers the WAN interface card slot. The tamper evidence label should be placed so that the one half of any grease, dirt, or oil before applying the tamper evidence labels. Any attempt to meet FIPS 140-2 Level 2 requirements, the router cannot be ordered from Cisco. The labels completely cure...
...Security Policy OL-6262-01 9 The temperature of the label covers the enclosure and the other half covers the WAN interface card slot. Place the second label on the router as shown in Figure 6. The tamper evidence label should be placed so that one half of the tamper evidence ... half covers the WAN interface card slot. The tamper evidence label should be placed so that the one half of any grease, dirt, or oil before applying the tamper evidence labels. Any attempt to meet FIPS 140-2 Level 2 requirements, the router cannot be ordered from Cisco. The labels completely cure...
User Guide
Page 13
... Rules and Filters Status Functions Manage the Router Set Encryptions/Bypass Change WAN Interface Cards SRDI/Role/Service Access Policy Security Relevant Data Item CSP 1 r CSP 2 r CSP 3 r CSP 4 r CSP 5 r CSP 6 r CSP 7 r CSP 8 r CSP 9 r CSP 10 r CSP 11 r dr w d r w d r w d r w d r w d r w d r w d r w d r w d r w d r w d Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy...
... Rules and Filters Status Functions Manage the Router Set Encryptions/Bypass Change WAN Interface Cards SRDI/Role/Service Access Policy Security Relevant Data Item CSP 1 r CSP 2 r CSP 3 r CSP 4 r CSP 5 r CSP 6 r CSP 7 r CSP 8 r CSP 9 r CSP 10 r CSP 11 r dr w d r w d r w d r w d r w d r w d r w d r w d r w d r w d r w d Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy...
User Guide
Page 14
... Functions Directory Services Crypto-Officer Role Configure the Router Define Rules and Filters Status Functions Manage the Router Set Encryptions/Bypass Change WAN Interface Cards SRDI/Role/Service Access Policy CSP 12 CSP ...13 CSP 14 CSP 15 CSP 16 CSP 17 CSP 18 CSP 19 CSP 20 CSP 21 CSP 22 CSP 23 r r w d r r w d r r w d r r w d r r w r r w d r r w d r r w d r r w d r r w w d d r r w d r r w d Cisco 2621XM and Cisco 2651XM Modular Access Routers...
... Functions Directory Services Crypto-Officer Role Configure the Router Define Rules and Filters Status Functions Manage the Router Set Encryptions/Bypass Change WAN Interface Cards SRDI/Role/Service Access Policy CSP 12 CSP ...13 CSP 14 CSP 15 CSP 16 CSP 17 CSP 18 CSP 19 CSP 20 CSP 21 CSP 22 CSP 23 r r w d r r w d r r w d r r w d r r w r r w d r r w d r r w d r r w d r r w w d d r r w d r r w d Cisco 2621XM and Cisco 2651XM Modular Access Routers...
User Guide
Page 15
Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 15 Table 5 Role and Service Access to CSPs (continued) The 2621XM/2651XM Router Role/Service User Role Status Functions Network Functions Terminal Functions Directory Services Crypto-Officer Role Configure the Router... Define Rules and Filters Status Functions Manage the Router Set Encryptions/Bypass Change WAN Interface Cards SRDI/Role/Service Access Policy CSP 24 CSP 25 CSP ...
Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 15 Table 5 Role and Service Access to CSPs (continued) The 2621XM/2651XM Router Role/Service User Role Status Functions Network Functions Terminal Functions Directory Services Crypto-Officer Role Configure the Router... Define Rules and Filters Status Functions Manage the Router Set Encryptions/Bypass Change WAN Interface Cards SRDI/Role/Service Access Policy CSP 24 CSP 25 CSP ...
User Guide
Page 17
... • The Crypto Officer must re-apply tamper evidence labels on the router as described in Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers for FIPS 140-2. Continuous random number generator tests Self-tests performed by opening...router and clean the cover of operation. Secure Operation of this document. Initial Setup • The Crypto Officer must re-apply tamper evidence labels on RSA signature - Please refer to place the module in the "Physical Security" section of this document. • Only a Crypto Officer may add and remove WAN Interface Cards...
... • The Crypto Officer must re-apply tamper evidence labels on the router as described in Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers for FIPS 140-2. Continuous random number generator tests Self-tests performed by opening...router and clean the cover of operation. Secure Operation of this document. Initial Setup • The Crypto Officer must re-apply tamper evidence labels on RSA signature - Please refer to place the module in the "Physical Security" section of this document. • Only a Crypto Officer may add and remove WAN Interface Cards...
User Guide
Page 9
... 1 WAN Interface Card Slots 2 2 2 2 2 2 Advanced Integration Module (AIM) Slots 1 1 1 1 1 1 Hardware Features In addition to the interfaces listed in Table 1-1, the routers include the ...following hardware features: • Dynamic random-access memory (DRAM) for main memory and shared memory • Nonvolatile random-access memory (NVRAM) for storing configuration information Overview of Cisco 2600 Series LAN Interfaces Ethernet (10BaseT) 1 2 1 - - - Table 1-1 Model Cisco 2610 Cisco 2611 Cisco 2612 Cisco 2613 Cisco 2620 Cisco...
... 1 WAN Interface Card Slots 2 2 2 2 2 2 Advanced Integration Module (AIM) Slots 1 1 1 1 1 1 Hardware Features In addition to the interfaces listed in Table 1-1, the routers include the ...following hardware features: • Dynamic random-access memory (DRAM) for main memory and shared memory • Nonvolatile random-access memory (NVRAM) for storing configuration information Overview of Cisco 2600 Series LAN Interfaces Ethernet (10BaseT) 1 2 1 - - - Table 1-1 Model Cisco 2610 Cisco 2611 Cisco 2612 Cisco 2613 Cisco 2620 Cisco...
User Guide
Page 12
... W0 Cisco 2611 LINK ETHERNET 1 ACT LINK ETHERNET 0 ACT CONSOLE AUX 100-240V- 1A 50/60 Hz 47 W 10/100BaseT Ethernet 0/0 (RJ-45) Auxiliary port (RJ-45) Console port (RJ-45) Module Interface Specifications In an effort to provide the latest information on network module and WAN interface cards for Cisco 2600 series routers, this...
... W0 Cisco 2611 LINK ETHERNET 1 ACT LINK ETHERNET 0 ACT CONSOLE AUX 100-240V- 1A 50/60 Hz 47 W 10/100BaseT Ethernet 0/0 (RJ-45) Auxiliary port (RJ-45) Console port (RJ-45) Module Interface Specifications In an effort to provide the latest information on network module and WAN interface cards for Cisco 2600 series routers, this...
User Guide
Page 28
...the network module can be installed in the Cisco 2600 series single network module slot. For more information on network modules, see the publication Cisco WAN Interface Cards Hardware Installation Guide. A DCE device provides a... clock signal that communicates over a synchronous serial interface is a DTE or DCE device. (Some devices have a jumper to a Network Serial Connections Serial connections are connecting to the synchronous serial interface • Type of these publications accompanied your router...
...the network module can be installed in the Cisco 2600 series single network module slot. For more information on network modules, see the publication Cisco WAN Interface Cards Hardware Installation Guide. A DCE device provides a... clock signal that communicates over a synchronous serial interface is a DTE or DCE device. (Some devices have a jumper to a Network Serial Connections Serial connections are connecting to the synchronous serial interface • Type of these publications accompanied your router...
User Guide
Page 29
... serial ports available for that has the appropriate connector for the standard you want to connect should indicate the standard used for the router support the following signaling standards: EIA/TIA-232, EIA/TIA-449, V.35, X.21, and EIA-530. You can be ...a shielded cable, contact customer service. Preparing to Install the Router 2-15 The other DCE device. Note All serial ports configured as DTE or DCE depending on a serial WAN interface card. The synchronous serial port can order a Cisco DB-60 shielded serial transition cable that device. Serial Connections...
... serial ports available for that has the appropriate connector for the standard you want to connect should indicate the standard used for the router support the following signaling standards: EIA/TIA-232, EIA/TIA-449, V.35, X.21, and EIA-530. You can be ...a shielded cable, contact customer service. Preparing to Install the Router 2-15 The other DCE device. Note All serial ports configured as DTE or DCE depending on a serial WAN interface card. The synchronous serial port can order a Cisco DB-60 shielded serial transition cable that device. Serial Connections...
User Guide
Page 30
...that accompanied your router, and on Cisco Connection Online. Table 2-2 Rate (bps) 2400 4800 9600 19200 38400 56000 1544000 (T1) Serial Signal Transmission Speeds and Distances EIA/TIA-232 Distance Feet Meters 200 60 100 30 50 15 25 7.6 12 3.7 8.6 2.6 - - Note Only the serial WAN interface card supports bit ... (because of the small size of the pins on the DB-60 serial connector), cable pinouts are provided in the online document Cisco Modular Access Router Cabling Specifications on the Documentation CD-ROM that might arise and can compensate for V.35 is 2 Mbps, but 4 ...
...that accompanied your router, and on Cisco Connection Online. Table 2-2 Rate (bps) 2400 4800 9600 19200 38400 56000 1544000 (T1) Serial Signal Transmission Speeds and Distances EIA/TIA-232 Distance Feet Meters 200 60 100 30 50 15 25 7.6 12 3.7 8.6 2.6 - - Note Only the serial WAN interface card supports bit ... (because of the small size of the pins on the DB-60 serial connector), cable pinouts are provided in the online document Cisco Modular Access Router Cabling Specifications on the Documentation CD-ROM that might arise and can compensate for V.35 is 2 Mbps, but 4 ...
User Guide
Page 35
Figure 2-13 Serial Interface Adapter Cables Router connections H2485 EIA/TIA-232 EIA/TIA-449 V.35 X.21 Network connections at the modem or CSU/DSU EIA-530 Preparing to the DB-60 port on the asynchronous/synchronous serial modules and serial WAN interface card. Serial Connections Figure 2-13 shows the serial transition cables you can connect to Install the Router 2-21
Figure 2-13 Serial Interface Adapter Cables Router connections H2485 EIA/TIA-232 EIA/TIA-449 V.35 X.21 Network connections at the modem or CSU/DSU EIA-530 Preparing to the DB-60 port on the asynchronous/synchronous serial modules and serial WAN interface card. Serial Connections Figure 2-13 shows the serial transition cables you can connect to Install the Router 2-21
User Guide
Page 36
...BRI cable, detach the end away from the router first to a Network ISDN BRI Connections The BRI WAN interface cards provide Integrated Services Digital Network (ISDN) Basic Rate Interface (BRI) connections. The BRI modules and BRI WAN interface cards are available with or open any available slot...the chassis. Also, refer to an ISDN. Use a BRI cable (not included) to connect the BRI WAN interface card directly to the online document Cisco Modular Access Router Cabling Specifications for ISDN BRI cables. Any hardwired connection (other than by a nonremovable, connect-one-time-...
...BRI cable, detach the end away from the router first to a Network ISDN BRI Connections The BRI WAN interface cards provide Integrated Services Digital Network (ISDN) Basic Rate Interface (BRI) connections. The BRI modules and BRI WAN interface cards are available with or open any available slot...the chassis. Also, refer to an ISDN. Use a BRI cable (not included) to connect the BRI WAN interface card directly to the online document Cisco Modular Access Router Cabling Specifications for ISDN BRI cables. Any hardwired connection (other than by a nonremovable, connect-one-time-...
User Guide
Page 37
... ohms/km 30 nF/km 150 ohms 0.024" (0.6 mm) 32.8' (10 m) For more information on BRI WAN interface cards, see the publication Cisco WAN Interface Cards Hardware Installation Guide included in your router package. Preparing to Install the Router 2-23 56K/Switched-56-kbps DSU/CSU Connections Table 2-3 ISDN BRI Cable Specifications Specification...
... ohms/km 30 nF/km 150 ohms 0.024" (0.6 mm) 32.8' (10 m) For more information on BRI WAN interface cards, see the publication Cisco WAN Interface Cards Hardware Installation Guide included in your router package. Preparing to Install the Router 2-23 56K/Switched-56-kbps DSU/CSU Connections Table 2-3 ISDN BRI Cable Specifications Specification...
User Guide
Page 40
... Guide Required Tools and Equipment Required Tools and Equipment Installation might require some tools and equipment that accompanied your router package, and on Cisco Connection Online. Token Ring lobe cable for connection to an Ethernet port (included). - Note For more information... is required unless you are not provided as standard equipment with a network interface card for connection to a Fast Ethernet port (included). - For cable ordering information, see the document Cisco Modular Access Router Cabling Specifications on page ix. • Ethernet 10BaseT hub or...
... Guide Required Tools and Equipment Required Tools and Equipment Installation might require some tools and equipment that accompanied your router package, and on Cisco Connection Online. Token Ring lobe cable for connection to an Ethernet port (included). - Note For more information... is required unless you are not provided as standard equipment with a network interface card for connection to a Fast Ethernet port (included). - For cable ordering information, see the document Cisco Modular Access Router Cabling Specifications on page ix. • Ethernet 10BaseT hub or...
User Guide
Page 62
... to configure DRAM as part of the resulting output, a message similar to the following reasons: • You have upgraded to a new Cisco IOS software feature set or release. • You are using very large routing tables or many protocols (for the CPU. The first number ...access memory (DRAM) on the system card. You can be filled with 28672K/4096K bytes of shared memory, which is used for data transmitted or received by network modules and WAN interface cards, and primary or main memory, which is reserved for example, when the router is set up as a mixture ...
... to configure DRAM as part of the resulting output, a message similar to the following reasons: • You have upgraded to a new Cisco IOS software feature set or release. • You are using very large routing tables or many protocols (for the CPU. The first number ...access memory (DRAM) on the system card. You can be filled with 28672K/4096K bytes of shared memory, which is used for data transmitted or received by network modules and WAN interface cards, and primary or main memory, which is reserved for example, when the router is set up as a mixture ...
Software Configuration Guide
Page 5
... the Modem Configuration 3-28 Configuring Wireless Multipoint Interfaces 3-28 Checking the Interface Configuration 3-29 Configuring 1-Port ADSL WAN Interface Card 3-29 Benefits 3-30 Restrictions 3-30 Prerequisites 3-31 Configuration Tasks 3-31 Configuring the ADSL Port on the ADSL WAN Interface Card 3-31 Verifying ATM Configuration 3-32 Software Configuration Guide For Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers v
... the Modem Configuration 3-28 Configuring Wireless Multipoint Interfaces 3-28 Checking the Interface Configuration 3-29 Configuring 1-Port ADSL WAN Interface Card 3-29 Benefits 3-30 Restrictions 3-30 Prerequisites 3-31 Configuration Tasks 3-31 Configuring the ADSL Port on the ADSL WAN Interface Card 3-31 Verifying ATM Configuration 3-32 Software Configuration Guide For Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers v
Software Configuration Guide
Page 7
... Modem for Dial-In 3-57 Configure the Modem for Dial-Out 3-57 Configuration Example 3-58 Configuring 1-Port G.SHDSL WAN Interface Card 3-58 Restrictions 3-59 Prerequisites 3-59 Configuration Tasks 3-59 Configuring G.SHDSL on a Cisco Router 3-60 Configuring ILMI on the DSLAM Connected to the ADSL WAN 3-62 Verifying ATM Configuration 3-62 Configuration Examples 3-64 Saving...
... Modem for Dial-In 3-57 Configure the Modem for Dial-Out 3-57 Configuration Example 3-58 Configuring 1-Port G.SHDSL WAN Interface Card 3-58 Restrictions 3-59 Prerequisites 3-59 Configuration Tasks 3-59 Configuring G.SHDSL on a Cisco Router 3-60 Configuring ILMI on the DSLAM Connected to the ADSL WAN 3-62 Verifying ATM Configuration 3-62 Configuration Examples 3-64 Saving...
