User Guide
Page 11
...DRAM as above . This key is embedded in the above . This key does not need to validate signatures within IKE. NVRAM (plaintext) Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 11 DRAM (plaintext) The RSA public ... session is related to generate IKE skeyid during preshared-key authentication. NVRAM (plaintext) This key is different from the label in the module binary image and can have two forms based on whether the key is terminated. This label is a public key of the CA. "no CRL exists....
...DRAM as above . This key is embedded in the above . This key does not need to validate signatures within IKE. NVRAM (plaintext) Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 11 DRAM (plaintext) The RSA public ... session is related to generate IKE skeyid during preshared-key authentication. NVRAM (plaintext) This key is different from the label in the module binary image and can have two forms based on whether the key is terminated. This label is a public key of the CA. "no CRL exists....
User Guide
Page 12
... key in DRAM. The router itself to the peer. The authentication key used as an authentication key. However, the algorithm used in the module binary image. A DRAM function uses this password is used in the DRAM and DRAM not zeroized at runtime. DRAM (plaintext) The RSA public key used to be... shared secret is zeroized by overwriting it with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy 12 OL-6262-01 NVRAM (plaintext), DRAM (plaintext) Cisco 2621XM and Cisco 2651XM Modular Access Routers with a new password.
... key in DRAM. The router itself to the peer. The authentication key used as an authentication key. However, the algorithm used in the module binary image. A DRAM function uses this password is used in the DRAM and DRAM not zeroized at runtime. DRAM (plaintext) The RSA public key used to be... shared secret is zeroized by overwriting it with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy 12 OL-6262-01 NVRAM (plaintext), DRAM (plaintext) Cisco 2621XM and Cisco 2651XM Modular Access Routers with a new password.
User Guide
Page 16
...Self-Tests In order to prevent any of self-tests that are functioning correctly. Self-tests performed by a password. HMAC SHA-1 KAT Cisco 2621XM and Cisco 2651XM Modular Access Routers with the CO role that created the keys, and the CO role is allowed. Key Zeroization: All of the... - The pre-shared key is also used with Diffie-Hellman key agreement technique to pass through and no encrypted traffic is protected by the IOS image: • Power-up bypass test - Within the error state, all secure data transmission is symmetric. TDES KAT - AES KAT - Power-up tests...
...Self-Tests In order to prevent any of self-tests that are functioning correctly. Self-tests performed by a password. HMAC SHA-1 KAT Cisco 2621XM and Cisco 2651XM Modular Access Routers with the CO role that created the keys, and the CO role is allowed. Key Zeroization: All of the... - The pre-shared key is also used with Diffie-Hellman key agreement technique to pass through and no encrypted traffic is protected by the IOS image: • Power-up bypass test - Within the error state, all secure data transmission is symmetric. TDES KAT - AES KAT - Power-up tests...
User Guide
Page 18
... use RADIUS or TACACS+ for authentication. The Crypto Officer enters the following algorithms are at least 8 characters) to any IOS image onto the router, this will not be possible. Identification and authentication on the console port is required for authentication is optional....key management method that are allowed in a FIPS 140-2 configuration: - Configuring the module to the ROM monitor and automatically boots the Cisco IOS image. IPSec Requirements and Cryptographic Algorithms • There are two types of algorithms, only the following syntax at least 8 characters and ...
... use RADIUS or TACACS+ for authentication. The Crypto Officer enters the following algorithms are at least 8 characters) to any IOS image onto the router, this will not be possible. Identification and authentication on the console port is required for authentication is optional....key management method that are allowed in a FIPS 140-2 configuration: - Configuring the module to the ROM monitor and automatically boots the Cisco IOS image. IPSec Requirements and Cryptographic Algorithms • There are two types of algorithms, only the following syntax at least 8 characters and ...
Software Configuration Guide
Page 9
C A P P E N D I X INDEX B-12 Using the ROM Monitor C-1 Entering the ROM Monitor Mode C-1 Configure C-1 Verify C-1 ROM Monitor Commands C-2 ROM Monitor Syntax Conventions C-3 Command Descriptions C-3 Debugging Commands C-5 Configuration Register Commands C-5 Using the show rom-monitor Command C-6 Using the upgrade rom-monitor Command C-7 Procedures for Recovering Boot and System Images C-8 Using the xmodem Command C-8 Using the tftpdnld Command C-9 Contents OL-1957-04 Software Configuration Guide For Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers ix
C A P P E N D I X INDEX B-12 Using the ROM Monitor C-1 Entering the ROM Monitor Mode C-1 Configure C-1 Verify C-1 ROM Monitor Commands C-2 ROM Monitor Syntax Conventions C-3 Command Descriptions C-3 Debugging Commands C-5 Configuration Register Commands C-5 Using the show rom-monitor Command C-6 Using the upgrade rom-monitor Command C-7 Procedures for Recovering Boot and System Images C-8 Using the xmodem Command C-8 Using the tftpdnld Command C-9 Contents OL-1957-04 Software Configuration Guide For Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers ix
Software Configuration Guide
Page 38
...point: 0x80008000, size: 0x415b20 Self decompressing the image OK] Restricted Rights Legend Software Configuration Guide for reference only and might cause the router to appear in this time are for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 2-2 OL-1957-04 Using ...Step 1 Power on the rear panel of main memory rommon 1 b f program load complete, entry point: 0x80008000, size: 0xef4e0 Self decompressing the image OK] Notice: NVRAM invalid, possibly due to the following : • Complete the steps in the "Configuring Global Parameters" section on page 2-2....
...point: 0x80008000, size: 0x415b20 Self decompressing the image OK] Restricted Rights Legend Software Configuration Guide for reference only and might cause the router to appear in this time are for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 2-2 OL-1957-04 Using ...Step 1 Power on the rear panel of main memory rommon 1 b f program load complete, entry point: 0x80008000, size: 0xef4e0 Self decompressing the image OK] Notice: NVRAM invalid, possibly due to the following : • Complete the steps in the "Configuring Global Parameters" section on page 2-2....
Software Configuration Guide
Page 39
Compiled Tue 10-Mar-98 14:18 by rnapier Image text-base: 0x80008084, data-base: 0x809CD49C cisco 2611 (MPC860) processor (revision 0x100) with OK? for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 2-3 Default settings are prompted to terminate AutoInstall. AutoInstall is dependent ... a procedure that appears in Technical Data and Computer Software clause at any point you are in subparagraph (c) of Cisco modular router platform. This example shows a Cisco 2600 series router. Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of ...
Compiled Tue 10-Mar-98 14:18 by rnapier Image text-base: 0x80008084, data-base: 0x809CD49C cisco 2611 (MPC860) processor (revision 0x100) with OK? for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 2-3 Default settings are prompted to terminate AutoInstall. AutoInstall is dependent ... a procedure that appears in Technical Data and Computer Software clause at any point you are in subparagraph (c) of Cisco modular router platform. This example shows a Cisco 2600 series router. Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of ...
Software Configuration Guide
Page 40
... Configure bridging? [no to IGRP, you do not specify an enable secret password, with some older software versions, and some boot images. Enter an enable secret password. Enter the virtual terminal password, which prevents unauthenticated access to the router through ports other than the console... 6 Step 7 Step 8 Serial0/1 Serial0/2 unassigned unassigned NO unset up NO unset up down down Enter a host name for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 2-4 OL-1957-04 Enter an enable password that is a password used to protect access to the router over...
... Configure bridging? [no to IGRP, you do not specify an enable secret password, with some older software versions, and some boot images. Enter an enable secret password. Enter the virtual terminal password, which prevents unauthenticated access to the router through ports other than the console... 6 Step 7 Step 8 Serial0/1 Serial0/2 unassigned unassigned NO unset up NO unset up down down Enter a host name for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 2-4 OL-1957-04 Enter an enable password that is a password used to protect access to the router over...
Software Configuration Guide
Page 96
...and AIC CLI permit a broad range of alarm configuration scenarios. Asynchronous Craft Port The asynchronous craft port supports Telnet to recover from a corrupted software image or configuration. For more information, see the "Configuring the NOC IP Address" section on page 3-46. This Telnet method, called local-CLI,...be programmed with either TL1 or the AIC command-line interface (CLI). All IP packets coming to the Cisco router with the Command-Line Interface • SNMP The Cisco IOS software assigns an IP address to the AIC for debugging when remote Telnet to the serial data ...
...and AIC CLI permit a broad range of alarm configuration scenarios. Asynchronous Craft Port The asynchronous craft port supports Telnet to recover from a corrupted software image or configuration. For more information, see the "Configuring the NOC IP Address" section on page 3-46. This Telnet method, called local-CLI,...be programmed with either TL1 or the AIC command-line interface (CLI). All IP packets coming to the Cisco router with the Command-Line Interface • SNMP The Cisco IOS software assigns an IP address to the AIC for debugging when remote Telnet to the serial data ...
Software Configuration Guide
Page 105
... AIC must be reset to check for software upgrade and configuration image transfer. dial-peer cor custom ! ! ! end Troubleshooting Tips If no cdp run the new software. The AIC provides a protected (login required) command for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 3-45 OL-1957-04 Software Configuration Guide for...
... AIC must be reset to check for software upgrade and configuration image transfer. dial-peer cor custom ! ! ! end Troubleshooting Tips If no cdp run the new software. The AIC provides a protected (login required) command for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 3-45 OL-1957-04 Software Configuration Guide for...
Software Configuration Guide
Page 106
... the user, on the external data service unit (DSU) and the type of the TFTP server, and a confirmation. Use the get image command to get command, the user will see the available commands, "g" to get config command. Configuration Examples The following benefits: 3-46 Software...of commands (script) that the configured administrator password is received on the new configuration. The user may enter commands for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers OL-1957-04 to see an AIC Boot]: prompt. Configuring the 1-Port HSSI Network Module Chapter ...
... the user, on the external data service unit (DSU) and the type of the TFTP server, and a confirmation. Use the get image command to get command, the user will see the available commands, "g" to get config command. Configuration Examples The following benefits: 3-46 Software...of commands (script) that the configured administrator password is received on the new configuration. The user may enter commands for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers OL-1957-04 to see an AIC Boot]: prompt. Configuring the 1-Port HSSI Network Module Chapter ...
Software Configuration Guide
Page 181
...at each prompt. Verify To verify that the prompt displayed on or restart the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series router. OL-1957-04 Software Configuration Guide for Recovering Boot and System Images, page C-8 Entering the ROM Monitor Mode To use the ROM monitor to ...Restarts the router. Step 2 Press the Break key during the first 60 seconds while Forces the router to the console port. See the Cisco 2600 Series Cabling and Setup Quick Start Guide for information on connecting the console cable. To enter ROM monitor mode, do the following sections:...
...at each prompt. Verify To verify that the prompt displayed on or restart the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series router. OL-1957-04 Software Configuration Guide for Recovering Boot and System Images, page C-8 Entering the ROM Monitor Mode To use the ROM monitor to ...Restarts the router. Step 2 Press the Break key during the first 60 seconds while Forces the router to the console port. See the Cisco 2600 Series Cabling and Setup Quick Start Guide for information on connecting the console cable. To enter ROM monitor mode, do the following sections:...
Software Configuration Guide
Page 182
... Appendix C Using the ROM Monitor Tip From the Cisco IOS software, you must manually boot the operating system from last system return tftp image download unset an alias unset a monitor variable x/ymodem image download Note You can configure the router to automatically ...set/show/clear the breakpoint configuration register utility continue executing a downloaded image display the context of a loaded image display contents of available commands. Software Configuration Guide for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers C-2 OL-1957-04 From the console, enter...
... Appendix C Using the ROM Monitor Tip From the Cisco IOS software, you must manually boot the operating system from last system return tftp image download unset an alias unset a monitor variable x/ymodem image download Note You can configure the router to automatically ...set/show/clear the breakpoint configuration register utility continue executing a downloaded image display the context of a loaded image display contents of available commands. Software Configuration Guide for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers C-2 OL-1957-04 From the console, enter...
Software Configuration Guide
Page 183
... the term in italics with the interface type you are using: command type interface Command Descriptions This section lists some other Cisco routers. Boots from the boothelper image, because it if you choose: command [abc] • If a minus option is followed by some useful ROM monitor...information. In the following example, the element abc is used to netboot the image named filename. • The Cisco 2600 series router does not have a dedicated boothelper image ([rx]boot) as the default boothelper image anytime the ROM monitor does not recognize the device ID in the boot command...
... the term in italics with the interface type you are using: command type interface Command Descriptions This section lists some other Cisco routers. Boots from the boothelper image, because it if you choose: command [abc] • If a minus option is followed by some useful ROM monitor...information. In the following example, the element abc is used to netboot the image named filename. • The Cisco 2600 series router does not have a dedicated boothelper image ([rx]boot) as the default boothelper image anytime the ROM monitor does not recognize the device ID in the boot command...
Software Configuration Guide
Page 184
... at 0xa000e000, size 32704KB IO (packet) memory size: 25 percent of ROM monitor commands (equivalent to the path where the new ROMMON image is booted again. Provides the same information as the show rom-monitor- help-Displays a summary of main memory. URL refers to ?). ...- Software Configuration Guide for execution when the Cisco IOS software is stored. The following example shows the meminfo command: rommon 9 > meminfo Main memory size: 32 MB. This command isavailable in...
... at 0xa000e000, size 32704KB IO (packet) memory size: 25 percent of ROM monitor commands (equivalent to the path where the new ROMMON image is booted again. Provides the same information as the show rom-monitor- help-Displays a summary of main memory. URL refers to ?). ...- Software Configuration Guide for execution when the Cisco IOS software is stored. The following example shows the meminfo command: rommon 9 > meminfo Main memory size: 32 MB. This command isavailable in...
Software Configuration Guide
Page 185
This information includes the reason for terminating the image, a stack dump of up to alter the contents by itself for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers C-5 For example: rommon 8 > sysret System Return Info: count: 19, reason: a SegV exception pc:0x802b1040, error ...value is written into NVRAM, but is invalid, can display or modify the virtual configuration register from the last booted system image. The value is always interpreted as upgrade rom-monitor preference command in hexadecimal. • confreg [hexnum]-Changes the virtual ...
This information includes the reason for terminating the image, a stack dump of up to alter the contents by itself for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers C-5 For example: rommon 8 > sysret System Return Info: count: 19, reason: a SegV exception pc:0x802b1040, error ...value is written into NVRAM, but is invalid, can display or modify the virtual configuration register from the last booted system image. The value is always interpreted as upgrade rom-monitor preference command in hexadecimal. • confreg [hexnum]-Changes the virtual ...
Software Configuration Guide
Page 186
... Using the show rom-monitor Command Note The show rom-monitor Software Configuration Guide for next boot Router# Following is present in the Cisco IOS exec mode. y/n [n]: enable "ignore system config info"? y/n [n]: y enable "diagnostic mode"? No upgrade ROMMON programmed or ... running ROMMON from ReadOnly region ROMMON from ReadOnly region is selected for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers C-6 OL-1957-04 y/n [n]: y enter to boot: 0 = ROM Monitor 1 = the boot helper image 2-15 = boot system [0]: 0 Configuration Summary enabled are present: Router...
... Using the show rom-monitor Command Note The show rom-monitor Software Configuration Guide for next boot Router# Following is present in the Cisco IOS exec mode. y/n [n]: enable "ignore system config info"? y/n [n]: y enable "diagnostic mode"? No upgrade ROMMON programmed or ... running ROMMON from ReadOnly region ROMMON from ReadOnly region is selected for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers C-6 OL-1957-04 y/n [n]: y enter to boot: 0 = ROM Monitor 1 = the boot helper image 2-15 = boot system [0]: 0 Configuration Summary enabled are present: Router...
Software Configuration Guide
Page 187
... monitor is configured to 64 bit mode with 196608 Kbytes of ROM monitor on where the image is present in the URL. Running new upgrade for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers C-7 Appendix C Using the ROM Monitor Entering the ROM Monitor Mode ReadOnly ... ROMMON version: System Bootstrap, Version 12.2(8r)T1, RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/tac Copyright (c) 2002 by cisco Systems, Inc. Depending on the router by taking the image from 223.255.254.254 (via FastEthernet0/0 OK - 641719/1283072 bytes] This command will reload the...
... monitor is configured to 64 bit mode with 196608 Kbytes of ROM monitor on where the image is present in the URL. Running new upgrade for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers C-7 Appendix C Using the ROM Monitor Entering the ROM Monitor Mode ReadOnly ... ROMMON version: System Bootstrap, Version 12.2(8r)T1, RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/tac Copyright (c) 2002 by cisco Systems, Inc. Depending on the router by taking the image from 223.255.254.254 (via FastEthernet0/0 OK - 641719/1283072 bytes] This command will reload the...
Software Configuration Guide
Page 188
...8r)T1, RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/tac Copyright (c) 2002 by cisco Systems, Inc. Continue? [yes/no longer contains a valid Cisco IOS software image in flash memory, you can recover the Cisco IOS image using one of main memory Main memory is present in the... Cisco IOS Exec mod. The optional parameter filename specifies the source file containing the Cisco IOS image. c3745 processor with 196608 Kbytes...
...8r)T1, RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/tac Copyright (c) 2002 by cisco Systems, Inc. Continue? [yes/no longer contains a valid Cisco IOS software image in flash memory, you can recover the Cisco IOS image using one of main memory Main memory is present in the... Cisco IOS Exec mod. The optional parameter filename specifies the source file containing the Cisco IOS image. c3745 processor with 196608 Kbytes...
Software Configuration Guide
Page 189
...syntax for specifying the variables is 1. WARNING: all existing data in the Cisco 2600 series routers only. y/n: [n]: Enter y to continue? When the process is complete, the ROM monitor mode prompt appears on the image. 0=no, 1=yes. TFTP_SERVER-IP address of the download operation in ... screen. The default is present in flash will be lost! IP_SUBNET_MASK-Subnet mask for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers C-9 The tftpdnld command downloads a Cisco IOS software image from which you are using . - TFTP_FILE-Name of the file that you wish ...
...syntax for specifying the variables is 1. WARNING: all existing data in the Cisco 2600 series routers only. y/n: [n]: Enter y to continue? When the process is complete, the ROM monitor mode prompt appears on the image. 0=no, 1=yes. TFTP_SERVER-IP address of the download operation in ... screen. The default is present in flash will be lost! IP_SUBNET_MASK-Subnet mask for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers C-9 The tftpdnld command downloads a Cisco IOS software image from which you are using . - TFTP_FILE-Name of the file that you wish ...