User Guide
Page 4
... in that the fixed LAN ports do; The 2621XM/2651XM Router Figure 2 Cisco 2621XM and Cisco 2651XM Physical Interfaces WIC slots Cisco 2650 99494 W1 SERIAL 1 CONN SERIAL 0 SEE MANUAL BEFORE INSTALLATION WIC CONN 2A/S SERIAL 1 CONN SERIAL 0 WIC CONN 2T SEE MANUAL BEFORE INSTALLATION W0 Cisco 2650 100-240V- 1A 50/60 Hz 47 W LINK ETHERNET...
... in that the fixed LAN ports do; The 2621XM/2651XM Router Figure 2 Cisco 2621XM and Cisco 2651XM Physical Interfaces WIC slots Cisco 2650 99494 W1 SERIAL 1 CONN SERIAL 0 SEE MANUAL BEFORE INSTALLATION WIC CONN 2A/S SERIAL 1 CONN SERIAL 0 WIC CONN 2T SEE MANUAL BEFORE INSTALLATION W0 Cisco 2650 100-240V- 1A 50/60 Hz 47 W LINK ETHERNET...
User Guide
Page 5
... conveyed by the LEDs on the front panel of the router: Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 5 The 2621XM/2651XM Router Figure 3 Cisco 2621XM and Cisco 2651XM Rear Panel LEDs 100 Mbps LED Link LED 100 ...Mbps LED FDX Link FDX LED LED LED SERIAL 1 CONN SERIAL 0 SEE MANUAL BEFORE INSTALLATION WIC CONN 2A/S 100 Mbps Link W1 FDX 100...
... conveyed by the LEDs on the front panel of the router: Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 5 The 2621XM/2651XM Router Figure 3 Cisco 2621XM and Cisco 2651XM Rear Panel LEDs 100 Mbps LED Link LED 100 ...Mbps LED FDX Link FDX LED LED LED SERIAL 1 CONN SERIAL 0 SEE MANUAL BEFORE INSTALLATION WIC CONN 2A/S 100 Mbps Link W1 FDX 100...
User Guide
Page 7
...shared secrets must each be found in the Performing Basic System Management manual and in the router that operators may assign permission to access the Crypto Officer role to configure and maintain the router using Crypto Officer services, while the Users exercise only the basic...sequence is 1 in order to additional accounts, thereby creating additional Crypto Officers. The 2621XM/2651XM Router Table 3 Cisco 2621XM and Cisco 2651XM FIPS 140-2 Logical Interfaces (continued) Router Physical Interface 10/100BASE-TX LAN Port WIC Interface Network Module Interface LAN Port LEDs 10/100BASE...
...shared secrets must each be found in the Performing Basic System Management manual and in the router that operators may assign permission to access the Crypto Officer role to configure and maintain the router using Crypto Officer services, while the Users exercise only the basic...sequence is 1 in order to additional accounts, thereby creating additional Crypto Officers. The 2621XM/2651XM Router Table 3 Cisco 2621XM and Cisco 2651XM FIPS 140-2 Logical Interfaces (continued) Router Physical Interface 10/100BASE-TX LAN Port WIC Interface Network Module Interface LAN Port LEDs 10/100BASE...
User Guide
Page 8
... logs, and view physical interface status • Manage the router-log off users, shutdown or reload the outer, manually back up router configurations, view complete configurations, manager user rights, and restore router configurations. • Set Encryption/Bypass-set up the configuration... connection establishment, or packet direction. • Status Functions-view the router configuration, routing tables, active sessions, use Gets to the IOS executive program. Cisco 2621XM and Cisco 2651XM Modular Access Routers with a terminal program. The services available to the User role consist...
... logs, and view physical interface status • Manage the router-log off users, shutdown or reload the outer, manually back up router configurations, view complete configurations, manager user rights, and restore router configurations. • Set Encryption/Bypass-set up the configuration... connection establishment, or packet direction. • Status Functions-view the router configuration, routing tables, active sessions, use Gets to the IOS executive program. Cisco 2621XM and Cisco 2651XM Modular Access Routers with a terminal program. The services available to the User role consist...
User Guide
Page 10
...and 3DES (168-bit) IPSec encryption at up to verify that the module has not been tampered. DRAM (plaintext) Cisco 2621XM and Cisco 2651XM Modular Access Routers with self-adhesive backing. The word "OPEN" may be inspected for X9.31 PRNG. This key is the seed...the label was peeled back. The 2621XM/2651XM Router Figure 6 Cisco 2621XM and Cisco 2651XM Tamper Evidence Label Placement W1 SERIAL 1 CONN SERIAL 0 SEE MANUAL BEFORE INSTALLATION WIC CONN 2A/S SERIAL 1 CONN SERIAL 0 WIC CONN 2T SEE MANUAL BEFORE INSTALLATION W0 Cisco 2611 LINK ETHERNET 1 ACT LINK ETHERNET 0 ...
...and 3DES (168-bit) IPSec encryption at up to verify that the module has not been tampered. DRAM (plaintext) Cisco 2621XM and Cisco 2651XM Modular Access Routers with self-adhesive backing. The word "OPEN" may be inspected for X9.31 PRNG. This key is the seed...the label was peeled back. The 2621XM/2651XM Router Figure 6 Cisco 2621XM and Cisco 2651XM Tamper Evidence Label Placement W1 SERIAL 1 CONN SERIAL 0 SEE MANUAL BEFORE INSTALLATION WIC CONN 2A/S SERIAL 1 CONN SERIAL 0 WIC CONN 2T SEE MANUAL BEFORE INSTALLATION W0 Cisco 2611 LINK ETHERNET 1 ACT LINK ETHERNET 0 ...
User Guide
Page 16
... Key Exchange with RSA-signature authentication. Note After the router recovers from being released, it is allowed. Power-up tests - HMAC SHA-1 KAT Cisco 2621XM and Cisco 2651XM Modular Access Routers with that specific tunnel only via the IKE protocol. ...Please refer to the Description column of Table 4 for information on methods to derive DES, 3DES or AES keys. - The 2621XM/2651XM Router The module supports three types of key management schemes: • Manual...
... Key Exchange with RSA-signature authentication. Note After the router recovers from being released, it is allowed. Power-up tests - HMAC SHA-1 KAT Cisco 2621XM and Cisco 2651XM Modular Access Routers with that specific tunnel only via the IKE protocol. ...Please refer to the Description column of Table 4 for information on methods to derive DES, 3DES or AES keys. - The 2621XM/2651XM Router The module supports three types of key management schemes: • Manual...
User Guide
Page 18
... must define RADIUS or TACACS+ shared secret keys that are allowed in FIPS mode: Internet Key Exchange (IKE) and IPSec manually entered keys. • Although the Cisco IOS implementation of IKE allows a number of algorithms, only the following algorithms are at least 8 characters long. • If... Crypto Officer must always assign passwords (of at least 8 characters) to use RADIUS or TACACS+ for authentication. esp-des Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy 18 OL-6262-01 The password must be 0x0102. If the...
... must define RADIUS or TACACS+ shared secret keys that are allowed in FIPS mode: Internet Key Exchange (IKE) and IPSec manually entered keys. • Although the Cisco IOS implementation of IKE allows a number of algorithms, only the following algorithms are at least 8 characters long. • If... Crypto Officer must always assign passwords (of at least 8 characters) to use RADIUS or TACACS+ for authentication. esp-des Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy 18 OL-6262-01 The password must be 0x0102. If the...
Software Configuration Guide
Page 2
...MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. and certain other company. (0201R) Software Configuration Guide for the Cisco 2600 series, Cisco 3600 Series, and Cisco 3700 Series Routers Copyright © 2002, Cisco Systems, Inc. All rights reserved. CISCO... of the word partner does not imply a partnership relationship between Cisco and any other countries. The use of their respective owners. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND...
...MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. and certain other company. (0201R) Software Configuration Guide for the Cisco 2600 series, Cisco 3600 Series, and Cisco 3700 Series Routers Copyright © 2002, Cisco Systems, Inc. All rights reserved. CISCO... of the word partner does not imply a partnership relationship between Cisco and any other countries. The use of their respective owners. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND...
Software Configuration Guide
Page 37
... (for example, Frame Relay, HDLC, X.25, and so on) OL-1957-04 Software Configuration Guide for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 2-1 Determine which network protocols you to enter information needed to configure the router manually or you through a basic configuration, including local-area network (LAN) and wide-area network (WAN...
... (for example, Frame Relay, HDLC, X.25, and so on) OL-1957-04 Software Configuration Guide for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 2-1 Determine which network protocols you to enter information needed to configure the router manually or you through a basic configuration, including local-area network (LAN) and wide-area network (WAN...
Software Configuration Guide
Page 61
.... Software Configuration Guide for the Cisco 3640 Router, page 3-50 • Configuring G.SHDSL on a Cisco Router, page 3-60 • Where to Go Next, page 3-64 Follow the procedures in this chapter to configure the router manually, or if you want to the Cisco IOS configuration guide and command reference... publications. CHAPTER 3 Configuring with your router, on the World Wide Web from Cisco's home page, or you have run the setup command...
.... Software Configuration Guide for the Cisco 3640 Router, page 3-50 • Configuring G.SHDSL on a Cisco Router, page 3-60 • Where to Go Next, page 3-64 Follow the procedures in this chapter to configure the router manually, or if you want to the Cisco IOS configuration guide and command reference... publications. CHAPTER 3 Configuring with your router, on the World Wide Web from Cisco's home page, or you have run the setup command...
Software Configuration Guide
Page 63
... Ethernet interfaces manually by entering Cisco IOS commands on the command line. Chapter 3 Configuring with the Command-Line Interface Configuring 1-Port and 2-Port Ethernet Interfaces Step 2 Using 1888 out of the command output. Timesaver Before you begin configuring the Ethernet interface, make sure you begin , disconnect all WAN cables from the router to...
... Ethernet interfaces manually by entering Cisco IOS commands on the command line. Chapter 3 Configuring with the Command-Line Interface Configuring 1-Port and 2-Port Ethernet Interfaces Step 2 Using 1888 out of the command output. Timesaver Before you begin configuring the Ethernet interface, make sure you begin , disconnect all WAN cables from the router to...
Software Configuration Guide
Page 64
...Router(config-if)# exit Exit back to Router(config-if)#. Enter the password. Step 5 Router(config-if)# ip address 172.16.74.3 Assign the IP address and subnet mask to Router#. Configuring Fast Ethernet Interfaces To configure a Fast Ethernet interface, use configuration mode (manual... cables from trying to configure. Step 4 Router(config)# interface ethernet 0/0 Router(config-if)# Enter the interface configuration mode. In this mode, you : Software Configuration Guide for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 3-4 OL-1957-04 Depending on if there...
...Router(config-if)# exit Exit back to Router(config-if)#. Enter the password. Step 5 Router(config-if)# ip address 172.16.74.3 Assign the IP address and subnet mask to Router#. Configuring Fast Ethernet Interfaces To configure a Fast Ethernet interface, use configuration mode (manual... cables from trying to configure. Step 4 Router(config)# interface ethernet 0/0 Router(config-if)# Enter the interface configuration mode. In this mode, you : Software Configuration Guide for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 3-4 OL-1957-04 Depending on if there...
Software Configuration Guide
Page 65
... interfaces on your asynchronous/synchronous serial network module or WAN interface card manually by entering Cisco IOS commands on both ends and the router does not have previously enabled these protocols as required for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 3-5 You must have a valid configuration file stored in nonvolatile random-access OL...
... interfaces on your asynchronous/synchronous serial network module or WAN interface card manually by entering Cisco IOS commands on both ends and the router does not have previously enabled these protocols as required for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 3-5 You must have a valid configuration file stored in nonvolatile random-access OL...
Software Configuration Guide
Page 69
... a WAN connection on the command line. Router(config)# Step 3 Router# ip routing Router# appletalk routing Router# ipx routing Enable routing protocols as required for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 3-9 The router tries to the router. • Power on the router. It can configure the asynchronous interface manually by entering Cisco IOS commands on both ends and the...
... a WAN connection on the command line. Router(config)# Step 3 Router# ip routing Router# appletalk routing Router# ipx routing Enable routing protocols as required for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 3-9 The router tries to the router. • Power on the router. It can configure the asynchronous interface manually by entering Cisco IOS commands on both ends and the...
Software Configuration Guide
Page 70
... (NVRAM) (for instance, when you need to run the AutoInstall process. Return to your BRI WAN interface card manually by entering Cisco IOS commands on the router. 3-10 Software Configuration Guide for the router to the router. • Power on the command line. This method, called configuration mode, provides the greatest power and flexibility. Configuring...
... (NVRAM) (for instance, when you need to run the AutoInstall process. Return to your BRI WAN interface card manually by entering Cisco IOS commands on the router. 3-10 Software Configuration Guide for the router to the router. • Power on the command line. This method, called configuration mode, provides the greatest power and flexibility. Configuring...
Software Configuration Guide
Page 74
Before you begin , disconnect all WAN cables from the router to keep it from trying to the router. • Power on the router. 3-14 Software Configuration Guide for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers OL-1957-04 The AT&T 5ESS switch type might support...IP routing. Configuring T1 and E1 Interfaces To configure an ISDN PRI interface or T1/E1 multiflex trunk interface, use configuration mode (manual configuration). To define SPIDs and the local directory number (LDN) on configuring ISDN, see the chapters "Configuring ISDN" and "...
Before you begin , disconnect all WAN cables from the router to keep it from trying to the router. • Power on the router. 3-14 Software Configuration Guide for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers OL-1957-04 The AT&T 5ESS switch type might support...IP routing. Configuring T1 and E1 Interfaces To configure an ISDN PRI interface or T1/E1 multiflex trunk interface, use configuration mode (manual configuration). To define SPIDs and the local directory number (LDN) on configuring ISDN, see the chapters "Configuring ISDN" and "...
Software Configuration Guide
Page 78
...)# Ctrl-z Return to Step 3 if your T1 WAN interface card manually by entering Cisco IOS commands on both ends and the router does not have entered enable mode when the prompt changes to determine that you begin , disconnect all speed 64 service-module t1 framing esf.../channel service unit (DSU/CSU) and can configure the interfaces on the router. Enter the password. You can be configured either for full T1 service at 1.544 Mbps or for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers OL-1957-04 Configuring T1 (FT1) WAN Interface Cards Chapter 3 Configuring ...
...)# Ctrl-z Return to Step 3 if your T1 WAN interface card manually by entering Cisco IOS commands on both ends and the router does not have entered enable mode when the prompt changes to determine that you begin , disconnect all speed 64 service-module t1 framing esf.../channel service unit (DSU/CSU) and can configure the interfaces on the router. Enter the password. You can be configured either for full T1 service at 1.544 Mbps or for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers OL-1957-04 Configuring T1 (FT1) WAN Interface Cards Chapter 3 Configuring ...
Software Configuration Guide
Page 80
...interface, you add a new interface). Router(config)# Step 3 Router# ip routing Router# appletalk routing Router# ipx routing Enable routing protocols as part of global configuration. You must use configuration mode (manual configuration). The router tries to the 255.255.255.0 ...Router> enable Enter enable mode. Step 4 Router(config)# interface atm 1/0 Router(config-if)# Enter interface configuration mode. Depending on both ends and the router does not have previously enabled these protocols as required for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers...
...interface, you add a new interface). Router(config)# Step 3 Router# ip routing Router# appletalk routing Router# ipx routing Enable routing protocols as part of global configuration. You must use configuration mode (manual configuration). The router tries to the 255.255.255.0 ...Router> enable Enter enable mode. Step 4 Router(config)# interface atm 1/0 Router(config-if)# Enter interface configuration mode. Depending on both ends and the router does not have previously enabled these protocols as required for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers...
Software Configuration Guide
Page 82
... use configuration mode (manual configuration). You must use ATM commands. 3-22 Software Configuration Guide for ATM Interfaces Chapter 3 Configuring with all WAN cables from trying to run AutoInstall whenever you enter Cisco IOS commands at the router prompt. Configuring Inverse Multiplexing for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers OL-1957-04 Depending...
... use configuration mode (manual configuration). You must use ATM commands. 3-22 Software Configuration Guide for ATM Interfaces Chapter 3 Configuring with all WAN cables from trying to run AutoInstall whenever you enter Cisco IOS commands at the router prompt. Configuring Inverse Multiplexing for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers OL-1957-04 Depending...
Software Configuration Guide
Page 86
...you add a new interface). Configuring Analog Modem Interfaces To configure an analog modem interface, use configuration mode (manual configuration). The router tries to run the AutoInstall process. Enable the IMA group by canceling the shutdown state. Checking the IMA Configuration...for Analog Modem Network Modules publication on the router. 3-26 Software Configuration Guide for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers OL-1957-04 If an interface is down and you enter Cisco IOS commands at the router prompt. Note This section does not describe modem...
...you add a new interface). Configuring Analog Modem Interfaces To configure an analog modem interface, use configuration mode (manual configuration). The router tries to run the AutoInstall process. Enable the IMA group by canceling the shutdown state. Checking the IMA Configuration...for Analog Modem Network Modules publication on the router. 3-26 Software Configuration Guide for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers OL-1957-04 If an interface is down and you enter Cisco IOS commands at the router prompt. Note This section does not describe modem...