User Guide
Page 2
...• Module Software Listing • Other supporting documentation as the routers, the modules, or the systems. Document Organization The Security Policy document is releasable only under appropriate non-disclosure agreements. "Secure Operation of the Cisco 2621XM/2651XM Router" specifically addresses the required...Non-Proprietary Security Policy, the FIPS 140-2 Validation Submission Documentation is Cisco-proprietary and is part of operation. The 2621XM/2651XM Router References This document deals only with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy 2 OL-6262-01 ...
...• Module Software Listing • Other supporting documentation as the routers, the modules, or the systems. Document Organization The Security Policy document is releasable only under appropriate non-disclosure agreements. "Secure Operation of the Cisco 2621XM/2651XM Router" specifically addresses the required...Non-Proprietary Security Policy, the FIPS 140-2 Validation Submission Documentation is Cisco-proprietary and is part of operation. The 2621XM/2651XM Router References This document deals only with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy 2 OL-6262-01 ...
User Guide
Page 11
These keys are expired either when CRL (certificate revocation list) expires or 5 secs after DRAM generating those keys. ...new public key structure is the same DRAM as above key. NVRAM (plaintext) Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 11 The zeroization is...the same mechanism as above DRAM (plaintext) The IKE session encrypt key. NVRAM (plaintext) The IPSec encryption key. The 2621XM/2651XM Router Table 4 Critical Security Parameters (continued) 4 CSP 4 5 CSP 5 6 CSP 6 7 CSP 7 8 CSP 8 9 CSP ...
These keys are expired either when CRL (certificate revocation list) expires or 5 secs after DRAM generating those keys. ...new public key structure is the same DRAM as above key. NVRAM (plaintext) Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 11 The zeroization is...the same mechanism as above DRAM (plaintext) The IKE session encrypt key. NVRAM (plaintext) The IPSec encryption key. The 2621XM/2651XM Router Table 4 Critical Security Parameters (continued) 4 CSP 4 5 CSP 5 6 CSP 6 7 CSP 7 8 CSP 8 9 CSP ...
User Guide
Page 13
... Rules and Filters Status Functions Manage the Router Set Encryptions/Bypass Change WAN Interface Cards SRDI/Role/Service Access Policy Security Relevant Data Item CSP 1 r CSP 2 r CSP 3 r CSP 4 r CSP 5 r CSP 6 r CSP 7 r CSP 8 r CSP 9 r CSP 10 r CSP 11 r dr w d r w d r w d r w d r w d r w d r w d r w d r w d r w d r w d Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security...
... Rules and Filters Status Functions Manage the Router Set Encryptions/Bypass Change WAN Interface Cards SRDI/Role/Service Access Policy Security Relevant Data Item CSP 1 r CSP 2 r CSP 3 r CSP 4 r CSP 5 r CSP 6 r CSP 7 r CSP 8 r CSP 9 r CSP 10 r CSP 11 r dr w d r w d r w d r w d r w d r w d r w d r w d r w d r w d r w d Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security...
User Guide
Page 21
...704 55 55 USA: 1 800 553 2447 For a complete list of an existing network is located at this URL: http://www.cisco.com/techsupport/servicerequest For S1 or S2 service requests or if ...VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 21 Severity 3 (S3)-Operational performance of Service Request Severity To ensure that all tools on your business operations. You and Cisco... valid service contract but most business operations remain functional. Cisco 2621XM and Cisco 2651XM Modular Access Routers with Cisco products and technologies. There is the fastest way to open...
...704 55 55 USA: 1 800 553 2447 For a complete list of an existing network is located at this URL: http://www.cisco.com/techsupport/servicerequest For S1 or S2 service requests or if ...VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 21 Severity 3 (S3)-Operational performance of Service Request Severity To ensure that all tools on your business operations. You and Cisco... valid service contract but most business operations remain functional. Cisco 2621XM and Cisco 2651XM Modular Access Routers with Cisco products and technologies. There is the fastest way to open...
User Guide
Page 23
...0711R) Cisco 2621XM and Cisco 2651XM Modular Access Routers with the documents listed in conjunction with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 23 The use this information for product evaluation purposes only. CCVP, the Cisco logo,... Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, ...
...0711R) Cisco 2621XM and Cisco 2651XM Modular Access Routers with the documents listed in conjunction with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 23 The use this information for product evaluation purposes only. CCVP, the Cisco logo,... Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, ...
Software Configuration Guide
Page 21
..., including interface numbering and what you begin to use the Cisco IOS software commands. Table 1-1 lists the router models and summarizes the interfaces supported on a Cisco 2600 series router is identified by a slot number and a unit number. It also describes how to configure your router. Cisco 2600 Series Interface Numbering Each network interface on each model that...
..., including interface numbering and what you begin to use the Cisco IOS software commands. Table 1-1 lists the router models and summarizes the interfaces supported on a Cisco 2600 series router is identified by a slot number and a unit number. It also describes how to configure your router. Cisco 2600 Series Interface Numbering Each network interface on each model that...
Software Configuration Guide
Page 33
... for each command mode. Table 1-2 lists the most common command modes. Each command mode permits you begin to use the CLI. Entering a question mark (?) at any given time depend on your router. Understanding Command Modes The Cisco IOS user interface is divided into different... modes. The commands available at the prompt displays a list of command variables, enter the command followed by a question mark (with Cisco IOS software, proceed to Chapter 2, "Using...
... for each command mode. Table 1-2 lists the most common command modes. Each command mode permits you begin to use the CLI. Entering a question mark (?) at any given time depend on your router. Understanding Command Modes The Cisco IOS user interface is divided into different... modes. The commands available at the prompt displays a list of command variables, enter the command followed by a question mark (with Cisco IOS software, proceed to Chapter 2, "Using...
Software Configuration Guide
Page 34
... you are having trouble entering a command, check the prompt, and enter the question mark (?) for example, no before most commands; for a list of commands. To exit to the previous mode. If you to user EXEC mode, use the disable, exit, or logout command. Timesaver Each ... mode restricts you entered or disable a feature, enter the keyword no ip routing. 1-14 Software Configuration Guide For Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers OL-1957-04 In the following example, notice how the prompt changes after each command to a subset of available ...
... you are having trouble entering a command, check the prompt, and enter the question mark (?) for example, no before most commands; for a list of commands. To exit to the previous mode. If you to user EXEC mode, use the disable, exit, or logout command. Timesaver Each ... mode restricts you entered or disable a feature, enter the keyword no ip routing. 1-14 Software Configuration Guide For Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers OL-1957-04 In the following example, notice how the prompt changes after each command to a subset of available ...
Software Configuration Guide
Page 35
... -config startup-config Building configuration... After the configuration has been saved, the following appears: [OK] Router# Upgrading to a New Cisco IOS Release To install or upgrade to a new Cisco IOS release, refer to nonvolatile random-access memory (NVRAM), so the changes are not lost if there... is a system reload or power outage. Remember that you to Go Next Now that : • You can begin configuring the router. for a list of commands. Proceed ...
... -config startup-config Building configuration... After the configuration has been saved, the following appears: [OK] Router# Upgrading to a New Cisco IOS Release To install or upgrade to a new Cisco IOS release, refer to nonvolatile random-access memory (NVRAM), so the changes are not lost if there... is a system reload or power outage. Remember that you to Go Next Now that : • You can begin configuring the router. for a list of commands. Proceed ...
Software Configuration Guide
Page 39
... Commercial Computer Software - Processor board ID 04614954 M860 processor, part number 0 mask 32 Bridging software. This example shows a Cisco 2600 series router. Step 3 When the following message appears, enter yes to begin the initial configuration dialog: Would you like to see the...data-base: 0x809CD49C cisco 2611 (MPC860) processor (revision 0x100) with OK? Note The interface numbering that configures a new router based on the type of an existing router. Default settings are prompted to see the current interface summary? [yes]: Any interface listed with 24576K/8192K ...
... Commercial Computer Software - Processor board ID 04614954 M860 processor, part number 0 mask 32 Bridging software. This example shows a Cisco 2600 series router. Step 3 When the following message appears, enter yes to begin the initial configuration dialog: Would you like to see the...data-base: 0x809CD49C cisco 2611 (MPC860) processor (revision 0x100) with OK? Note The interface numbering that configures a new router based on the type of an existing router. Default settings are prompted to see the current interface summary? [yes]: Any interface listed with 24576K/8192K ...
Software Configuration Guide
Page 51
... provider to provider and from your ISDN BRI service provider, you must tell the provider what you should order for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 2-15 ISDN BRI Provisioning by the ISDN BRI line. Choose from either in dce/dte mode. Although provisioning is ...• If the router will need to map the remote x.25 station's x25 address to the remote stations IP/IPX address Do you want to map the remote machine's x25 address to IP address? [yes]: IP address for the remote interface: 6.0.0.1 Do you want . Table 2-2 lists the provisioning you want...
... provider to provider and from your ISDN BRI service provider, you must tell the provider what you should order for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 2-15 ISDN BRI Provisioning by the ISDN BRI line. Choose from either in dce/dte mode. Although provisioning is ...• If the router will need to map the remote x.25 station's x25 address to the remote stations IP/IPX address Do you want to map the remote machine's x25 address to IP address? [yes]: IP address for the remote interface: 6.0.0.1 Do you want . Table 2-2 lists the provisioning you want...
Software Configuration Guide
Page 66
...interface configuration mode when the prompt changes to Router#. Step 8 Router(config-if)# async mode dedicated Router(config-if)# async default routing Configure asynchronous parameters according to Router(config)#. See Table 3-1 for a list of global configuration. It can take several ...your needs. Router(config)# Step 3 Router# ip routing Router# appletalk routing Router# ipx routing Enable routing protocols as synchronous. Enter this example, AppleTalk and IPX are initially configured as required for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 3-6 OL-...
...interface configuration mode when the prompt changes to Router#. Step 8 Router(config-if)# async mode dedicated Router(config-if)# async default routing Configure asynchronous parameters according to Router(config)#. See Table 3-1 for a list of global configuration. It can take several ...your needs. Router(config)# Step 3 Router# ip routing Router# appletalk routing Router# ipx routing Enable routing protocols as synchronous. Enter this example, AppleTalk and IPX are initially configured as required for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 3-6 OL-...
Software Configuration Guide
Page 71
..., you must have entered interface configuration mode when the prompt changes to shared memory (used for a list of an IP address. If you are configuring this router for voice, enter the switch type instead of ISDN switch types. If you are configuring this interface for...) routing. Assign the IP address and subnet mask to Router(config)#. In this setting for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 3-11 If your router includes 16 or more than one per line. Router(config)# Step 3 Router(config)# isdn switch-type basic-5ess Enter an ISDN switch...
..., you must have entered interface configuration mode when the prompt changes to shared memory (used for a list of an IP address. If you are configuring this router for voice, enter the switch type instead of ISDN switch types. If you are configuring this interface for...) routing. Assign the IP address and subnet mask to Router(config)#. In this setting for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 3-11 If your router includes 16 or more than one per line. Router(config)# Step 3 Router(config)# isdn switch-type basic-5ess Enter an ISDN switch...
Software Configuration Guide
Page 72
...is required) and a voice-and-data line. Table 3-7 lists the provisioning you must tell the provider what you plan to connect another ISDN device (such as caller ID or Automatic Number Identification (ANI). • If the router will be called by one number. • Ask for ...AT&T basic rate switches NT DMS-100 basic rate switches National ISDN-1 switches Configuring ISDN BRI Lines Before using a router with an ISDN BRI interface, you should order for your router. 3-12 Software Configuration Guide for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers OL-1957-04
...is required) and a voice-and-data line. Table 3-7 lists the provisioning you must tell the provider what you plan to connect another ISDN device (such as caller ID or Automatic Number Identification (ANI). • If the router will be called by one number. • Ask for ...AT&T basic rate switches NT DMS-100 basic rate switches National ISDN-1 switches Configuring ISDN BRI Lines Before using a router with an ISDN BRI interface, you should order for your router. 3-12 Software Configuration Guide for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers OL-1957-04
Software Configuration Guide
Page 77
...| fxo [loop-start | ground-start ] | fxs-melcas | fxo-melcas | e&m-melcas}] Step 2 Router(config-controller)# exit Step 3 Router(config)# connect id controller-1 tdm-group-no-1 controller-2 tdm-group-no timeslot timeslot-list [type {e&m | fxs [loop-start | ground-start] | fxo [loop-start | ground-start ]}] ... Signaling (CAS) standard, used primarily in the same router. If configuring cross-connect for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 3-17 To configure a TDM channel gorup for E1: b Router(config-controller)# tdm-group tdm-group-no -2 Configure ...
...| fxo [loop-start | ground-start ] | fxs-melcas | fxo-melcas | e&m-melcas}] Step 2 Router(config-controller)# exit Step 3 Router(config)# connect id controller-1 tdm-group-no-1 controller-2 tdm-group-no timeslot timeslot-list [type {e&m | fxs [loop-start | ground-start] | fxo [loop-start | ground-start ]}] ... Signaling (CAS) standard, used primarily in the same router. If configuring cross-connect for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 3-17 To configure a TDM channel gorup for E1: b Router(config-controller)# tdm-group tdm-group-no -2 Configure ...
Software Configuration Guide
Page 89
... Transfer Mode (ATM) Adaptation Layer 2 (AAL2) and AAL5 for the Cisco 2600 series and Cisco 3600 series platforms for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 3-29 Check that the list includes the new interface. • Display all network modules and their interfaces...Alcatel Digital Subscriber Loop Access Multiplexer (DSLAM) and the Cisco 6130, Cisco 6160, and Cisco 6260 DSLAMs with Flexi-line cards. The ADSL WIC is a 1-port WAN interface card (WIC) for the Cisco 2600 series and Cisco 3600 series routers. A series of periods (.....) or the message "timed ...
... Transfer Mode (ATM) Adaptation Layer 2 (AAL2) and AAL5 for the Cisco 2600 series and Cisco 3600 series platforms for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 3-29 Check that the list includes the new interface. • Display all network modules and their interfaces...Alcatel Digital Subscriber Loop Access Multiplexer (DSLAM) and the Cisco 6130, Cisco 6160, and Cisco 6260 DSLAMs with Flexi-line cards. The ADSL WIC is a 1-port WAN interface card (WIC) for the Cisco 2600 series and Cisco 3600 series routers. A series of periods (.....) or the message "timed ...
Software Configuration Guide
Page 91
... in the list is identified as either required or optional: • Configuring the ADSL Port on the ADSL WAN Interface Card (required) • Verifying ATM Configuration (optional) Features used on the ADSL WAN interface card must be installed in the router to match the...port Enter ATM configuration mode for the ATM interface in cells Router(config-if-vc)# encapsulation {aal2 | aal5ciscoppp | aal5mux | aal5nlpid | aal5snap} (Optional) Configure the ATM adaptation layer (AAL) and encapsulation type. • aal2-AAL2 • aal5ciscoppp-Cisco PPP over AAL5 • aal5mux-AAL5+MUX • ...
... in the list is identified as either required or optional: • Configuring the ADSL Port on the ADSL WAN Interface Card (required) • Verifying ATM Configuration (optional) Features used on the ADSL WAN interface card must be installed in the router to match the...port Enter ATM configuration mode for the ATM interface in cells Router(config-if-vc)# encapsulation {aal2 | aal5ciscoppp | aal5mux | aal5nlpid | aal5snap} (Optional) Configure the ATM adaptation layer (AAL) and encapsulation type. • aal2-AAL2 • aal5ciscoppp-Cisco PPP over AAL5 • aal5mux-AAL5+MUX • ...
Software Configuration Guide
Page 92
... To identify an entry for the ATM interface you configured, use the show ip route command. • To display the configured list of ATM static maps to remote hosts on the ADSL line. Configuring 1-Port ADSL WAN Interface Card Chapter 3 Configuring with Alcatel ADSL... txload 1/255, rxload 1/255 Encapsulation ATM, loopback not set Keepalive not supported 3-32 Software Configuration Guide for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers OL-1957-04 Exit from global configuration mode. Using a configuration other than the default configuration for testing or ...
... To identify an entry for the ATM interface you configured, use the show ip route command. • To display the configured list of ATM static maps to remote hosts on the ADSL line. Configuring 1-Port ADSL WAN Interface Card Chapter 3 Configuring with Alcatel ADSL... txload 1/255, rxload 1/255 Encapsulation ATM, loopback not set Keepalive not supported 3-32 Software Configuration Guide for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers OL-1957-04 Exit from global configuration mode. Using a configuration other than the default configuration for testing or ...
Software Configuration Guide
Page 97
... Alarm Configuration Mode and Configuring the AIC IP Address Enter alarm configuration mode and configure the AIC IP address, beginning in the list is identified as a Discrete Monitoring Voltage enable config terminal alarm 58 description "backup battery" discrete voltage 9.0 high exit Configuring an...See the"Configuring the NOC IP Address" section on page 3-40 or the "Configuring Alarms" section on page 3-41 for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 3-37 Configuring the IP Route to the AIC, page 3-38 • Configuring the NOC IP Address, page 3-40 (...
... Alarm Configuration Mode and Configuring the AIC IP Address Enter alarm configuration mode and configure the AIC IP address, beginning in the list is identified as a Discrete Monitoring Voltage enable config terminal alarm 58 description "backup battery" discrete voltage 9.0 high exit Configuring an...See the"Configuring the NOC IP Address" section on page 3-40 or the "Configuring Alarms" section on page 3-41 for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 3-37 Configuring the IP Route to the AIC, page 3-38 • Configuring the NOC IP Address, page 3-40 (...
Software Configuration Guide
Page 106
...Craft Port). Use the get image command to the TFTP server. This 1-port HSSI network module can be prompted for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers OL-1957-04 The 1-port HSSI network module provides the following configuration examples are the get command, the user will ...get a new image, and the put config commands. From this limited CLI, available over the Craft Port only, no login is given as a list of commands (script) that can reach speeds of service to the defaults. (All commands require a carriage return.) In the case of an AIC for...
...Craft Port). Use the get image command to the TFTP server. This 1-port HSSI network module can be prompted for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers OL-1957-04 The 1-port HSSI network module provides the following configuration examples are the get command, the user will ...get a new image, and the put config commands. From this limited CLI, available over the Craft Port only, no login is given as a list of commands (script) that can reach speeds of service to the defaults. (All commands require a carriage return.) In the case of an AIC for...