Processor Guide
Page 15
... 3CXL version) - The Sup2 supports PCMCIA flash memory cards only. Onboard bootflash/bootdisk Cisco 7600 Series Router Supervisor Engine and Route Switch Processor Guide - Chapter 1 Cisco 7600 Product Overview Cisco 7600 Series Routers OL-10100-11 Table 1-1 Cisco 7600 Series Routers Key Features (continued) Feature Memory components Description • Electrically erasable programmable read-only memory (EEPROM) on the supervisor engine or route switch processor stores module-specific information, such as the serial number, part number, controller type, hardware revision...
... 3CXL version) - The Sup2 supports PCMCIA flash memory cards only. Onboard bootflash/bootdisk Cisco 7600 Series Router Supervisor Engine and Route Switch Processor Guide - Chapter 1 Cisco 7600 Product Overview Cisco 7600 Series Routers OL-10100-11 Table 1-1 Cisco 7600 Series Routers Key Features (continued) Feature Memory components Description • Electrically erasable programmable read-only memory (EEPROM) on the supervisor engine or route switch processor stores module-specific information, such as the serial number, part number, controller type, hardware revision...
Processor Guide
Page 53
... "Console Port Cabling Specifications and Pinouts" section on page B-10. Check the terminal documentation to perform diagnostics and troubleshoot problems on the front panel of the console port. The console port is located on the router. For a Supervisor Engine 2 additional guidelines apply, as follows: - 9600 baud - 8 data bits - OL-10100-11 Cisco 7600 Series Router Supervisor Engine and Route Switch Processor Guide 3-9 You can also connect to the console port to determine the baud rate. Connecting...
... "Console Port Cabling Specifications and Pinouts" section on page B-10. Check the terminal documentation to perform diagnostics and troubleshoot problems on the front panel of the console port. The console port is located on the router. For a Supervisor Engine 2 additional guidelines apply, as follows: - 9600 baud - 8 data bits - OL-10100-11 Cisco 7600 Series Router Supervisor Engine and Route Switch Processor Guide 3-9 You can also connect to the console port to determine the baud rate. Connecting...
Processor Guide
Page 57
.... Chapter 3 Installing and Configuring Route Switch Processors and Supervisor Engines Using Flash Memory Cards Note Not all flash memory cards have a write-protection switch. Step 3 Format the memory card the first time that the card is opposite the end with another type. A memory card formatted for one type of the card is being used with. OL-10100-11 Cisco 7600 Series Router Supervisor Engine and Route Switch Processor Guide 3-13 Slide the card into the...
.... Chapter 3 Installing and Configuring Route Switch Processors and Supervisor Engines Using Flash Memory Cards Note Not all flash memory cards have a write-protection switch. Step 3 Format the memory card the first time that the card is opposite the end with another type. A memory card formatted for one type of the card is being used with. OL-10100-11 Cisco 7600 Series Router Supervisor Engine and Route Switch Processor Guide 3-13 Slide the card into the...
Processor Guide
Page 64
... hardware and features are not supported by the RSP720: • Unsupported chassis: Cisco 7603. • Unsupported modules: Optical Service Modules (OSMs), FlexWAN module. Chassis and Supervisor Slot Installation Chapter 4 Troubleshooting Route Switch Processors and Supervisor Engines Chassis and Supervisor Slot Installation Table 4-1 lists the chassis and their shared port adapters (SPAs): 7600-SIP-600, 7600-SIP-400, and 7600-SIP-200. • Enhanced FlexWAN module (WS-X6582-2PA). • Ethernet services modules: 2-port 10 GE line card...
... hardware and features are not supported by the RSP720: • Unsupported chassis: Cisco 7603. • Unsupported modules: Optical Service Modules (OSMs), FlexWAN module. Chassis and Supervisor Slot Installation Chapter 4 Troubleshooting Route Switch Processors and Supervisor Engines Chassis and Supervisor Slot Installation Table 4-1 lists the chassis and their shared port adapters (SPAs): 7600-SIP-600, 7600-SIP-400, and 7600-SIP-200. • Enhanced FlexWAN module (WS-X6582-2PA). • Ethernet services modules: 2-port 10 GE line card...
Configuration Guide
Page 138
...access privileges: • root-Lets you enter privileged EXEC mode. Change the root password by sessioning in as root by entering the following command: Login: root Enter the password at the prompt: Changing password for user root New password: Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 7-2 OL-20748-01 Enter the enable password command without a password to the FWSM. Changing the Passwords Chapter 7 Configuring Basic Settings Changing the Enable Password The enable password lets you configure the network...
...access privileges: • root-Lets you enter privileged EXEC mode. Change the root password by sessioning in as root by entering the following command: Login: root Enter the password at the prompt: Changing password for user root New password: Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 7-2 OL-20748-01 Enter the enable password command without a password to the FWSM. Changing the Passwords Chapter 7 Configuring Basic Settings Changing the Enable Password The enable password lets you configure the network...
Configuration Guide
Page 146
... the default route. The static route is used only if the dynamically discovered route is not supported across multiple interfaces. hostname(config)# route outside 10.10.10.0 255.255.255.0 192.168.1.1 hostname(config)# route outside 10.10.10.0 255.255.255.0 192.168.1.2 hostname(config)# route outside 0 0 192.168.2.3 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 8-4 OL-20748-01 Configuring Static and Default Routes Chapter 8 Configuring IP Routing and DHCP Services Note If you create a static route with...
... the default route. The static route is used only if the dynamically discovered route is not supported across multiple interfaces. hostname(config)# route outside 10.10.10.0 255.255.255.0 192.168.1.1 hostname(config)# route outside 10.10.10.0 255.255.255.0 192.168.1.2 hostname(config)# route outside 0 0 192.168.2.3 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 8-4 OL-20748-01 Configuring Static and Default Routes Chapter 8 Configuring IP Routing and DHCP Services Note If you create a static route with...
Configuration Guide
Page 313
... web users to connect to non-standard port 6785, and then undo translation to the original port 8080. OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 16-9 Similarly, if you want to provide a single address for remote users to access FTP, HTTP, and SMTP, but these are all actually different servers on ), the FWSM automatically translates the secondary ports. Chapter 16 Configuring NAT NAT Overview Static...
... web users to connect to non-standard port 6785, and then undo translation to the original port 8080. OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 16-9 Similarly, if you want to provide a single address for remote users to access FTP, HTTP, and SMTP, but these are all actually different servers on ), the FWSM automatically translates the secondary ports. Chapter 16 Configuring NAT NAT Overview Static...
Configuration Guide
Page 340
... 16 Configuring NAT The following command uses static identity NAT for NAT exemption configuration. 16-36 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM OL-20748-01 Use static identity NAT to originate connections. To remove these connections, enter the clear local-host command. Do not specify the real and destination ports in the access list. all ACEs are not affected. NAT exemption lets you specify the real and destination addresses when determining the real traffic...
... 16 Configuring NAT The following command uses static identity NAT for NAT exemption configuration. 16-36 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM OL-20748-01 Use static identity NAT to originate connections. To remove these connections, enter the clear local-host command. Do not specify the real and destination ports in the access list. all ACEs are not affected. NAT exemption lets you specify the real and destination addresses when determining the real traffic...
Configuration Guide
Page 487
...-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 22-71 Chapter 22 Applying Application Layer Protocol Inspection MGCP Inspection 191988 Figure 22-12 MGCP Inspection Setup CallManager M 10.0.0.210 vlan 90 10.0.0.254 R1 CallManager R2 FXS IP Voice port vlan 50 inside outside vlan 100 f0/1 10.100.100.2 209.165.201.2 f0/1 Voice port port 3/0/0 Cisco 3745 IOS MGCP Gateway Firewall Service Module (FWSM) Cisco 3745 IOS MGCP Gateway port 1/0/0 See...
...-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 22-71 Chapter 22 Applying Application Layer Protocol Inspection MGCP Inspection 191988 Figure 22-12 MGCP Inspection Setup CallManager M 10.0.0.210 vlan 90 10.0.0.254 R1 CallManager R2 FXS IP Voice port vlan 50 inside outside vlan 100 f0/1 10.100.100.2 209.165.201.2 f0/1 Voice port port 3/0/0 Cisco 3745 IOS MGCP Gateway Firewall Service Module (FWSM) Cisco 3745 IOS MGCP Gateway port 1/0/0 See...
Configuration Guide
Page 508
... set up across the FWSM. dump, I - identity, i - no random, 22-92 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using the name assigned with the nameif command. For example, the following command applies the sample_policy to the outside interface: hostname(config)# service-policy sample_policy interface outside The following conditions. The first one is a video connection established between another internal Cisco IP Phone at 172.18.1.33. DNS, d - TCP port...
... set up across the FWSM. dump, I - identity, i - no random, 22-92 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using the name assigned with the nameif command. For example, the following command applies the sample_policy to the outside interface: hostname(config)# service-policy sample_policy interface outside The following conditions. The first one is a video connection established between another internal Cisco IP Phone at 172.18.1.33. DNS, d - TCP port...
Configuration Guide
Page 525
....3.0 network to access the FWSM on the inside interface, the following command. OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using SSH, at the SSH client enter the username pix and enter the login password set by the FWSM, enter the following command: hostname(config)# ssh 192.168.3.0 255.255.255.0 inside interface with the lowest security level. (Optional) To set the duration for SSH, see the "Changing...
....3.0 network to access the FWSM on the inside interface, the following command. OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using SSH, at the SSH client enter the username pix and enter the login password set by the FWSM, enter the following command: hostname(config)# ssh 192.168.3.0 255.255.255.0 inside interface with the lowest security level. (Optional) To set the duration for SSH, see the "Changing...
Configuration Guide
Page 552
... (enable) show boot device mod_num For example: Console> (enable) show boot device 4 Device BOOT variable = cf:4 To change the default boot partition to the backup, enter the command for your operating system: • Cisco IOS software Router(config)# boot device module mod_num cf:{4 | 5} • Catalyst operating system software Console> (enable) set network parameters, perform the following steps: a. To set boot device cf:{4 | 5} mod_num To boot the FWSM into the maintenance partition, enter the command for your operating system at the switch prompt: • For Cisco IOS software, enter...
... (enable) show boot device mod_num For example: Console> (enable) show boot device 4 Device BOOT variable = cf:4 To change the default boot partition to the backup, enter the command for your operating system: • Cisco IOS software Router(config)# boot device module mod_num cf:{4 | 5} • Catalyst operating system software Console> (enable) set network parameters, perform the following steps: a. To set boot device cf:{4 | 5} mod_num To boot the FWSM into the maintenance partition, enter the command for your operating system at the switch prompt: • For Cisco IOS software, enter...
Configuration Guide
Page 553
... only VLAN used . Chapter 24 Managing Software, Licenses, and Configurations Installing Application or ASDM Software This address is the address for the maintenance partition IP address can cause communication problems with other hosts on that you set as the default in Step 4), enter the command for your operating system: • Cisco IOS software Router# session slot number processor 1 • Catalyst operating system software Console> (enable) session module_number Step 13 By default, the password to log in...
... only VLAN used . Chapter 24 Managing Software, Licenses, and Configurations Installing Application or ASDM Software This address is the address for the maintenance partition IP address can cause communication problems with other hosts on that you set as the default in Step 4), enter the command for your operating system: • Cisco IOS software Router# session slot number processor 1 • Catalyst operating system software Console> (enable) session module_number Step 13 By default, the password to log in...
Configuration Guide
Page 559
... 24 Managing Software, Licenses, and Configurations Installing Maintenance Software By default, the password is accessible from Cisco.com at the following steps: a. If required, log out of the maintenance partition by entering the following command: root@localhost# logout b. For Catalyst operating system software, enter the following command: Router# hw-module module mod_num reset - Catalyst operating system software Console> (enable) session module_number OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM...
... 24 Managing Software, Licenses, and Configurations Installing Maintenance Software By default, the password is accessible from Cisco.com at the following steps: a. If required, log out of the maintenance partition by entering the following command: root@localhost# logout b. For Catalyst operating system software, enter the following command: Router# hw-module module mod_num reset - Catalyst operating system software Console> (enable) session module_number OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM...
Configuration Guide
Page 629
....6 eq pcanywhere-data access-list MANAGE extended permit udp host 209.165.201.30 host 209.165.201.6 eq pcanywhere-status access-group MANAGE in interface outside access-list WEBSENSE remark -The Websense server needs to access the Websense updater access-list WEBSENSE remark -server on the admin context requires access to the Websense server for management using ASDM B-5 firewall module 8 vlan-group 1 OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ! When inside users access an HTTP server, FWSM consults...
....6 eq pcanywhere-data access-list MANAGE extended permit udp host 209.165.201.30 host 209.165.201.6 eq pcanywhere-status access-group MANAGE in interface outside access-list WEBSENSE remark -The Websense server needs to access the Websense updater access-list WEBSENSE remark -server on the admin context requires access to the Websense server for management using ASDM B-5 firewall module 8 vlan-group 1 OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ! When inside users access an HTTP server, FWSM consults...
Software Configuration Guide
Page 38
...://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfpbr_ps1835_TSD_Products_C onfiguration_Guide_Chapter.html Note If the MSFC3 address falls within the range of a PBR ACL, traffic addressed to direct flows that specifies length. - Context-Based Access Control (CBAC) -The PFC installs entries in the NetFlow table to the MSFC3 is policy routed in hardware instead of UDP traffic is supported only in PFC3BXL or PFC3B mode. - Port-to...
...://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfpbr_ps1835_TSD_Products_C onfiguration_Guide_Chapter.html Note If the MSFC3 address falls within the range of a PBR ACL, traffic addressed to direct flows that specifies length. - Context-Based Access Control (CBAC) -The PFC installs entries in the NetFlow table to the MSFC3 is policy routed in hardware instead of UDP traffic is supported only in PFC3BXL or PFC3B mode. - Port-to...
Software Configuration Guide
Page 278
...-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 Configuring a higher-priority value increases the probability; BPDUs contain information about the transmitting bridge and its ports, including bridge and MAC addresses, bridge priority, port priority, and path cost. When a network device receives a BPDU, it does not forward the frame but instead uses the information in one direction from the bridge to the root bridge. • Ports included...
...-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 Configuring a higher-priority value increases the probability; BPDUs contain information about the transmitting bridge and its ports, including bridge and MAC addresses, bridge priority, port priority, and path cost. When a network device receives a BPDU, it does not forward the frame but instead uses the information in one direction from the bridge to the root bridge. • Ports included...
Software Configuration Guide
Page 554
... Configuring DHCP Snooping Overview of DHCP Snooping DHCP snooping is associated with a VLAN that has DHCP snooping enabled. Therefore, all VLANs. To prevent such attacks, the DHCP snooping feature filters messages and rate-limits traffic from intercepted DHCP messages. In a service provider environment, any device that is not in the service provider network is also referred to as untrusted DHCP messages will be connected to the router through trusted interfaces. 37-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide...
... Configuring DHCP Snooping Overview of DHCP Snooping DHCP snooping is associated with a VLAN that has DHCP snooping enabled. Therefore, all VLANs. To prevent such attacks, the DHCP snooping feature filters messages and rate-limits traffic from intercepted DHCP messages. In a service provider environment, any device that is not in the service provider network is also referred to as untrusted DHCP messages will be connected to the router through trusted interfaces. 37-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide...
Software Configuration Guide
Page 824
... secure port attempts to access another secure port in the same VLAN, port security responds to one of the attached device. 47-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 In Release 12.2(18)SXF5 and later releases, port security applies the configured violation mode. - See the "Configuring the Port Security Violation Mode on a Port" section on page 47-4. Following bootup, a reload, or a link-down condition, all secure MAC addresses by limiting the MAC addresses...
... secure port attempts to access another secure port in the same VLAN, port security responds to one of the attached device. 47-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 In Release 12.2(18)SXF5 and later releases, port security applies the configured violation mode. - See the "Configuring the Port Security Violation Mode on a Port" section on page 47-4. Following bootup, a reload, or a link-down condition, all secure MAC addresses by limiting the MAC addresses...
Software Configuration Guide
Page 984
... plus remote SPAN reset ReSerVation Protocol Security Association Identifier service access point service connection manager Switch-Module Configuration Protocol Synchronous Data Link Control Stack Group Bidding Protocol single in-line memory module server load balancing Supervisor Line-Card Processor Serial Line Internet Protocol Software Management and Delivery Systems software MAC filter Standby Monitor Present Simple Multicast Routing Protocol Station Management Subnetwork Access Protocol Simple Network Management Protocol Cisco 7600 Series Router Cisco IOS Software Configuration Guide...
... plus remote SPAN reset ReSerVation Protocol Security Association Identifier service access point service connection manager Switch-Module Configuration Protocol Synchronous Data Link Control Stack Group Bidding Protocol single in-line memory module server load balancing Supervisor Line-Card Processor Serial Line Internet Protocol Software Management and Delivery Systems software MAC filter Standby Monitor Present Simple Multicast Routing Protocol Station Management Subnetwork Access Protocol Simple Network Management Protocol Cisco 7600 Series Router Cisco IOS Software Configuration Guide...