Processor Guide
Page 3
... viii Document Conventions ix Warning Definition ix Related Documentation x Obtaining Documentation, Obtaining Support, and Security Guidelines x Cisco 7600 Product Overview 1-1 Cisco 7600 Series Routers 1-1 Supported Hardware 1-2 Features 1-3 Port Addresses 1-6 Physical Interface Addresses 1-6 MAC Addresses 1-7 Supervisor Engine 2T 1-8 Supported Hardware 1-8 Features 1-8 Port Addresses 1-8 Route Switch Processors and Supervisor Engines 2-1 Overview 2-2 Route Switch Processor 720 2-9 RSP720 Features 2-9 Supported Chassis...
... viii Document Conventions ix Warning Definition ix Related Documentation x Obtaining Documentation, Obtaining Support, and Security Guidelines x Cisco 7600 Product Overview 1-1 Cisco 7600 Series Routers 1-1 Supported Hardware 1-2 Features 1-3 Port Addresses 1-6 Physical Interface Addresses 1-6 MAC Addresses 1-7 Supervisor Engine 2T 1-8 Supported Hardware 1-8 Features 1-8 Port Addresses 1-8 Route Switch Processors and Supervisor Engines 2-1 Overview 2-2 Route Switch Processor 720 2-9 RSP720 Features 2-9 Supported Chassis...
Processor Guide
Page 16
The system software uses the physical addresses to assign and control the MAC addresses of addresses. Routers use MAC addresses to locate specific ports in the Cisco 7600 series router has several different types of their interfaces. Physical Interface Addresses Physical port addresses specify the actual physical location of the interface connector within the router and to bottom. Depending on...
The system software uses the physical addresses to assign and control the MAC addresses of addresses. Routers use MAC addresses to locate specific ports in the Cisco 7600 series router has several different types of their interfaces. Physical Interface Addresses Physical port addresses specify the actual physical location of the interface connector within the router and to bottom. Depending on...
Processor Guide
Page 17
.../100/1000-Mbps RJ-45 connector). The MAC address of the two options can be active at a time. When you hot swap a module, the MAC address changes with the module. However, only one unique MAC address. MAC Addresses All network interface connections (ports) require a unique MAC address. The router system code reads the EEPROM ...erasable programmable read-only memory (EEPROM) on a component that resides directly on the interface circuitry. OL-10100-11 Cisco 7600 Series Router Supervisor Engine and Route Switch Processor Guide 1-7 This addressing scheme enables the router to n/9.
.../100/1000-Mbps RJ-45 connector). The MAC address of the two options can be active at a time. When you hot swap a module, the MAC address changes with the module. However, only one unique MAC address. MAC Addresses All network interface connections (ports) require a unique MAC address. The router system code reads the EEPROM ...erasable programmable read-only memory (EEPROM) on a component that resides directly on the interface circuitry. OL-10100-11 Cisco 7600 Series Router Supervisor Engine and Route Switch Processor Guide 1-7 This addressing scheme enables the router to n/9.
Processor Guide
Page 59
Chapter 3 Installing and Configuring Route Switch Processors and Supervisor Engines Upgrading DIMMs on RSP720 router#show module 1 Mod Ports Card Type Serial No 1 2 Route Switch Processor 720 (Active) RSP720-3CXL-GE Model SAL15077HPS Mod MAC addresses Hw Fw Sw Status 1 c89c.1dfa.fb34 to c89c.1dfa.fb37 5.12 12.2(33r)SRE 12.2(33)SRD5 Ok Mod Sub-Module Model Serial Hw Status 1 Policy Feature Card 3 7600-PFC3CXL SAL150673QR 1.1 Ok 1 C7600 MSFC4 Daughterboard 7600-MSFC4 SAL1542T06C 4.0 Ok ? ? ?
Chapter 3 Installing and Configuring Route Switch Processors and Supervisor Engines Upgrading DIMMs on RSP720 router#show module 1 Mod Ports Card Type Serial No 1 2 Route Switch Processor 720 (Active) RSP720-3CXL-GE Model SAL15077HPS Mod MAC addresses Hw Fw Sw Status 1 c89c.1dfa.fb34 to c89c.1dfa.fb37 5.12 12.2(33r)SRE 12.2(33)SRD5 Ok Mod Sub-Module Model Serial Hw Status 1 Policy Feature Card 3 7600-PFC3CXL SAL150673QR 1.1 Ok 1 C7600 MSFC4 Daughterboard 7600-MSFC4 SAL1542T06C 4.0 Ok ? ? ?
Processor Guide
Page 97
Index Sup Eng 2 25 Sup Eng 720, Sup Eng 32 16, 23 link spans, excessive 19 LX/LH GBIC 19 M MAC address 6, 7 managing the router 6 memory, default 5 memory components 5 modem, connecting to the supervisor engine or RSP 10 modem adapter 13 modules blank module carriers 6, 7 hot swapping 8 ... hot swapping (OIR) 8 installing 4 removing 7 tools for installing and removing 3 Route Switch Processor 720 (RSP720) 22 CompactFlash support 12 front panel (figure) 9 OL-10100-11 Cisco 7600 Series Router Supervisor Engine and Route Switch Processor Guide IN-3
Index Sup Eng 2 25 Sup Eng 720, Sup Eng 32 16, 23 link spans, excessive 19 LX/LH GBIC 19 M MAC address 6, 7 managing the router 6 memory, default 5 memory components 5 modem, connecting to the supervisor engine or RSP 10 modem adapter 13 modules blank module carriers 6, 7 hot swapping 8 ... hot swapping (OIR) 8 installing 4 removing 7 tools for installing and removing 3 Route Switch Processor 720 (RSP720) 22 CompactFlash support 12 front panel (figure) 9 OL-10100-11 Cisco 7600 Series Router Supervisor Engine and Route Switch Processor Guide IN-3
Installation Guide
Page 4
... Switching Module (WS-X6516-GBIC) 1-26 Switch Fabric Module (WS-C6500-SFM) 1-27 Switch Fabric Module 2 (WS-X6500-SFM2) 1-27 Cisco Application Control Engine (ACE) Module (ACE10-6500-K9) 1-28 Catalyst 6000 Family Module LED Descriptions 1-29 SPA Interface Processors 1-29 7600-SIP-200... 1-33 Cisco 7600 Ethernet Services Plus Line Cards 1-33 Cisco 7600 ES+ 2TG3C, -3CXL Line Cards 1-34 Cisco 7600 ES+ 4TG3C, -4TG3CXL Line Cards 1-34 Cisco 7600 ES+ 20G3C, -20G3CXL Line Cards 1-35 Cisco 7600 ES+ 40G3C, -40G3CXL Line Cards 1-36 Port Addresses 1-37 Physical Interface Addresses 1-37 MAC Addresses 1-38 ...
... Switching Module (WS-X6516-GBIC) 1-26 Switch Fabric Module (WS-C6500-SFM) 1-27 Switch Fabric Module 2 (WS-X6500-SFM2) 1-27 Cisco Application Control Engine (ACE) Module (ACE10-6500-K9) 1-28 Catalyst 6000 Family Module LED Descriptions 1-29 SPA Interface Processors 1-29 7600-SIP-200... 1-33 Cisco 7600 Ethernet Services Plus Line Cards 1-33 Cisco 7600 ES+ 2TG3C, -3CXL Line Cards 1-34 Cisco 7600 ES+ 4TG3C, -4TG3CXL Line Cards 1-34 Cisco 7600 ES+ 20G3C, -20G3CXL Line Cards 1-35 Cisco 7600 ES+ 40G3C, -40G3CXL Line Cards 1-36 Port Addresses 1-37 Physical Interface Addresses 1-37 MAC Addresses 1-38 ...
Installation Guide
Page 53
...system software uses the physical addresses to assign and control the MAC addresses of addresses. The MAC address is a standardized data link layer address that connects to the individual router and its internal components and software. Chapter 1 Product Overview Port Addresses Table 1-26 LED Label STATUS A/L Cisco 7600 ES+ 40G3C, -...is enabled and a valid Ethernet link has been established. Other devices in the network use a unique method, described in the "MAC Addresses" section on the number of the router, as shown in Figure 1-41. (The port numbering convention is the same in ...
...system software uses the physical addresses to assign and control the MAC addresses of addresses. The MAC address is a standardized data link layer address that connects to the individual router and its internal components and software. Chapter 1 Product Overview Port Addresses Table 1-26 LED Label STATUS A/L Cisco 7600 ES+ 40G3C, -...is enabled and a valid Ethernet link has been established. Other devices in the network use a unique method, described in the "MAC Addresses" section on the number of the router, as shown in Figure 1-41. (The port numbering convention is the same in ...
Installation Guide
Page 54
... specific interface, or all interfaces, in slot 7, the addresses of whether other modules are installed or removed. MAC Addresses All network interface connections (ports) require a unique MAC address. Port Addresses Figure 1-41 Cisco 7609 Router Port Address Examples WS-X6K-SUP2-2GE STATUSSYSTEMCONSOLPEWR MGRMETSET CONSOLE SUPERVISOR2 WS... number in the spanning tree has one unique MAC address. For example, on a 4-port OC-12c POS OSM in slot 4 of the Cisco 7609 router, the address of the top WAN port is 4/1, and the address of each interface in the format show interfaces ...
... specific interface, or all interfaces, in slot 7, the addresses of whether other modules are installed or removed. MAC Addresses All network interface connections (ports) require a unique MAC address. Port Addresses Figure 1-41 Cisco 7609 Router Port Address Examples WS-X6K-SUP2-2GE STATUSSYSTEMCONSOLPEWR MGRMETSET CONSOLE SUPERVISOR2 WS... number in the spanning tree has one unique MAC address. For example, on a 4-port OC-12c POS OSM in slot 4 of the Cisco 7609 router, the address of the top WAN port is 4/1, and the address of each interface in the format show interfaces ...
Installation Guide
Page 100
...SS SAD051409DW 8 16 SFM-capable 16 port 1000mb GBIC WS-X6516-GBIC SAD04470AUK 9 16 SFM-capable 16 port 1000mb GBIC WS-X6516-GBIC SAD044908JG Mod MAC addresses Hw Fw Sw Status 1 00d0.c0d4.0454 to 00d0.c0d4.0455 1.1 6.1(3) 6.2(0.116) Ok 4 00d0.9738.a7e5 to 00d0.9738.a824 0.303...the supervisor engine or module installation and check connectivity, you must configure the module. For information on configuring the supervisor engine and all Cisco 7600 router commands, refer to verify that the system acknowledges the new modules and has brought them online. This example shows the ...
...SS SAD051409DW 8 16 SFM-capable 16 port 1000mb GBIC WS-X6516-GBIC SAD04470AUK 9 16 SFM-capable 16 port 1000mb GBIC WS-X6516-GBIC SAD044908JG Mod MAC addresses Hw Fw Sw Status 1 00d0.c0d4.0454 to 00d0.c0d4.0455 1.1 6.1(3) 6.2(0.116) Ok 4 00d0.9738.a7e5 to 00d0.9738.a824 0.303...the supervisor engine or module installation and check connectivity, you must configure the module. For information on configuring the supervisor engine and all Cisco 7600 router commands, refer to verify that the system acknowledges the new modules and has brought them online. This example shows the ...
Installation Guide
Page 135
Index M MAC address allocation 1-38 description 1-37 management 1-4 memory default, OSM 1-4 Flash booting routers from 4-4, 4-5, 4-7, 4-8, 4-9, 4-11, 4-12, 4-14, 4-15, 4-17, 4-18, 4-19 upgrading, OSM C-1 memory components 1-4... to 3-16 modem adapter B-4 modes ROM monitor routers stuck in 4-20, 4-21 modes, fiber 2-14 module functionality hot swapping 1-39 MAC address 1-37 MAC address allocation 1-38 physical interface addresses 1-37 port addresses 1-37 modules blank module carriers 3-3 installing 3-7 monitors ROM routers hang after initialization 4-20 MT-RJ connector, OC-3 POS module 2-17 OL...
Index M MAC address allocation 1-38 description 1-37 management 1-4 memory default, OSM 1-4 Flash booting routers from 4-4, 4-5, 4-7, 4-8, 4-9, 4-11, 4-12, 4-14, 4-15, 4-17, 4-18, 4-19 upgrading, OSM C-1 memory components 1-4... to 3-16 modem adapter B-4 modes ROM monitor routers stuck in 4-20, 4-21 modes, fiber 2-14 module functionality hot swapping 1-39 MAC address 1-37 MAC address allocation 1-38 physical interface addresses 1-37 port addresses 1-37 modules blank module carriers 3-3 installing 3-7 monitors ROM routers hang after initialization 4-20 MT-RJ connector, OC-3 POS module 2-17 OL...
Configuration Guide
Page 6
Route Lookups 5-9 Using the Transparent Firewall in Your Network 5-9 Transparent Firewall Guidelines 5-10 Unsupported Features in Routed Mode 5-8 MAC Address vs. Contents 5 C H A P T E R Configuring the Firewall Mode 5-1 Routed Mode Overview 5-1 IP Routing Support 5-1 How Data Moves Through the FWSM in Routed Firewall Mode 5-2 An Inside ... Web Server on the DMZ 5-4 An Outside User Attempts to Access an Inside Host 5-5 A DMZ User Attempts to a Bridge Group 6-6 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM vi OL-20748-01
Route Lookups 5-9 Using the Transparent Firewall in Your Network 5-9 Transparent Firewall Guidelines 5-10 Unsupported Features in Routed Mode 5-8 MAC Address vs. Contents 5 C H A P T E R Configuring the Firewall Mode 5-1 Routed Mode Overview 5-1 IP Routing Support 5-1 How Data Moves Through the FWSM in Routed Firewall Mode 5-2 An Inside ... Web Server on the DMZ 5-4 An Outside User Attempts to Access an Inside Host 5-5 A DMZ User Attempts to a Bridge Group 6-6 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM vi OL-20748-01
Configuration Guide
Page 15
... Control Lists 17-10 Configuring a RADIUS Server to Download Per-User Access Control List Names 17-12 Configuring Accounting for Network Access 17-13 Using MAC Addresses to Exempt Traffic from Authentication and Authorization 17-14 Applying Filtering Services 18-1 Filtering Overview 18-1 Filtering ActiveX Objects 18-1 ActiveX Filtering Overview 18-2...11 Configuring ARP Inspection and Bridging Parameters 19-1 Configuring ARP Inspection 19-1 ARP Inspection Overview 19-1 OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM xv
... Control Lists 17-10 Configuring a RADIUS Server to Download Per-User Access Control List Names 17-12 Configuring Accounting for Network Access 17-13 Using MAC Addresses to Exempt Traffic from Authentication and Authorization 17-14 Applying Filtering Services 18-1 Filtering Overview 18-1 Filtering ActiveX Objects 18-1 ActiveX Filtering Overview 18-2...11 Configuring ARP Inspection and Bridging Parameters 19-1 Configuring ARP Inspection 19-1 ARP Inspection Overview 19-1 OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM xv
Configuration Guide
Page 16
Contents Adding a Static ARP Entry 19-2 Enabling ARP Inspection 19-2 Customizing the MAC Address Table 19-3 MAC Address Table Overview 19-3 Adding a Static MAC Address 19-3 Setting the MAC Address Timeout 19-3 Disabling MAC Address Learning 19-4 Viewing the MAC Address Table 19-4 20 C H A P T E R Using Modular Policy Framework 20-1 Information About Modular Policy Framework 20-1 Modular ... Specific Servers 20-22 Applying Inspection to HTTP Traffic with NAT 20-22 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM xvi OL-20748-01
Contents Adding a Static ARP Entry 19-2 Enabling ARP Inspection 19-2 Customizing the MAC Address Table 19-3 MAC Address Table Overview 19-3 Adding a Static MAC Address 19-3 Setting the MAC Address Timeout 19-3 Disabling MAC Address Learning 19-4 Viewing the MAC Address Table 19-4 20 C H A P T E R Using Modular Policy Framework 20-1 Information About Modular Policy Framework 20-1 Modular ... Specific Servers 20-22 Applying Inspection to HTTP Traffic with NAT 20-22 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM xvi OL-20748-01
Configuration Guide
Page 67
..., page 4-3 • Invalid Classifier Criteria, page 4-4 • Classification Examples, page 4-5 Valid Classifier Criteria If only one global MAC address across all other fields are created either by active dynamic NAT sessions. The admin context is named "admin." This context is not ...Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 4-3 If you can access the system and all interfaces. The FWSM uses only one context is used as a regular context. Moreover, the bridging table of the security context classifier is to the same MAC address...
..., page 4-3 • Invalid Classifier Criteria, page 4-4 • Classification Examples, page 4-5 Valid Classifier Criteria If only one global MAC address across all other fields are created either by active dynamic NAT sessions. The admin context is named "admin." This context is not ...Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 4-3 If you can access the system and all interfaces. The FWSM uses only one context is used as a regular context. Moreover, the bridging table of the security context classifier is to the same MAC address...
Configuration Guide
Page 87
... Total Number of Fixups per context: • Telnet sessions-5 sessions. • SSH sessions-5 sessions. • IPSec sessions-5 sessions. • MAC addresses-65,535 entries. OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 4-23 For example, if you create a class with a 2 percent limit...
... Total Number of Fixups per context: • Telnet sessions-5 sessions. • SSH sessions-5 sessions. • IPSec sessions-5 sessions. • MAC addresses-65,535 entries. OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 4-23 For example, if you create a class with a 2 percent limit...
Configuration Guide
Page 90
...900 concurrent TCP or UDP connections between any two 102,400 per second (rate) Application inspection. However, in the MAC address table. The NP distribution is always present, and one for the inequity. Typically, the connections are not evenly ...Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM OL-20748-01 In this algorithm on an algorithm. Configuring Resource Management Chapter 4 Configuring Security Contexts Table 4-2 Resource Names and Limits Resource Name mac-addresses conns fixups hosts ipsec ...
...900 concurrent TCP or UDP connections between any two 102,400 per second (rate) Application inspection. However, in the MAC address table. The NP distribution is always present, and one for the inequity. Typically, the connections are not evenly ...Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM OL-20748-01 In this algorithm on an algorithm. Configuring Resource Management Chapter 4 Configuring Security Contexts Table 4-2 Resource Names and Limits Resource Name mac-addresses conns fixups hosts ipsec ...
Configuration Guide
Page 102
... Contexts: 3 C 5 D 5 CA 10 CA 5 CA unlimited DA unlimited CA 23040 CA 11520 5 5.00% 10 10.00% 20 20.00% 23040 23040 10.00% 10.00% mac-addresses default all C 65535 gold 1 D 65535 65535 100.00% silver 1 CA 6553 6553 9.99% bronze 0 CA 3276 All Contexts: 3 137623 209.99% Table 4-5 shows each class... "C" or "D." If the resource is unlimited, this display is blank. If the resource is unlimited, this display is blank. 4-38 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM OL-20748-01
... Contexts: 3 C 5 D 5 CA 10 CA 5 CA unlimited DA unlimited CA 23040 CA 11520 5 5.00% 10 10.00% 20 20.00% 23040 23040 10.00% 10.00% mac-addresses default all C 65535 gold 1 D 65535 65535 100.00% silver 1 CA 6553 6553 9.99% bronze 0 CA 3276 All Contexts: 3 137623 209.99% Table 4-5 shows each class... "C" or "D." If the resource is unlimited, this display is blank. If the resource is unlimited, this display is blank. 4-38 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM OL-20748-01
Configuration Guide
Page 104
...0/s 0/s 0/s 0/s 0/s 0/s 0/s 0/s Average 0/s 0/s 0/s 0/s 0/s 0/s 0/s 0/s 0/s 0/s 0/s 4-40 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using the show perfmon command; You can monitor the amount of the combined context limits: hostname# show... following is crossed, the FWSM acts as a proxy for all 0 Resource Telnet SSH ASDM IPSec Syslogs [rate] Conns Xlates Hosts Conns [rate] Fixups [rate] Mac-addresses Current 0 0 0 0 0 0 0 0 0 0 0 Peak 0 0 0 0 0 0 0 0 0 0 0 Limit 100 100 80 10 30000 1000000 262144 262144 170000 100000 65535...
...0/s 0/s 0/s 0/s 0/s 0/s 0/s 0/s Average 0/s 0/s 0/s 0/s 0/s 0/s 0/s 0/s 0/s 0/s 0/s 4-40 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using the show perfmon command; You can monitor the amount of the combined context limits: hostname# show... following is crossed, the FWSM acts as a proxy for all 0 Resource Telnet SSH ASDM IPSec Syslogs [rate] Conns Xlates Hosts Conns [rate] Fixups [rate] Mac-addresses Current 0 0 0 0 0 0 0 0 0 0 0 Peak 0 0 0 0 0 0 0 0 0 0 0 Limit 100 100 80 10 30000 1000000 262144 262144 170000 100000 65535...
Configuration Guide
Page 113
...connected to connected devices. Note Each bridge group requires a management IP address. For another method of interfaces, called bridge groups. OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 5-7 IP...Network, page 5-7 • Bridge Groups, page 5-7 • Management Interface, page 5-8 • Allowing Layer 3 Traffic, page 5-8 • Allowed MAC Addresses, page 5-8 • Passing Traffic Not Allowed in Transparent Mode, page 5-11 • How Data Moves Through the Transparent Firewall, page 5-12 Transparent ...
...connected to connected devices. Note Each bridge group requires a management IP address. For another method of interfaces, called bridge groups. OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 5-7 IP...Network, page 5-7 • Bridge Groups, page 5-7 • Management Interface, page 5-8 • Allowing Layer 3 Traffic, page 5-8 • Allowed MAC Addresses, page 5-8 • Passing Traffic Not Allowed in Transparent Mode, page 5-11 • How Data Moves Through the Transparent Firewall, page 5-12 Transparent ...
Configuration Guide
Page 114
... multicast traffic such as IP traffic, cannot pass through using ASDM 5-8 OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using an EtherType access list. ARP traffic can be configured to go ...Management Interface In addition to each context from a single interface. Allowed MAC Addresses The following destination MAC addresses are supported. however, the management VLAN can be shared between contexts; An exception is ARP traffic. Any MAC address not on page 13-7 for more information about allowing special traffic....
... multicast traffic such as IP traffic, cannot pass through using ASDM 5-8 OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using an EtherType access list. ARP traffic can be configured to go ...Management Interface In addition to each context from a single interface. Allowed MAC Addresses The following destination MAC addresses are supported. however, the management VLAN can be shared between contexts; An exception is ARP traffic. Any MAC address not on page 13-7 for more information about allowing special traffic....