Processor Guide
Page 57
...with . A memory card formatted for one ), which is being used with the connector end of the slot and the ejector button pops out toward the slot. OL-10100-11 Cisco 7600 Series Router Supervisor Engine and Route Switch Processor Guide 3-13 Slide the card into ...Format the memory card the first time that the card is shown in the system. When correctly inserted, a portion of memory cards supported on Cisco 7600 supervisor engines and route switch processors. Chapter 3 Installing and Configuring Route Switch Processors and Supervisor Engines Using Flash Memory Cards Note...
...with . A memory card formatted for one ), which is being used with the connector end of the slot and the ejector button pops out toward the slot. OL-10100-11 Cisco 7600 Series Router Supervisor Engine and Route Switch Processor Guide 3-13 Slide the card into ...Format the memory card the first time that the card is shown in the system. When correctly inserted, a portion of memory cards supported on Cisco 7600 supervisor engines and route switch processors. Chapter 3 Installing and Configuring Route Switch Processors and Supervisor Engines Using Flash Memory Cards Note...
Installation Guide
Page 72
... the patch cord labeled "To Equipment" into the GBIC. (See Figure 2-2.) Plug the end labeled "To Cable Plant" into the patch panel. Patch Cord Configuration Example Figure 2-1 shows...To cable plant 13089 Differential Mode Delay When an unconditioned laser source designed for Installation Note Cisco Gigabit Ethernet products have been tested and evaluated to a multimode fiber (MMF) cable, ...LX/LH port Rx 13088 Patch Cord Installation Warning Invisible laser radiation may be reliably supported. 2-14 Book Title OL-5077-7 This degradation causes a decrease in Appendix A, "Technical ...
... the patch cord labeled "To Equipment" into the GBIC. (See Figure 2-2.) Plug the end labeled "To Cable Plant" into the patch panel. Patch Cord Configuration Example Figure 2-1 shows...To cable plant 13089 Differential Mode Delay When an unconditioned laser source designed for Installation Note Cisco Gigabit Ethernet products have been tested and evaluated to a multimode fiber (MMF) cable, ...LX/LH port Rx 13088 Patch Cord Installation Warning Invisible laser radiation may be reliably supported. 2-14 Book Title OL-5077-7 This degradation causes a decrease in Appendix A, "Technical ...
Configuration Guide
Page 11
... Multicast Traffic through the Transparent Firewall 13-7 Adding an Extended ACE 13-7 Adding an EtherType Access List 13-9 Supported EtherTypes 13-9 Apply Access Lists in Both Directions 13-9 Implicit Deny at the End of an Access List Does Not Affect IP or ARP Traffic 13-9 Using Extended and EtherType Access Lists on... Adding Object Groups 13-12 Adding a Protocol Object Group 13-12 Adding a Network Object Group 13-13 OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM xi
... Multicast Traffic through the Transparent Firewall 13-7 Adding an Extended ACE 13-7 Adding an EtherType Access List 13-9 Supported EtherTypes 13-9 Apply Access Lists in Both Directions 13-9 Implicit Deny at the End of an Access List Does Not Affect IP or ARP Traffic 13-9 Using Extended and EtherType Access Lists on... Adding Object Groups 13-12 Adding a Protocol Object Group 13-12 Adding a Network Object Group 13-13 OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM xi
Configuration Guide
Page 92
... of VLAN IDs, you can be used within the context instead of the mapped name must start or end the name with a letter or digit, and have two contexts named "customerA" and "CustomerA," for supported VLANs). the VLAN ID in the system configuration, perform the following steps: Step 1 Step 2 Step 3 ...specify a mapped name, the VLAN ID is a string up to the FWSM, use the following range: int0-int10 4-28 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM OL-20748-01 For example, you can use the show vlan command.
... of VLAN IDs, you can be used within the context instead of the mapped name must start or end the name with a letter or digit, and have two contexts named "customerA" and "CustomerA," for supported VLANs). the VLAN ID in the system configuration, perform the following steps: Step 1 Step 2 Step 3 ...specify a mapped name, the VLAN ID is a string up to the FWSM, use the following range: int0-int10 4-28 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM OL-20748-01 For example, you can use the show vlan command.
Configuration Guide
Page 140
...the domain name to "example.com," and specify a syslog server by the banner command $(hostname) token. The FWSM supports all contexts. Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 7-4 OL-20748-01 In multiple context mode, you can view...all 95 printable characters except the question mark (?). The hostname that you optionally set within the system execution space. A hostname must start and end with a letter or digit, and have as within a context does not appear in the command line, but can be up to "jupiter...
...the domain name to "example.com," and specify a syslog server by the banner command $(hostname) token. The FWSM supports all contexts. Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 7-4 OL-20748-01 In multiple context mode, you can view...all 95 printable characters except the question mark (?). The hostname that you optionally set within the system execution space. A hostname must start and end with a letter or digit, and have as within a context does not appear in the command line, but can be up to "jupiter...
Configuration Guide
Page 174
... which is in the Active state. 8-32 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM OL-20748-01 Configuring Route Health ...each of these routes specify the IP address of the FWSM interface as needed until the session ends. This allows the FWSM to the MSFC, which can then redistribute these routes through the ...can then redistribute these routes through OSPF or other dynamic routing protocols. Because the FWSM only supports OSPF or other dynamic routing protocols in single context mode, RHI can be used in multiple...
... which is in the Active state. 8-32 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM OL-20748-01 Configuring Route Health ...each of these routes specify the IP address of the FWSM interface as needed until the session ends. This allows the FWSM to the MSFC, which can then redistribute these routes through the ...can then redistribute these routes through OSPF or other dynamic routing protocols. Because the FWSM only supports OSPF or other dynamic routing protocols in single context mode, RHI can be used in multiple...
Configuration Guide
Page 223
... (config)# crypto ca export newton pkcs12 cisco123 Exported pkcs12 follows: [ PKCS12 data omitted ] ---End - Entering the crypto ca import pkcs12 command can export and import keypairs and issued certificates associated with...export pkcs12 You can copy the data. Chapter 12 Configuring Certificates virtual http atl-lx-sbacchus.cisco.com Certificate Configuration Exporting and Importing Keypairs and Certificates You can create this condition. To control...only one of the pkcs12--- The FWSM supports the PKCS12 format for a trustpoint called Main. Note If an FWSM has trustpoints that CA,...
... (config)# crypto ca export newton pkcs12 cisco123 Exported pkcs12 follows: [ PKCS12 data omitted ] ---End - Entering the crypto ca import pkcs12 command can export and import keypairs and issued certificates associated with...export pkcs12 You can copy the data. Chapter 12 Configuring Certificates virtual http atl-lx-sbacchus.cisco.com Certificate Configuration Exporting and Importing Keypairs and Certificates You can create this condition. To control...only one of the pkcs12--- The FWSM supports the PKCS12 format for a trustpoint called Main. Note If an FWSM has trustpoints that CA,...
Configuration Guide
Page 228
...non-IP traffic EtherType You can disable an ACE by making it is appended to the end of the access list unless you do not also need to configure management access according to... an access list that you create an ACE at the beginning of an access list that support Modular Policy Framework include TCP and general connection settings, and inspection. For example, if you...FWSM does not allow any traffic unless it inactive. 13-2 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM OL-20748-01 Identify traffic in...
...non-IP traffic EtherType You can disable an ACE by making it is appended to the end of the access list unless you do not also need to configure management access according to... an access list that you create an ACE at the beginning of an access list that support Modular Policy Framework include TCP and general connection settings, and inspection. For example, if you...FWSM does not allow any traffic unless it inactive. 13-2 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM OL-20748-01 Identify traffic in...
Configuration Guide
Page 232
... configuration. For connectionless protocols such as bidirectional connections. 13-6 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM OL-20748-01 Depending on page...ACEs count towards the system limit. You can identify all the access lists that you can support will be less than others, and these parameters within the command. For TCP and UDP... (by applying access lists to the source and destination interfaces), or you either need to the end of the ACE, see the "Logging Access List Activity" section on page 13-24. See ...
... configuration. For connectionless protocols such as bidirectional connections. 13-6 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM OL-20748-01 Depending on page...ACEs count towards the system limit. You can identify all the access lists that you can support will be less than others, and these parameters within the command. For TCP and UDP... (by applying access lists to the source and destination interfaces), or you either need to the end of the ACE, see the "Logging Access List Activity" section on page 13-24. See ...
Configuration Guide
Page 235
...FWSM is made up of the access list does not now block any IP traffic that specify an EtherType. The FWSM receives trunk port (Cisco proprietary) BPDUs because FWSM ports are connectionless, you need to apply the access list to both interfaces if you want traffic to specifically ...handle BPDUs. This section includes the following topics: • Supported EtherTypes, page 13-9 • Apply Access Lists in Both Directions, page 13-9 • Implicit Deny at the end of an Access List Does Not Affect IP or ARP Traffic, page 13-9 • Using ...
...FWSM is made up of the access list does not now block any IP traffic that specify an EtherType. The FWSM receives trunk port (Cisco proprietary) BPDUs because FWSM ports are connectionless, you need to apply the access list to both interfaces if you want traffic to specifically ...handle BPDUs. This section includes the following topics: • Supported EtherTypes, page 13-9 • Apply Access Lists in Both Directions, page 13-9 • Implicit Deny at the end of an Access List Does Not Affect IP or ARP Traffic, page 13-9 • Using ...
Configuration Guide
Page 272
...8226; The HTTP connection table (unless HTTP replication is no session information for the given endpoints. Supported end-user applications are 14-18 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM OL-20748-01 Note If failover occurs ...during an active Cisco IP SoftPhone session, the call session state information is enabled). • The ISAKMP and...
...8226; The HTTP connection table (unless HTTP replication is no session information for the given endpoints. Supported end-user applications are 14-18 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM OL-20748-01 Note If failover occurs ...during an active Cisco IP SoftPhone session, the call session state information is enabled). • The ISAKMP and...
Configuration Guide
Page 362
... the no filter activex 80 0 0 0 0 18-2 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using a hyphen between the starting port number and the ending port number. To remove the configuration, use this is applied. ActiveX filtering of the command... filtering. You can disable ActiveX objects with the TCP port to comments. Caution This command also blocks any of nested tags is supported by selectively replacing the and and and tags with comments. As a technology, ActiveX creates many potential problems for port 80. To...
... the no filter activex 80 0 0 0 0 18-2 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using a hyphen between the starting port number and the ending port number. To remove the configuration, use this is applied. ActiveX filtering of the command... filtering. You can disable ActiveX objects with the TCP port to comments. Caution This command also blocks any of nested tags is supported by selectively replacing the and and and tags with comments. As a technology, ActiveX creates many potential problems for port 80. To...
Configuration Guide
Page 405
...certain types of the application type. Instead, it is possible for an end-user application to be in the same switch chassis. When the PISA... • When a UDP packet is added. OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using GRE and includes a tag informing the FWSM ...Integration Guidelines and Limitations, page 21-5 • Using GRE for Tagging, page 21-5 • Failover Support, page 21-6 PISA Integration Guidelines and Limitations The following guidelines and limitations apply to preserve bandwidth for the...
...certain types of the application type. Instead, it is possible for an end-user application to be in the same switch chassis. When the PISA... • When a UDP packet is added. OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using GRE and includes a tag informing the FWSM ...Integration Guidelines and Limitations, page 21-5 • Using GRE for Tagging, page 21-5 • Failover Support, page 21-6 PISA Integration Guidelines and Limitations The following guidelines and limitations apply to preserve bandwidth for the...
Configuration Guide
Page 406
..., eDonkey, and Yahoo, enter the following commands: 21-6 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using the class-map command. If you ...pmap)# class denied_apps hostname(config-pmap-c)# Determine which have an implicit deny at the end, PISA actions have Stateful Failover on page 20-4 for PISA traffic sent to narrow...hostname(config-pmap-c)# deny {all traffic except for denial). or deny ? To see the supported protocol names, use the permit ? command. The GRE encapsulation increases the packet size slightly,...
..., eDonkey, and Yahoo, enter the following commands: 21-6 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using the class-map command. If you ...pmap)# class denied_apps hostname(config-pmap-c)# Determine which have an implicit deny at the end, PISA actions have Stateful Failover on page 20-4 for PISA traffic sent to narrow...hostname(config-pmap-c)# deny {all traffic except for denial). or deny ? To see the supported protocol names, use the permit ? command. The GRE encapsulation increases the packet size slightly,...
Configuration Guide
Page 432
... between the EPM and client on well known TCP port 135. Clients using ASDM OL-20748-01 DCERPC inspection supports the following messages: • End point mapper (EPMAP) • RemoteCreateInstance • Any message that does not contain an IP address or port information ...because these messages do not require inspection 22-16 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide...
... between the EPM and client on well known TCP port 135. Clients using ASDM OL-20748-01 DCERPC inspection supports the following messages: • End point mapper (EPMAP) • RemoteCreateInstance • Any message that does not contain an IP address or port information ...because these messages do not require inspection 22-16 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide...
Configuration Guide
Page 483
... the gateway command to 4294967295. This establishes a flow through the FWSM and allows MGCP end points to register with the call -agent command in MGCP map configuration mode, which is...gateways does not restrict calls between the gateways. OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using the mgcp-map command. For example,... create the access list, use of the call agent. Note MGCP inspection does not support the use the access-list extended command, as MGCP signalling. Configuring and Enabling MGCP Inspection...
... the gateway command to 4294967295. This establishes a flow through the FWSM and allows MGCP end points to register with the call -agent command in MGCP map configuration mode, which is...gateways does not restrict calls between the gateways. OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using the mgcp-map command. For example,... create the access list, use of the call agent. Note MGCP inspection does not support the use the access-list extended command, as MGCP signalling. Configuring and Enabling MGCP Inspection...
Configuration Guide
Page 526
...hung. In routed mode, the FWSM can take up to two minutes or longer. Transparent mode does support site-to-site tunnels. 23-4 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using private keys during SSH key exchange before user authentication... to enable the HTTPS server and let a host on the FWSM end of the client. The FWSM allows a maximum of 5 concurrent ASDM instances per context using a site-to-site tunnel. Transparent firewall mode does not support remote clients. You can connect to access ASDM on client authentication....
...hung. In routed mode, the FWSM can take up to two minutes or longer. Transparent mode does support site-to-site tunnels. 23-4 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using private keys during SSH key exchange before user authentication... to enable the HTTPS server and let a host on the FWSM end of the client. The FWSM allows a maximum of 5 concurrent ASDM instances per context using a site-to-site tunnel. Transparent firewall mode does not support remote clients. You can connect to access ASDM on client authentication....
Configuration Guide
Page 551
... entering the failover active command in the system execution space of the active unit; You can set a new default boot partition. • Cisco IOS software Router# show running , and the major version number does not match (3.1 vs. 3.2), then both failover groups active on the secondary...the terminal. Note The FWSM maintenance partition can cause communication problems with the new version. The FWSM does not support 802.1Q tagging on the switch. If necessary, end the FWSM session by entering the following steps: Step 1 Step 2 Each application partition has its own startup ...
... entering the failover active command in the system execution space of the active unit; You can set a new default boot partition. • Cisco IOS software Router# show running , and the major version number does not match (3.1 vs. 3.2), then both failover groups active on the secondary...the terminal. Note The FWSM maintenance partition can cause communication problems with the new version. The FWSM does not support 802.1Q tagging on the switch. If necessary, end the FWSM session by entering the following steps: Step 1 Step 2 Each application partition has its own startup ...
Configuration Guide
Page 691
... IPv6 addresses are represented as a series of IPv6 address. But each field must contain at the beginning, middle, or end of an IPv6 address (the colons represent the successive hexadecimal fields of zeros. You can be shortened to contain several examples... ::1 Unspecified 0:0:0:0:0:0:0:0 :: OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM E-5 It provides an expanded address space, a simplified header format, improved support for different types of eight 16-bit hexadecimal fields separated by removing...
... IPv6 addresses are represented as a series of IPv6 address. But each field must contain at the beginning, middle, or end of an IPv6 address (the colons represent the successive hexadecimal fields of zeros. You can be shortened to contain several examples... ::1 Unspecified 0:0:0:0:0:0:0:0 :: OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM E-5 It provides an expanded address space, a simplified header format, improved support for different types of eight 16-bit hexadecimal fields separated by removing...
Configuration Guide
Page 716
...networks; PPTP is attempted between a dial user and the PNS. A session is created when end-to carrier-class gigabit models for fast changing network environments. See also PIM-SM. The Cisco PIX 500-series FWSMs range from compact, plug-and-play desktop models for small/home offices...PPTP GRE tunnel, PNS, PPTP session, and PPTP TCP. A control connection operating over the tunnel between the PAC and the PNS. Devices supporting this standard let administrators maintain a single set of GRE for the transfer of PPTP. Developed for each user that identifies the higher level ...
...networks; PPTP is attempted between a dial user and the PNS. A session is created when end-to carrier-class gigabit models for fast changing network environments. See also PIM-SM. The Cisco PIX 500-series FWSMs range from compact, plug-and-play desktop models for small/home offices...PPTP GRE tunnel, PNS, PPTP session, and PPTP TCP. A control connection operating over the tunnel between the PAC and the PNS. Devices supporting this standard let administrators maintain a single set of GRE for the transfer of PPTP. Developed for each user that identifies the higher level ...