Installation Guide
Page 13
... Series Internet Router Installation Guide • Cisco 7600 Series Internet Router Module Installation Guide • Cisco 7600 Series Internet Router Quick Software Configuration Guide • Cisco 7600 Series Internet Router Software Configuration Guide • Cisco 7600 Series Internet Router Command Reference • Cisco 7600 Series Internet Router System Message Guide • Cisco 7600 Series Internet Router IOS Software Configuration Guide • Cisco 7600 Series Internet Router...
... Series Internet Router Installation Guide • Cisco 7600 Series Internet Router Module Installation Guide • Cisco 7600 Series Internet Router Quick Software Configuration Guide • Cisco 7600 Series Internet Router Software Configuration Guide • Cisco 7600 Series Internet Router Command Reference • Cisco 7600 Series Internet Router System Message Guide • Cisco 7600 Series Internet Router IOS Software Configuration Guide • Cisco 7600 Series Internet Router...
Installation Guide
Page 22
..., which provides switching, local and remote management, and multiple gigabit uplink interfaces. Cisco 7609 Internet Router Chapter 1 Product Overview Cisco 7609 Internet Router The Cisco 7609 Internet Router chassis has nine vertical slots that are numbered from right to the Cisco 7600 Series Internet Router Software Configuration Guide. Slot 2 can act as a backup if the first supervisor engine fails.
..., which provides switching, local and remote management, and multiple gigabit uplink interfaces. Cisco 7609 Internet Router Chapter 1 Product Overview Cisco 7609 Internet Router The Cisco 7609 Internet Router chassis has nine vertical slots that are numbered from right to the Cisco 7600 Series Internet Router Software Configuration Guide. Slot 2 can act as a backup if the first supervisor engine fails.
Installation Guide
Page 24
... AC-input or DC-input power supplies System Features This section describes the hardware features for the Cisco 7609 Internet Router. For module descriptions and installation procedures, refer to the Cisco 7600 Series Internet Router Software Configuration Guide. Each supervisor engine has two Gigabit interface uplinks. Bandwidth and Port Density Table 1-1 lists the bandwidth and...
... AC-input or DC-input power supplies System Features This section describes the hardware features for the Cisco 7609 Internet Router. For module descriptions and installation procedures, refer to the Cisco 7600 Series Internet Router Software Configuration Guide. Each supervisor engine has two Gigabit interface uplinks. Bandwidth and Port Density Table 1-1 lists the bandwidth and...
Installation Guide
Page 26
...Cisco 7609 Internet Router Installation Guide 1-8 OL-5079-04 Cisco 7600 Internet Router Components Chapter 1 Product Overview Component Hot Swapping You can add, replace, or remove modules without interrupting the system power or causing other software or interfaces to the Cisco 7600 Series Internet Router Software Configuration Guide... for the supervisor engine and the switching modules. Fan Assembly The system fan assembly provides cooling air for the Cisco 7609 Internet Router. Note Although the FlexWAN module supports hot swapping, individual port adapters do not. Figure 1-2 shows ...
...Cisco 7609 Internet Router Installation Guide 1-8 OL-5079-04 Cisco 7600 Internet Router Components Chapter 1 Product Overview Component Hot Swapping You can add, replace, or remove modules without interrupting the system power or causing other software or interfaces to the Cisco 7600 Series Internet Router Software Configuration Guide... for the supervisor engine and the switching modules. Fan Assembly The system fan assembly provides cooling air for the Cisco 7609 Internet Router. Note Although the FlexWAN module supports hot swapping, individual port adapters do not. Figure 1-2 shows ...
Installation Guide
Page 29
... and turn on the power supply. If you fail to maintain uninterrupted system operation. no software configuration is required. OL-5079-04 Cisco 7609 Internet Router Installation Guide 1-11 If one power supply fails, the second power supply immediately assumes full power to install two... modules, you must install two modules in a redundant power supply configuration, you might receive spurious OUTPUT FAIL indications...
... and turn on the power supply. If you fail to maintain uninterrupted system operation. no software configuration is required. OL-5079-04 Cisco 7609 Internet Router Installation Guide 1-11 If one power supply fails, the second power supply immediately assumes full power to install two... modules, you must install two modules in a redundant power supply configuration, you might receive spurious OUTPUT FAIL indications...
Installation Guide
Page 30
... abnormal voltage on one or more information about the environmental monitoring feature, refer to the Cisco 7600 Series Internet Router Software Configuration Guide. For more of the DC-output voltages of the power supply 1-12 Cisco 7609 Internet Router Installation Guide OL-5079-04 Substantial overvoltage conditions can lead to prevent damage. The power supplies monitor...
... abnormal voltage on one or more information about the environmental monitoring feature, refer to the Cisco 7600 Series Internet Router Software Configuration Guide. For more of the DC-output voltages of the power supply 1-12 Cisco 7609 Internet Router Installation Guide OL-5079-04 Substantial overvoltage conditions can lead to prevent damage. The power supplies monitor...
Installation Guide
Page 68
...efficient to isolate the problem to what the system is complete, refer to the Cisco 7600 Series Internet Router Software Configuration Guide, the Cisco 7600 Series Internet Router IOS Software Configuration Guide, the Cisco 7600 Series Internet Router Command Reference, or the Cisco 7600 Series Internet Router IOS Command Reference publications to troubleshoot the software. The switch... and power supply fans. • Fan assembly-The chassis fan assembly should be attributed to a single component, it is on. If the FAN Cisco 7609 Internet Router Installation Guide 4-2 OL-5079-04
...efficient to isolate the problem to what the system is complete, refer to the Cisco 7600 Series Internet Router Software Configuration Guide, the Cisco 7600 Series Internet Router IOS Software Configuration Guide, the Cisco 7600 Series Internet Router Command Reference, or the Cisco 7600 Series Internet Router IOS Command Reference publications to troubleshoot the software. The switch... and power supply fans. • Fan assembly-The chassis fan assembly should be attributed to a single component, it is on. If the FAN Cisco 7609 Internet Router Installation Guide 4-2 OL-5079-04
Installation Guide
Page 69
..., so check here if you have a redundant supervisor engine, refer to the Cisco 7600 Series Internet Router Software Configuration Guide or the Cisco 7600 Series Internet Router IOS Software Configuration Guide publications for descriptions of how the redundant supervisor engine comes online and how the ...hear the system fan assembly begin to halt. Perform these steps to initialize the switching module. OL-5079-04 Cisco 7609 Internet Router Installation Guide 4-3 Status LEDs on the supervisor engine indicate whether or not the supervisor engine is partially installed in the startup...
..., so check here if you have a redundant supervisor engine, refer to the Cisco 7600 Series Internet Router Software Configuration Guide or the Cisco 7600 Series Internet Router IOS Software Configuration Guide publications for descriptions of how the redundant supervisor engine comes online and how the ...hear the system fan assembly begin to halt. Perform these steps to initialize the switching module. OL-5079-04 Cisco 7609 Internet Router Installation Guide 4-3 Status LEDs on the supervisor engine indicate whether or not the supervisor engine is partially installed in the startup...
Installation Guide
Page 70
... description of the supervisor engine LEDs, refer to the Cisco 7600 Series Internet Router Software Configuration Guide or the Cisco 7600 Series Internet Router IOS Software Configuration Guide publications for descriptions of the individual interfaces on page 4-6. If no signal is operational and active. Cisco 7609 Internet Router Installation Guide 4-4 OL-5079-04 This LED indicates that the supervisor...
... description of the supervisor engine LEDs, refer to the Cisco 7600 Series Internet Router Software Configuration Guide or the Cisco 7600 Series Internet Router IOS Software Configuration Guide publications for descriptions of the individual interfaces on page 4-6. If no signal is operational and active. Cisco 7609 Internet Router Installation Guide 4-4 OL-5079-04 This LED indicates that the supervisor...
Installation Guide
Page 73
... the interfaces. Refer to the Cisco 7600 Series Internet Router Software Configuration Guide, the Cisco 7600 Series Internet Router IOS Software Configuration Guide, the Cisco 7600 Series Internet Router Command Reference or the Cisco 7600 Series Internet Router IOS Command Reference publications to isolate and resolve the problem OL-5079-04 Cisco 7609 Internet Router Installation Guide 4-7 Before you call, have...
... the interfaces. Refer to the Cisco 7600 Series Internet Router Software Configuration Guide, the Cisco 7600 Series Internet Router IOS Software Configuration Guide, the Cisco 7600 Series Internet Router Command Reference or the Cisco 7600 Series Internet Router IOS Command Reference publications to isolate and resolve the problem OL-5079-04 Cisco 7609 Internet Router Installation Guide 4-7 Before you call, have...
Configuration Guide
Page 1
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide Using the CLI Release 4.1 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Customer Order Number: N/A, Online only Text Part Number: OL-20748-01
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide Using the CLI Release 4.1 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Customer Order Number: N/A, Online only Text Part Number: OL-20748-01
Configuration Guide
Page 2
... ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM Copyright © 2010 Cisco Systems, Inc. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. All rights reserved. Changing the Way We Work, Live, Play...
... ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM Copyright © 2010 Cisco Systems, Inc. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. All rights reserved. Changing the Way We Work, Live, Play...
Configuration Guide
Page 3
... 1-7 Stateful Inspection Overview 1-8 Security Context Overview 1-9 Configuring the Switch for the Firewall Services Module 2-1 Switch Overview 2-1 Verifying the Module Installation 2-2 Assigning VLANs to the Firewall Services Module 2-2 VLAN Guidelines 2-3 Assigning VLANs to the FWSM 2-3 OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM iii
... 1-7 Stateful Inspection Overview 1-8 Security Context Overview 1-9 Configuring the Switch for the Firewall Services Module 2-1 Switch Overview 2-1 Verifying the Module Installation 2-2 Assigning VLANs to the Firewall Services Module 2-2 VLAN Guidelines 2-3 Assigning VLANs to the FWSM 2-3 OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM iii
Configuration Guide
Page 4
... and Removing Configuration Settings 3-5 Creating Text Configuration Files Offline 3-6 4 C H A P T E R Configuring Security Contexts 4-1 Security Context Overview 4-1 Common Uses for Security Contexts 4-2 Unsupported Features 4-2 Context Configuration Files 4-2 Context Configurations 4-2 System Configuration 4-2 Admin Context Configuration 4-3 How the FWSM Classifies Packets 4-3 Valid Classifier Criteria 4-3 Invalid Classifier Criteria 4-4 Classification Examples 4-5 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using...
... and Removing Configuration Settings 3-5 Creating Text Configuration Files Offline 3-6 4 C H A P T E R Configuring Security Contexts 4-1 Security Context Overview 4-1 Common Uses for Security Contexts 4-2 Unsupported Features 4-2 Context Configuration Files 4-2 Context Configurations 4-2 System Configuration 4-2 Admin Context Configuration 4-3 How the FWSM Classifies Packets 4-3 Valid Classifier Criteria 4-3 Invalid Classifier Criteria 4-4 Classification Examples 4-5 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using...
Configuration Guide
Page 5
...Access 4-9 Context Administrator Access 4-10 Enabling or Disabling Multiple Context Mode 4-10 Backing Up the Single Mode Configuration 4-10 Enabling Multiple Context Mode 4-10 Restoring Single Context Mode 4-11 Managing Memory for Rules 4-11 ...Configuration 4-34 Reloading by Removing and Readding the Context 4-35 Monitoring Security Contexts 4-35 Viewing Context Information 4-35 Viewing Resource Allocation 4-36 Viewing Resource Usage 4-39 Monitoring SYN Attacks in Contexts 4-40 OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide...
...Access 4-9 Context Administrator Access 4-10 Enabling or Disabling Multiple Context Mode 4-10 Backing Up the Single Mode Configuration 4-10 Enabling Multiple Context Mode 4-10 Restoring Single Context Mode 4-11 Managing Memory for Rules 4-11 ...Configuration 4-34 Reloading by Removing and Readding the Context 4-35 Monitoring Security Contexts 4-35 Viewing Context Information 4-35 Viewing Resource Allocation 4-36 Viewing Resource Usage 4-39 Monitoring SYN Attacks in Contexts 4-40 OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide...
Configuration Guide
Page 6
...Host 5-16 Setting Transparent or Routed Firewall Mode 5-17 6 C H A P T E R Configuring Interface Parameters 6-1 Security Level Overview 6-1 Configuring Interfaces for Routed Firewall Mode 6-2 Guidelines and Limitations 6-2 Configuring an Interface 6-3 Configuring Interfaces for Transparent Firewall Mode 6-4 Information About Interfaces in Transparent Mode 6-4 Information About Bridge Groups ...to Access an Inside Host 5-5 A DMZ User Attempts to a Bridge Group 6-6 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM vi OL-20748-01
...Host 5-16 Setting Transparent or Routed Firewall Mode 5-17 6 C H A P T E R Configuring Interface Parameters 6-1 Security Level Overview 6-1 Configuring Interfaces for Routed Firewall Mode 6-2 Guidelines and Limitations 6-2 Configuring an Interface 6-3 Configuring Interfaces for Transparent Firewall Mode 6-4 Information About Interfaces in Transparent Mode 6-4 Information About Bridge Groups ...to Access an Inside Host 5-5 A DMZ User Attempts to a Bridge Group 6-6 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM vi OL-20748-01
Configuration Guide
Page 7
... the Same Security Level 6-10 Configuring Inter-Interface Communication 6-10 Configuring Intra-Interface Communication 6-11 Turning Off and Turning On Interfaces 6-12 Configuring Basic Settings 7-1 Changing the Passwords...Configuring OSPF 8-9 OSPF Overview 8-9 Enabling OSPF 8-10 Redistributing Routes Between OSPF Processes 8-11 Configuring OSPF Interface Parameters 8-12 Configuring OSPF Area Parameters 8-14 Configuring OSPF NSSA 8-15 Configuring a Point-To-Point, Non-Broadcast OSPF Neighbor 8-16 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide...
... the Same Security Level 6-10 Configuring Inter-Interface Communication 6-10 Configuring Intra-Interface Communication 6-11 Turning Off and Turning On Interfaces 6-12 Configuring Basic Settings 7-1 Changing the Passwords...Configuring OSPF 8-9 OSPF Overview 8-9 Enabling OSPF 8-10 Redistributing Routes Between OSPF Processes 8-11 Configuring OSPF Interface Parameters 8-12 Configuring OSPF Area Parameters 8-14 Configuring OSPF NSSA 8-15 Configuring a Point-To-Point, Non-Broadcast OSPF Neighbor 8-16 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide...
Configuration Guide
Page 8
... Guidelines 8-33 Enabling RHI 8-33 Configuring DHCP 8-35 Configuring a DHCP Server 8-35 Enabling the DHCP Server 8-35 Configuring DHCP Options 8-37 Using Cisco IP Phones with a DHCP Server 8-38 Configuring DHCP Relay Services 8-39 DHCP Relay Overview 8-39 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM viii OL-20748-01
... Guidelines 8-33 Enabling RHI 8-33 Configuring DHCP 8-35 Configuring a DHCP Server 8-35 Enabling the DHCP Server 8-35 Configuring DHCP Options 8-37 Using Cisco IP Phones with a DHCP Server 8-38 Configuring DHCP Relay Services 8-39 DHCP Relay Overview 8-39 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM viii OL-20748-01
Configuration Guide
Page 9
... 10-4 Configuring IPv6 Default and Static Routes 10-5 Configuring IPv6 Access Lists 10-5 Configuring IPv6 Neighbor Discovery 10-6 Configuring Neighbor Solicitation Messages 10-6 Configuring the Neighbor Solicitation Message Interval 10-7 Configuring the Neighbor Reachable Time 10-7 Configuring Router Advertisement Messages 10-8 OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM...
... 10-4 Configuring IPv6 Default and Static Routes 10-5 Configuring IPv6 Access Lists 10-5 Configuring IPv6 Neighbor Discovery 10-6 Configuring Neighbor Solicitation Messages 10-6 Configuring the Neighbor Solicitation Message Interval 10-7 Configuring the Neighbor Reachable Time 10-7 Configuring Router Advertisement Messages 10-8 OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM...
Configuration Guide
Page 10
...-10 Viewing IPv6 Interface Settings 10-10 Viewing IPv6 Routes 10-11 11 C H A P T E R Configuring AAA Servers and the Local Database 11-1 AAA Overview 11-1 About Authentication 11-2 About Authorization 11-2 About Accounting 11...Support 11-6 Configuring the Local Database 11-7 Identifying AAA Server Groups and Servers 11-9 12 C H A P T E R Configuring Certificates 12-1 Public Key Cryptography 12-1 About Public Key Cryptography 12-1 Certificate Scalability 12-2 About Key Pairs 12-2 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM ...
...-10 Viewing IPv6 Interface Settings 10-10 Viewing IPv6 Routes 10-11 11 C H A P T E R Configuring AAA Servers and the Local Database 11-1 AAA Overview 11-1 About Authentication 11-2 About Authorization 11-2 About Accounting 11...Support 11-6 Configuring the Local Database 11-7 Identifying AAA Server Groups and Servers 11-9 12 C H A P T E R Configuring Certificates 12-1 Public Key Cryptography 12-1 About Public Key Cryptography 12-1 Certificate Scalability 12-2 About Key Pairs 12-2 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM ...