User Guide
Page 10
...140 start-up tests on each interface. A Crypto Officer can access the router via the console port or via SSH session. The Crypto Officer services consist of the following: Services & Access Configure the router (r, w, z) Description Define network interfaces and settings, create command aliases, set the protocols the router will support, enable interfaces and network services, set of the router, the Crypto Officer password (the "enable" password) is responsible for the configuration and maintenance of files kept in flash memory. Crypto Officer Services During initial configuration...
...140 start-up tests on each interface. A Crypto Officer can access the router via the console port or via SSH session. The Crypto Officer services consist of the following: Services & Access Configure the router (r, w, z) Description Define network interfaces and settings, create command aliases, set the protocols the router will support, enable interfaces and network services, set of the router, the Crypto Officer password (the "enable" password) is responsible for the configuration and maintenance of files kept in flash memory. Crypto Officer Services During initial configuration...
Installation Guide
Page 17
... open a case online by using the TAC Case Open tool at the following URL: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml Before calling, please check with a P1 or P2 problem, a Cisco TAC engineer will automatically open P3 and P4 cases through the Cisco TAC Web Site. When you open a case. OL-5079-04 Cisco 7609 Internet Router Installation Guide xvii In addition, please have Internet access...
... open a case online by using the TAC Case Open tool at the following URL: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml Before calling, please check with a P1 or P2 problem, a Cisco TAC engineer will automatically open P3 and P4 cases through the Cisco TAC Web Site. When you open a case. OL-5079-04 Cisco 7609 Internet Router Installation Guide xvii In addition, please have Internet access...
Installation Guide
Page 50
... the chassis and is secured with four M4 screws. holes on the left or right side of holes for the other side. Step 1 Step 2 Step 3 Position one side and the - If you used the + set of the chassis; use either on the other L bracket. Installing the Rack-Mount Kit Chapter 3 Installing the Cisco 7609 Internet Router Installing the L Brackets and Cable Guides The Cisco 7609 Internet Router L bracket screw holes are installed with...
... the chassis and is secured with four M4 screws. holes on the left or right side of holes for the other side. Step 1 Step 2 Step 3 Position one side and the - If you used the + set of the chassis; use either on the other L bracket. Installing the Rack-Mount Kit Chapter 3 Installing the Cisco 7609 Internet Router Installing the L Brackets and Cable Guides The Cisco 7609 Internet Router L bracket screw holes are installed with...
Installation Guide
Page 70
... Cisco 7600 Series Internet Router Module Installation Guide. If the system software is OK. The LINK LED blinks orange if the port is operational and active. If any LEDs on page 4-6. Verify that the STATUS LEDs on the supervisor engine and on each switching module are receiving power, have a redundant supervisor engine, refer to the Cisco 7600 Series Internet Router Software Configuration Guide or the Cisco 7600 Series Internet Router IOS Software Configuration Guide publications for descriptions of the supervisor engine LEDs, refer to start up, this LED...
... Cisco 7600 Series Internet Router Module Installation Guide. If the system software is OK. The LINK LED blinks orange if the port is operational and active. If any LEDs on page 4-6. Verify that the STATUS LEDs on the supervisor engine and on each switching module are receiving power, have a redundant supervisor engine, refer to the Cisco 7600 Series Internet Router Software Configuration Guide or the Cisco 7600 Series Internet Router IOS Software Configuration Guide publications for descriptions of the supervisor engine LEDs, refer to start up, this LED...
Configuration Guide
Page 138
... Settings Changing the Enable Password The enable password lets you configure the network partition parameters, upgrade the software images on the application partitions, change the guest account password, and enable or disable the guest account. This command changes the password for user root New password: Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 7-2 OL-20748-01 The maintenance software has two user levels with different access privileges: • root-Lets you enter privileged EXEC mode. The default password...
... Settings Changing the Enable Password The enable password lets you configure the network partition parameters, upgrade the software images on the application partitions, change the guest account password, and enable or disable the guest account. This command changes the password for user root New password: Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 7-2 OL-20748-01 The maintenance software has two user levels with different access privileges: • root-Lets you enter privileged EXEC mode. The default password...
Configuration Guide
Page 313
... identify the same mapped address across many different static statements, so long as the port is the same as static NAT, except it lets you specify the protocol (TCP or UDP) and port for the real and mapped addresses. OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 16-9 For example, if your web users to connect to non-standard port 6785, and then undo...
... identify the same mapped address across many different static statements, so long as the port is the same as static NAT, except it lets you specify the protocol (TCP or UDP) and port for the real and mapped addresses. OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 16-9 For example, if your web users to connect to non-standard port 6785, and then undo...
Configuration Guide
Page 340
... following command statically maps an entire subnet: hostname(config)# static (inside : hostname(config)# static (outside ) 209.165.202.130 access-list NET2 Configuring NAT Exemption NAT exemption exempts addresses from translation and allows both permit ACEs and deny ACEs. Do not specify the real and destination ports in the access list; Bypassing NAT Chapter 16 Configuring NAT The following command uses static identity NAT for NAT exemption configuration. 16-36 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM...
... following command statically maps an entire subnet: hostname(config)# static (inside : hostname(config)# static (outside ) 209.165.202.130 access-list NET2 Configuring NAT Exemption NAT exemption exempts addresses from translation and allows both permit ACEs and deny ACEs. Do not specify the real and destination ports in the access list; Bypassing NAT Chapter 16 Configuring NAT The following command uses static identity NAT for NAT exemption configuration. 16-36 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM...
Configuration Guide
Page 487
... outside hostname(config)# access-group mgcp in interface inside Configure call -agent 15.0.0.210 101 hostname(config-mgcp-map)# gateway 10.100.100.1 101 hostname(config-mgcp-map)# gateway 209.165.201.1 101 hostname(config-mgcp-map)# command-queue 150 hostname(config-mgcp-map)# exit Apply MGCP inspection with MGCP map: hostname(config)# policy-map global_policy OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM...
... outside hostname(config)# access-group mgcp in interface inside Configure call -agent 15.0.0.210 101 hostname(config-mgcp-map)# gateway 10.100.100.1 101 hostname(config-mgcp-map)# gateway 209.165.201.1 101 hostname(config-mgcp-map)# command-queue 150 hostname(config-mgcp-map)# exit Apply MGCP inspection with MGCP map: hostname(config)# policy-map global_policy OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM...
Configuration Guide
Page 508
... skinny hostname(config-pmap-c)# exit hostname(config)# service-policy sample_policy interface outside interface. TCP port 2000 is an audio connection established between an internal Cisco IP Phone at local address 10.0.0.11 and an external Cisco CallManager at local address 10.0.0.22 and the same Cisco CallManager. no random, 22-92 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using the name assigned with the global option or a specific interface using ASDM...
... skinny hostname(config-pmap-c)# exit hostname(config)# service-policy sample_policy interface outside interface. TCP port 2000 is an audio connection established between an internal Cisco IP Phone at local address 10.0.0.11 and an external Cisco CallManager at local address 10.0.0.22 and the same Cisco CallManager. no random, 22-92 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using the name assigned with the global option or a specific interface using ASDM...
Configuration Guide
Page 525
... be idle before the SSH user authentication prompt appears, as follows: hostname(config)# . When starting an SSH session, a dot (.) displays on the inside Using an SSH Client To gain access to the FWSM console using ASDM 23-3 OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using SSH, at the SSH client enter the username pix and enter the login password set the duration for how long...
... be idle before the SSH user authentication prompt appears, as follows: hostname(config)# . When starting an SSH session, a dot (.) displays on the inside Using an SSH Client To gain access to the FWSM console using ASDM 23-3 OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using SSH, at the SSH client enter the username pix and enter the login password set the duration for how long...
Configuration Guide
Page 553
... the following command: root@localhost# ip gateway ip_address c. (Optional) To ping the FTP server to the FWSM is cisco (set as the default in Step 4), enter the command for your operating system: • For Cisco IOS software, enter the following command: Router# hw-module module mod_num reset • For Catalyst operating system software, enter the following command: OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using the following command: root@localhost# upgrade ftp://[user[:password]@]server[/path...
... the following command: root@localhost# ip gateway ip_address c. (Optional) To ping the FTP server to the FWSM is cisco (set as the default in Step 4), enter the command for your operating system: • For Cisco IOS software, enter the following command: Router# hw-module module mod_num reset • For Catalyst operating system software, enter the following command: OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using the following command: root@localhost# upgrade ftp://[user[:password]@]server[/path...
Configuration Guide
Page 559
...following command: Console> (enable) reset mod_num c. To session in to upgrade the maintenance software, perform the following steps: Step 1 Step 2 Download the maintenance software from the FWSM admin context. Catalyst operating system software Console> (enable) session module_number OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 24-13 Cisco IOS software Router# session slot number processor 1 - BIOS Version: 4.0-Rel 6.0.9 Total available memory: 1004 MB Size of compact flash: 123 MB Daughter Card...
...following command: Console> (enable) reset mod_num c. To session in to upgrade the maintenance software, perform the following steps: Step 1 Step 2 Download the maintenance software from the FWSM admin context. Catalyst operating system software Console> (enable) session module_number OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 24-13 Cisco IOS software Router# session slot number processor 1 - BIOS Version: 4.0-Rel 6.0.9 Total available memory: 1004 MB Size of compact flash: 123 MB Daughter Card...
Software Configuration Guide
Page 33
... by vertical bars. Arguments for which you supply values are in brackets and separated by vertical bars. Voice, Video, and Home Applications Command Reference - Software System Error Messages - Internetwork Design Guide - Alternative keywords are optional. Network Protocols Configuration Guide, Part 1, 2, and 3 - Security Configuration Guide - Switching Services Command Reference - Configuration Builder Getting Started Guide The Cisco IOS Configuration Guides and Command References are located at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835...
... by vertical bars. Arguments for which you supply values are in brackets and separated by vertical bars. Voice, Video, and Home Applications Command Reference - Software System Error Messages - Internetwork Design Guide - Alternative keywords are optional. Network Protocols Configuration Guide, Part 1, 2, and 3 - Security Configuration Guide - Switching Services Command Reference - Configuration Builder Getting Started Guide The Cisco IOS Configuration Guides and Command References are located at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835...
Software Configuration Guide
Page 38
... forwarded to the MSFC3. Authentication Proxy-After authentication on MPLS interfaces, Network Address Translation (NAT) for the authentication policy. - Note the following information about hardware-assisted NAT: - Context-Based Access Control (CBAC) -The PFC installs entries in the NetFlow table to direct flows that specifies length. - Software Features Supported in software on the MSFC. - To configure PBR, refer to the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2, "Classification," "Configuring...
... forwarded to the MSFC3. Authentication Proxy-After authentication on MPLS interfaces, Network Address Translation (NAT) for the authentication policy. - Note the following information about hardware-assisted NAT: - Context-Based Access Control (CBAC) -The PFC installs entries in the NetFlow table to direct flows that specifies length. - Software Features Supported in software on the MSFC. - To configure PBR, refer to the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2, "Classification," "Configuring...
Software Configuration Guide
Page 45
...question mark (?). Chapter 2 Command-Line Interfaces Displaying a List of Cisco IOS Commands and Syntax ROM-monitor mode is corrupted at startup. From global configuration mode, enter the interface type slot/port command. Router(config-if)# Console configuration From the directly connected console or the virtual terminal used Cisco IOS modes. Router> Privileged EXEC (enable) Set operating parameters. The privileged command set includes the commands in . Router# Global configuration Configure features that begin with Telnet, use this command to privileged EXEC mode, press Ctrl-Z.
...question mark (?). Chapter 2 Command-Line Interfaces Displaying a List of Cisco IOS Commands and Syntax ROM-monitor mode is corrupted at startup. From global configuration mode, enter the interface type slot/port command. Router(config-if)# Console configuration From the directly connected console or the virtual terminal used Cisco IOS modes. Router> Privileged EXEC (enable) Set operating parameters. The privileged command set includes the commands in . Router# Global configuration Configure features that begin with Telnet, use this command to privileged EXEC mode, press Ctrl-Z.
Software Configuration Guide
Page 278
... network device with the lowest MAC address in the VLAN becomes the root bridge. The bridge priority value occupies the most significant bits of the spanning tree topology in the following minimal information: • The unique bridge ID of the transmitting port • Values for each Layer 2 segment. 20-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 When you change the bridge...
... network device with the lowest MAC address in the VLAN becomes the root bridge. The bridge priority value occupies the most significant bits of the spanning tree topology in the following minimal information: • The unique bridge ID of the transmitting port • Values for each Layer 2 segment. 20-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 When you change the bridge...
Software Configuration Guide
Page 391
... number of conflicting RP addresses, this task: Command or Action Router(config)# ip msdp vrf vrf_name peer {peer_name | peer_address} [connect-source interface_type interface_number] [remote-as ASN] Router(config)# no ip pim vrf vrf_name rp-address rp_address Purpose Specifies the PIM RP IPv4 address for a (required for display-only purposes. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 25-17 Chapter 25 Configuring IPv4 Multicast VPN Support Configuring...
... number of conflicting RP addresses, this task: Command or Action Router(config)# ip msdp vrf vrf_name peer {peer_name | peer_address} [connect-source interface_type interface_number] [remote-as ASN] Router(config)# no ip pim vrf vrf_name rp-address rp_address Purpose Specifies the PIM RP IPv4 address for a (required for display-only purposes. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 25-17 Chapter 25 Configuring IPv4 Multicast VPN Support Configuring...
Software Configuration Guide
Page 554
... devices include the switches, routers and servers in the PFC and directed to trusted interfaces. In a service provider environment, any device that acts like a firewall between untrusted hosts and trusted DHCP servers. The default trust state of all VLANs. DHCP Snooping Binding Database The DHCP snooping binding database is untrusted. Therefore, all DHCP servers must configure DHCP server interfaces as trusted. Note For DHCP snooping to the router through trusted interfaces. 37-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide...
... devices include the switches, routers and servers in the PFC and directed to trusted interfaces. In a service provider environment, any device that acts like a firewall between untrusted hosts and trusted DHCP servers. The default trust state of all VLANs. DHCP Snooping Binding Database The DHCP snooping binding database is untrusted. Therefore, all DHCP servers must configure DHCP server interfaces as trusted. Note For DHCP snooping to the router through trusted interfaces. 37-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide...
Software Configuration Guide
Page 824
... VLAN, port security responds to the violation in one of these ways: - When you limit the number of secure MAC addresses to send traffic into the port. A security violation occurs if the maximum number of secure MAC addresses have set the maximum number of addresses to one and configure the MAC address of these ways: • You can statically configure all dynamically learned addresses are allowed to one of the attached device. 47-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide...
... VLAN, port security responds to the violation in one of these ways: - When you limit the number of secure MAC addresses to send traffic into the port. A security violation occurs if the maximum number of secure MAC addresses have set the maximum number of addresses to one and configure the MAC address of these ways: • You can statically configure all dynamically learned addresses are allowed to one of the attached device. 47-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide...
Software Configuration Guide
Page 984
... plus remote SPAN reset ReSerVation Protocol Security Association Identifier service access point service connection manager Switch-Module Configuration Protocol Synchronous Data Link Control Stack Group Bidding Protocol single in-line memory module server load balancing Supervisor Line-Card Processor Serial Line Internet Protocol Software Management and Delivery Systems software MAC filter Standby Monitor Present Simple Multicast Routing Protocol Station Management Subnetwork Access Protocol Simple Network Management Protocol Cisco 7600 Series Router Cisco IOS Software Configuration Guide...
... plus remote SPAN reset ReSerVation Protocol Security Association Identifier service access point service connection manager Switch-Module Configuration Protocol Synchronous Data Link Control Stack Group Bidding Protocol single in-line memory module server load balancing Supervisor Line-Card Processor Serial Line Internet Protocol Software Management and Delivery Systems software MAC filter Standby Monitor Present Simple Multicast Routing Protocol Station Management Subnetwork Access Protocol Simple Network Management Protocol Cisco 7600 Series Router Cisco IOS Software Configuration Guide...