User Guide
Page 13
... be met at 55oC is especially dusty, inspect and replace the opacity shield more often. Installing the Opacity Shield on the Cisco 7606-S Router The 7609-S does not require any opacity shields. 2.4.2 Tamper Evidence Once the module has been configured to meet the short-term operations ...requirements at 55 oC. Caution: We recommend that you change the opacity shield every three months to slide out of overheating the chassis. ...
... be met at 55oC is especially dusty, inspect and replace the opacity shield more often. Installing the Opacity Shield on the Cisco 7606-S Router The 7609-S does not require any opacity shields. 2.4.2 Tamper Evidence Once the module has been configured to meet the short-term operations ...requirements at 55 oC. Caution: We recommend that you change the opacity shield every three months to slide out of overheating the chassis. ...
Installation Guide
Page 2
... TransPath, and VCO are designed to comply with radio and television reception. and certain other company. (0303R) Cisco 7609 Internet Router Installation Guide Copyright © 2001-2003, Cisco Systems, Inc. All other of its affiliates in part 15 of their own expense. All rights reserved. THE...radio. (That is not installed in a commercial environment. Copyright © 1981, Regents of the University of Cisco Systems, Inc.; Copyright ã 2003 Cisco Systems, Inc. Changing the Way We Work, Live, Play, and Learn, The Fastest Way to Increase Your Internet Quotient, and iQuick...
... TransPath, and VCO are designed to comply with radio and television reception. and certain other company. (0303R) Cisco 7609 Internet Router Installation Guide Copyright © 2001-2003, Cisco Systems, Inc. All other of its affiliates in part 15 of their own expense. All rights reserved. THE...radio. (That is not installed in a commercial environment. Copyright © 1981, Regents of the University of Cisco Systems, Inc.; Copyright ã 2003 Cisco Systems, Inc. Changing the Way We Work, Live, Play, and Learn, The Fastest Way to Increase Your Internet Quotient, and iQuick...
Configuration Guide
Page 2
... Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to be actual addresses. Changing the Way We Work, Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, Flip Gift Card, and One Million Acts of Green are registered trademarks of TCP header compression is unintentional...
... Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to be actual addresses. Changing the Way We Work, Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, Flip Gift Card, and One Million Acts of Green are registered trademarks of TCP header compression is unintentional...
Configuration Guide
Page 4
... 3-1 Logging in to the FWSM 3-1 Logging out of the FWSM 3-2 Managing the Configuration 3-3 Saving Configuration Changes 3-3 Saving Configuration Changes in Single Context Mode 3-3 Saving Configuration Changes in Multiple Context Mode 3-3 Copying the Startup Configuration to the Running Configuration 3-5 Viewing the Configuration 3-5 Clearing ...the FWSM Classifies Packets 4-3 Valid Classifier Criteria 4-3 Invalid Classifier Criteria 4-4 Classification Examples 4-5 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM iv OL-20748-01
... 3-1 Logging in to the FWSM 3-1 Logging out of the FWSM 3-2 Managing the Configuration 3-3 Saving Configuration Changes 3-3 Saving Configuration Changes in Single Context Mode 3-3 Saving Configuration Changes in Multiple Context Mode 3-3 Copying the Startup Configuration to the Running Configuration 3-5 Viewing the Configuration 3-5 Clearing ...the FWSM Classifies Packets 4-3 Valid Classifier Criteria 4-3 Invalid Classifier Criteria 4-4 Classification Examples 4-5 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM iv OL-20748-01
Configuration Guide
Page 5
...Restoring Single Context Mode 4-11 Managing Memory for Rules 4-11 About Memory Partitions 4-12 Default Rule Allocation 4-12 Setting the Number of Memory Partitions 4-13 Changing the Memory Partition Size 4-14 Reallocating Rules Between Features for a Specific Memory Partition 4-19 Configuring Resource Management 4-21 Classes and Class Members Overview 4-22... 4-35 Viewing Resource Allocation 4-36 Viewing Resource Usage 4-39 Monitoring SYN Attacks in Contexts 4-40 OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM v
...Restoring Single Context Mode 4-11 Managing Memory for Rules 4-11 About Memory Partitions 4-12 Default Rule Allocation 4-12 Setting the Number of Memory Partitions 4-13 Changing the Memory Partition Size 4-14 Reallocating Rules Between Features for a Specific Memory Partition 4-19 Configuring Resource Management 4-21 Classes and Class Members Overview 4-22... 4-35 Viewing Resource Allocation 4-36 Viewing Resource Usage 4-39 Monitoring SYN Attacks in Contexts 4-40 OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM v
Configuration Guide
Page 7
...Inter-Interface Communication 6-10 Configuring Intra-Interface Communication 6-11 Turning Off and Turning On Interfaces 6-12 Configuring Basic Settings 7-1 Changing the Passwords 7-1 Changing the Login Password 7-1 Changing the Enable Password 7-2 Changing the Maintenance Software Passwords 7-2 Setting the Hostname 7-3 Setting the Domain Name 7-4 Setting the Prompt 7-4 Configuring a Login ...Configuring OSPF NSSA 8-15 Configuring a Point-To-Point, Non-Broadcast OSPF Neighbor 8-16 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM vii
...Inter-Interface Communication 6-10 Configuring Intra-Interface Communication 6-11 Turning Off and Turning On Interfaces 6-12 Configuring Basic Settings 7-1 Changing the Passwords 7-1 Changing the Login Password 7-1 Changing the Enable Password 7-2 Changing the Maintenance Software Passwords 7-2 Setting the Hostname 7-3 Setting the Domain Name 7-4 Setting the Prompt 7-4 Configuring a Login ...Configuring OSPF NSSA 8-15 Configuring a Point-To-Point, Non-Broadcast OSPF Neighbor 8-16 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM vii
Configuration Guide
Page 8
...8-27 Disabling Automatic Route Summarization 8-27 Configuring Summary Aggregate Addresses 8-28 Disabling EIGRP Split Horizon 8-28 Changing the Interface Delay Value 8-29 Monitoring EIGRP 8-29 Disabling Neighbor Change and Warning Message Logging 8-30 Configuring Asymmetric Routing Support 8-30 Adding Interfaces to ASR Groups 8-31 Asymmetric... 8-33 Configuring DHCP 8-35 Configuring a DHCP Server 8-35 Enabling the DHCP Server 8-35 Configuring DHCP Options 8-37 Using Cisco IP Phones with a DHCP Server 8-38 Configuring DHCP Relay Services 8-39 DHCP Relay Overview 8-39 Catalyst 6500 Series Switch and...
...8-27 Disabling Automatic Route Summarization 8-27 Configuring Summary Aggregate Addresses 8-28 Disabling EIGRP Split Horizon 8-28 Changing the Interface Delay Value 8-29 Monitoring EIGRP 8-29 Disabling Neighbor Change and Warning Message Logging 8-30 Configuring Asymmetric Routing Support 8-30 Adding Interfaces to ASR Groups 8-31 Asymmetric... 8-33 Configuring DHCP 8-35 Configuring a DHCP Server 8-35 Enabling the DHCP Server 8-35 Configuring DHCP Options 8-37 Using Cisco IP Phones with a DHCP Server 8-38 Configuring DHCP Relay Services 8-39 DHCP Relay Overview 8-39 Catalyst 6500 Series Switch and...
Configuration Guide
Page 9
...Group 9-3 Controlling Access to Multicast Groups 9-4 Limiting the Number of IGMP States on an Interface 9-4 Modifying the Query Interval and Query Timeout 9-4 Changing the Query Response Time 9-5 Changing the IGMP Version 9-5 Configuring Stub Multicast Routing 9-5 Configuring a Static Multicast Route 9-6 Configuring PIM Features 9-6 Disabling PIM on an Interface 9-6 ...-7 Configuring the Neighbor Reachable Time 10-7 Configuring Router Advertisement Messages 10-8 OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM ix
...Group 9-3 Controlling Access to Multicast Groups 9-4 Limiting the Number of IGMP States on an Interface 9-4 Modifying the Query Interval and Query Timeout 9-4 Changing the Query Response Time 9-5 Changing the IGMP Version 9-5 Configuring Stub Multicast Routing 9-5 Configuring a Static Multicast Route 9-6 Configuring PIM Features 9-6 Disabling PIM on an Interface 9-6 ...-7 Configuring the Neighbor Reachable Time 10-7 Configuring Router Advertisement Messages 10-8 OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM ix
Configuration Guide
Page 17
... 21-5 Failover Support 21-6 Configuring the FWSM to Deny PISA Traffic 21-6 Configuring the Switch for PISA/FWSM Integration 21-7 PISA Limitations and Restrictions 21-7 Changing the MTU on the Switch to Support Longer Packet Length 21-8 Configuring Classification on the PISA 21-8 Configuring Tagging on the PISA 21-8 Sample Switch...-3 Default Inspection Policy 22-4 Configuring Application Inspection 22-6 CTIQBE Inspection 22-10 CTIQBE Inspection Overview 22-10 OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM xvii
... 21-5 Failover Support 21-6 Configuring the FWSM to Deny PISA Traffic 21-6 Configuring the Switch for PISA/FWSM Integration 21-7 PISA Limitations and Restrictions 21-7 Changing the MTU on the Switch to Support Longer Packet Length 21-8 Configuring Classification on the PISA 21-8 Configuring Tagging on the PISA 21-8 Sample Switch...-3 Default Inspection Policy 22-4 Configuring Application Inspection 22-6 CTIQBE Inspection 22-10 CTIQBE Inspection Overview 22-10 OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM xvii
Configuration Guide
Page 22
... the Device ID in Syslog Messages 25-16 Generating Syslog Messages in EMBLEM Format 25-16 Disabling a Syslog Message 25-17 Changing the Severity Level of a Syslog Message 25-17 Changing the Amount of Internal Flash Memory Available for Syslog Messages 25-18 Understanding Syslog Messages 25-19 Syslog Message Format 25... Troubleshooting the Firewall Services Module 26-1 Testing Your Configuration 26-1 Enabling ICMP Debug Messages and System Log Messages 26-1 xxii Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM OL-20748-01
... the Device ID in Syslog Messages 25-16 Generating Syslog Messages in EMBLEM Format 25-16 Disabling a Syslog Message 25-17 Changing the Severity Level of a Syslog Message 25-17 Changing the Amount of Internal Flash Memory Available for Syslog Messages 25-18 Understanding Syslog Messages 25-19 Syslog Message Format 25... Troubleshooting the Firewall Services Module 26-1 Testing Your Configuration 26-1 Enabling ICMP Debug Messages and System Log Messages 26-1 xxii Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM OL-20748-01
Configuration Guide
Page 31
... to the FWSM, complete this procedure. (Multiple context mode only) Configuring a Security Context, page 4-27 Add a security context. (Multiple context mode only) Changing Between Contexts and the System Execution Space, page 4-31 Because you must set a name (such as inside or outside), a security level, and an IP ... FWSM can session into the FWSM to access the FWSM CLI. (Might be required) Adding Switched Virtual Interfaces to If you want to change back to single mode, follow this procedure. Configuring Interfaces for it, or if you can send and receive traffic on the switch. ...
... to the FWSM, complete this procedure. (Multiple context mode only) Configuring a Security Context, page 4-27 Add a security context. (Multiple context mode only) Changing Between Contexts and the System Execution Space, page 4-31 Because you must set a name (such as inside or outside), a security level, and an IP ... FWSM can session into the FWSM to access the FWSM CLI. (Might be required) Adding Switched Virtual Interfaces to If you want to change back to single mode, follow this procedure. Configuring Interfaces for it, or if you can send and receive traffic on the switch. ...
Configuration Guide
Page 32
xxxii Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide ... mode, static routing and stub BGP is not already configured for it, or if you want to change back to single mode, follow this procedure. Transparent Firewall Minimum Configuration Steps To configure the FWSM in each...(Multiple context mode only) Configuring a Security Context, page 4-27 Add a security context. (Multiple context mode only) Changing Between Contexts and the System Execution Space, page 4-31 Because you must configure some settings in the system execution space...
xxxii Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide ... mode, static routing and stub BGP is not already configured for it, or if you want to change back to single mode, follow this procedure. Transparent Firewall Minimum Configuration Steps To configure the FWSM in each...(Multiple context mode only) Configuring a Security Context, page 4-27 Add a security context. (Multiple context mode only) Changing Between Contexts and the System Execution Space, page 4-31 Because you must configure some settings in the system execution space...
Configuration Guide
Page 54
...output buffer failures, 0 output buffers swapped out Customizing the FWSM Internal Interface The connection between the two NPs. Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 2-8 OL-20748-01 mcast:0 pkt, 0 bytes mcast L3 out Switched:ucast:0... a 6-GB 802.1Q trunking EtherChannel. Customizing the FWSM Internal Interface Chapter 2 Configuring the Switch for more information.) To change the load-balancing method, enter the following is sample output from not utilizing the full processing potential of "show interface" ...
...output buffer failures, 0 output buffers swapped out Customizing the FWSM Internal Interface The connection between the two NPs. Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 2-8 OL-20748-01 mcast:0 pkt, 0 bytes mcast L3 out Switched:ucast:0... a 6-GB 802.1Q trunking EtherChannel. Customizing the FWSM Internal Interface Chapter 2 Configuring the Switch for more information.) To change the load-balancing method, enter the following is sample output from not utilizing the full processing potential of "show interface" ...
Configuration Guide
Page 56
...context partition (cf:6)-64 MB are dedicated to this partition, which stores security context configurations (if desired) and RSA keys in Cisco IOS software commands: • Maintenance partition (cf:1)-Contains the maintenance software. Autostate messaging is called cf:n in a navigable file... application software image, system configuration, and ASDM. To change the default boot partition, enter the following command: Router(config)# boot device module mod_num cf:n 2-10 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using the...
...context partition (cf:6)-64 MB are dedicated to this partition, which stores security context configurations (if desired) and RSA keys in Cisco IOS software commands: • Maintenance partition (cf:1)-Contains the maintenance software. Autostate messaging is called cf:n in a navigable file... application software image, system configuration, and ASDM. To change the default boot partition, enter the following command: Router(config)# boot device module mod_num cf:n 2-10 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using the...
Configuration Guide
Page 60
... FWSM from the switch using ASDM 3-2 OL-20748-01 To change the password, see the "Changing the Passwords" section on page 7-1 to change the enable password. By default, the password is cisco. See the "Changing the Passwords" section on page 7-1. Connecting to the Firewall Services...Guide using the command appropriate for more information. See Chapter 4, "Configuring Security Contexts," for your switch operating system: • Cisco IOS software Router# session slot number processor 1 • Catalyst operating system software Console> (enable) session module_number For multiple context...
... FWSM from the switch using ASDM 3-2 OL-20748-01 To change the password, see the "Changing the Passwords" section on page 7-1 to change the enable password. By default, the password is cisco. See the "Changing the Passwords" section on page 7-1. Connecting to the Firewall Services...Guide using the command appropriate for more information. See Chapter 4, "Configuring Security Contexts," for your switch operating system: • Cisco IOS software Router# session slot number processor 1 • Catalyst operating system software Console> (enable) session module_number For multiple context...
Configuration Guide
Page 61
... configuration mode. Additional information about contexts is in Chapter 4, "Configuring Security Contexts," This section includes the following topics: • Saving Configuration Changes, page 3-3 • Copying the Startup Configuration to the Running Configuration, page 3-5 • Viewing the Configuration, page 3-5 • Clearing ...the Same Time, page 3-4 OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 3-3 Saving Configuration Changes in memory. The FWSM loads the configuration from a text file, called ...
... configuration mode. Additional information about contexts is in Chapter 4, "Configuring Security Contexts," This section includes the following topics: • Saving Configuration Changes, page 3-3 • Copying the Startup Configuration to the Running Configuration, page 3-5 • Viewing the Configuration, page 3-5 • Clearing ...the Same Time, page 3-4 OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 3-3 Saving Configuration Changes in memory. The FWSM loads the configuration from a text file, called ...
Configuration Guide
Page 63
...clear all the configuration for a specified command, enter the following command: hostname(config)# clear configure configurationcommand [level2configurationcommand] OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using one of these options: • To merge the startup configuration with the current running configuration, enter... using ASDM 3-5 Chapter 3 Connecting to the Firewall Services Module and Managing the Configuration Managing the Configuration • For contexts that are the same, no changes occur.
...clear all the configuration for a specified command, enter the following command: hostname(config)# clear configure configurationcommand [level2configurationcommand] OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using one of these options: • To merge the startup configuration with the current running configuration, enter... using ASDM 3-5 Chapter 3 Connecting to the Firewall Services Module and Managing the Configuration Managing the Configuration • For contexts that are the same, no changes occur.
Configuration Guide
Page 64
... configuration for level2configurationcommand. when you can download a text file to the FWSM. Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using the CLI, however, you save commands, the changes are preceded by line. If you use the CLI to enter commands, so the prompt is omitted...
... configuration for level2configurationcommand. when you can download a text file to the FWSM. Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using the CLI, however, you save commands, the changes are preceded by line. If you use the CLI to enter commands, so the prompt is omitted...
Configuration Guide
Page 65
... Between Contexts, page 4-7 • Management Access to Security Contexts, page 4-9 OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 4-1 Multiple contexts are not supported, including most dynamic routing protocols. Some...Uses for Rules, page 4-11 • Configuring Resource Management, page 4-21 • Configuring a Security Context, page 4-27 • Changing Between Contexts and the System Execution Space, page 4-31 • Managing Security Contexts, page 4-32 Security Context Overview You can partition a...
... Between Contexts, page 4-7 • Management Access to Security Contexts, page 4-9 OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 4-1 Multiple contexts are not supported, including most dynamic routing protocols. Some...Uses for Rules, page 4-11 • Configuring Resource Management, page 4-21 • Configuring a Security Context, page 4-27 • Changing Between Contexts and the System Execution Space, page 4-31 • Managing Security Contexts, page 4-32 Security Context Overview You can partition a...
Configuration Guide
Page 67
... are required, so this situation. To use admin.cfg as a file on flash memory, and not remotely. The purpose of the switch would constantly change the admin context. This section includes the following topics: • Valid Classifier Criteria, page 4-3 • Invalid Classifier Criteria, page 4-4 • ...inside,shared) 10.20.10.0 10.20.10.0 netmask 255.255.255.0 • Context C: OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 4-3 The admin context is named "admin." The FWSM uses only one global MAC address...
... are required, so this situation. To use admin.cfg as a file on flash memory, and not remotely. The purpose of the switch would constantly change the admin context. This section includes the following topics: • Valid Classifier Criteria, page 4-3 • Invalid Classifier Criteria, page 4-4 • ...inside,shared) 10.20.10.0 10.20.10.0 netmask 255.255.255.0 • Context C: OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 4-3 The admin context is named "admin." The FWSM uses only one global MAC address...