User Guide
Page 1
Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B FIPS 140-2 Non Proprietary Security Policy Level 2 Validation Version 0.5 May, 2011 © Copyright 2007 Cisco Systems, Inc. 1 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B FIPS 140-2 Non Proprietary Security Policy Level 2 Validation Version 0.5 May, 2011 © Copyright 2007 Cisco Systems, Inc. 1 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
User Guide
Page 2
...Table of Contents 1 INTRODUCTION...3 1.1 PURPOSE ...3 1.2 MODULE VALIDATION LEVEL 3 1.3 REFERENCES...3 1.4 TERMINOLOGY ...4 1.5 DOCUMENT ORGANIZATION 4 2 CISCO 7606-S AND 7609-S ROUTERS WITH SUPERVISOR SUP720-3B 5 2.1 CRYPTOGRAPHIC MODULE PHYSICAL CHARACTERISTICS 5 2.2 MODULE INTERFACES...6 2.3 ROLES AND SERVICES...8 2.3.1 Authentication 9 2.3.2 Services...9 a. User... AND CONFIGURATION 21 3.2 PROTOCOLS ...22 3.3 REMOTE ACCESS ...22 © Copyright 2011 Cisco Systems, Inc. 2 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
...Table of Contents 1 INTRODUCTION...3 1.1 PURPOSE ...3 1.2 MODULE VALIDATION LEVEL 3 1.3 REFERENCES...3 1.4 TERMINOLOGY ...4 1.5 DOCUMENT ORGANIZATION 4 2 CISCO 7606-S AND 7609-S ROUTERS WITH SUPERVISOR SUP720-3B 5 2.1 CRYPTOGRAPHIC MODULE PHYSICAL CHARACTERISTICS 5 2.2 MODULE INTERFACES...6 2.3 ROLES AND SERVICES...8 2.3.1 Authentication 9 2.3.2 Services...9 a. User... AND CONFIGURATION 21 3.2 PROTOCOLS ...22 3.3 REMOTE ACCESS ...22 © Copyright 2011 Cisco Systems, Inc. 2 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
User Guide
Page 3
... prepared as part of the Level 2 FIPS 140-2 validation of the Cisco 7606-S and 7609-S Routers with SUP720-3B; Please refer to operate the router with Supervisor SUP720-3B in the FIPS PUB 140-2. Security Requirements for the Cisco 7606S and 7609-S Routers with Supervisor SUP720-3B. No. More information about the FIPS 140-2 standard and...
... prepared as part of the Level 2 FIPS 140-2 validation of the Cisco 7606-S and 7609-S Routers with SUP720-3B; Please refer to operate the router with Supervisor SUP720-3B in the FIPS PUB 140-2. Security Requirements for the Cisco 7606S and 7609-S Routers with Supervisor SUP720-3B. No. More information about the FIPS 140-2 standard and...
User Guide
Page 4
...Vendor Evidence document Finite State Machine Other supporting documentation as additional references This document provides an overview of the Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B is referred to as the router, the module, or the system. 1.5 Document Organization The ...please refer to these documents, please contact Cisco Systems. © Copyright 2011 Cisco Systems, Inc. 4 This document may be freely reproduced and distributed whole and intact including this document, the Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B and explains the secure configuration ...
...Vendor Evidence document Finite State Machine Other supporting documentation as additional references This document provides an overview of the Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B is referred to as the router, the module, or the system. 1.5 Document Organization The ...please refer to these documents, please contact Cisco Systems. © Copyright 2011 Cisco Systems, Inc. 4 This document may be freely reproduced and distributed whole and intact including this document, the Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B and explains the secure configuration ...
User Guide
Page 5
2 Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B The Cisco 7600-S Router is a compact, high-performance router designed in both enterprises and service providers. Cisco 7606-S Router © Copyright 2011 Cisco Systems, Inc. 5 This document may be freely reproduced and distributed ... edge. The following subsections describe the physical characteristics of the routers. 2.1 Cryptographic Module Physical Characteristics Figure 1 - The Cisco 7600-S also delivers WAN and metropolitan-area network (MAN) networking solutions at the network edge, where robust performance and ...
2 Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B The Cisco 7600-S Router is a compact, high-performance router designed in both enterprises and service providers. Cisco 7606-S Router © Copyright 2011 Cisco Systems, Inc. 5 This document may be freely reproduced and distributed ... edge. The following subsections describe the physical characteristics of the routers. 2.1 Cryptographic Module Physical Characteristics Figure 1 - The Cisco 7600-S also delivers WAN and metropolitan-area network (MAN) networking solutions at the network edge, where robust performance and ...
User Guide
Page 6
...Figures 1 and 2 above as being the physical enclosure of the functionality described in the figures below: © Copyright 2011 Cisco Systems, Inc. 6 This document may be freely reproduced and distributed whole and intact including this cryptographic boundary. Two CompactFlash Type...the dark border around the module. Four Status LEDs 5. Cisco 7609-S Router The cryptographic boundary is provided by components within this Copyright Notice. One serial console port 4. The module incorporates one or more supervisor blades. 2.2 Module Interfaces The module features the following ...
...Figures 1 and 2 above as being the physical enclosure of the functionality described in the figures below: © Copyright 2011 Cisco Systems, Inc. 6 This document may be freely reproduced and distributed whole and intact including this cryptographic boundary. Two CompactFlash Type...the dark border around the module. Four Status LEDs 5. Cisco 7609-S Router The cryptographic boundary is provided by components within this Copyright Notice. One serial console port 4. The module incorporates one or more supervisor blades. 2.2 Module Interfaces The module features the following ...
User Guide
Page 7
... is not operational because a fault occurred during the initialization sequence. All chassis environmental monitors are reporting OK. A minor hardware problem has been detected. The supervisor engine is in standby mode. © Copyright 2011 Cisco Systems, Inc. 7 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. The...
... is not operational because a fault occurred during the initialization sequence. All chassis environmental monitors are reporting OK. A minor hardware problem has been detected. The supervisor engine is in standby mode. © Copyright 2011 Cisco Systems, Inc. 7 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. The...
Installation Guide
Page 4
... Equipment 3-12 Connecting the System Ground 3-14 Installing the Power Supplies in the Cisco 7609 Chassis 3-14 Attaching the Interface Cables 3-15 Connecting the Supervisor Engine Console Port 3-15 Connecting the Supervisor Engine Uplink Ports 3-18 Connecting to the Interface Ports 3-19 Verifying Cisco 7609 Chassis Installation 3-21 Cisco 7609 Internet Router Installation Guide iv OL-5079-04
... Equipment 3-12 Connecting the System Ground 3-14 Installing the Power Supplies in the Cisco 7609 Chassis 3-14 Attaching the Interface Cables 3-15 Connecting the Supervisor Engine Console Port 3-15 Connecting the Supervisor Engine Uplink Ports 3-18 Connecting to the Interface Ports 3-19 Verifying Cisco 7609 Chassis Installation 3-21 Cisco 7609 Internet Router Installation Guide iv OL-5079-04
Installation Guide
Page 22
... configuration, refer to left. (See Figure 1-1.) Slot 1 is available for the supervisor engine, which can contain an additional redundant supervisor engine, which provides switching, local and remote management, and multiple gigabit uplink interfaces. Cisco 7609 Internet Router Chapter 1 Product Overview Cisco 7609 Internet Router The Cisco 7609 Internet Router chassis has nine vertical slots that are numbered from...
... configuration, refer to left. (See Figure 1-1.) Slot 1 is available for the supervisor engine, which can contain an additional redundant supervisor engine, which provides switching, local and remote management, and multiple gigabit uplink interfaces. Cisco 7609 Internet Router Chapter 1 Product Overview Cisco 7609 Internet Router The Cisco 7609 Internet Router chassis has nine vertical slots that are numbered from...
Installation Guide
Page 23
Cisco 7609 Internet Router Installation Guide 1-5 Cisco 7609 Internet Router Supervisor engine Redundant supervisor engine Switch Fabric Module Redundant Switch Fabric Module Slots 1-9 (right to left) 55746 Power supply 2 (redundant) FAN OUTPUT OK FAIL INPUT ...3 CAARLRALIRIENMRK RX LINK 4 FAN OUTPUT OK FAIL o o SELECT STATUS ACTIVE NEXT Power supply 1 INPUT OK SELECT STATUS ACTIVE NEXT Chapter 1 Product Overview Figure 1-1 Cisco 7609 Internet Router SWITCH FABRIC MDL WS-C6500-SFM SWITCH FABRIC MDL OSM-40C12-POS-MM STATUS OC12 POS MM 1 2 LINK 1 3 LINK 2 4 LINK 3 ACTIVE...
Cisco 7609 Internet Router Installation Guide 1-5 Cisco 7609 Internet Router Supervisor engine Redundant supervisor engine Switch Fabric Module Redundant Switch Fabric Module Slots 1-9 (right to left) 55746 Power supply 2 (redundant) FAN OUTPUT OK FAIL INPUT ...3 CAARLRALIRIENMRK RX LINK 4 FAN OUTPUT OK FAIL o o SELECT STATUS ACTIVE NEXT Power supply 1 INPUT OK SELECT STATUS ACTIVE NEXT Chapter 1 Product Overview Figure 1-1 Cisco 7609 Internet Router SWITCH FABRIC MDL WS-C6500-SFM SWITCH FABRIC MDL OSM-40C12-POS-MM STATUS OC12 POS MM 1 2 LINK 1 3 LINK 2 4 LINK 3 ACTIVE...
Installation Guide
Page 24
... Density Table 1-1 lists the bandwidth and port densities of the Cisco 7609 Internet Router. System Features Chapter 1 Product Overview The Cisco 7609 Internet Router supports the following: • A Supervisor Engine 2 with MSFC2 and a PFC2, and an optional redundant Supervisor Engine 2 with MSFC2 and a PFC2. Each supervisor engine has two Gigabit interface uplinks. Note The uplink ports are...
... Density Table 1-1 lists the bandwidth and port densities of the Cisco 7609 Internet Router. System Features Chapter 1 Product Overview The Cisco 7609 Internet Router supports the following: • A Supervisor Engine 2 with MSFC2 and a PFC2, and an optional redundant Supervisor Engine 2 with MSFC2 and a PFC2. Each supervisor engine has two Gigabit interface uplinks. Note The uplink ports are...
Installation Guide
Page 25
Chapter 1 Product Overview System Features Table 1-1 Cisco 7609 Internet Router Bandwidth and Port Density Architecture Backplane Bandwidth Number of Gigabit Ethernet ports Number of OC-3 POS ports Number of OC-12 POS ports ...-12 ports Number of channelized OC-48 ports Number of FlexWAN modules Cisco 7609 Internet Router 32 to 256 Gbps 130 128 32 4 8 64 16 8 Redundancy The Cisco 7609 Internet Router has these redundancy features: • Ability to house two hot-swappable supervisor engines • Ability to house two fully redundant, AC-input or DC...
Chapter 1 Product Overview System Features Table 1-1 Cisco 7609 Internet Router Bandwidth and Port Density Architecture Backplane Bandwidth Number of Gigabit Ethernet ports Number of OC-3 POS ports Number of OC-12 POS ports ...-12 ports Number of channelized OC-48 ports Number of FlexWAN modules Cisco 7609 Internet Router 32 to 256 Gbps 130 128 32 4 8 64 16 8 Redundancy The Cisco 7609 Internet Router has these redundancy features: • Ability to house two hot-swappable supervisor engines • Ability to house two fully redundant, AC-input or DC...
Installation Guide
Page 26
... into and out of the Cisco 7609 Internet Router. Note Refer to shut down. To replace port adapters, you have a redundant supervisor engine) and fans. Cisco 7600 Internet Router Components This section describes the major hardware components for the Cisco 7609 Internet Router. To replace a... fan assembly, see the "Removing and Replacing the Fan Assembly" section on the supervisor engine monitor the internal air temperatures. Cisco 7600 Internet Router Components Chapter 1 Product Overview...
... into and out of the Cisco 7609 Internet Router. Note Refer to shut down. To replace port adapters, you have a redundant supervisor engine) and fans. Cisco 7600 Internet Router Components This section describes the major hardware components for the Cisco 7609 Internet Router. To replace a... fan assembly, see the "Removing and Replacing the Fan Assembly" section on the supervisor engine monitor the internal air temperatures. Cisco 7600 Internet Router Components Chapter 1 Product Overview...
Installation Guide
Page 39
... Requirements Table 2-4 provides a sample calculation of power and heat dissipation for the following switch configuration: • Cisco 7609 Internet Router chassis (including AC-input power supplies) • Two WS-X6K-S2U-MSFC2 supervisor engines • One Switch Fabric Module • Two 4-port OC-12 POS modules • Two 8-port... Current Power Power Heat Diss. 90 VAC 120 VAC 180 VAC 240 VAC (Watts) (Watts) (BTU/HR) (Amps) (Amps) (Amps) (Amps) Cisco 7609 Internet Router 124 50 chassis (with fans) 422 1.37 1.03 0.69 0.52 WS-X6K-S2U-MSFC2 322 258 1098 3.58 2.68 1.78 1.34 WS...
... Requirements Table 2-4 provides a sample calculation of power and heat dissipation for the following switch configuration: • Cisco 7609 Internet Router chassis (including AC-input power supplies) • Two WS-X6K-S2U-MSFC2 supervisor engines • One Switch Fabric Module • Two 4-port OC-12 POS modules • Two 8-port... Current Power Power Heat Diss. 90 VAC 120 VAC 180 VAC 240 VAC (Watts) (Watts) (BTU/HR) (Amps) (Amps) (Amps) (Amps) Cisco 7609 Internet Router 124 50 chassis (with fans) 422 1.37 1.03 0.69 0.52 WS-X6K-S2U-MSFC2 322 258 1098 3.58 2.68 1.78 1.34 WS...
Installation Guide
Page 59
... Router Attaching the Interface Cables Attaching the Interface Cables This section provides general information on the supervisor engine allows you will have installed in your chassis, you to perform the following functions: • Configure the Cisco 7609 Internet Router from the CLI • Monitor network statistics and errors • Configure SNMP agent parameters...
... Router Attaching the Interface Cables Attaching the Interface Cables This section provides general information on the supervisor engine allows you will have installed in your chassis, you to perform the following functions: • Configure the Cisco 7609 Internet Router from the CLI • Monitor network statistics and errors • Configure SNMP agent parameters...
Installation Guide
Page 60
Attaching the Interface Cables Chapter 3 Installing the Cisco 7609 Internet Router Figure 3-7 Supervisor Engine Console Port Connector WS-X6K-SUP1 STATUS SYSTEM ACTIVE PWR LIGHTRESET SUPERVISOR I CONSOLE PORT MODE CONSOLE 48127 Note The accessory kit that there are no sharp bends in the cable. To connect a ... baud rate of the terminal must match the default baud rate (9600 baud) of the console port. Make sure that shipped with your Cisco 7609 Internet Router contains the necessary cable and adapters to connect a terminal or modem to determine the baud rate. Set up the terminal as ...
Attaching the Interface Cables Chapter 3 Installing the Cisco 7609 Internet Router Figure 3-7 Supervisor Engine Console Port Connector WS-X6K-SUP1 STATUS SYSTEM ACTIVE PWR LIGHTRESET SUPERVISOR I CONSOLE PORT MODE CONSOLE 48127 Note The accessory kit that there are no sharp bends in the cable. To connect a ... baud rate of the terminal must match the default baud rate (9600 baud) of the console port. Make sure that shipped with your Cisco 7609 Internet Router contains the necessary cable and adapters to connect a terminal or modem to determine the baud rate. Set up the terminal as ...
Installation Guide
Page 61
...• No parity • 2 stop bits To connect a modem to the port using the Supervisor Engine III cable and the appropriate adapter for the terminal connection. OL-5079-04 Cisco 7609 Internet Router Installation Guide 3-17 Connect to the console port, perform these steps: Step 1 Step 2...the cable in the cable. Position the cable in the out position. Chapter 3 Installing the Cisco 7609 Internet Router Attaching the Interface Cables To connect a terminal using a Catalyst 5000 family Supervisor Engine III console cable, perform these steps: Step 1 Step 2 Step 3 Place the ...
...• No parity • 2 stop bits To connect a modem to the port using the Supervisor Engine III cable and the appropriate adapter for the terminal connection. OL-5079-04 Cisco 7609 Internet Router Installation Guide 3-17 Connect to the console port, perform these steps: Step 1 Step 2...the cable in the cable. Position the cable in the out position. Chapter 3 Installing the Cisco 7609 Internet Router Attaching the Interface Cables To connect a terminal using a Catalyst 5000 family Supervisor Engine III console cable, perform these steps: Step 1 Step 2 Step 3 Place the ...
Installation Guide
Page 62
... any other ports in the chassis. Attaching the Interface Cables Chapter 3 Installing the Cisco 7609 Internet Router Connecting the Supervisor Engine Uplink Ports This section describes how to connect to the supervisor engine uplink ports, perform these steps: Step 1 Step 2 Remove the plugs from...exposure to laser radiation and do not stare into the GBIC. (See Figure 3-8.) Figure 3-8 Connecting the Supervisor Engine Uplink Ports PORT 1 LINK 48128 3-18 Cisco 7609 Internet Router Installation Guide OL-5079-04 Remove the plugs from the Gigabit Interface Converter (GBIC) optical bores;...
... any other ports in the chassis. Attaching the Interface Cables Chapter 3 Installing the Cisco 7609 Internet Router Connecting the Supervisor Engine Uplink Ports This section describes how to connect to the supervisor engine uplink ports, perform these steps: Step 1 Step 2 Remove the plugs from...exposure to laser radiation and do not stare into the GBIC. (See Figure 3-8.) Figure 3-8 Connecting the Supervisor Engine Uplink Ports PORT 1 LINK 48128 3-18 Cisco 7609 Internet Router Installation Guide OL-5079-04 Remove the plugs from the Gigabit Interface Converter (GBIC) optical bores;...
Installation Guide
Page 65
Chapter 3 Installing the Cisco 7609 Internet Router Verifying Cisco 7609 Chassis Installation Verifying Cisco 7609 Chassis Installation After you finish connecting the modules, you need to ensure that the supervisor engine and all modules are fully seated in the backplane connectors. Check the captive ... the fan assembly. Turn on the power supply switches to hazardous voltages and currents inside the chassis; OL-5079-04 Cisco 7609 Internet Router Installation Guide 3-21 Verify that all modules, faceplates, front covers, and rear covers are correctly and securely installed...
Chapter 3 Installing the Cisco 7609 Internet Router Verifying Cisco 7609 Chassis Installation Verifying Cisco 7609 Chassis Installation After you finish connecting the modules, you need to ensure that the supervisor engine and all modules are fully seated in the backplane connectors. Check the captive ... the fan assembly. Turn on the power supply switches to hazardous voltages and currents inside the chassis; OL-5079-04 Cisco 7609 Internet Router Installation Guide 3-21 Verify that all modules, faceplates, front covers, and rear covers are correctly and securely installed...
Installation Guide
Page 68
...assembly to determine whether or not it is doing to what it is operating. • System software boots successfully. • The supervisor engine and all switching modules are installed properly in their slots, and each was initialized without problems. If each separate component in ... is to a single component, it should operate whenever system power is to isolate the problem to the Cisco 7600 Series Internet Router Module Installation Guide. If the FAN Cisco 7609 Internet Router Installation Guide 4-2 OL-5079-04 Because a startup problem can usually be doing. Getting Started ...
...assembly to determine whether or not it is doing to what it is operating. • System software boots successfully. • The supervisor engine and all switching modules are installed properly in their slots, and each was initialized without problems. If each separate component in ... is to a single component, it should operate whenever system power is to isolate the problem to the Cisco 7600 Series Internet Router Module Installation Guide. If the FAN Cisco 7609 Internet Router Installation Guide 4-2 OL-5079-04 Because a startup problem can usually be doing. Getting Started ...