User Guide
Page 4
.../DSU options for back-up WAN connectivity. The 2621XM/2651XM Router Figure 2 Cisco 2621XM and Cisco 2651XM Physical Interfaces WIC slots Cisco 2650 99494 W1 SERIAL 1 CONN SERIAL 0 SEE MANUAL BEFORE INSTALLATION WIC CONN 2A/S SERIAL 1 CONN SERIAL 0 WIC CONN 2T SEE MANUAL BEFORE INSTALLATION W0 Cisco 2650 100-240V- 1A 50/60 Hz 47 W LINK ETHERNET...
.../DSU options for back-up WAN connectivity. The 2621XM/2651XM Router Figure 2 Cisco 2621XM and Cisco 2651XM Physical Interfaces WIC slots Cisco 2650 99494 W1 SERIAL 1 CONN SERIAL 0 SEE MANUAL BEFORE INSTALLATION WIC CONN 2A/S SERIAL 1 CONN SERIAL 0 WIC CONN 2T SEE MANUAL BEFORE INSTALLATION W0 Cisco 2650 100-240V- 1A 50/60 Hz 47 W LINK ETHERNET...
User Guide
Page 5
.../2651XM Router Figure 3 Cisco 2621XM and Cisco 2651XM Rear Panel LEDs 100 Mbps LED Link LED 100 Mbps LED FDX Link FDX LED LED LED SERIAL 1 CONN SERIAL 0 SEE MANUAL BEFORE INSTALLATION WIC CONN 2A/S 100 Mbps Link W1 FDX 100 Mbps Link SERIAL 1 CONN SERIAL 0 SEE MANUAL BEFORE INSTALLATION WIC CONN 2A/S FDX W0 Cisco 2621...
.../2651XM Router Figure 3 Cisco 2621XM and Cisco 2651XM Rear Panel LEDs 100 Mbps LED Link LED 100 Mbps LED FDX Link FDX LED LED LED SERIAL 1 CONN SERIAL 0 SEE MANUAL BEFORE INSTALLATION WIC CONN 2A/S 100 Mbps Link W1 FDX 100 Mbps Link SERIAL 1 CONN SERIAL 0 SEE MANUAL BEFORE INSTALLATION WIC CONN 2A/S FDX W0 Cisco 2621...
User Guide
Page 7
... and password. Both roles are used without repetition for the router. The User and Crypto Officer passwords and the RADIUS/TACACS+ shared secrets must each be found in the Performing Basic System Management manual and in the FIPS mode. Crypto Officer Services During initial...and maintenance of randomly guessing the correct sequence is responsible for more information. The 2621XM/2651XM Router Table 3 Cisco 2621XM and Cisco 2651XM FIPS 140-2 Logical Interfaces (continued) Router Physical Interface 10/100BASE-TX LAN Port WIC Interface Network Module Interface LAN Port LEDs 10/100BASE...
... and password. Both roles are used without repetition for the router. The User and Crypto Officer passwords and the RADIUS/TACACS+ shared secrets must each be found in the Performing Basic System Management manual and in the FIPS mode. Crypto Officer Services During initial...and maintenance of randomly guessing the correct sequence is responsible for more information. The 2621XM/2651XM Router Table 3 Cisco 2621XM and Cisco 2651XM FIPS 140-2 Logical Interfaces (continued) Router Physical Interface 10/100BASE-TX LAN Port WIC Interface Network Module Interface LAN Port LEDs 10/100BASE...
User Guide
Page 8
...AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy 8 OL-6262-01 The IOS prompts the User for IP tunneling. Cisco 2621XM and Cisco 2651XM Modular Access Routers with a terminal program. User Services A User enters the system by a thick steel chassis. and initiate diagnostic network ... memory status, voltage, packet statistics, review accounting logs, and view physical interface status • Manage the router-log off users, shutdown or reload the outer, manually back up the configuration tables for their password. Each Filter consists of a set of Rules, which define ...
...AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy 8 OL-6262-01 The IOS prompts the User for IP tunneling. Cisco 2621XM and Cisco 2651XM Modular Access Routers with a terminal program. User Services A User enters the system by a thick steel chassis. and initiate diagnostic network ... memory status, voltage, packet statistics, review accounting logs, and view physical interface status • Manage the router-log off users, shutdown or reload the outer, manually back up the configuration tables for their password. Each Filter consists of a set of Rules, which define ...
User Guide
Page 10
.... All keys are exchanged manually and entered electronically via manual key exchange or Internet Key Exchange (IKE). This key is the seed key for DH and RSA key generation. DRAM (plaintext) Cisco 2621XM and Cisco 2651XM Modular Access Routers with self-adhesive backing....the Crypto Officer. The 2621XM/2651XM Router Figure 6 Cisco 2621XM and Cisco 2651XM Tamper Evidence Label Placement W1 SERIAL 1 CONN SERIAL 0 SEE MANUAL BEFORE INSTALLATION WIC CONN 2A/S SERIAL 1 CONN SERIAL 0 WIC CONN 2T SEE MANUAL BEFORE INSTALLATION W0 Cisco 2611 LINK ETHERNET 1 ACT LINK ...
.... All keys are exchanged manually and entered electronically via manual key exchange or Internet Key Exchange (IKE). This key is the seed key for DH and RSA key generation. DRAM (plaintext) Cisco 2621XM and Cisco 2651XM Modular Access Routers with self-adhesive backing....the Crypto Officer. The 2621XM/2651XM Router Figure 6 Cisco 2621XM and Cisco 2651XM Tamper Evidence Label Placement W1 SERIAL 1 CONN SERIAL 0 SEE MANUAL BEFORE INSTALLATION WIC CONN 2A/S SERIAL 1 CONN SERIAL 0 WIC CONN 2T SEE MANUAL BEFORE INSTALLATION W0 Cisco 2611 LINK ETHERNET 1 ACT LINK ...
User Guide
Page 16
...column of Table 4 for information on methods to store keys. HMAC SHA-1 KAT Cisco 2621XM and Cisco 2651XM Modular Access Routers with all the pre-shared keys. Note After the router recovers from being released, it is important to test the cryptographic components of a ... The Crypto Officer needs to be zeroized. All Diffie-Hellman (DH) keys agreed upon for exchanging pre-shared keys manually and entering electronically. - The router includes an array of self-tests that are directly associated with RSA-signature authentication. RSA signature KAT (both signature and ...
...column of Table 4 for information on methods to store keys. HMAC SHA-1 KAT Cisco 2621XM and Cisco 2651XM Modular Access Routers with all the pre-shared keys. Note After the router recovers from being released, it is important to test the cryptographic components of a ... The Crypto Officer needs to be zeroized. All Diffie-Hellman (DH) keys agreed upon for exchanging pre-shared keys manually and entering electronically. - The router includes an array of self-tests that are directly associated with RSA-signature authentication. RSA signature KAT (both signature and ...
User Guide
Page 18
... two types of key management method that are allowed in FIPS mode: Internet Key Exchange (IKE) and IPSec manually entered keys. • Although the Cisco IOS implementation of IKE allows a number of algorithms, only the following syntax: config-register 0x0102 • The...Identification and authentication on the console port is required for authentication is disabled, administrative access to users. Secure Operation of the Cisco 2621XM/2651XM Router • The Crypto Officer must disable IOS Password Recovery by executing the following commands: configure terminal no other than its...
... two types of key management method that are allowed in FIPS mode: Internet Key Exchange (IKE) and IPSec manually entered keys. • Although the Cisco IOS implementation of IKE allows a number of algorithms, only the following syntax: config-register 0x0102 • The...Identification and authentication on the console port is required for authentication is disabled, administrative access to users. Secure Operation of the Cisco 2621XM/2651XM Router • The Crypto Officer must disable IOS Password Recovery by executing the following commands: configure terminal no other than its...
Software Configuration Guide
Page 2
... other countries. All rights reserved. and certain other company. (0201R) Software Configuration Guide for the Cisco 2600 series, Cisco 3600 Series, and Cisco 3700 Series Routers Copyright © 2002, Cisco Systems, Inc. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED...
... other countries. All rights reserved. and certain other company. (0201R) Software Configuration Guide for the Cisco 2600 series, Cisco 3600 Series, and Cisco 3700 Series Routers Copyright © 2002, Cisco Systems, Inc. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED...
Software Configuration Guide
Page 37
... make sure you through a basic configuration, including local-area network (LAN) and wide-area network (WAN) interfaces. Before Starting Your Router Before you power on your PC terminal emulation program for example, AppleTalk, IP, Novell IPX, and so on ) OL-1957-04 ... If you prefer to configure the router manually or you wish to configure a module or interface that is not included in the documentation appropriate to "Chapter 3, "Configuring with the Command-Line Interface," for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 2-1 The following for each interface...
... make sure you through a basic configuration, including local-area network (LAN) and wide-area network (WAN) interfaces. Before Starting Your Router Before you power on your PC terminal emulation program for example, AppleTalk, IP, Novell IPX, and so on ) OL-1957-04 ... If you prefer to configure the router manually or you wish to configure a module or interface that is not included in the documentation appropriate to "Chapter 3, "Configuring with the Command-Line Interface," for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 2-1 The following for each interface...
Software Configuration Guide
Page 61
... page 3-46 • Configuring the Compression Network Module for the Cisco 3600 Series Routers, page 3-49 • Configuring the Digital Modem Network Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 3-1 This chapter does not describe every configuration possible-only a small... the most commonly used configuration procedures. CHAPTER 3 Configuring with your router, on a Cisco Router, page 3-60 • Where to Go Next, page 3-64 Follow the procedures in this chapter to configure the router manually, or if you want to change the configuration after you can ...
... page 3-46 • Configuring the Compression Network Module for the Cisco 3600 Series Routers, page 3-49 • Configuring the Digital Modem Network Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 3-1 This chapter does not describe every configuration possible-only a small... the most commonly used configuration procedures. CHAPTER 3 Configuring with your router, on a Cisco Router, page 3-60 • Where to Go Next, page 3-64 Follow the procedures in this chapter to configure the router manually, or if you want to change the configuration after you can ...
Software Configuration Guide
Page 63
.... Exit global configuration mode and attempt to a remote Transmission Control Protocol/Internet Protocol (TCP/IP) host. It can configure Ethernet interfaces manually by entering Cisco IOS commands on both ends and the router does not have a valid configuration file stored in nonvolatile random-access memory (NVRAM) (for instance, when you begin configuring the...
.... Exit global configuration mode and attempt to a remote Transmission Control Protocol/Internet Protocol (TCP/IP) host. It can configure Ethernet interfaces manually by entering Cisco IOS commands on both ends and the router does not have a valid configuration file stored in nonvolatile random-access memory (NVRAM) (for instance, when you begin configuring the...
Software Configuration Guide
Page 64
...Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 3-4 OL-1957-04 Note Before you begin configuring the interfaces, make sure you enter Cisco IOS commands at the router prompt. Depending on the interface. Router(config)# Step 3 Router# ip routing Router# appletalk routing Router...Router#. Before you add a new interface). You have entered enable mode when the prompt changes to a remote Transmission Control Protocol/Internet Protocol (TCP/IP) host. Configuring Fast Ethernet Interfaces To configure a Fast Ethernet interface, use configuration mode (manual...
...Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers 3-4 OL-1957-04 Note Before you begin configuring the interfaces, make sure you enter Cisco IOS commands at the router prompt. Depending on the interface. Router(config)# Step 3 Router# ip routing Router# appletalk routing Router...Router#. Before you add a new interface). You have entered enable mode when the prompt changes to a remote Transmission Control Protocol/Internet Protocol (TCP/IP) host. Configuring Fast Ethernet Interfaces To configure a Fast Ethernet interface, use configuration mode (manual...
Software Configuration Guide
Page 65
... random-access OL-1957-04 Software Configuration Guide for your asynchronous/synchronous serial network module or WAN interface card manually by entering Cisco IOS commands on the command line. prompt changes to the router. • Power on your global configuration. When you need to run AutoInstall whenever you begin, disconnect all WAN cables...
... random-access OL-1957-04 Software Configuration Guide for your asynchronous/synchronous serial network module or WAN interface card manually by entering Cisco IOS commands on the command line. prompt changes to the router. • Power on your global configuration. When you need to run AutoInstall whenever you begin, disconnect all WAN cables...
Software Configuration Guide
Page 69
...have entered enable mode when the prompt changes to Router#. prompt changes to a remote Transmission Control Protocol/Internet Protocol (TCP/IP) host. It can configure the asynchronous interface manually by entering Cisco IOS commands on the router. Before you begin , disconnect all WAN cables... from trying to the router. • Power on the command line. Password: password Router# You have Enter configuration commands, one per...
...have entered enable mode when the prompt changes to Router#. prompt changes to a remote Transmission Control Protocol/Internet Protocol (TCP/IP) host. It can configure the asynchronous interface manually by entering Cisco IOS commands on the router. Before you begin , disconnect all WAN cables... from trying to the router. • Power on the command line. Password: password Router# You have Enter configuration commands, one per...
Software Configuration Guide
Page 70
... configuration file stored in nonvolatile random-access memory (NVRAM) (for instance, when you need to your BRI WAN interface card manually by entering Cisco IOS commands on your needs. Return to configure. In this example, AppleTalk and IPX are being configured on the interface. ... interface to enable mode. Configuring ISDN BRI WAN Interface Cards You can take several minutes for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers OL-1957-04 The router tries to a remote Transmission Control Protocol/Internet Protocol (TCP/IP) host. It can configure ...
... configuration file stored in nonvolatile random-access memory (NVRAM) (for instance, when you need to your BRI WAN interface card manually by entering Cisco IOS commands on your needs. Return to configure. In this example, AppleTalk and IPX are being configured on the interface. ... interface to enable mode. Configuring ISDN BRI WAN Interface Cards You can take several minutes for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers OL-1957-04 The router tries to a remote Transmission Control Protocol/Internet Protocol (TCP/IP) host. It can configure ...
Software Configuration Guide
Page 74
... Identifiers Some service providers assign service profile identifiers (SPIDs) to define the services to the router. • Power on the router. 3-14 Software Configuration Guide for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers OL-1957-04 The router tries to determine that ISDN service without SPIDs. It can answer calls made to run... power it sends a valid SPID to enter other configuration commands. Note Before you must define these SPIDs on both ISDN BRI B channels, use configuration mode (manual configuration).
... Identifiers Some service providers assign service profile identifiers (SPIDs) to define the services to the router. • Power on the router. 3-14 Software Configuration Guide for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers OL-1957-04 The router tries to determine that ISDN service without SPIDs. It can answer calls made to run... power it sends a valid SPID to enter other configuration commands. Note Before you must define these SPIDs on both ISDN BRI B channels, use configuration mode (manual configuration).
Software Configuration Guide
Page 78
...for CSU/DSU- Step 6 Router(config)# Ctrl-z Return to the router. • Power on the command line. When you : • Connect a console to Step 3 if your T1 WAN interface card manually by entering Cisco IOS commands on the router. This method, called configuration mode..., provides the greatest power and flexibility. Step 2 Router# configure terminal Enter global configuration mode. prompt changes to global configuration mode...
...for CSU/DSU- Step 6 Router(config)# Ctrl-z Return to the router. • Power on the command line. When you : • Connect a console to Step 3 if your T1 WAN interface card manually by entering Cisco IOS commands on the router. This method, called configuration mode..., provides the greatest power and flexibility. Step 2 Router# configure terminal Enter global configuration mode. prompt changes to global configuration mode...
Software Configuration Guide
Page 80
... can take several minutes for the router to run the AutoInstall process. Step 2 Router# configure terminal Enter global configuration mode. Password: password Router# You have previously enabled these protocols as required for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers OL-1957-04 You must use configuration mode (manual configuration). In this example, AppleTalk and...
... can take several minutes for the router to run the AutoInstall process. Step 2 Router# configure terminal Enter global configuration mode. Password: password Router# You have previously enabled these protocols as required for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers OL-1957-04 You must use configuration mode (manual configuration). In this example, AppleTalk and...
User Guide
Page 7
.... Set Encryption/Bypass: set of packets to be found in the Performing Basic System Management manual and in the online help for each interface. Cisco 2621 Modular Access Router Security Policy 78-13824-01 7 Set keys and algorithms to permit or deny based characteristics such... services, set from specified IP address. User Services A User enters the system by a thick steel chassis. The rear of the Cisco 2621 router can be used for the router. Change WAN Interface Cards: insert and remove modules in Section 3.1, Number 2 of this document. • • • ...
.... Set Encryption/Bypass: set of packets to be found in the Performing Basic System Management manual and in the online help for each interface. Cisco 2621 Modular Access Router Security Policy 78-13824-01 7 Set keys and algorithms to permit or deny based characteristics such... services, set from specified IP address. User Services A User enters the system by a thick steel chassis. The rear of the Cisco 2621 router can be used for the router. Change WAN Interface Cards: insert and remove modules in Section 3.1, Number 2 of this document. • • • ...
User Guide
Page 21
..., packet statistics, review accounting logs, and view physical interface status Manage the router: log off users, shutdown or reload the router, manually back up the configuration tables for their password. Cisco 2651 Modular Access Router Security Policy 78-13697-01 7 Status Functions: view the router configuration, routing tables, active sessions, use Gets to the User role...
..., packet statistics, review accounting logs, and view physical interface status Manage the router: log off users, shutdown or reload the router, manually back up the configuration tables for their password. Cisco 2651 Modular Access Router Security Policy 78-13697-01 7 Status Functions: view the router configuration, routing tables, active sessions, use Gets to the User role...