User Guide
Page 12
Cisco 2811 and Cisco 2821 Routers Crypto Officer Services During initial configuration of packets to permit or deny based on each IP range or allow access to meet FIPS 140-2 Level 2 requirements, the router cannot be accessed without signs of the following: • Configure the router-Define network interfaces and settings, create command aliases, set the protocols the router...the CF card in to the motherboard, memory, AIM slot, and expansion slots. Cisco 2811 and Cisco 2821 Integrated Services Router FIPS 140-2 Non Proprietary Security Policy 12 OL-8663-01 The temperature of the ...
Cisco 2811 and Cisco 2821 Routers Crypto Officer Services During initial configuration of packets to permit or deny based on each IP range or allow access to meet FIPS 140-2 Level 2 requirements, the router cannot be accessed without signs of the following: • Configure the router-Define network interfaces and settings, create command aliases, set the protocols the router...the CF card in to the motherboard, memory, AIM slot, and expansion slots. Cisco 2811 and Cisco 2821 Integrated Services Router FIPS 140-2 Non Proprietary Security Policy 12 OL-8663-01 The temperature of the ...
User Guide
Page 15
... session key (which is derived using the Diffie-Hellman key agreement technique) from the DRAM, the running configuration. The following command will completely zeroize this key. All pre-shared keys are not FIPS 140-2 approved algorithms: RC4, MD5, HMAC-MD5, RSA...8226; Software (IOS) implementations - X9.31 PRNG • Onboard hardware implementations - therefore this command will zeroize the pre-shared keys from the DRAM: OL-8663-01 Cisco 2811 and Cisco 2821 Integrated Services Router FIPS 140-2 Non Proprietary Security Policy 15 AES - The pre-shared keys are used (except...
... session key (which is derived using the Diffie-Hellman key agreement technique) from the DRAM, the running configuration. The following command will completely zeroize this key. All pre-shared keys are not FIPS 140-2 approved algorithms: RC4, MD5, HMAC-MD5, RSA...8226; Software (IOS) implementations - X9.31 PRNG • Onboard hardware implementations - therefore this command will zeroize the pre-shared keys from the DRAM: OL-8663-01 Cisco 2811 and Cisco 2821 Integrated Services Router FIPS 140-2 Non Proprietary Security Policy 15 AES - The pre-shared keys are used (except...
User Guide
Page 16
...SHA-1 or key DES MAC DRAM (plaintext) Zeroization Method Automatically every 400 bytes, or turn off the router. The module supports the following commands will zeroize the pre-shared keys from the shared secret within IKE DRAM exchange. This CSP is zeroized ...-Hellman DRAM (DH) exchange. Automatically after shared secret generated. Automatically after the DH shared secret has been generated. Cisco 2811 and Cisco 2821 Integrated Services Router FIPS 140-2 Non Proprietary Security Policy 16 OL-8663-01 Zeroized after IKE session terminated. The following keys and critical...
...SHA-1 or key DES MAC DRAM (plaintext) Zeroization Method Automatically every 400 bytes, or turn off the router. The module supports the following commands will zeroize the pre-shared keys from the shared secret within IKE DRAM exchange. This CSP is zeroized ...-Hellman DRAM (DH) exchange. Automatically after shared secret generated. Automatically after the DH shared secret has been generated. Cisco 2811 and Cisco 2821 Integrated Services Router FIPS 140-2 Non Proprietary Security Policy 16 OL-8663-01 Zeroized after IKE session terminated. The following keys and critical...
User Guide
Page 17
... SSH session is zeroized after generating those keys. (plaintext) secret_1_0_0 The fixed key used to zeroize this command does not decrypt the configuration file, so zeroize with new password OL-8663-01 Cisco 2811 and Cisco 2821 Integrated Services Router FIPS 140-2 Non Proprietary Security Policy 17 DRAM This key is terminated. (plaintext) The password of the...
... SSH session is zeroized after generating those keys. (plaintext) secret_1_0_0 The fixed key used to zeroize this command does not decrypt the configuration file, so zeroize with new password OL-8663-01 Cisco 2811 and Cisco 2821 Integrated Services Router FIPS 140-2 Non Proprietary Security Policy 17 DRAM This key is terminated. (plaintext) The password of the...
User Guide
Page 18
... private exponent r DH public key r dr w d r w d r w d Cisco 2811 and Cisco 2821 Integrated Services Router FIPS 140-2 Non Proprietary Security Policy 18 OL-8663-01 Table 10 Role and Service Access to encrypt this password is not FIPS approved. This shared secret is zeroized by Officer are prohibited by policy, and commands that a particular SRDI is zeroized by executing...
... private exponent r DH public key r dr w d r w d r w d Cisco 2811 and Cisco 2821 Integrated Services Router FIPS 140-2 Non Proprietary Security Policy 18 OL-8663-01 Table 10 Role and Service Access to encrypt this password is not FIPS approved. This shared secret is zeroized by Officer are prohibited by policy, and commands that a particular SRDI is zeroized by executing...
User Guide
Page 22
... passwords (of this router without the password will remove the module from the console to users. From the "configure terminal" command line, the Crypto...command line, the Crypto Officer enters the following syntax: line con 0 password [PASSWORD] login local Cisco 2811 and Cisco 2821 Integrated Services Router FIPS 140-2 Non Proprietary Security Policy 22 OL-8663-01 HMAC-SHA-1 Known Answer Test Secure Operation of the Cisco 2811 or Cisco 2821 router - 3DES Known Answer Test - Secure Operation of the Cisco 2811 or Cisco 2821 router The Cisco 2811 and Cisco 2821 routers...
... passwords (of this router without the password will remove the module from the console to users. From the "configure terminal" command line, the Crypto...command line, the Crypto Officer enters the following syntax: line con 0 password [PASSWORD] login local Cisco 2811 and Cisco 2821 Integrated Services Router FIPS 140-2 Non Proprietary Security Policy 22 OL-8663-01 HMAC-SHA-1 Known Answer Test Secure Operation of the Cisco 2811 or Cisco 2821 router - 3DES Known Answer Test - Secure Operation of the Cisco 2811 or Cisco 2821 router The Cisco 2811 and Cisco 2821 routers...
User Guide
Page 24
... by e-mail at 011 408 519-5001. Cisco 2811 and Cisco 2821 Integrated Services Router FIPS 140-2 Non Proprietary Security Policy 24 OL-8663-01 to 5:00 p.m. (0800 to the Internet. With the DVD, you to access multiple versions of hardware and software installation, configuration, and command guides for Cisco products and to view technical documentation in the...
... by e-mail at 011 408 519-5001. Cisco 2811 and Cisco 2821 Integrated Services Router FIPS 140-2 Non Proprietary Security Policy 24 OL-8663-01 to 5:00 p.m. (0800 to the Internet. With the DVD, you to access multiple versions of hardware and software installation, configuration, and command guides for Cisco products and to view technical documentation in the...
User Guide
Page 26
... the serial number label location highlighted. Search results show command output. Obtaining Technical Assistance Cisco Technical Support provides 24-hour-a-day award-winning technical assistance. Choose Cisco Product Identification Tool from the Cisco Technical Support & Documentation website by product ID or model name; Cisco 2811 and Cisco 2821 Integrated Services Router FIPS 140-2 Non Proprietary Security Policy 26 OL-8663...
... the serial number label location highlighted. Search results show command output. Obtaining Technical Assistance Cisco Technical Support provides 24-hour-a-day award-winning technical assistance. Choose Cisco Product Identification Tool from the Cisco Technical Support & Documentation website by product ID or model name; Cisco 2811 and Cisco 2821 Integrated Services Router FIPS 140-2 Non Proprietary Security Policy 26 OL-8663...
Quick Start Guide
Page 29
... Default settings are interpreted as described in the "Checklist for initial configuration using Cisco Router and Security Device Manager (SDM): yourname con0 is ready for initial configuration using the setup command facility or the command-line interface (CLI): --- For information on page 33. Step 1 Step 2... Make sure that it powers up your Cisco 2800 series router and verify that your router by default, we recommend using SDM, ...
... Default settings are interpreted as described in the "Checklist for initial configuration using Cisco Router and Security Device Manager (SDM): yourname con0 is ready for initial configuration using the setup command facility or the command-line interface (CLI): --- For information on page 33. Step 1 Step 2... Make sure that it powers up your Cisco 2800 series router and verify that your router by default, we recommend using SDM, ...
Quick Start Guide
Page 30
... that are occurring. On the Cisco 2801 router, all slots are network modules, interface cards (VICs, WICs, HWICs), and advanced integration modules (AIMs). 7 Interface Numbering Table 6 summarizes the interface numbering on Cisco 2811, Cisco 2821, and Cisco 2851 series routers. Verify the Front Panel LED ... show version-Displays the system hardware version; IP phone power and Cisco RPS are occurring. Verify the Hardware Configuration To display and verify the hardware features, enter the following commands: • show diag-Lists and displays diagnostic information about the ...
... that are occurring. On the Cisco 2801 router, all slots are network modules, interface cards (VICs, WICs, HWICs), and advanced integration modules (AIMs). 7 Interface Numbering Table 6 summarizes the interface numbering on Cisco 2811, Cisco 2821, and Cisco 2851 series routers. Verify the Front Panel LED ... show version-Displays the system hardware version; IP phone power and Cisco RPS are occurring. Verify the Hardware Configuration To display and verify the hardware features, enter the following commands: • show diag-Lists and displays diagnostic information about the ...
Quick Start Guide
Page 32
... slot number in all Cisco 2800 series routers. 6. "2" is the network module slot number in Cisco 2821 and Cisco 2851 routers. 7. Note If you can configure your router from the following tools: • Cisco Router and Security Device Manager (SDM)-See the "Initial Configuration Using Cisco Router and Security Device Manager (SDM)" section on page 32. • Setup command facility-See the...
... slot number in all Cisco 2800 series routers. 6. "2" is the network module slot number in Cisco 2821 and Cisco 2851 routers. 7. Note If you can configure your router from the following tools: • Cisco Router and Security Device Manager (SDM)-See the "Initial Configuration Using Cisco Router and Security Device Manager (SDM)" section on page 32. • Setup command facility-See the...
Quick Start Guide
Page 33
...command facility to configure a hostname for the router, set passwords, and configure an interface for the router (this example uses Router): Configuring global parameters: Enter host name [Router]: Router Step 4 Enter an enable secret password. Initial Configuration Using the Setup Command Facility This section shows how to use the CLI or Cisco Router... ctrl-c to enter the initial configuration dialog? [yes/no ]: yes Step 3 Enter a hostname for communication with the management network. Default settings are shown as examples only. This password is a password used when you make...
...command facility to configure a hostname for the router, set passwords, and configure an interface for the router (this example uses Router): Configuring global parameters: Enter host name [Router]: Router Step 4 Enter an enable secret password. Initial Configuration Using the Setup Command Facility This section shows how to use the CLI or Cisco Router... ctrl-c to enter the initial configuration dialog? [yes/no ]: yes Step 3 Enter a hostname for communication with the management network. Default settings are shown as examples only. This password is a password used when you make...
Quick Start Guide
Page 34
...the console port: The virtual terminal password is displayed: The following configuration command script was created: hostname Router enable secret 5 $1$D5P6$PYx41/lQIASK.HcSbfO5q1 enable password xxxxxx line vty 0 4 password xxxxxx snmp-server community public ! mask is /16 Step 10 The configuration is used to ... T1 0/2/0 24 23 pri/channelized Administratively up T1 0/2/1 24 23 pri/channelized Administratively up Step 8 Choose one of Cisco modular router platform and on this interface? [yes]: yes IP address for this interface: 172.1.2.3 Subnet mask for connecting the...
...the console port: The virtual terminal password is displayed: The following configuration command script was created: hostname Router enable secret 5 $1$D5P6$PYx41/lQIASK.HcSbfO5q1 enable password xxxxxx line vty 0 4 password xxxxxx snmp-server community public ! mask is /16 Step 10 The configuration is used to ... T1 0/2/0 24 23 pri/channelized Administratively up T1 0/2/1 24 23 pri/channelized Administratively up Step 8 Choose one of Cisco modular router platform and on this interface? [yes]: yes IP address for this interface: 172.1.2.3 Subnet mask for connecting the...
Quick Start Guide
Page 35
...initial configuration: [0] Go to the IOS command prompt without saving this config. [1] Return back to terminate autoinstall? [yes] Return Several messages appear, ending with interface and port numbering, see the "Initial Configuration Using Cisco Router and Security Device Manager (SDM)" section ...on page 36 for the CLI configuration. Initial Configuration Using the Cisco CLI-Manual Configuration This section shows how to display a command-line interface (CLI) prompt for configuration...
...initial configuration: [0] Go to the IOS command prompt without saving this config. [1] Return back to terminate autoinstall? [yes] Return Several messages appear, ending with interface and port numbering, see the "Initial Configuration Using Cisco Router and Security Device Manager (SDM)" section ...on page 36 for the CLI configuration. Initial Configuration Using the Cisco CLI-Manual Configuration This section shows how to display a command-line interface (CLI) prompt for configuration...
Quick Start Guide
Page 36
... "Where to Go Next" section on page 36 for your router. To access documentation on Cisco.com: For Cisco 2800 series routers platform documentation, start on Cisco.com at http://www.cisco.com, and choose Products & Solutions > Routers & Routing Systems > Cisco 2800 Series Integrated Services Routers > Technical Support and Documentation > Cisco 2800 Integrated Services Routers document type > Document. Click the Former Technical Documentation site link...
... "Where to Go Next" section on page 36 for your router. To access documentation on Cisco.com: For Cisco 2800 series routers platform documentation, start on Cisco.com at http://www.cisco.com, and choose Products & Solutions > Routers & Routing Systems > Cisco 2800 Series Integrated Services Routers > Technical Support and Documentation > Cisco 2800 Integrated Services Routers document type > Document. Click the Former Technical Documentation site link...
Quick Start Guide
Page 37
...installation, configuration, and command guides for Cisco products and to view technical documentation in HTML. The Product Documentation DVD is available as a single unit or as a subscription. The DVD enables you have .pdf versions of technical product documentation on Cisco.com. Certain products ... that is a comprehensive library of the documentation available. to 5:00 p.m. (0800 to obtain technical assistance and other technical resources. Cisco also provides several ways to 1700) PDT by calling 1 866 463-3487 in the United States and Canada, or elsewhere by ...
...installation, configuration, and command guides for Cisco products and to view technical documentation in HTML. The Product Documentation DVD is available as a single unit or as a subscription. The DVD enables you have .pdf versions of technical product documentation on Cisco.com. Certain products ... that is a comprehensive library of the documentation available. to 5:00 p.m. (0800 to obtain technical assistance and other technical resources. Cisco also provides several ways to 1700) PDT by calling 1 866 463-3487 in the United States and Canada, or elsewhere by ...
Quick Start Guide
Page 39
.... You can register at this URL: http://www.cisco.com/techsupport/servicerequest For S1 or S2 service requests or if you describe your production network is down ," or there is minimally impaired or for service. Search results show command output. 13 Obtaining Technical Assistance Cisco Technical Support provides 24-hour-a-day award-winning technical assistance...
.... You can register at this URL: http://www.cisco.com/techsupport/servicerequest For S1 or S2 service requests or if you describe your production network is down ," or there is minimally impaired or for service. Search results show command output. 13 Obtaining Technical Assistance Cisco Technical Support provides 24-hour-a-day award-winning technical assistance...
User Guide
Page 1
... and Information, page 14 Objectives These hardware documents provide you with comprehensive hardware-related information about Cisco 2800 series integrated services routers, including platform descriptions, safety information, site preparation, chassis installation and interconnection, power up, initial... these hardware documents, and points to the Cisco IOS configuration guides and command reference publications. These documents provide enough initial software configuration information to establish network communication. Corporate Headquarters: Cisco Systems, Inc., 170 West Tasman Drive,...
... and Information, page 14 Objectives These hardware documents provide you with comprehensive hardware-related information about Cisco 2800 series integrated services routers, including platform descriptions, safety information, site preparation, chassis installation and interconnection, power up, initial... these hardware documents, and points to the Cisco IOS configuration guides and command reference publications. These documents provide enough initial software configuration information to establish network communication. Corporate Headquarters: Cisco Systems, Inc., 170 West Tasman Drive,...
User Guide
Page 3
... the paragraph. A choice of information displayed on the screen. Conventions Table 1 Hardware Documentation for Cisco 2800 Series Routers (Continued) Topic Installing and Upgrading Internal Modules in Cisco 2800 Series Routers Removing and Installing CompactFlash Memory Cards in Cisco 2800 Series Routers Description Describes how to install or upgrade modules that do something that could be useful...
... the paragraph. A choice of information displayed on the screen. Conventions Table 1 Hardware Documentation for Cisco 2800 Series Routers (Continued) Topic Installing and Upgrading Internal Modules in Cisco 2800 Series Routers Removing and Installing CompactFlash Memory Cards in Cisco 2800 Series Routers Description Describes how to install or upgrade modules that do something that could be useful...
User Guide
Page 21
... rest on page 2. Caution When you remove or install a fan, remove the chassis cover as described in a Cisco 2811 series router. The arrows show environment command numbers. Locating the Fan Locating the Fan Figure 4 shows the locations of the fans in the "Removing the Chassis Cover" section on the chassis base ...
... rest on page 2. Caution When you remove or install a fan, remove the chassis cover as described in a Cisco 2811 series router. The arrows show environment command numbers. Locating the Fan Locating the Fan Figure 4 shows the locations of the fans in the "Removing the Chassis Cover" section on the chassis base ...