Installation Guide
Page 9
... green • FAN OK LED is green • OUTPUT FAIL LED is not lit If the LEDs indicate a power problem, see Figure 5-5 for Cisco 7603 router and Figure 5-6 for Cisco 7609 and Cisco 7613 routers). Slide the power supply into the power supply bay. Slide the power supply into the power supply bay. See Removing and Replacing the PEM, page 5-106. Removing a DC-Input Power Supply This section describes the DC-input power supply removal procedure for the Cisco 7600 series routers: • Removing...
... green • FAN OK LED is green • OUTPUT FAIL LED is not lit If the LEDs indicate a power problem, see Figure 5-5 for Cisco 7603 router and Figure 5-6 for Cisco 7609 and Cisco 7613 routers). Slide the power supply into the power supply bay. Slide the power supply into the power supply bay. See Removing and Replacing the PEM, page 5-106. Removing a DC-Input Power Supply This section describes the DC-input power supply removal procedure for the Cisco 7600 series routers: • Removing...
Installation Guide
Page 52
... Cisco 7600 Series Router Installation Guide OL-4503-24 Slide the power supply into the power supply bay. Make sure that the power supply is not lit If the LEDs indicate a power problem, see the "System Ground Connection" section on page 4-2. Installing a PWR-2700-DC Power Supply in a Cisco 7606 Router Warning Before performing any preinstalled PEMs. You must remove any of the following states: • INPUT OK LED is green • FAN OK LED is green...
... Cisco 7600 Series Router Installation Guide OL-4503-24 Slide the power supply into the power supply bay. Make sure that the power supply is not lit If the LEDs indicate a power problem, see the "System Ground Connection" section on page 4-2. Installing a PWR-2700-DC Power Supply in a Cisco 7606 Router Warning Before performing any preinstalled PEMs. You must remove any of the following states: • INPUT OK LED is green • FAN OK LED is green...
Installation Guide
Page 105
... power supply input rating and local or national electrical code requirements. OL-4503-24 Cisco 7600 Series Router Installation Guide 5-105 Step 12 If you are correctly completed, safety flags and lockout devices can be protected by checking that the power supply front panel LEDs are in the following states: • INPUT OK LED is green • FAN OK LED is green • OUTPUT FAIL LED is not lit If the LEDs indicate a power problem...
... power supply input rating and local or national electrical code requirements. OL-4503-24 Cisco 7600 Series Router Installation Guide 5-105 Step 12 If you are correctly completed, safety flags and lockout devices can be protected by checking that the power supply front panel LEDs are in the following states: • INPUT OK LED is green • FAN OK LED is green • OUTPUT FAIL LED is not lit If the LEDs indicate a power problem...
Installation Guide
Page 129
Chapter 5 Removal and Replacement Procedures Upgrading the Cisco 7600 Series Routers to http://www.cisco.com/univercd/cc/td/doc/product/core/cis7600/hardware/osrouter/index.htm. There is equipped with two tiered-speed fan trays. Table 5-5 Required Power Supply Upgrades for the WS-SUP720-3BXL Supervisor 720 and Supervisor 3BXL Supported Chassis AC DC Cisco 7603 WS-CAC-950W WS-CDC-950W Cisco 7604 N/A N/A Cisco 7606 WS-CAC-1900W WS...
Chapter 5 Removal and Replacement Procedures Upgrading the Cisco 7600 Series Routers to http://www.cisco.com/univercd/cc/td/doc/product/core/cis7600/hardware/osrouter/index.htm. There is equipped with two tiered-speed fan trays. Table 5-5 Required Power Supply Upgrades for the WS-SUP720-3BXL Supervisor 720 and Supervisor 3BXL Supported Chassis AC DC Cisco 7603 WS-CAC-950W WS-CDC-950W Cisco 7604 N/A N/A Cisco 7606 WS-CAC-1900W WS...
User Guide
Page 168
...-This button is not guaranteed to be removed and replaced without generating alarms. 5-54 Cisco 6500/7600 Series Manager User Guide Performance Logging Area The Performance Logging area of the port adapters (if installed) on the FlexWAN module: • Start-Turns on the module. This can only be done if the object is in the configuration window is used to enable and disable performance logging of the interface attributes of the C6576M FlexWAN Module dialog...
...-This button is not guaranteed to be removed and replaced without generating alarms. 5-54 Cisco 6500/7600 Series Manager User Guide Performance Logging Area The Performance Logging area of the port adapters (if installed) on the FlexWAN module: • Start-Turns on the module. This can only be done if the object is in the configuration window is used to enable and disable performance logging of the interface attributes of the C6576M FlexWAN Module dialog...
User Guide
Page 294
... can use the Reset button. This action power cycles the switch or router. If clicked, a pop-up is reset using the Reset button. Note Any changes to the running configuration will be used to establish a CatOS management session with administrative privileges can only be saved automatically when the switch or router is displayed asking if you really want to enter privileged EXEC mode. Cisco 6500/7600 Series Manager User Guide 6-4 IOS Session The IOS...
... can use the Reset button. This action power cycles the switch or router. If clicked, a pop-up is reset using the Reset button. Note Any changes to the running configuration will be used to establish a CatOS management session with administrative privileges can only be saved automatically when the switch or router is displayed asking if you really want to enter privileged EXEC mode. Cisco 6500/7600 Series Manager User Guide 6-4 IOS Session The IOS...
Configuration Guide
Page 49
... use VLAN 1. • If you are using FWSM failover within the same switch chassis, do not add the VLANs to the switch before you can contain unlimited VLANs. Chapter 2 Configuring the Switch for the Firewall Services Module Assigning VLANs to the Firewall Services Module This section includes the following topics: • VLAN Guidelines, page 2-3 • Assigning VLANs to the switch. However, if you are using ASDM 2-3 OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using...
... use VLAN 1. • If you are using FWSM failover within the same switch chassis, do not add the VLANs to the switch before you can contain unlimited VLANs. Chapter 2 Configuring the Switch for the Firewall Services Module Assigning VLANs to the Firewall Services Module This section includes the following topics: • VLAN Guidelines, page 2-3 • Assigning VLANs to the switch. However, if you are using ASDM 2-3 OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using...
Configuration Guide
Page 56
... is disabled by default. To change the default boot partition, enter the following command: Router(config)# boot device module mod_num cf:n 2-10 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using the copy command. To enable autostate messaging in case you can use cf:5 as a test partition. You can install the new software on cf:5, but maintain the old software as a backup in Cisco IOS software, enter the following topics: • Flash Memory Overview, page 2-10 • Setting the Default Boot Partition...
... is disabled by default. To change the default boot partition, enter the following command: Router(config)# boot device module mod_num cf:n 2-10 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using the copy command. To enable autostate messaging in case you can use cf:5 as a test partition. You can install the new software on cf:5, but maintain the old software as a backup in Cisco IOS software, enter the following topics: • Flash Memory Overview, page 2-10 • Setting the Default Boot Partition...
Configuration Guide
Page 126
... host. See the show vlan command. Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using the allocate-interface command. • All allocated interfaces are reserving for traffic to pass through the interface, the interface also has to be in the down in the system execution space, then that you enable communication between same security interfaces (see the "Allowing Communication Between Interfaces on the Same Security Level" section on page...
... host. See the show vlan command. Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using the allocate-interface command. • All allocated interfaces are reserving for traffic to pass through the interface, the interface also has to be in the down in the system execution space, then that you enable communication between same security interfaces (see the "Allowing Communication Between Interfaces on the Same Security Level" section on page...
Configuration Guide
Page 129
... interfaces from any bridge group. You can be on the same network in each . - See the following guidelines for configuring an interface: Multiple Context Mode Guidelines • You can use the show interface command for more information. If you assign the VLAN to the FWSM, the interface changes to configure the failover and state links. OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using the allocate-interface command. • All allocated interfaces...
... interfaces from any bridge group. You can be on the same network in each . - See the following guidelines for configuring an interface: Multiple Context Mode Guidelines • You can use the show interface command for more information. If you assign the VLAN to the FWSM, the interface changes to configure the failover and state links. OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using the allocate-interface command. • All allocated interfaces...
Configuration Guide
Page 138
... 2 Step 3 Step 4 Step 5 Step 6 To reboot the FWSM into the maintenance partition, enter the following command at the prompt: Changing password for user root New password: Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 7-2 OL-20748-01 The default password is "cisco". To change the guest account password, and enable or disable the guest account. This command changes the password for troubleshooting. The password is a case-sensitive password of up to 16 alphanumeric...
... 2 Step 3 Step 4 Step 5 Step 6 To reboot the FWSM into the maintenance partition, enter the following command at the prompt: Changing password for user root New password: Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 7-2 OL-20748-01 The default password is "cisco". To change the guest account password, and enable or disable the guest account. This command changes the password for troubleshooting. The password is a case-sensitive password of up to 16 alphanumeric...
Configuration Guide
Page 313
...-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 16-9 For example, if you want to provide extra security, you can tell your inside ,outside) tcp 209.165.201.3 smtp 10.1.2.29 smtp netmask 255.255.255.255 You can specify static PAT statements for each statement. Chapter 16 Configuring NAT NAT Overview Static PAT Static PAT is the same as the port...
...-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 16-9 For example, if you want to provide extra security, you can tell your inside ,outside) tcp 209.165.201.3 smtp 10.1.2.29 smtp netmask 255.255.255.255 You can specify static PAT statements for each statement. Chapter 16 Configuring NAT NAT Overview Static PAT Static PAT is the same as the port...
Configuration Guide
Page 340
... ports in the access list. Figure 16-26 NAT Exemption FWSM 209.165.201.1 209.165.201.1 209.165.201.2 209.165.201.2 132938 Inside Outside Note If you have greater control using NAT exemption than identity NAT. Bypassing NAT Chapter 16 Configuring NAT The following command uses static identity NAT for NAT exemption configuration. 16-36 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM OL-20748-01 Use static identity NAT to originate connections...
... ports in the access list. Figure 16-26 NAT Exemption FWSM 209.165.201.1 209.165.201.1 209.165.201.2 209.165.201.2 132938 Inside Outside Note If you have greater control using NAT exemption than identity NAT. Bypassing NAT Chapter 16 Configuring NAT The following command uses static identity NAT for NAT exemption configuration. 16-36 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM OL-20748-01 Use static identity NAT to originate connections...
Configuration Guide
Page 487
... Series Router Firewall Services Module Configuration Guide using ASDM 22-71 hostname(config-if)# access-list mgcp extended permit udp any host 10.0.0.210 eq 2428 hostname(config)# access-list mgcp extended permit udp any any eq 2427 hostname(config)# access-list mgcp extended permit udp any any eq tftp Apply the above access lists on the inside Configure call agent (IP address of the Cisco CallManager) and the IP address of the IOS MGCP gateway...
... Series Router Firewall Services Module Configuration Guide using ASDM 22-71 hostname(config-if)# access-list mgcp extended permit udp any host 10.0.0.210 eq 2428 hostname(config)# access-list mgcp extended permit udp any any eq 2427 hostname(config)# access-list mgcp extended permit udp any any eq tftp Apply the above access lists on the inside Configure call agent (IP address of the Cisco CallManager) and the IP address of the IOS MGCP gateway...
Configuration Guide
Page 508
... Example 22-12, which creates a class map to match SCCP traffic on the default port (2000). dump, I - inside, n - The service policy is sample output from the show xlate debug command for these Skinny connections: hostname# show xlate debug 2 in troubleshooting SCCP (Skinny) inspection engine issues. hostname# show skinny command assists in use, 2 most used Flags: D - DNS, d - no random, 22-92 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using...
... Example 22-12, which creates a class map to match SCCP traffic on the default port (2000). dump, I - inside, n - The service policy is sample output from the show xlate debug command for these Skinny connections: hostname# show xlate debug 2 in troubleshooting SCCP (Skinny) inspection engine issues. hostname# show skinny command assists in use, 2 most used Flags: D - DNS, d - no random, 22-92 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using...
Configuration Guide
Page 525
... users on the 192.168.3.0 network to 60 minutes. When starting an SSH session, a dot (.) displays on the FWSM console before the FWSM disconnects the session, enter the following command: hostname(config)# ssh timeout minutes Set the timeout from which is "cisco." OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using SSH, at the SSH client enter the username pix and enter the login password set...
... users on the 192.168.3.0 network to 60 minutes. When starting an SSH session, a dot (.) displays on the FWSM console before the FWSM disconnects the session, enter the following command: hostname(config)# ssh timeout minutes Set the timeout from which is "cisco." OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using SSH, at the SSH client enter the username pix and enter the login password set...
Configuration Guide
Page 553
... software Console> (enable) session module_number Step 13 By default, the password to log in to the FWSM, enter the command for internal diagnostics. Follow the screen prompts during the upgrade. Step 10 To log out of the following methods: • Paste the configuration at the command line. • To copy from a TFTP server, enter the following command: OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using the following command: Console> (enable) reset...
... software Console> (enable) session module_number Step 13 By default, the password to log in to the FWSM, enter the command for internal diagnostics. Follow the screen prompts during the upgrade. Step 10 To log out of the following methods: • Paste the configuration at the command line. • To copy from a TFTP server, enter the following command: OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using the following command: Console> (enable) reset...
Configuration Guide
Page 559
... to the FWSM, enter the command for your operating system: - Cisco IOS software Router# session slot number processor 1 - For Cisco IOS software, enter the following command: Console> (enable) reset mod_num c. Catalyst operating system software Console> (enable) session module_number OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 24-13 For Catalyst operating system software, enter the following command: Router# hw-module module mod_num reset - If required, log out of the maintenance partition...
... to the FWSM, enter the command for your operating system: - Cisco IOS software Router# session slot number processor 1 - For Cisco IOS software, enter the following command: Console> (enable) reset mod_num c. Catalyst operating system software Console> (enable) session module_number OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 24-13 For Catalyst operating system software, enter the following command: Router# hw-module module mod_num reset - If required, log out of the maintenance partition...
Configuration Guide
Page 629
... access-group MANAGE in interface outside access-list WEBSENSE remark -The Websense server needs to access the Websense updater access-list WEBSENSE remark -server on the outside for management using ASDM B-5 Websense server to determine if the traffic is allowed nat (inside users access an HTTP server, FWSM consults with a ! firewall module 8 vlan-group 1 OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ! A host on the admin context requires access to the Websense server for any IP access-list INTERNET...
... access-group MANAGE in interface outside access-list WEBSENSE remark -The Websense server needs to access the Websense updater access-list WEBSENSE remark -server on the outside for management using ASDM B-5 Websense server to determine if the traffic is allowed nat (inside users access an HTTP server, FWSM consults with a ! firewall module 8 vlan-group 1 OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ! A host on the admin context requires access to the Websense server for any IP access-list INTERNET...
Configuration Guide
Page 712
... source and destination that uses secret-key cryptography. See IKE. IPSec provides these security services at the IP layer. K key Kerberos A data object used for client-server applications that will be used in almost all transform sets is applied to the interface in over telephone voice lines or DSL. GL-10 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM OL-20748-01 IPSec transform set A transform set specifies the IPSec protocol, encryption algorithm, and...
... source and destination that uses secret-key cryptography. See IKE. IPSec provides these security services at the IP layer. K key Kerberos A data object used for client-server applications that will be used in almost all transform sets is applied to the interface in over telephone voice lines or DSL. GL-10 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM OL-20748-01 IPSec transform set A transform set specifies the IPSec protocol, encryption algorithm, and...