User Guide
Page 3
... Services Module Certification Note 3 Document Organization • Other supporting documentation as additional references This publication provides an overview of the Catalyst 6509 switch and the Cisco 7606 and Cisco 7609 routers and explains the secure configuration and operation of operation. This introduction section is releasable only under appropriate non-disclosure agreements.
... Services Module Certification Note 3 Document Organization • Other supporting documentation as additional references This publication provides an overview of the Catalyst 6509 switch and the Cisco 7606 and Cisco 7609 routers and explains the secure configuration and operation of operation. This introduction section is releasable only under appropriate non-disclosure agreements.
User Guide
Page 10
... password. A complete description of all the management and configuration capabilities of the Catalyst 6509 switch and the Cisco 7606 and Cisco 7609 routers can use the encryption and decryption functionality after authentication to configure and maintain the router using crypto officer services, while ...output interface Power interface Roles and Services Authentication is decreased drastically. The configuration of the router assumes the crypto officer role in 1,814,400. After the crypto officer configures the encryption and decryption functionality, the user can be at least eight...
... password. A complete description of all the management and configuration capabilities of the Catalyst 6509 switch and the Cisco 7606 and Cisco 7609 routers can use the encryption and decryption functionality after authentication to configure and maintain the router using crypto officer services, while ...output interface Power interface Roles and Services Authentication is decreased drastically. The configuration of the router assumes the crypto officer role in 1,814,400. After the crypto officer configures the encryption and decryption functionality, the user can be at least eight...
User Guide
Page 11
... to other network devices (using outgoing TELNET or PPP) and initiates diagnostic network services (that are applied to the Cisco IOS executive program. The user services consist of the following : • Configuring the router-Defines network interfaces and settings, creates command aliases, sets the protocols the switch or router will support, enables...
... to other network devices (using outgoing TELNET or PPP) and initiates diagnostic network services (that are applied to the Cisco IOS executive program. The user services consist of the following : • Configuring the router-Defines network interfaces and settings, creates command aliases, sets the protocols the switch or router will support, enables...
User Guide
Page 18
...are provided on the right side of the chassis) as shown in a FIPS compliant mode. After the router or the switch has been configured to the network modules and the service modules. c. Power supply-For each power supply or power supply blank cover installed in the chassis, ...tamper seal, which indicates tampering has occurred. On-board LAN connectors and console connectors are provided on the Catalyst 6509 switch and the Cisco 7609 router; Place a second tamper evidence label so that is entirely encased by using alcohol-based cleaning pads before applying the tamper ...
...are provided on the right side of the chassis) as shown in a FIPS compliant mode. After the router or the switch has been configured to the network modules and the service modules. c. Power supply-For each power supply or power supply blank cover installed in the chassis, ...tamper seal, which indicates tampering has occurred. On-board LAN connectors and console connectors are provided on the Catalyst 6509 switch and the Cisco 7609 router; Place a second tamper evidence label so that is entirely encased by using alcohol-based cleaning pads before applying the tamper ...
User Guide
Page 22
...RSA public key used to encrypt values of the DNS server. It is zeroized when the SSL connection is a public key of the configuration file. The key used to generate IKE key id during preshared-key authentication. This key can be zeroized because it frees the public key... 15 transform_key4 16 signature 17 dnssec_zone_key 18 SLL session key 19 ARAP key 20 ARAP password 21 config key Description Storage The key used in Cisco vendor-ID generation. This key can have two forms based on whether the key is a public key. NVRAM (plaintext) This key generates keys ...
...RSA public key used to encrypt values of the DNS server. It is zeroized when the SSL connection is a public key of the configuration file. The key used to generate IKE key id during preshared-key authentication. This key can be zeroized because it frees the public key... 15 transform_key4 16 signature 17 dnssec_zone_key 18 SLL session key 19 ARAP key 20 ARAP password 21 config key Description Storage The key used in Cisco vendor-ID generation. This key can have two forms based on whether the key is a public key. NVRAM (plaintext) This key generates keys ...
User Guide
Page 24
... Access Policy Role/Service User Role Status Functions Network Functions Security Relevant Data Item Terminal Functions Directory Functions Crypto-Officer Role Configure the Router Define Rules and Filters Status Functions Manage the Router Set Encryption/Bypass Change Port Adapters Critical Security Parameters - ... • Diffie-Hellman • RSA [for digital signatures and encryption/decryption (for IKE authentication)] Catalyst 6509 Switch, Cisco 7606 Router, and Cisco 7609 Router with VPN Services Module Certification Note 24 OL-6334-01 CSP 1 (R) CSP 20-22 (R/W/D) CSP 24 (D) CSP...
... Access Policy Role/Service User Role Status Functions Network Functions Security Relevant Data Item Terminal Functions Directory Functions Crypto-Officer Role Configure the Router Define Rules and Filters Status Functions Manage the Router Set Encryption/Bypass Change Port Adapters Critical Security Parameters - ... • Diffie-Hellman • RSA [for digital signatures and encryption/decryption (for IKE authentication)] Catalyst 6509 Switch, Cisco 7606 Router, and Cisco 7609 Router with VPN Services Module Certification Note 24 OL-6334-01 CSP 1 (R) CSP 20-22 (R/W/D) CSP 24 (D) CSP...
User Guide
Page 26
...an alcohol-based cleaning pad. Firmware integrity test - SHA-1 KAT • Conditional tests - Secure Operation of operation. Initial Setup Before configuring the router or switch, note these requirements: • The crypto officer must apply tamper evidence labels as described in a FIPS-approved ...mode of the Catalyst 6509 Switch and the Cisco 7606 and Cisco 7609 Routers - Continuous random number generator test Secure Operation of the VPN Services Module. • The crypto officer must...
...an alcohol-based cleaning pad. Firmware integrity test - SHA-1 KAT • Conditional tests - Secure Operation of operation. Initial Setup Before configuring the router or switch, note these requirements: • The crypto officer must apply tamper evidence labels as described in a FIPS-approved ...mode of the Catalyst 6509 Switch and the Cisco 7606 and Cisco 7609 Routers - Continuous random number generator test Secure Operation of the VPN Services Module. • The crypto officer must...
User Guide
Page 27
... IPsec manually entered keys. This setting disables the break from the console to use RADIUS or TACACS+, the Crypto-Officer must perform the initial configuration. Cisco IOS Release 12.2(14)SY3 is optional. The password must be at least 8 characters long. • If the crypto officer loads any ...privilege level other image may configure the module to any Cisco IOS image onto the switch or router, this will put the switch or router into a non-FIPS mode of operation. From ...
... IPsec manually entered keys. This setting disables the break from the console to use RADIUS or TACACS+, the Crypto-Officer must perform the initial configuration. Cisco IOS Release 12.2(14)SY3 is optional. The password must be at least 8 characters long. • If the crypto officer loads any ...privilege level other image may configure the module to any Cisco IOS image onto the switch or router, this will put the switch or router into a non-FIPS mode of operation. From ...
User Guide
Page 28
... other countries. Obtaining Documentation and Submitting a Service Request Protocols All SNMP operations must configure the module so that any other company. (0502R) © 2005, Cisco Systems, Inc. SSH access to Increase Your Internet Quotient, and TransPath are trademarks of Cisco Systems, Inc. The use a FIPS-approved algorithm. Changing the Way We Work, Live...
... other countries. Obtaining Documentation and Submitting a Service Request Protocols All SNMP operations must configure the module so that any other company. (0502R) © 2005, Cisco Systems, Inc. SSH access to Increase Your Internet Quotient, and TransPath are trademarks of Cisco Systems, Inc. The use a FIPS-approved algorithm. Changing the Way We Work, Live...
Upgrade Guide
Page 4
... ESD wrist strap when handling modules or coming into contact with Configuration Files" chapter in the order they are required to install the WS-CDC-2500W or PWR-4000-DC power supply. Statement 1 Catalyst 6509-NEB Switch and Cisco OSR-7609 Router Upgrade Note 4 78-16162-02 They will...back online. Warning Before working on the ejector levers. For more information, refer to power the fan tray. On any modules running Cisco IOS, save the running configuration. Each Catalyst 6500 series AC-input power supply weighs between 22 pounds (9.9 kg) and 28 pounds (12.6 kg). Before you ...
... ESD wrist strap when handling modules or coming into contact with Configuration Files" chapter in the order they are required to install the WS-CDC-2500W or PWR-4000-DC power supply. Statement 1 Catalyst 6509-NEB Switch and Cisco OSR-7609 Router Upgrade Note 4 78-16162-02 They will...back online. Warning Before working on the ejector levers. For more information, refer to power the fan tray. On any modules running Cisco IOS, save the running configuration. Each Catalyst 6500 series AC-input power supply weighs between 22 pounds (9.9 kg) and 28 pounds (12.6 kg). Before you ...
User Guide
Page 5
... Notes Tab 5-20 C6576M Ethernet Module Dialog Box 5-22 Details Tab 5-22 Additional Notes Tab 5-26 C6576M Ethernet Interface Dialog Box 5-27 Status Tab 5-27 Configuration Tab 5-30 Performance Tab 5-33 Routing Protocol Tab 5-35 STP Tab 5-38 HSRP Tab 5-42 QoS Tab 5-45 Additional Notes Tab 5-48 C6576M Switch Fabric... SLB Dialog Box 5-65 Details Tab 5-65 Client Side VLAN Tab 5-68 Server Side VLAN Tab 5-70 Server Farms Tab 5-72 Virtual Servers Tab 5-74 Cisco 6500/7600 Series Manager User Guide v
... Notes Tab 5-20 C6576M Ethernet Module Dialog Box 5-22 Details Tab 5-22 Additional Notes Tab 5-26 C6576M Ethernet Interface Dialog Box 5-27 Status Tab 5-27 Configuration Tab 5-30 Performance Tab 5-33 Routing Protocol Tab 5-35 STP Tab 5-38 HSRP Tab 5-42 QoS Tab 5-45 Additional Notes Tab 5-48 C6576M Switch Fabric... SLB Dialog Box 5-65 Details Tab 5-65 Client Side VLAN Tab 5-68 Server Side VLAN Tab 5-70 Server Farms Tab 5-72 Virtual Servers Tab 5-74 Cisco 6500/7600 Series Manager User Guide v
User Guide
Page 6
...Performance Tab 5-108 Routing Protocol Tab 5-111 Additional Notes Tab 5-114 C6576M OSM GE-WAN Interface Dialog Box 5-115 Status Tab 5-115 Configuration Tab 5-117 Performance Tab 5-118 Routing Protocol Tab 5-121 HSRP Tab 5-124 Additional Notes Tab 5-127 C6576M OSM Channelized SONET Interface Dialog... Box 5-128 Status Tab 5-128 Configuration Tab 5-131 Performance Tab 5-135 Additional Notes Tab 5-137 C6576M OSM POS Interface Dialog Box 5-138 Status Tab 5-138 Configuration Tab 5-140 ATM/SONET Tab 5-141 Performance Tab 5-143 Cisco 6500/7600 Series Manager User Guide vi
...Performance Tab 5-108 Routing Protocol Tab 5-111 Additional Notes Tab 5-114 C6576M OSM GE-WAN Interface Dialog Box 5-115 Status Tab 5-115 Configuration Tab 5-117 Performance Tab 5-118 Routing Protocol Tab 5-121 HSRP Tab 5-124 Additional Notes Tab 5-127 C6576M OSM Channelized SONET Interface Dialog... Box 5-128 Status Tab 5-128 Configuration Tab 5-131 Performance Tab 5-135 Additional Notes Tab 5-137 C6576M OSM POS Interface Dialog Box 5-138 Status Tab 5-138 Configuration Tab 5-140 ATM/SONET Tab 5-141 Performance Tab 5-143 Cisco 6500/7600 Series Manager User Guide vi
User Guide
Page 7
...Protocol Tab 5-160 Additional Notes Tab 5-162 C6576M OSM POS Subinterface Dialog Box 5-163 Status Tab 5-163 Interface Configuration Tab 5-165 POS Tab 5-167 Performance Tab 5-169 POS Statistics Tab 5-172 Routing Protocol Tab 5-173 Additional Notes... Tab 5-176 Logical Object Dialog Boxes 6-1 C6576M NE Config/Mgmt Dialog Box 6-3 Configuration Tab 6-3 System Information Tab 6-6 SNMP Tab 6-7 SNMP Trap Tab 6-8 Additional Notes Tab 6-12 C6576M Software Dialog ... Box 6-34 Details Tab 6-34 Additional Notes Tab 6-36 Cisco 6500/7600 Series Manager User Guide vii
...Protocol Tab 5-160 Additional Notes Tab 5-162 C6576M OSM POS Subinterface Dialog Box 5-163 Status Tab 5-163 Interface Configuration Tab 5-165 POS Tab 5-167 Performance Tab 5-169 POS Statistics Tab 5-172 Routing Protocol Tab 5-173 Additional Notes... Tab 5-176 Logical Object Dialog Boxes 6-1 C6576M NE Config/Mgmt Dialog Box 6-3 Configuration Tab 6-3 System Information Tab 6-6 SNMP Tab 6-7 SNMP Trap Tab 6-8 Additional Notes Tab 6-12 C6576M Software Dialog ... Box 6-34 Details Tab 6-34 Additional Notes Tab 6-36 Cisco 6500/7600 Series Manager User Guide vii
User Guide
Page 8
... STP Tab 6-45 QoS Tab 6-47 EoMPLS Tab 6-48 VLAN Database Tab 6-49 Additional Notes Tab 6-51 C6576M EtherChannel Dialog Box 6-52 Status Tab 6-52 Configuration Tab 6-54 Membership Tab 6-56 Routing Protocol Tab 6-58 STP Tab 6-59 HSRP Tab 6-63 Additional Notes Tab 6-67 C6576M BGP Dialog Box 6-68 BGP... C6576M EIGRP Dialog Box 6-92 Details Tab 6-92 Redistribution Tab 6-95 Distribution List Tab 6-97 Additional Notes Tab 6-99 C6576M IS-IS Dialog Box 6-100 Cisco 6500/7600 Series Manager User Guide viii
... STP Tab 6-45 QoS Tab 6-47 EoMPLS Tab 6-48 VLAN Database Tab 6-49 Additional Notes Tab 6-51 C6576M EtherChannel Dialog Box 6-52 Status Tab 6-52 Configuration Tab 6-54 Membership Tab 6-56 Routing Protocol Tab 6-58 STP Tab 6-59 HSRP Tab 6-63 Additional Notes Tab 6-67 C6576M BGP Dialog Box 6-68 BGP... C6576M EIGRP Dialog Box 6-92 Details Tab 6-92 Redistribution Tab 6-95 Distribution List Tab 6-97 Additional Notes Tab 6-99 C6576M IS-IS Dialog Box 6-100 Cisco 6500/7600 Series Manager User Guide viii
User Guide
Page 11
... order of network design, operation, and terminology, and that you should read and understood the Cisco Element Management Framework User Guide. About this Guide This preface describes who configure the network), and operators. Organization This guide is assumed that you have a basic understanding of... the tasks you have a basic familiarity with the C65/76M using CEMF. Cisco 6500/7600 Series Manager User Guide xi ...
... order of network design, operation, and terminology, and that you should read and understood the Cisco Element Management Framework User Guide. About this Guide This preface describes who configure the network), and operators. Organization This guide is assumed that you have a basic understanding of... the tasks you have a basic familiarity with the C65/76M using CEMF. Cisco 6500/7600 Series Manager User Guide xi ...
User Guide
Page 12
... Preparation and Safety Guide • Cisco 7600 Internet Router Quick Software Configuration Guide • Cisco 7600 Internet Router Software Configuration Guide • Cisco 7600 Internet Router Command Reference • Cisco 7603 and 7606 Internet Router Installation Guide • Cisco 7609 Internet Router Installation Guide • Cisco 7600 Internet Router Module Installation Guide • Cisco 7600 Internet Router System Message...
... Preparation and Safety Guide • Cisco 7600 Internet Router Quick Software Configuration Guide • Cisco 7600 Internet Router Software Configuration Guide • Cisco 7600 Internet Router Command Reference • Cisco 7603 and 7606 Internet Router Installation Guide • Cisco 7609 Internet Router Installation Guide • Cisco 7600 Internet Router Module Installation Guide • Cisco 7600 Internet Router System Message...
User Guide
Page 13
...the D key. Notes use quotation marks around the string or the string will include the quotation marks. The Cisco EMF software supports a three-button mouse. Cisco 6500/7600 Series Manager User Guide xiii Terminal sessions and information the system displays are in angle brackets. A ...and separated by vertical bars. About this Guide Conventions and Terminology For information about MIBs, refer to this URL: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml Conventions and Terminology This publication uses the following conventions: Note Means reader take note....
...the D key. Notes use quotation marks around the string or the string will include the quotation marks. The Cisco EMF software supports a three-button mouse. Cisco 6500/7600 Series Manager User Guide xiii Terminal sessions and information the system displays are in angle brackets. A ...and separated by vertical bars. About this Guide Conventions and Terminology For information about MIBs, refer to this URL: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml Conventions and Terminology This publication uses the following conventions: Note Means reader take note....
User Guide
Page 16
... 170 West Tasman Drive San Jose, CA 95134-9883 We appreciate your comments. You can obtain online documentation, troubleshooting tips, and sample configurations from anywhere in the world. Cisco.com is the foundation of a suite of the page. Customers and partners can submit your comments by mail by writing to the technical...
... 170 West Tasman Drive San Jose, CA 95134-9883 We appreciate your comments. You can obtain online documentation, troubleshooting tips, and sample configurations from anywhere in the world. Cisco.com is the foundation of a suite of the page. Customers and partners can submit your comments by mail by writing to the technical...
User Guide
Page 17
...to resolve P3 and P4 issues yourself, saving both cost and time. No workaround is not restored quickly. The Cisco TAC Web Site requires a Cisco.com login ID and password. No workaround is available. • Priority level 1 (P1)-Your production network is ...URL: http://www.cisco.com Technical Assistance Center The Cisco Technical Assistance Center (TAC) is available to this URL: http://www.cisco.com/tac All customers, partners, and resellers who need information or assistance concerning Cisco product capabilities, product installation, or basic product configuration. • Priority...
...to resolve P3 and P4 issues yourself, saving both cost and time. No workaround is not restored quickly. The Cisco TAC Web Site requires a Cisco.com login ID and password. No workaround is available. • Priority level 1 (P1)-Your production network is ...URL: http://www.cisco.com Technical Assistance Center The Cisco Technical Assistance Center (TAC) is available to this URL: http://www.cisco.com/tac All customers, partners, and resellers who need information or assistance concerning Cisco product capabilities, product installation, or basic product configuration. • Priority...
User Guide
Page 19
... A P T E R 1 This chapter consists of the Catalyst 6000 family switches and Cisco 7600 series Internet Routers. The C65/76M provides standard element-management functionality, such as fault, configuration, accounting, performance, and security (FCAPS). Note Refer to have Simple Network Management Protocol (...SNMP) and a detailed knowledge of the Cisco IOS or Catalyst OS required commands. The software also...
... A P T E R 1 This chapter consists of the Catalyst 6000 family switches and Cisco 7600 series Internet Routers. The C65/76M provides standard element-management functionality, such as fault, configuration, accounting, performance, and security (FCAPS). Note Refer to have Simple Network Management Protocol (...SNMP) and a detailed knowledge of the Cisco IOS or Catalyst OS required commands. The software also...