User Guide
Page 10
... The user and crypto officer passwords and the RADIUS/TACACS+ shared secrets must each be found in the Performing Basic System Management manual and in order to configure and maintain the router using crypto officer services, while the users only use the encryption and decryption ...If only the integers 0 to the crypto officer role by providing a valid crypto officer username and password. Catalyst 6509 Switch, Cisco 7606 Router, and Cisco 7609 Router with VPN Services Module Certification Note 10 OL-6334-01 The administrator of randomly guessing the correct sequence is role-...
... The user and crypto officer passwords and the RADIUS/TACACS+ shared secrets must each be found in the Performing Basic System Management manual and in order to configure and maintain the router using crypto officer services, while the users only use the encryption and decryption ...If only the integers 0 to the crypto officer role by providing a valid crypto officer username and password. Catalyst 6509 Switch, Cisco 7606 Router, and Cisco 7609 Router with VPN Services Module Certification Note 10 OL-6334-01 The administrator of randomly guessing the correct sequence is role-...
User Guide
Page 11
...physical interface status. • Managing the switch or the router-Logs off users, shuts down or reloads the switch or router, manually backs up switch or router configurations, views complete configurations, manages user rights, and restores switch or router configurations. • Setting ...encryption and bypass-Sets up the configuration tables for their password. Cisco IOS prompts the user for IP tunneling. Roles and Services Crypto Officer Role During initial configuration of the router, the crypto officer...
...physical interface status. • Managing the switch or the router-Logs off users, shuts down or reloads the switch or router, manually backs up switch or router configurations, views complete configurations, manages user rights, and restores switch or router configurations. • Setting ...encryption and bypass-Sets up the configuration tables for their password. Cisco IOS prompts the user for IP tunneling. Roles and Services Crypto Officer Role During initial configuration of the router, the crypto officer...
User Guide
Page 21
Tamper evidence seals can also be inspected for signs of the chassis. Keys are exchanged manually and entered electronically using manual key exchange or Internet Key Exchange (IKE). DRAM (plaintext) 2 secret_number The private exponent used in DRAM and updated periodically after a ... are also password protected and can turn off the router to zeroize this key. (plaintext) OL-6334-01 Catalyst 6509 Switch, Cisco 7606 Router, and Cisco 7609 Router with self-adhesive backing. It is zeroized when an IKE DRAM session is terminated. This key is zeroized periodically. The...
Tamper evidence seals can also be inspected for signs of the chassis. Keys are exchanged manually and entered electronically using manual key exchange or Internet Key Exchange (IKE). DRAM (plaintext) 2 secret_number The private exponent used in DRAM and updated periodically after a ... are also password protected and can turn off the router to zeroize this key. (plaintext) OL-6334-01 Catalyst 6509 Switch, Cisco 7606 Router, and Cisco 7609 Router with self-adhesive backing. It is zeroized when an IKE DRAM session is terminated. This key is zeroized periodically. The...
User Guide
Page 25
...Firmware integrity test - AES KAT - The crypto officer needs to test the cryptographic components of key management schemes: • A symmetric manual key exchange method. Self-Tests To prevent any of self-tests that are associated with the CO role that created the keys and the ... self-tests fail, the router transitions into an error state. All Diffie-Hellman (DH) keys agreed upon for exchanging preshared keys manually and entering electronically. - Cisco IOS Software Self-Tests • Power-up tests - TDES KAT - All preshared keys are run during startup and periodically during ...
...Firmware integrity test - AES KAT - The crypto officer needs to test the cryptographic components of key management schemes: • A symmetric manual key exchange method. Self-Tests To prevent any of self-tests that are associated with the CO role that created the keys and the ... self-tests fail, the router transitions into an error state. All Diffie-Hellman (DH) keys agreed upon for exchanging preshared keys manually and entering electronically. - Cisco IOS Software Self-Tests • Power-up tests - TDES KAT - All preshared keys are run during startup and periodically during ...
User Guide
Page 27
...use RADIUS or TACACS+, the Crypto-Officer must be 0x0101 (the factory default). Secure Operation of the Catalyst 6509 Switch and the Cisco 7606 and Cisco 7609 Routers Initializing and Configuring the System To initialize and configure the system, the crypto officer must perform the following syntax: config-... of IKE allows a number of algorithms, only the following algorithms are allowed in FIPS mode: Internet Key Exchange (IKE) and IPsec manually entered keys. The password must always assign passwords (of the boot field must define RADIUS or TACACS+ shared secret keys that are allowed...
...use RADIUS or TACACS+, the Crypto-Officer must be 0x0101 (the factory default). Secure Operation of the Catalyst 6509 Switch and the Cisco 7606 and Cisco 7609 Routers Initializing and Configuring the System To initialize and configure the system, the crypto officer must perform the following syntax: config-... of IKE allows a number of algorithms, only the following algorithms are allowed in FIPS mode: Internet Key Exchange (IKE) and IPsec manually entered keys. The password must always assign passwords (of the boot field must define RADIUS or TACACS+ shared secret keys that are allowed...
User Guide
Page 2
... BY THIS REFERENCE. All other company. (0203R) Cisco 6500/7600 Series Manager User Guide Copyright © 2001-2002, Cisco Systems, Inc. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. The Cisco implementation of TCP header compression is an adaptation of ...INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS...
... BY THIS REFERENCE. All other company. (0203R) Cisco 6500/7600 Series Manager User Guide Copyright © 2001-2002, Cisco Systems, Inc. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. The Cisco implementation of TCP header compression is an adaptation of ...INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS...
User Guide
Page 4
...10 Mismatched State 2-10 Getting Started 3-1 Preparing to Use the C65/76M Software 3-1 Using Cisco EMF 3-2 Cisco Element Management Framework Launchpad Window 3-3 Quitting a Cisco EMF User Session 3-6 Deploying C65/76M Objects 3-7 Launching Object Management Dialogs 3-10 Deploying the... C65/76M 4-1 Managing a Catalyst 6000 Family Switch or a Cisco 7600 Series Internet Router 4-1 Deploying Objects 4-1 Commissioning Objects 4-3 Deployment and Commissioning Process 4-5 IP Auto Discovery 4-5 Manual Deployment 4-11 Predeployment 4-21 Physical Object Dialog Boxes 5-1 C6576M Chassis Dialog...
...10 Mismatched State 2-10 Getting Started 3-1 Preparing to Use the C65/76M Software 3-1 Using Cisco EMF 3-2 Cisco Element Management Framework Launchpad Window 3-3 Quitting a Cisco EMF User Session 3-6 Deploying C65/76M Objects 3-7 Launching Object Management Dialogs 3-10 Deploying the... C65/76M 4-1 Managing a Catalyst 6000 Family Switch or a Cisco 7600 Series Internet Router 4-1 Deploying Objects 4-1 Commissioning Objects 4-3 Deployment and Commissioning Process 4-5 IP Auto Discovery 4-5 Manual Deployment 4-11 Predeployment 4-21 Physical Object Dialog Boxes 5-1 C6576M Chassis Dialog...
User Guide
Page 20
...; CEMF event browser or performance manager provide historical information analysis. • Configuration of Catalyst 6000 family switches or Cisco 7600 series Internet Routers and subcomponents in both campus-backbone and server-aggregation environments. For additional information about the Catalyst... to the Catalyst 6000 Family Installation Guide. Cisco 6500/7600 Series Manager User Guide 1-2 Catalyst 6000 Family Overview Chapter 1 Product Overview Software Features The C65/76M software provides the following features: • Manual predeployment of Ethernet, PoS, ATM, and ...
...; CEMF event browser or performance manager provide historical information analysis. • Configuration of Catalyst 6000 family switches or Cisco 7600 series Internet Routers and subcomponents in both campus-backbone and server-aggregation environments. For additional information about the Catalyst... to the Catalyst 6000 Family Installation Guide. Cisco 6500/7600 Series Manager User Guide 1-2 Catalyst 6000 Family Overview Chapter 1 Product Overview Software Features The C65/76M software provides the following features: • Manual predeployment of Ethernet, PoS, ATM, and ...
User Guide
Page 42
...in viewing, building, and monitoring a network using graphical representations of objects derived from the Cisco EMF managed object class. The Map Viewer application is important for C65/76M management functions...point for security and efficient and effective network management. The Access icon provides access to the Cisco EMF User Access Control application, which is a component of Carrier Class Security and provides system ...features of their system can be accessed by various levels of object groups. Cisco 6500/7600 Series Manager User Guide 3-4 The Groups icon provides access to ...
...in viewing, building, and monitoring a network using graphical representations of objects derived from the Cisco EMF managed object class. The Map Viewer application is important for C65/76M management functions...point for security and efficient and effective network management. The Access icon provides access to the Cisco EMF User Access Control application, which is a component of Carrier Class Security and provides system ...features of their system can be accessed by various levels of object groups. Cisco 6500/7600 Series Manager User Guide 3-4 The Groups icon provides access to ...
User Guide
Page 45
... tree. For a detailed description on other deployment options, refer to manually deploy the Network Element object in Cisco EMF. This pop-up menu. Figure 3-3 Object Parameters Cisco 6500/7600 Series Manager User Guide 3-7 Choose Deployment/QuickStart Deploy Catalyst 6500 Manager from the Cisco EMF Launchpad window. Enter the details for the switch and click...
... tree. For a detailed description on other deployment options, refer to manually deploy the Network Element object in Cisco EMF. This pop-up menu. Figure 3-3 Object Parameters Cisco 6500/7600 Series Manager User Guide 3-7 Choose Deployment/QuickStart Deploy Catalyst 6500 Manager from the Cisco EMF Launchpad window. Enter the details for the switch and click...
User Guide
Page 51
Commission the objects to allow CEMF to manage them. The C65/76M objects can be automatically discovered or manually deployed. C65/76M objects can be discovered automatically or deployed manually. 2. When an object or device is predeployed, the physical device or object is not present, but CEMF has... done after you install new hardware. Deployment informs the C65/76M of the presence of similar type. Predeployment is a two-step process: 1. Cisco 6500/7600 Series Manager User Guide 4-1 When a module is then placed in the physical equipment, the new module will be deployed and the ...
Commission the objects to allow CEMF to manage them. The C65/76M objects can be automatically discovered or manually deployed. C65/76M objects can be discovered automatically or deployed manually. 2. When an object or device is predeployed, the physical device or object is not present, but CEMF has... done after you install new hardware. Deployment informs the C65/76M of the presence of similar type. Predeployment is a two-step process: 1. Cisco 6500/7600 Series Manager User Guide 4-1 When a module is then placed in the physical equipment, the new module will be deployed and the ...
User Guide
Page 55
...Discovery... This method automatically deploys the Network Element and Software objects for each Catalyst 6000 family switch or Cisco 7600 series Internet Router discovered. • Manual deployment This method should be used to be predeployed: - OSM Modules The remaining C65/76M objects are... currently connected to search an existing network. Network Element and Software - Cisco 6500/7600 Series Manager User Guide 4-5 This ...
...Discovery... This method automatically deploys the Network Element and Software objects for each Catalyst 6000 family switch or Cisco 7600 series Internet Router discovered. • Manual deployment This method should be used to be predeployed: - OSM Modules The remaining C65/76M objects are... currently connected to search an existing network. Network Element and Software - Cisco 6500/7600 Series Manager User Guide 4-5 This ...
User Guide
Page 61
...Deploy Manager, from the other manager containers. Figure 4-8 Pop-up menu. The following example describes how to the network is known. To manually deploy a Catalyst 6000 family switch or a Cisco 7600 series Internet Router, choose the pop-up menu from the appropriate container. This pop-up menu item, shown in the Physical... of the Catalyst6500Manager container. Choose Deployment > Deploy Catalyst 6500 Manager from the Site level in Figure 4-8, is available from the pop-up Menu for Manually Deploying a C65/76M Switch Object Cisco 6500/7600 Series Manager User Guide 4-11
...Deploy Manager, from the other manager containers. Figure 4-8 Pop-up menu. The following example describes how to the network is known. To manually deploy a Catalyst 6000 family switch or a Cisco 7600 series Internet Router, choose the pop-up menu from the appropriate container. This pop-up menu item, shown in the Physical... of the Catalyst6500Manager container. Choose Deployment > Deploy Catalyst 6500 Manager from the Site level in Figure 4-8, is available from the pop-up Menu for Manually Deploying a C65/76M Switch Object Cisco 6500/7600 Series Manager User Guide 4-11
User Guide
Page 69
... Commissioning Process Click the Commission button from the Configuration tab to be specified. After the object is commissioned, the Physical view will resemble Figure 4-16. Cisco 6500/7600 Series Manager User Guide 4-19 Note Commissioning may take a few minutes. These parameters were specified in the...
... Commissioning Process Click the Commission button from the Configuration tab to be specified. After the object is commissioned, the Physical view will resemble Figure 4-16. Cisco 6500/7600 Series Manager User Guide 4-19 Note Commissioning may take a few minutes. These parameters were specified in the...
User Guide
Page 70
.... The Network Element is placed in the Lostcomms state if the SNMP read community, and then recommission the Network Element object. 4-20 Cisco 6500/7600 Series Manager User Guide If this occurs, the Network Element object must be raised. The Network Element is placed in during...if the IP address specified during the deployment wizard is incorrect. Deployment and Commissioning Process Chapter 4 Deploying the C65/76M Figure 4-16 Manually Deployed and Commissioned Catalyst 6506 Switch If an error is encountered when the object is commissioned, the Network Element object might go to ...
.... The Network Element is placed in the Lostcomms state if the SNMP read community, and then recommission the Network Element object. 4-20 Cisco 6500/7600 Series Manager User Guide If this occurs, the Network Element object must be raised. The Network Element is placed in during...if the IP address specified during the deployment wizard is incorrect. Deployment and Commissioning Process Chapter 4 Deploying the C65/76M Figure 4-16 Manually Deployed and Commissioned Catalyst 6506 Switch If an error is encountered when the object is commissioned, the Network Element object might go to ...
User Guide
Page 71
... select the pop-up menu item, Deployment > Deploy Manager, from the other devices, use the pop-up menu. To manually predeploy other manager containers. Cisco 6500/7600 Series Manager User Guide 4-21 After the switch is brought on-line, the predeployed object will be predeployed: •... when the Network Element object is available from the pop-up menu from the appropriate container. The following example describes how to manually predeploy a Catalyst 6500 series switch. Choose Deployment > Deploy Catalyst 6500 Manager from the Site level in the Physical container and ...
... select the pop-up menu item, Deployment > Deploy Manager, from the other devices, use the pop-up menu. To manually predeploy other manager containers. Cisco 6500/7600 Series Manager User Guide 4-21 After the switch is brought on-line, the predeployed object will be predeployed: •... when the Network Element object is available from the pop-up menu from the appropriate container. The following example describes how to manually predeploy a Catalyst 6500 series switch. Choose Deployment > Deploy Catalyst 6500 Manager from the Site level in the Physical container and ...
User Guide
Page 72
Figure 4-18 Deployment Wizard-Templates 4-22 Cisco 6500/7600 Series Manager User Guide Deployment and Commissioning Process Figure 4-17 Manually Deploying a C65/76M Object Chapter 4 Deploying the C65/76M When you choose the Deployment > Deploy Catalyst 6500 Manager option, the Deployment Wizard-Templates window, shown in Figure 4-18, is displayed.
Figure 4-18 Deployment Wizard-Templates 4-22 Cisco 6500/7600 Series Manager User Guide Deployment and Commissioning Process Figure 4-17 Manually Deploying a C65/76M Object Chapter 4 Deploying the C65/76M When you choose the Deployment > Deploy Catalyst 6500 Manager option, the Deployment Wizard-Templates window, shown in Figure 4-18, is displayed.
User Guide
Page 73
... deploys the Network Element and Network Element Only Software objects. The Object Parameters window, shown in Figure 4-19, is used for the manual deployment process (see the "Manual Deployment" section). Cisco 6500/7600 Series Manager User Guide 4-23 Used when you Chassis want to 6500 Switch elements predeploy at the same time. Catalyst...
... deploys the Network Element and Network Element Only Software objects. The Object Parameters window, shown in Figure 4-19, is used for the manual deployment process (see the "Manual Deployment" section). Cisco 6500/7600 Series Manager User Guide 4-23 Used when you Chassis want to 6500 Switch elements predeploy at the same time. Catalyst...
User Guide
Page 81
... Series Manager User Guide 4-31 You cannot manually deploy these objects. Chapter 4 Deploying the C65/76M Figure 4-25 Predeployed Catalyst 6509 Chassis Object Deployment and Commissioning Process Predeploying Subchassis Modules The next step in predeploying a Catalyst 6000 family switch or a Cisco 7600 series Internet Router in CEMF is to deploy the modules...
... Series Manager User Guide 4-31 You cannot manually deploy these objects. Chapter 4 Deploying the C65/76M Figure 4-25 Predeployed Catalyst 6509 Chassis Object Deployment and Commissioning Process Predeploying Subchassis Modules The next step in predeploying a Catalyst 6000 family switch or a Cisco 7600 series Internet Router in CEMF is to deploy the modules...
User Guide
Page 113
... were not predeployed. Commissioning Predeployed Objects A predeployed Network Element and subobjects are discovered will be commissioned manually by the CEMF server. If the wrong module was predeployed, delete the object and recommission the Network Element. Cisco 6500/7600 Series Manager User Guide 4-63 Note For the automatic commissioning to work, the switch...
... were not predeployed. Commissioning Predeployed Objects A predeployed Network Element and subobjects are discovered will be commissioned manually by the CEMF server. If the wrong module was predeployed, delete the object and recommission the Network Element. Cisco 6500/7600 Series Manager User Guide 4-63 Note For the automatic commissioning to work, the switch...