10
Cisco 1841 Integrated Services Router with AIM-VPN/BPII-Plus and Cisco 2801 Integrated Services Router with AIM-VPN/EPII-Plus
OL-8719-01
Cisco 1841 and Cisco 2801 Routers
User Services
Users enter the system by accessing the console port with a terminal program or via IPSec protected
telnet or SSH session to a LAN port. The IOS prompts the User for username and password. If the
password is correct, the User is allowed entry to the IOS executive program.
The services available to the User role consist of the following:
•
Status Functions
—View state of interfaces and protocols, version of IOS currently running.
•
Network Functions
—Connect to other network devices through outgoing telnet, PPP, etc. and
initiate diagnostic network services (i.e., ping, mtrace).
•
Terminal Functions
—Adjust the terminal session (e.g., lock the terminal, adjust flow control).
•
Directory Services
—Display directory of files kept in flash memory.
Crypto Officer Services
During initial configuration of the router, the Crypto Officer password (the “enable” password) is
defined. A Crypto Officer can assign permission to access the Crypto Officer role to additional accounts,
thereby creating additional Crypto Officers.
The Crypto Officer role is responsible for the configuration and maintenance of the router. The Crypto
Officer services consist of the following:
•
Configure the router
—Define network interfaces and settings, create command aliases, set the
protocols the router will support, enable interfaces and network services, set system date and time,
and load authentication information.
•
Define Rules and Filters
—Create packet Filters that are applied to User data streams on each
interface. Each Filter consists of a set of Rules, which define a set of packets to permit or deny based
on characteristics such as protocol ID, addresses, ports, TCP connection establishment, or packet
direction.
•
View Status Functions
—View the router configuration, routing tables, active sessions, use gets to
view SNMP MIB statistics, health, temperature, memory status, voltage, packet statistics, review
accounting logs, and view physical interface status.
•
Manage the router
—Log off users, shutdown or reload the router, manually back up router
configurations, view complete configurations, manage user rights, and restore router configurations.
•
Set Encryption/Bypass
—Set up the configuration tables for IP tunneling. Set keys and algorithms
to be used for each IP range or allow plaintext packets to be set from specified IP address.
Physical Security
The router is entirely encased by a metal, opaque case. The rear of the unit contains HWIC/WIC/VIC
connectors, LAN connectors, a CF drive, power connector, console connector, auxiliary connector, USB
port, and fast Ethernet connectors. The front of the unit contains the system status and activity LEDs.
The top, side, and front portion of the chassis can be removed to allow access to the motherboard,
memory, AIM slot, and expansion slots.
Once the router has been configured in to meet FIPS 140-2 Level 2 requirements, the router cannot be
accessed without signs of tampering. To seal the system, apply serialized tamper-evidence labels as
follows:
