manualshive.com logo in svg

Cisco 7606, Руководство пользователя

Брошюра Cisco 7606 доступна для скачивания бесплатно на нашем сайте. Полное руководство пользователя можно загрузить на manualshive.com. Cisco 7606 - надежное и мощное решение для вашей сети. Познакомьтесь с функционалом этого продукта, скачав бесплатное руководство с нашего сайта.

Поделиться
Скачать
background image

15

Catalyst 6509 Switch, Cisco 7606 Router, and Cisco 7609 Router with VPN Services Module Certification Note

OL-6334-01

  Installing the Opacity Shield on the Cisco 7600 Series Routers

Installing the Opacity Shield on the Cisco 7600 Series Routers

This section describes how to install the opacity shield on the Cisco 7606 router. The opacity shield, 
associated installation hardware, and tamper evidence labels are part of the Cisco 7600 FIPS kit 
(part number CVPN7600FIPS/KIT=). The opacity shield is designed to be installed on the Cisco 7606 
router while the system is operating without creating an electrical hazard or damage to the system. You 
will need some clearance between adjacent racks in order to perform this procedure.

The opacity shield is not required for the Cisco 7609 router chassis. The Cisco 7609 router chassis 
satisfies the FIPS opacity requirement without an external shield.

To install an opacity shield on the Cisco 7606 router chassis (see 

Figure 6

), follow these steps:

Step 1

The opacity shield is designed to be installed on a Cisco 7606 chassis that is already rack-mounted. If 
your Cisco 7606 chassis is not rack-mounted, install the chassis in the rack using the procedures 
contained in the 

Cisco 7600 Series Router Installation Guide

. If your Cisco 7606 chassis is already 

rack-mounted, proceed to step 2.

Step 2

Open the FIPS kit packaging (part number CVPN7600FIPS/KIT=). The kit contains the following:

An opacity shield assembly for the Cisco 7606 router (part number 800-26211-xx). The opacity 
shield part number is located on the outside of the protective packaging.

A bag containing the installation hardware (In some kits there is no bag; the installation hardware 
is premounted in the opacity shield.

An envelope with 30 FIPS tamper evidence labels and a disposable ESD wrist strap.

Step 3

Remove the opacity shield from its protective packaging. 

a.

If the thumbscrews and the snap rivet fasteners are already installed on the opacity shield, remove 
the four snap rivet fasteners from the opacity shield; leave the thumbscrews installed. Proceed to 
step 5.

Note

Verify that the thumbscrews are started only two or three turns in the opacity shield.

b.

If the opacity shield comes with a bag of installation hardware (69-1483-xx), open the bag and 
remove the two thumbscrews and four snap rivet fasteners. The snap rivet fasteners come assembled; 
you need to separate the two pieces of the snap rivet fastener by removing the snap rivet pin from 
the snap rivet sleeve before you install them. Proceed to step 4.

Note

Extra snap rivet fasteners are included in the bag of installation hardware in case of loss or 
damage.

Step 4

Start the two thumbscrews in the corresponding threaded holes in the opacity shield (see 

Figure 6

); two 

or three turns is sufficient. Do not thread the thumbscrews too far into the opacity shield.

Step 5

Open the envelope containing the disposable ESD wrist strap. Attach the disposable ESD wrist strap to 
your wrist. Attach the other end of the wrist strap to exposed metal on the chassis.

Step 6

Position the opacity shield over the air intake side of the chassis so that the two thumbscrews on the 
opacity shield are aligned with the unused top and bottom L-bracket screw holes on the chassis. 

Step 7

Press the opacity shield firmly against the side of the chassis and secure the opacity shield to the chassis 
with the two thumbscrews.

Содержание 7606

Страница 1: ...e Hardware Version 3 2 VPN Services Module Hardware Version 1 2 Firmware Version 12 2 14 SY3 This security policy describes how the Catalyst 6509 switch and the Cisco 7606 and Cisco 7609 routers with the VPN Services Module meet the security requirements of FIPS 140 2 and describes how to operate the hardware devices in a secure FIPS 140 2 mode This policy was prepared as part of the Level 2 FIPS ...

Страница 2: ...6509 switch and the Cisco 7606 and Cisco 7609 routers in the technical terms of a FIPS 140 2 Cryptographic Module Security Policy More information is available on the Catalyst 6509 switch and the Cisco 7606 and Cisco 7609 routers and the entire Catalyst 6500 series switches and Cisco 7600 series routers from the following sources The Catalyst 6500 series switch product descriptions can be found at...

Страница 3: ...alyst 6509 Switch and Cisco 7606 and Cisco 7609 Routers section which details the general features and functionality of the Catalyst 6509 switch and Cisco 7606 and Cisco 7609 routers The Secure Operation of the Catalyst 6509 Switch and the Cisco 7606 and Cisco 7609 Routers section specifically addresses the required configuration for the FIPS approved mode of operation With the exception of this N...

Страница 4: ... 8 PORT GIGABIT ETHERNET WS X6408 1 LI N K ST AT U S 2 3 4 5 6 7 8 LI N K LI N K LI N K LI N K LI N K LI N K LI N K 8 PORT GIGABIT ETHERNET WS X6408 1 LI N K ST AT U S 2 3 4 5 6 7 8 LI N K LI N K LI N K LI N K LI N K LI N K LI N K 8 PORT GIGABIT ETHERNET WS X6408 1 LI N K ST AT U S 2 3 4 5 6 7 8 LI N K LI N K LI N K LI N K LI N K LI N K LI N K 24 PORT 100FX WS X6224 ST AT US 24 PORT 100FX WS X6224...

Страница 5: ... E TX RX TX PO RT 1 RX ACTIV E TX RX TX PO RT 2 RX ACTIV E TX RX TX PO RT 3 RX ACTIV E TX RX TX PO RT4 RX OSM 4OC12 POS SI 4 PORT OC 12 POS SM IR STATUS 1 1 2 2 3 3 4 4 RESET LIN K LIN K LIN K LIN K CARRIE R ALARM CARRIE R ALARM CARRIE R ALARM CARRIE R ALARM ACTIV E TX RX TX PO RT 1 RX ACTIV E TX RX TX PO RT 2 RX ACTIV E TX RX TX PO RT 3 RX ACTIV E TX RX TX PO RT4 RX OSM 4OC12 POS SI 4 PORT OC 12 ...

Страница 6: ...T PORT 1 PORT 2 Switch Load 100 1 LIN K LIN K SUPERVISOR2 WS X6K SUP2 2GE ST AT US SY ST EM CO NS OL E PW R MG MT RE SE T CONSOLE CONSOLE PORT MODE PCMCIA EJECT PORT 1 PORT 2 Switch Load 100 1 LIN K LIN K SWITCH FABRIC MDL ST AT US SE LE CT NE XT WS C6500 SFM AC TIV E SWITCH FABRIC MDL ST AT US SE LE CT NE XT WS C6500 SFM AC TIV E OC12 POS MM OSM 40C12 POS MM ST AT US 1 2 3 4 RE SE T LI NK 1 LI NK...

Страница 7: ...virtual private networks or outsourced dial solutions The RISC based processor provides the power needed for the dynamic requirements of the remote branch office Module Interfaces The switch and router chassis physical interfaces are located on the supervisor engine front panel See Figure 4 Figure 4 Supervisor Engine Physical Interfaces The Catalyst 6509 switch and the Cisco 7606 and Cisco 7609 ro...

Страница 8: ...ge The power supply has failed or the power supply fan has failed Incompatible power supplies are installed The redundant clock has failed One VTT2 module has failed or the VTT module temperature minor threshold has been exceeded Red Two VTT modules fail or the VTT module temperature major threshold has been exceeded The temperature of the supervisor engine major threshold has been exceeded 3 ACTI...

Страница 9: ...tes signals on the Catalyst switching bus 3 If no redundant supervisor engine is installed and there is a VTT module minor or major over temperature condition the system shuts down 4 Enter the show crypto eli command to determine whether the FIPS related self tests passed All of these physical interfaces are separated into the logical interfaces from FIPS 140 2 as described in Table 2 Table 2 FIPS...

Страница 10: ... role The module supports RADIUS and TACACS for authentication and they are used in the FIPS mode A complete description of all the management and configuration capabilities of the Catalyst 6509 switch and the Cisco 7606 and Cisco 7609 routers can be found in the Performing Basic System Management manual and in the online help for the switch or the router The user and crypto officer passwords and ...

Страница 11: ... Get commands to view SNMP MIB II statistics health temperature memory status voltage and packet statistics reviews accounting logs and views physical interface status Managing the switch or the router Logs off users shuts down or reloads the switch or router manually backs up switch or router configurations views complete configurations manages user rights and restores switch or router configurat...

Страница 12: ...the bag with the part number 800 26335 xx This is the opacity shield kit for the Catalyst 6509 switch chassis Set the other opacity shield kit aside Step 4 Open the protective packaging and remove the opacity shield and the two bags of installation hardware The opacity shield is identified by the label 6509 E that is silk screened adjacent to some of the holes on the shield Retain the fastener bag...

Страница 13: ...ap rivet fastener and use a new one from the extras supplied in the bag of fasteners Step 12 Repeat step 10 and step 11 for the remaining three snap rivet fasteners Refer to Figure 5 for snap rivet fastener placement Caution Due to decreased airflow when using the opacity shield which is required for FIPS 140 2 validation short term operation as specified by GR 63 CORE at 55º C is impacted Short t...

Страница 14: ...UT OK FAN OK OUTPUT FAIL o FAN STATUS INPUT OK FAN OK OUTPUT FAIL o 1 2 3 4 5 6 7 8 9 IPSec VPN Acceleration Services Module WS SVC IPSEC 1 ST AT US SUPERVISOR2 WS X6K SUP2 2GE ST AT US SY ST EM CO NS OL E PW R MG MT RE SE T CONSOLE CONSOLE PORT MODE PCMCIA EJECT PORT 1 PORT 2 Switch Load 100 1 LIN K LIN K Shield screw Opacity shield material removed for clarity Chassis shown removed from rack for...

Страница 15: ...ing A bag containing the installation hardware In some kits there is no bag the installation hardware is premounted in the opacity shield An envelope with 30 FIPS tamper evidence labels and a disposable ESD wrist strap Step 3 Remove the opacity shield from its protective packaging a If the thumbscrews and the snap rivet fasteners are already installed on the opacity shield remove the four snap riv...

Страница 16: ... snap rivet fastener and use a new one from the extras supplied in the bag of fasteners Step 10 Repeat step 8 and step 9 for the remaining three snap rivet fasteners Refer to Figure 6 for snap rivet fastener placement Caution Due to decreased airflow when using the opacity shield which is required for FIPS 140 2 validation short term operation as specified by GR 63 CORE at 55º C is impacted Short ...

Страница 17: ... Opacity Shield on the Cisco 7606 Router SUPERVISOR2 WS X6K SUP2 2GE ST AT US SY ST EM CO NSO LE PW R M G M T RES ET CONSOLE CONSOLE PORT MODE PCMCIA EJECT PORT 1 PORT 2 Switch Load 100 1 LI NK LI NK 4 5 6 IPSec VPN Acceleration Services Module WS SVC IPSEC 1 STATUS 130882 Shield screw Opacity shield material removed for clarity Snap rivet sleeve Snap rivet pin Chassis shown removed from rack for ...

Страница 18: ...0 F Step 2 Place labels on the chassis as shown in either Figure 7 Catalyst 6509 switch Figure 8 Cisco 7606 router or Figure 9 Cisco 7609 router a Fan tray The tamper evidence label should be placed so that one half of the label adheres to the front of the fan tray and the other half adheres to the left side of the chassis Any attempt to remove the fan tray will damage the tamper seal which indica...

Страница 19: ...es to the Supervisor Engine 2 faceplate Any attempt to install or remove a Flash PC card will damage the tamper seal which indicates tampering has occurred b Place a tamper evidence label so that one half of the label adheres to the GBIC transceiver installed in the supervisor engine 2 network interface uplink port and the other half adheres to the Supervisor Engine 2 faceplate Any attempt to remo...

Страница 20: ...T MODE PCMCIA EJECT PORT 1 PORT 2 Switch Load 100 1 LIN K LIN K 130879 4 5 6 IPSec VPN Acceleration Services Module WS SVC IPSEC 1 ST AT US IN PU T O K FA N O K O UT PU T FA IL Cisco Systems Inc IN PU T O K FA N O K O UT PU T FA IL Cisco Systems Inc 130880 INPUT OK FAN OK OUTPUT FAIL o INPUT OK FAN OK OUTPUT FAIL o POWER SUPPLY 1 POWER SUPPLY 2 IPSec VPN Acceleration Services Module WS SVC IPSEC 1...

Страница 21: ...phic accelerator card support DES 56 bit only for legacy systems and 3DES 168 bit IPsec encryption MD5 and SHA 1 hashing and hardware support for RSA signature generation The module supports the critical security parameters CSPs as described in Table 3 Table 3 Critical Security Parameters CSP Number Key or CSP Name Description Storage 1 key This is the seed key for X9 31 PRNG This key is stored in...

Страница 22: ...ransform_key4 The IPsec authentication key It is zeroized when IPsec session is terminated DRAM plaintext 16 signature The RSA public key of the CA The no crypto ca trust label command invalidates the key and it frees the public key label that prevents use of the key This key does not need to be zeroized because it is a public key NVRAM plaintext 17 dnssec_zone_key This key is a public key of the ...

Страница 23: ...atabase on the switch or router Issuing the command no username password zeroizes the password that is used as this key from the local database NVRAM plaintext 26 ssh encryption key This is the SSH session key It is zeroized when the SSH session is terminated DRAM plaintext 27 User Password The password of the user role This password is zeroized by overwriting it with a new password NVRAM plaintex...

Страница 24: ...or IKE authentication Table 4 Role and Service Access to Critical Security Parameters CSPs SRDI Role Service Access Policy Security Relevant Data Item Critical Security Parameters Role Service User Role Status Functions Network Functions CSP 1 20 R CSP 22 27 R Terminal Functions Directory Functions Crypto Officer Role Configure the Router CSP 13 R W D CSP 19 R W D CSP 21 R W D CSP 25 R W D Define ...

Страница 25: ...he pre shared keys The crypto officer needs to be authenticated to store keys All Diffie Hellman DH keys agreed upon for individual tunnels are directly associated with that specific tunnel only through the IKE protocol Key Zeroization All of the keys and CSPs of the module can be zeroized Refer to the description column of Table 3 for information on methods to zeroize each key and CSP Self Tests ...

Страница 26: ...ections to place the module in a FIPS approved mode of operation Operating this router or switch without maintaining the following settings will remove the module from the FIPS approved mode of operation Initial Setup Before configuring the router or switch note these requirements The crypto officer must ensure that the VPN Services Module cryptographic accelerator card is installed in the chassis...

Страница 27: ...aracters to users Identification and authentication on the console port is required for users From the configure terminal command line the crypto officer enters the following syntax line con 0 password PASSWORD login local The crypto officer shall only assign users to a privilege level 1 the default The crypto officer shall not assign a command to any privilege level other than its default The cry...

Страница 28: ...eader application The RSS feeds are a free service and Cisco currently supports RSS Version 2 0 CCSP CCVP the Cisco Square Bridge logo Follow Me Browsing and StackWise are trademarks of Cisco Systems Inc Changing the Way We Work Live Play and Learn and iQuick Study are service marks of Cisco Systems Inc and Access Registrar Aironet ASIST BPX Catalyst CCDA CCDP CCIE CCIP CCNA CCNP Cisco the Cisco C...

Отзывы:

Нет отзывов

Похожие инструкции для 7606

Samsung AllShare Cast Dongle Quick Start Manual preview
AllShare Cast Dongle
Бренд: Samsung Страницы: 2
D-Link DSL-2750U Setup preview
DSL-2750U
Бренд: D-Link Страницы: 14
D-Link DVG-7022S Quick Installation Manual preview
DVG-7022S
Бренд: D-Link Страницы: 7
D-Link DIR-878 Quick Installation Manual preview
DIR-878
Бренд: D-Link Страницы: 41
D-Link DIR-855L Quick Installation Manual preview
DIR-855L
Бренд: D-Link Страницы: 28
D-Link DIR-826L Quick Install Manual preview
DIR-826L
Бренд: D-Link Страницы: 2
D-Link DIR-655 - Xtreme N Gigabit Router Wireless Quick Start Manual preview
DIR-655 - Xtreme N Gigabit Router Wireless
Бренд: D-Link Страницы: 3
D-Link DIR-605L Technical Support Setup Procedure preview
DIR-605L
Бренд: D-Link Страницы: 11
D-Link DIR-880L Quick Install Manual preview
DIR-880L
Бренд: D-Link Страницы: 12
D-Link DIR-842 Quick Install Manual preview
DIR-842
Бренд: D-Link Страницы: 12
D-Link DIR-821 Quick Install Manual preview
DIR-821
Бренд: D-Link Страницы: 24
D-Link DIR-803 Quick Installation Manual preview
DIR-803
Бренд: D-Link Страницы: 20
D-Link DIR-815/AC Quick Installation Manual preview
DIR-815/AC
Бренд: D-Link Страницы: 44
D-Link DIR-830M Quick Installation Manual preview
DIR-830M
Бренд: D-Link Страницы: 52
D-Link DIR-821 User Manual preview
DIR-821
Бренд: D-Link Страницы: 103
B+B SmartWorx UR5i v2 Libratum Start Manual preview
UR5i v2 Libratum
Бренд: B+B SmartWorx Страницы: 8
B+B SmartWorx ICR-1601 Start Manual preview
ICR-1601
Бренд: B+B SmartWorx Страницы: 8
TC Electronic ATAC Service Manual preview
ATAC
Бренд: TC Electronic Страницы: 55

Бренды по названию

Популярные бренды

Загрузить еще бренды