MNR S2500 Security Policy
Version 1.3, Revision Date: 1/13/2009
Page
8
4. Ports and Interfaces
Table 4 below provides a listing of the physical ports and logical interfaces for
the MNR S2500 router.
The MNR S2500 base unit provides a single 10/100 Mbps Ethernet interface and a console port.
The MNR S2500 router incorporates two I/O slots for WAN and LAN connectivity and one slot
for analog connectivity.
Physical Port
Qty
Logical interface definition
Interface Card
Comments
Ethernet
1
Data input, data output, status
output, control input
Part of the 2500 Base
system
LAN port that provides
connection to Ethernet
LANs using either
10BASE-T or
100BASE-TX Ethernet
Console
1
Status output, control input
Part of the S2500 Base
system
RS-232 interface
LAN/WAN
0, 1 or
2
Data input, data output, status
output, control input, power
output
Optional Ethernet and
WAN modules
Analog
0, 1
Data input, data output, status
output, control input, power
output
Optional conventional-
to-IP (E&M)
Power Plug
1
Power input
N/A
External Power input
port
LEDs
7
Status Output
N.A
Provides LED status
output
Table 4 – S2500 physical ports and logical interfaces
5. Identification and Authentication Policy
Assumption of roles
The MNR S2500 router supports five distinct operator roles: Crypto Officer (SuperUser),
Admin, Network Manager, User and Maintenance. The first four roles require user
authentication via user name and password when accessing the router via any interface. The
unauthenticated maintenance role is entered only via the router console port.
The MNR S2500 router enforces the separation of roles by providing specific services only to
users who have been authenticated to a role with the required privilege to access those services.
The role-based authentication capabilities will be described here, although the role based-
authentication is not required to comply with Level 1 requirements.
An operator must enter a username and its password to log in. Passwords are alphanumeric
