Cisco 2621XM Operations

2621XM Network Router
maUKv3A14B1QM
Operations
PDF / Adobe Acrobat Reader
24

Document Download

‹ ›

Cisco 2621XM Manual Online:

3.15, 731 votes

Cisco 2621XM User Manual

Cisco 2621XM User Guide

Cisco 2621XM Online Manual

Text of Cisco 2621XM User Guide:

Cisco 2621XM, Corporate Headquarters: Copyright © 2001. Cisco Systems, Inc. All rights reserved. Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy Level 2 Validation Version 1.3 June 2, 2004 Introduction This is the non-proprietary Cryptographic Module Security Policy for the 2621XM and 2651XM Modular Access Routers with AIM-VPN/EP. This security policy describes how the 2621
Cisco 2621XM, 2 Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 The 2621XM/2651XM Router References This document deals only with operations and capabilities of the Cisco 2621XM and Cisco 2651XM routers in the technical terms of a FIPS 140-2 cryptographic module security policy. More information is available on the Cisco 2621XM and Cisco 2651XM routers and the Cisco 2600 Series from the following sources: • The Cisco Systems website contai
3 Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 The 2621XM/2651XM Router 2621XM and 2651XM provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements. This section describes the general features and functionality provided by the Cisco 2621XM and 2651XM
Cisco 2621XM, 4 Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 The 2621XM/2651XM Router Figure 2 Cisco 2621XM and Cisco 2651XM Physical Interfaces The Cisco 2621XM and 2651XM routers feature a console port, an auxiliary port, dual fixed LAN interfaces, a Network Module slot, and two WIC slots. LAN support includes single and dual Ethernet options; 10/100 Mbps auto-sensing Ethernet; mixed Token-Ring and Ethernet; and single Token Ring chassis versions. WAN interface cards support a variety of serial, ISDN BRI, and integrated CSU/DSU options for primary and backup WAN conn
Cisco 2621XM, 5 Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 The 2621XM/2651XM Router Figure 3 Cisco 2621XM and Cisco 2651XM Rear Panel LEDs Figure 4 shows the front panel LEDs, which provide overall status of the router's operation. The front panel displays whether or not the router is booted, if the redundant power is (successfully) attached and operational, and overall activity/link status. Figure 4 Front Panel LEDs Table 2 provides more detailed information conveyed by the LEDs on the front panel of the router: Table 1 Cisco 2621XM and Cisco 2651
6 Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 The 2621XM/2651XM Router All of these physical interfaces are separated into the logical interfaces from FIPS 140-2 as described in Table 3: Table 2 Cisco 2621XM and Cisco 2651XM Front Panel LEDs and Descriptions LED Indication Description Power Green Power
Cisco 2621XM, 7 Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 The 2621XM/2651XM Router Roles and Services Authentication is role-based. There are two main roles in the router that operators may assume: the Crypto Officer role and the User role. The administrator of the router assumes the Crypto Officer role in order to configure and maintain the router using Crypto Officer services, while the Users exercise only the basic User services. Both roles are authenticated by providing a vali
Cisco 2621XM, 8 Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 The 2621XM/2651XM Router • Define Rules and Filters—create packet Filters that are applied to User data streams on each interface. Each Filter consists of a set of Rules, which define a set of packets to permit or deny based characteristics such as protocol ID, addresses, ports, TCP connection establishment, or packet direction. • Status Functions—view the router configuration, routing tables, active sessions, use Gets to view SNMP MIB II statistics, health, temperature, memory status, voltage, packet statistics, review accountin
Cisco 2621XM, 9 Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 The 2621XM/2651XM Router Figure 5 Cisco 2621XM and Cisco 2651XM Chassis Removal Any NM or WIC slot, which is not populated with a NM or WIC, must be populated with an appropriate slot cover in order to operate in a FIPS compliant mode. The slot covers are included with each router, and additional covers may be ordered from Cisco. The same procedure mentioned below to apply tamper evidence labels for NMs and W
Cisco 2621XM, 10 Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 The 2621XM/2651XM Router Figure 6 Cisco 2621XM and Cisco 2651XM Tamper Evidence Label Placement The tamper evidence seals are produced from a special thin gauge vinyl with self-adhesive backing. Any attempt to open the router, remove Network Modules or WIC cards, or the front faceplate will damage the tamper evidence seals or the painted surface and metal of the module cover. Since the tamper evidence seals have non-repeated serial numbers, they may be inspected for damage and compared against the applied serial numbers to verify t
11 Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 The 2621XM/2651XM Router 4 CSP 4 Same as above DRAM (plaintext) 5 CSP 5 Same as above DRAM (plaintext) 6 CSP 6 Same as above DRAM (plaintext) 7 CSP 7 The IKE session encrypt key. The zeroization is the same as above. DRAM (plaintext) 8 C
Cisco 2621XM, 12 Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 The 2621XM/2651XM Router 18 CSP 18 The SSL session key. Zeroized when the SSL connection is terminated. DRAM (plaintext) 19 CSP 19 The ARAP key that is hardcoded in the module binary image. This key can be deleted by erasing the Flash. Flash (plaintext) 20 CSP 20 This is an ARAP user password used as an authentication key. A function uses this key in a DES algorithm for authentication. DRAM (plaintext) 21 CSP 21 The key used to encrypt values of the configuration file. Thi
Cisco 2621XM, 13 Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 The 2621XM/2651XM Router The services accessing the CSPs, the type of access and which role accesses the CSPs are listed in Table 5. Table 5 Role and Service Access to CSPs SRDI/Role/Service Access Policy Role/Service User Role Status Functions Network Functions Terminal Functions Directory Services Crypto-Officer Role Configure the Router Define Rules and Filters Status Functi
Cisco 2621XM, 14 Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 The 2621XM/2651XM Router CSP 12 r r w d CSP 13 r r w d CSP 14 r r w d CSP 15 r r w d CSP 16 r r w CSP 17 r r w d CSP 18 r r w d CSP 19 r r w d CSP 20 r r w d CSP 21 r w d r w d CSP 22 r r w d CSP 23 r r w d Table 5 Role and Service Access to CSPs (continued) SRDI/Role/Service Access Policy Role/Service User Role Status Functions Network Functions Terminal Functions Directory Services Crypto-Offic
Cisco 2621XM, 15 Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 The 2621XM/2651XM Router The module supports DES (only for legacy systems), 3DES, DES-MAC, TDES-MAC, AES, SHA-1, HMAC SHA-1, MD5, MD4, HMAC MD5, Diffie-Hellman, RSA (for digital signatures and encryption/decryption (for IKE authentication)), cryptographic algorithms. The MD5, HMAC MD5, and MD4 algorithms are disabled when operating in FIPS mode. CSP 24 r dr w CSP 25 r r w d CSP 26 r r w d CSP 27 r r w d
Cisco 2621XM, 16 Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 The 2621XM/2651XM Router The module supports three types of key management schemes: • Manual key exchange method that is symmetric. DES/3DES/AES key and HMAC-SHA-1 key are exchanged manually and entered electronically. • Internet Key Exchange method with support for exchanging pre-shared keys manually and entering electronically. – The pre-shared keys are used with Diffie-Hell
Cisco 2621XM, 17 Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 Secure Operation of the Cisco 2621XM/2651XM Router • Conditional tests – Conditional bypass test – Pairwise consistency test on RSA signature – Continuous random number generator tests Self-tests performed by the AIM-VPN/EP (cryptographic accelerator): • Power-up tests – Firmware integrity test – DES KAT – TDES KAT – SHA-1 KAT • Conditional tests – Continuous random number generator test Secure Operation of the Cisco 2621XM/2651XM Router The Cisco 2621XM and 2651XM Modular Access Routers with AIM-VPN/E
18 Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 Secure Operation of the Cisco 2621XM/2651XM Router • The Crypto Officer must disable IOS Password Recovery by executing the following commands: configure terminal no service password-recovery end show version Note Once Password Recovery is disabled, administra
19 Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 Related Documentation – esp-sha-hmac – esp-3des – esp-aes • The following algorithms are not FIPS approved and should be disabled: – MD-4 and MD-5 for signing – MD-5 HMAC Protocols All SNMP operations must be performed within a secure IPSec tunnel. R
Cisco 2621XM, 20 Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 Documentation Feedback You can access international Cisco websites at this URL: http://www.cisco.com/public/countries_languages.shtml Ordering Documentation You can find instructions for ordering documentation at this URL: http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm You can order Cisco documentation in these ways: • Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from th
Cisco 2621XM, 21 Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 Obtaining Technical Assistance Cisco Technical Support Website The Cisco Technical Support Website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, 365 days a year at this URL: http://www.cisco.com/techsupport Access to all tools on the Cisco Technical Support Website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or p
Cisco 2621XM, 22 Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 Obtaining Additional Publications and Information Obtaining Additional Publications and Information Information about Cisco products, technologies, and network solutions is available from various online and printed sources. • Cisco Marketplace provides a variety of Cisco books, reference guides, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL: http://www.cisco.com/go/marketplace/ • The Cisco Product Catalog describes the networking products offered by Cisco Syst
Cisco 2621XM, 23 Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 Obtaining Additional Publications and Information By printing or making a copy of this document, the user agrees to use this information for product evaluation purposes only. Sale of this information in whole or in part is not authorized by Cisco Systems. This document is to be used in conjunction with the documents listed in the “Related Documentation” section. CCVP, the Cisc

More Instructions:

	Cisco 2621XM Operation & user’s manual 03-03-2023 20	DOWNLOAD
	Cisco 2621XM Configuration manual 21-11-2022 196	DOWNLOAD
	Cisco 2621XM Operation & user’s manual 14-12-2023 34	DOWNLOAD
	Cisco 2621XM Hardware installation manual 14-07-2023 104	DOWNLOAD

Comparable Devices:

#	Manufacturer	Model	Document Type	File	Updated	Pages	Size
1	PA Tech	PMA-200	Operation & user’s manual	pa-tech/pma-200-IGV.pdf	26 Jan 2024	11
2	Toa	TK-20	Specifications	toa/tk-20-97N.pdf	23 Apr 2023	2	0.05 Mb
3	Kemppi	MLS 2300 ACDC	Operation instruction manual	kemppi/mls-2300-acdc-D89.pdf	18 Jan 2024	24
4	Hasbro	Transformers Universe Acid Storm 83665	Instruction manual	hasbro/transformers-universe-acid-storm-83665-YZ5.pdf	02 Aug 2023	1	0.69 Mb
5	GE	Gas Dryer	Installation instructions manual	ge/gas-dryer-SJE.pdf	21 Jun 2023	12	0.51 Mb
6	D-Link	DCS-6410	Quick installation manual	d-link/dcs-6410-17X.pdf	08 Apr 2024	24

Similar Resources:

Cisco

ASR 1002-HX

(30 pages)

Removing and Replacing FRUsThis chapter describes procedures for removing and replacing field-replaceable units (FRUs) from Cisco1002-HX Routers.• Removing and Replacing the Crypto Modules, on page 1• Removing AC Power Supplies, on page 4• Installing AC Power Supplies, on page 5• Removing DC Input Power Supplies, on page 5• Installing DC Input Powe …

Fortinet

FortiGate-5000

(77 pages)

FortiGate-5000 Series Introduction01-30000-83466-20090108FAN TRAY FAN TRAYFAN TRAY13119753124681012145140CRITICALRESETMAJORMINORUSER1USER2USER35140SAPSERIAL 1 SERIAL 2 ALARMFILTER1201210/100link/ActETH0ServiceRESETSTATUSHot Swaplink/ActETH0ETH110/1005000SM10/100link/ActETH0ServiceRESETSTATUSHot Swaplink/ActETH0ETH110/1005000SMPSU APSU BCONSOLEACTACTLINKLINKF …

NETGEAR

FS516 - Switch

(2 pages)

NETGEAR’s Fast Ethernet switches provide a cost-effective way toinstantaneously increase network performance while preserving most of yournetwork investment, including installed cabling and end users’ software andhardware.These switches are ideal for intermixing 10 and 100 Mbpsdevices.They provide you with automatic speed and full/half-duplex sensingper …

Digisol

DH-bg1100n

(76 pages)

DG-BG1100N 802.11N 150MBPS SINGLE PORT WIRELESS ADSL2/2+ ROUTER User Manual V1.0 2013-12-12 As our products undergo continuous development the specifications are subject to chang …

AT&T

NVG_589

(3 pages)

AT&T U-verse® Voice and High Speed Internet Wi-Fi Gatewayself-installation guide Before installation: Do not attempt to install your service until 2pm or later on your service activation date. You can find this date on your packing slip.Get started Approximate installation time: 30 minutes1. Check your service activation date.Do not …

TP-Link

TL-SG2424P

(5 pages)

The TL-SG2424P provides 24 10/100/1000Mbps ports that supports 802.3at/af-compliant PoE , with a total PoE power supply up to 180W, powerful and exible enough for users to deploy wireless access points or IP-based network surveillance cameras. The switch also comes equipped with 4 combo SFP slots, expanding your network exibly. In addition, it provides …