Наша цель - обеспечить Вам самый быстрый доступ к руководству по эксплуатации устройства Cisco Systems 7206VXR NPE-400. Пользуясь просмотром онлайн Вы можете быстро просмотреть содержание и перейти на страницу, на которой найдете решение своей проблемы с Cisco Systems 7206VXR NPE-400.
Для Вашего удобства
Если просмотр руководства Cisco Systems 7206VXR NPE-400 непосредственно на этой странице для Вас неудобен, Вы можете воспользоваться двумя возможными решениями:
Полноэкранный просмотр -, Чтобы удобно просматривать инструкцию (без скачивания на компьютер) Вы можете использовать режим полноэкранного просмотра. Чтобы запустить просмотр инструкции Cisco Systems 7206VXR NPE-400 на полном экране, используйте кнопку Полный экран.
Скачивание на компьютер - Вы можете также скачать инструкцию Cisco Systems 7206VXR NPE-400 на свой компьютер и сохранить ее в своем архиве. Если ты все же не хотите занимать место на своем устройстве, Вы всегда можете скачать ее из ManualsBase.
Cisco Systems 7206VXR NPE-400 Руководство по эксплуатации - Online PDF
Многие предпочитают читать документы не на экране, а в печатной версии. Опция распечатки инструкции также предусмотрена и Вы можете воспользоваться ею нажав на ссылку, находящуюся выше - Печатать инструкцию. Вам не обязательно печатать всю инструкцию Cisco Systems 7206VXR NPE-400 а только некоторые страницы. Берегите бумагу.
Резюме
Ниже Вы найдете заявки которые находятся на очередных страницах инструкции для Cisco Systems 7206VXR NPE-400. Если Вы хотите быстро просмотреть содержимое страниц, которые находятся на очередных страницах инструкции, Вы воспользоваться ими.
Краткое содержание
Краткое содержание страницы № 1
FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-400 Router with VAM Introduction This is a non-proprietary Cryptographic Module Security Policy for Cisco Systems. This security policy describes how the 7206 VXR NPE-400 with VPN Acceleration Module (VAM) (Hardware Version: 7206-VXR; VAM: Hardware Version 1.0, Board Version A0; Firmware Version: Cisco IOS software Version12.3(3d)) meets the security requirements of FIPS 140-2 and how to run the module in a secure FIPS 140-2 m
Краткое содержание страницы № 2
FIPS 140-2 Submission Package � Documentation Feedback, page 18 � Obtaining Technical Assistance, page 18 � Obtaining Additional Publications and Information, page 20 FIPS 140-2 Submission Package The Security Policy document is one item in the FIPS 140-2 Submission Package. In addition to this document, the Submission Package includes: � Vendor evidence document � Finite state machine � Module software listing � Other supporting documentation as additional references With the exception of
Краткое содержание страницы № 3
Cryptographic Module Cryptographic Module The Cisco 7206VXR NPE-400 router with VAM is a multiple-chip standalone cryptographic module. The Cisco 7206VXR supports multi-protocol routing and bridging with a wide variety of protocols and port adapter combinations available for Cisco 7200 series routers. The metal casing that fully encloses the module establishes the cryptographic boundary for the router, all the functionality discussed in this document is provided by components within the ca
Краткое содержание страницы № 4
Module Interfaces Table 1 shows the front panel LEDs, which provide overall status of the router operation. The front panel displays whether or not the router is booted, if the redundant power is attached and operational, and overall activity/link status. Figure 2 Cisco 7206VXR Router Front Panel LEDs DUAL FAST ETHERNET INPUT/OUTPUT CONTROLLER C7200-I/O-2FE/E LED Indication Description Enabled Green Indicates that the network processing engine or network services engine and the I/O controll
Краткое содержание страницы № 5
Module Interfaces LED Indication Description Link Green Indicates that the Ethernet RJ-45 receptacle has established a valid link with the network. Off This LED remains off during normal operation of the router unless there is an incoming carrier signal. 100 Mbps Green Indicates that the port is configured for 100-Mbps operation (speed 100), or if configured for auto negotiation (speed auto), the port has detected a valid link at 100 Mbps. Off If the port is configured for 10-Mbps operat
Краткое содержание страницы № 6
Roles and Services Table 1 FIPS 140-2 Logical Interface Router Physical Interface FIPS 140-2 Logical Interface 10/100BASE-TX LAN Port Data Input Interface Port Adapter Interface Console Port Auxiliary Port PCMCIA Slot 10/100BASE-TX LAN Port Data Output Interface Port Adapter Interface Console Port Auxiliary Port PCMCIA Slot Power Switch Control Input Interface Console Port Auxiliary Port 10/100BASE-TX LAN Port LEDs Status Output Interface Enabled LED PCMCIA LEDs IO Pwr Ok LED VAM LEDs Console
Краткое содержание страницы № 7
Roles and Services The User and Crypto Officer passwords and the RADIUS/TACACS+ shared secrets must each be at least 8 alphanumeric characters in length. See the “Secure Operation” section on page 16 for more information. If only integers 0-9 are used without repetition for an 8 digit PIN, the probability of randomly guessing the correct sequence is 1 in 1,814,400. Including the rest of the alphanumeric characters drastically decreases the odds of guessing the correct sequence. Crypto Offi
Краткое содержание страницы № 8
Physical Security Physical Security The router is encased in a steel chassis. The front of the router includes six port adapter slots. The rear of the router includes on-board LAN connectors, PC Card slots, and Console/Auxiliary connectors, power cable connection, a power switch, and access to the Network Processing Engine. Any port adapter slot not populated with a port adapter must be populated with a slot cover (blank port adapter) to operate in FIPS compliant mode. Slot covers are inclu
Краткое содержание страницы № 9
NETWORK PROCESSING ENGINE-150 Cryptographic Key Management Figure 4 Tamper Evidence Label Placement (Front View) Port adapters Port adapter lever I/O controller Auxiliary Console PC card slots port port Optional Fast Ethernet port (MII receptacle and RJ-45 receptacle) Figure 5 Tamper Evidence Label Placement (Rear View) Chassis Internal fans grounding receptacles AC-input Power supply receptacle filler plate AC-input Network processing engine power supply or network services engine Power switc
Краткое содержание страницы № 10
Cryptographic Key Management The module supports the following critical security parameters (CSPs): Table 2 Critical Security Parameters # CSP Name Description Storage 1 CSP 1 This is the seed key for X9.31 PRNG. This DRAM key is stored in DRAM and updated (plaintext) periodically after the generation of 400 bytes; hence, it is zeroized periodically. Also, the operator can turn off the router to zeroize this key. 2 CSP2 The private exponent used in Diffie-Hellman DRAM (DH) exchange. Zeroiz
Краткое содержание страницы № 11
Cryptographic Key Management Table 2 Critical Security Parameters (Continued) # CSP Name Description Storage 14 CSP14 The IPSec encryption key. Zeroized when DRAM IPSec session is terminated. (plaintext) 15 CSP15 The IPSec authentication key. The DRAM zeroization is the same as above. (plaintext) 16 CSP16 The RSA public key of the CA. The no NVRAM crypto ca trust
Краткое содержание страницы № 12
Cryptographic Key Management Table 2 Critical Security Parameters (Continued) # CSP Name Description Storage 25 CSP25 This key is used by the router to authenticate NVRAM itself to the peer. The key is identical to #22 (plaintext) except that it is retrieved from the local database (on the router itself). Issuing the no username password command zeroizes the password (that is used as this key) from the local database. 26 CSP26 This is the SSH session key. It is zeroized DRAM when the SSH s
Краткое содержание страницы № 13
Cryptographic Key Management Figure 6 Role and Service Access to CSPs FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-400 Router with VAM OL-3959-01 13�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
Краткое содержание страницы № 14
Cryptographic Key Management The module supports DES (only for legacy systems), 3DES, DES-MAC, TDES-MAC, AES, SHA-1, HMAC SHA-1, MD5, MD4, HMAC MD5, Diffie-Hellman, RSA (for digital signatures and encryption/decryption (for IKE authentication)) cryptographic algorithms. The MD5, HMAC MD5, and MD4 algorithms are disabled when operating in FIPS mode. The module supports three types of key management schemes: � Manual key exchange method that is symmetric. DES/3DES/AES key and HMAC-SHA-1 key a
Краткое содержание страницы № 15
Self-Tests Key Zeroization All of the keys and CSPs of the module can be zeroized. Please refer to the Description column of Table 2 for information on methods to zeroize each key and CSP. Self-Tests To prevent secure data from being released, it is important to test the cryptographic components of a security module to insure all components are functioning correctly. The router includes an array of self-tests that are run during startup and periodically during operations. If any of the self
Краткое содержание страницы № 16
Secure Operation – Continuous random number generator test Secure Operation The Cisco 7206VXR NPE-400 router with a single VPN Acceleration Module (VAM) meets all the Level 2 requirements for FIPS 140-2. Follow the setting instructions provided below to place the module in FIPS mode of operation. Operating this router without maintaining the appropriate settings will remove the module from the FIPS approved mode of operation. Initial Setup � The Crypto Officer ensures that the VAM cryptogra
Краткое содержание страницы № 17
Obtaining Documentation � If the Crypto Officer loads any IOS image onto the router, this will put the router into a non-FIPS mode of operation. IPSec Requirements and Cryptographic Algorithms There are two types of key management method that are allowed in FIPS mode: Internet Key Exchange (IKE) and IPSec manually entered keys. Although the IOS implementation of IKE allows a number of algorithms, only the following algorithms are allowed in a FIPS 140-2 configuration: � ah-sha-hmac � esp-de
Краткое содержание страницы № 18
Documentation Feedback You can access the Cisco website at this URL: http://www.cisco.com You can access international Cisco websites at this URL: http://www.cisco.com/public/countries_languages.shtml Ordering Documentation You can find instructions for ordering documentation at this URL: http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm You can order Cisco documentation in these ways: � Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the
Краткое содержание страницы № 19
Obtaining Technical Assistance Cisco Technical Support Website The Cisco Technical Support Website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, 365 days a year at this URL: http://www.cisco.com/techsupport Access to all tools on the Cisco Technical Support Website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or
Краткое содержание страницы № 20
Obtaining Additional Publications and Information Obtaining Additional Publications and Information Information about Cisco products, technologies, and network solutions is available from various online and printed sources. � Cisco Marketplace provides a variety of Cisco books, reference guides, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL: http://www.cisco.com/go/marketplace/ � The Cisco Product Catalog describes the networking products offered by Cisco Syst
