Unser Ziel ist Ihnen einen schnellen Zugang zu Inhalten in Bedienungsanleitungen zum Gerät Cisco Systems 7206VXR NPE-400 zu garantieren. Wenn Sie eine Online-Ansicht nutzten, können Sie den Inhaltsverzeichnis schnell durchschauen und direkt zu der Seite gelangen, auf der Sie die Lösung zu Ihrem Problem mit Cisco Systems 7206VXR NPE-400 finden.
Für Ihre Bequemlichkeit
Wenn das direkte Durchschauen der Anleitung Cisco Systems 7206VXR NPE-400 auf unserer Seite für Sie unbequem ist, können sie die folgende zwei Möglichkeiten nutzen:
Vollbildsuche – Um bequem die Anleitung durchzusuchen (ohne sie auf den Computer herunterzuladen) können Sie den Vollbildsuchmodus nutzen. Um das Durchschauen der Anleitung Cisco Systems 7206VXR NPE-400 im Vollbildmodus zu starten, nutzen Sie die Schaltfläche Vollbild
Auf Computer herunterladen – Sie können die Anleitung Cisco Systems 7206VXR NPE-400 auch auf Ihren Computer herunterladen und sie in Ihren Sammlungen aufbewahren. Wenn Sie jedoch keinen Platz auf Ihrem Gerät verschwenden möchten, können Sie sie immer auf ManualsBase herunterladen.
Cisco Systems 7206VXR NPE-400 Handbuch - Online PDF
Viele Personen lesen lieber Dokumente nicht am Bildschirm, sondern in gedruckter Version. Eine Druckoption der Anleitung wurde ebenfalls durchdacht, und Sie können Sie nutzen, indem Sie den Link klicken, der sich oben befindet - Anleitung drucken. Sie müssen nicht die ganze Cisco Systems 7206VXR NPE-400 Anleitung drucken, sondern nur die Seiten, die Sie brauchen. Schätzen Sie das Papier.
Zusammenfassungen
Unten finden Sie Trailer des Inhalts, der sich auf den nächsten Anleitungsseiten zu Cisco Systems 7206VXR NPE-400 befindet. Wenn Sie den Seiteninhalt der nächsten Seiten schnell durchschauen möchten, können Sie sie nutzen.
Inhaltszusammenfassungen
Inhaltszusammenfassung zur Seite Nr. 1
FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-400 Router with VAM Introduction This is a non-proprietary Cryptographic Module Security Policy for Cisco Systems. This security policy describes how the 7206 VXR NPE-400 with VPN Acceleration Module (VAM) (Hardware Version: 7206-VXR; VAM: Hardware Version 1.0, Board Version A0; Firmware Version: Cisco IOS software Version12.3(3d)) meets the security requirements of FIPS 140-2 and how to run the module in a secure FIPS 140-2 m
Inhaltszusammenfassung zur Seite Nr. 2
FIPS 140-2 Submission Package � Documentation Feedback, page 18 � Obtaining Technical Assistance, page 18 � Obtaining Additional Publications and Information, page 20 FIPS 140-2 Submission Package The Security Policy document is one item in the FIPS 140-2 Submission Package. In addition to this document, the Submission Package includes: � Vendor evidence document � Finite state machine � Module software listing � Other supporting documentation as additional references With the exception of
Inhaltszusammenfassung zur Seite Nr. 3
Cryptographic Module Cryptographic Module The Cisco 7206VXR NPE-400 router with VAM is a multiple-chip standalone cryptographic module. The Cisco 7206VXR supports multi-protocol routing and bridging with a wide variety of protocols and port adapter combinations available for Cisco 7200 series routers. The metal casing that fully encloses the module establishes the cryptographic boundary for the router, all the functionality discussed in this document is provided by components within the ca
Inhaltszusammenfassung zur Seite Nr. 4
Module Interfaces Table 1 shows the front panel LEDs, which provide overall status of the router operation. The front panel displays whether or not the router is booted, if the redundant power is attached and operational, and overall activity/link status. Figure 2 Cisco 7206VXR Router Front Panel LEDs DUAL FAST ETHERNET INPUT/OUTPUT CONTROLLER C7200-I/O-2FE/E LED Indication Description Enabled Green Indicates that the network processing engine or network services engine and the I/O controll
Inhaltszusammenfassung zur Seite Nr. 5
Module Interfaces LED Indication Description Link Green Indicates that the Ethernet RJ-45 receptacle has established a valid link with the network. Off This LED remains off during normal operation of the router unless there is an incoming carrier signal. 100 Mbps Green Indicates that the port is configured for 100-Mbps operation (speed 100), or if configured for auto negotiation (speed auto), the port has detected a valid link at 100 Mbps. Off If the port is configured for 10-Mbps operat
Inhaltszusammenfassung zur Seite Nr. 6
Roles and Services Table 1 FIPS 140-2 Logical Interface Router Physical Interface FIPS 140-2 Logical Interface 10/100BASE-TX LAN Port Data Input Interface Port Adapter Interface Console Port Auxiliary Port PCMCIA Slot 10/100BASE-TX LAN Port Data Output Interface Port Adapter Interface Console Port Auxiliary Port PCMCIA Slot Power Switch Control Input Interface Console Port Auxiliary Port 10/100BASE-TX LAN Port LEDs Status Output Interface Enabled LED PCMCIA LEDs IO Pwr Ok LED VAM LEDs Console
Inhaltszusammenfassung zur Seite Nr. 7
Roles and Services The User and Crypto Officer passwords and the RADIUS/TACACS+ shared secrets must each be at least 8 alphanumeric characters in length. See the “Secure Operation” section on page 16 for more information. If only integers 0-9 are used without repetition for an 8 digit PIN, the probability of randomly guessing the correct sequence is 1 in 1,814,400. Including the rest of the alphanumeric characters drastically decreases the odds of guessing the correct sequence. Crypto Offi
Inhaltszusammenfassung zur Seite Nr. 8
Physical Security Physical Security The router is encased in a steel chassis. The front of the router includes six port adapter slots. The rear of the router includes on-board LAN connectors, PC Card slots, and Console/Auxiliary connectors, power cable connection, a power switch, and access to the Network Processing Engine. Any port adapter slot not populated with a port adapter must be populated with a slot cover (blank port adapter) to operate in FIPS compliant mode. Slot covers are inclu
Inhaltszusammenfassung zur Seite Nr. 9
NETWORK PROCESSING ENGINE-150 Cryptographic Key Management Figure 4 Tamper Evidence Label Placement (Front View) Port adapters Port adapter lever I/O controller Auxiliary Console PC card slots port port Optional Fast Ethernet port (MII receptacle and RJ-45 receptacle) Figure 5 Tamper Evidence Label Placement (Rear View) Chassis Internal fans grounding receptacles AC-input Power supply receptacle filler plate AC-input Network processing engine power supply or network services engine Power switc
Inhaltszusammenfassung zur Seite Nr. 10
Cryptographic Key Management The module supports the following critical security parameters (CSPs): Table 2 Critical Security Parameters # CSP Name Description Storage 1 CSP 1 This is the seed key for X9.31 PRNG. This DRAM key is stored in DRAM and updated (plaintext) periodically after the generation of 400 bytes; hence, it is zeroized periodically. Also, the operator can turn off the router to zeroize this key. 2 CSP2 The private exponent used in Diffie-Hellman DRAM (DH) exchange. Zeroiz
Inhaltszusammenfassung zur Seite Nr. 11
Cryptographic Key Management Table 2 Critical Security Parameters (Continued) # CSP Name Description Storage 14 CSP14 The IPSec encryption key. Zeroized when DRAM IPSec session is terminated. (plaintext) 15 CSP15 The IPSec authentication key. The DRAM zeroization is the same as above. (plaintext) 16 CSP16 The RSA public key of the CA. The no NVRAM crypto ca trust
Inhaltszusammenfassung zur Seite Nr. 12
Cryptographic Key Management Table 2 Critical Security Parameters (Continued) # CSP Name Description Storage 25 CSP25 This key is used by the router to authenticate NVRAM itself to the peer. The key is identical to #22 (plaintext) except that it is retrieved from the local database (on the router itself). Issuing the no username password command zeroizes the password (that is used as this key) from the local database. 26 CSP26 This is the SSH session key. It is zeroized DRAM when the SSH s
Inhaltszusammenfassung zur Seite Nr. 13
Cryptographic Key Management Figure 6 Role and Service Access to CSPs FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-400 Router with VAM OL-3959-01 13
Inhaltszusammenfassung zur Seite Nr. 14
Cryptographic Key Management The module supports DES (only for legacy systems), 3DES, DES-MAC, TDES-MAC, AES, SHA-1, HMAC SHA-1, MD5, MD4, HMAC MD5, Diffie-Hellman, RSA (for digital signatures and encryption/decryption (for IKE authentication)) cryptographic algorithms. The MD5, HMAC MD5, and MD4 algorithms are disabled when operating in FIPS mode. The module supports three types of key management schemes: � Manual key exchange method that is symmetric. DES/3DES/AES key and HMAC-SHA-1 key a
Inhaltszusammenfassung zur Seite Nr. 15
Self-Tests Key Zeroization All of the keys and CSPs of the module can be zeroized. Please refer to the Description column of Table 2 for information on methods to zeroize each key and CSP. Self-Tests To prevent secure data from being released, it is important to test the cryptographic components of a security module to insure all components are functioning correctly. The router includes an array of self-tests that are run during startup and periodically during operations. If any of the self
Inhaltszusammenfassung zur Seite Nr. 16
Secure Operation – Continuous random number generator test Secure Operation The Cisco 7206VXR NPE-400 router with a single VPN Acceleration Module (VAM) meets all the Level 2 requirements for FIPS 140-2. Follow the setting instructions provided below to place the module in FIPS mode of operation. Operating this router without maintaining the appropriate settings will remove the module from the FIPS approved mode of operation. Initial Setup � The Crypto Officer ensures that the VAM cryptogra
Inhaltszusammenfassung zur Seite Nr. 17
Obtaining Documentation � If the Crypto Officer loads any IOS image onto the router, this will put the router into a non-FIPS mode of operation. IPSec Requirements and Cryptographic Algorithms There are two types of key management method that are allowed in FIPS mode: Internet Key Exchange (IKE) and IPSec manually entered keys. Although the IOS implementation of IKE allows a number of algorithms, only the following algorithms are allowed in a FIPS 140-2 configuration: � ah-sha-hmac � esp-de
Inhaltszusammenfassung zur Seite Nr. 18
Documentation Feedback You can access the Cisco website at this URL: http://www.cisco.com You can access international Cisco websites at this URL: http://www.cisco.com/public/countries_languages.shtml Ordering Documentation You can find instructions for ordering documentation at this URL: http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm You can order Cisco documentation in these ways: � Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the
Inhaltszusammenfassung zur Seite Nr. 19
Obtaining Technical Assistance Cisco Technical Support Website The Cisco Technical Support Website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, 365 days a year at this URL: http://www.cisco.com/techsupport Access to all tools on the Cisco Technical Support Website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or
Inhaltszusammenfassung zur Seite Nr. 20
Obtaining Additional Publications and Information Obtaining Additional Publications and Information Information about Cisco products, technologies, and network solutions is available from various online and printed sources. � Cisco Marketplace provides a variety of Cisco books, reference guides, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL: http://www.cisco.com/go/marketplace/ � The Cisco Product Catalog describes the networking products offered by Cisco Syst