Advertisement
Advertisement
The Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, 3745, and 7206 VXR NPE-400 Routers, • page 3 Secure Operation of the Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, 3745, and 7206 VXR • NPE-400 Routers, page 42 Related Documentation, page 44 •...
“Secure Operation of the Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, 3745, and 7206 VXR NPE-400 Routers” section specifically addresses the required configuration for the FIPS-mode of operation. Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
Roles and Services, page 27 • Physical Security, page 29 • Cryptographic Key Management, page 36 • Self-Tests, page 42 • Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
Figure 2 demonstrates the proper application of the shield. Figure 2 Cisco 1760 Opacity Shield Application Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
Cisco 1721 and 1760 Module Interfaces The interfaces for the router are located on the rear panel of the Cisco 1721 and the front panel of the Cisco 1760 as shown in...
The front panel of the 1760 displays whether or not the router is booted, overall activity/link status, collision information, and specific information for each installed interface. Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
2-port serial cards—Blinks when data is being sent to or received from the first port on the 2-port card in the WIC1 slot Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
ISDN—On when the first ISDN B channel is connected Serial, CSU/DSU, and VIC—Blinks when data is being sent to or received from port 0 in slot 1 Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
WIC/VIC Interface LAN Port LEDs 10/100BASE-TX LAN Port LEDs Power LED Activity LED Console Port Auxiliary Port Power Plug Power Interface Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
ETHERNET 0 ACT CONSOLE 10/100BASE-T Ethernet 0/1 (RJ-45) 10/100BASE-T Network Auxiliary port Ethernet 0/0 module (RJ-45) Console (RJ-45) port (RJ-45) Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
10/1 00 ETH ERN ET 0/0 CON SOL E 10/100BASE-T Auxiliary 10/100BASE-T Ethernet 0/0 port (RJ-45) Ethernet 0/1 (RJ-45) (RJ-45) Console port (RJ-45) Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
1. RPS = Redundant Power System All of these physical interfaces are separated into the logical interfaces from FIPS 140-2 as described in Table Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
SEE MAN UAL BEF DS U ORE INS TAL LAT ION SEE MAN UAL BEF ORE INS TAL LAT ION Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
Network Module (just as they don't pass through the LAN ports). Network modules do not perform any cryptographic functions. Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
The speed of the interface is 10 Mbps or no link is established The Flash device is being accessed in either READ or WRITE mode The Flash device is not being accessed Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
System activity All of these physical interfaces are separated into the logical interfaces from FIPS 140-2 as described in Table Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
Network Module Interface LAN Port LEDs 10/100BASE-TX LAN Port LEDs Power LED Activity LED Console Port Auxiliary Port Power Plug Power Interface Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
Cisco 3725 and 3745 Module Interfaces The interfaces for the router are located on the rear panel as shown in Figure Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
All Cisco 3700 series routers include an auxiliary port supporting 115Kbps Dial-On-Demand Routing, ideal for back-up WAN connectivity. Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
UAL BEF ORE INS TAL LAT ION FastEthernet 0/1 FastEthernet 0/0 ETM NPA AIM1 AIM0 FastEthernet 0/0 FastEthernet 0/1 POWER SYSTEM Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
Reserved for future development AIM0 Solid green Advanced Integration Module (AIM) present and enabled Amber AIM present with failure AIM1 AIM not present Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
Blinking green Running ROM monitor with no errors detected Amber Router is receiving power but malfunctioning Router is not receiving power Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
Compact Flash slot 10/100BASE-TX LAN Port Control Input Interface WIC Interface Network Module Interface Power Switch Console Port Auxiliary Port Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
(I/O) controller, and one slot for a network processing engine or network services engine. Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
If the port is configured for 10-Mbps operation, or if it is configured for autonegotiation and the port has detected a valid link at 10 Mbps, the LED remains off. Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
“Secure Operation of the Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, 3745, and 7206 VXR NPE-400 Routers” section on page 42 for more information. Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
Terminal Functions—adjust the terminal session (e.g., lock the terminal, adjust flow control) • Directory Services—display directory of files kept in flash memory • Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
Any attempt to remove the enclosure will leave tamper evidence. Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
Network Module slot. Any attempt to remove a Network Module will leave tamper evidence. Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
WAN interface card slot. Any attempt to remove a WAN interface card will leave tamper evidence. Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
WAN interface card slot. Any attempt to remove a WAN interface card will leave tamper evidence. Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
Compact Flash slot. Any attempt to remove a CF card will leave tamper evidence. The labels completely cure within five minutes. Step 12 Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
Step 10 so that one half of the label covers the enclosure and the other half covers the network processing engine. Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
The word "OPEN" may appear if the label was peeled back. Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
CSP 11 This key generates keys 3, 4, 5 and 6. This key is zeroized after DRAM generating those keys. (plaintext) Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
One can turn off the router to zeroize this (plaintext) key because it is stored in DRAM. Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
Table Table 19 Role and Service Access to CSPs SRDI/Role/Service Access Policy Security Relevant Data Item CSP 1 CSP 2 Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
CSP 5 CSP 6 CSP 7 CSP 8 CSP 9 CSP 10 CSP 11 CSP 12 CSP 13 CSP 14 Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
CSP 17 CSP 18 CSP 19 CSP 20 CSP 21 CSP 22 CSP 23 CSP 24 CSP 25 CSP 26 Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
Officer needs to be authenticated to store keys. All Diffie-Hellman (DH) keys agreed upon for individual tunnels are directly associated with that specific tunnel only via the IKE protocol. Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
FIPS mode. Operating these routers without maintaining the following settings will remove the module from the FIPS approved mode of operation. Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
The Crypto Officer must perform the initial configuration. Cisco IOS version 12.3(3d) is the only allowable image; no other image may be loaded. For Cisco 1700, 2600, and 3700 series routers, the value of the boot field must be 0x0101. For Cisco •...
Software Configuration Guide for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series • Routers • Cisco 3725 Router Quick Start Guide Cisco 3745 Router Quick Start Guide • Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
Cisco Systems Corporate Headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387). Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
Internet access, contact Cisco TAC by telephone. Cisco TAC engineers are assigned immediately to P1 and P2 cases to help keep your business operations running smoothly. Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
You can access Packet magazine at this URL: http://www.cisco.com/packet Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
You can access the Internet Protocol Journal at this URL: http://www.cisco.com/ipj Training—Cisco offers world-class networking training. Current offerings in network training are • listed at this URL: http://www.cisco.com/en/US/learning/index.html Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary OL-6083-01...
Comments to this Manuals
Latest comments: