ZXR10 M6000&T8000&8900E Security Target
The major difference between models is the type, capacity and number of the physical
interfaces described in the above table.
1.3 TOE OVERVIEW
1.3.1 Intended usage and security features of the TOE
The TOE is ZXR10 M6000&T8000&8900E series routers and switches running the
ZXROSNG 1.00.20.
The TOE enables the delivery of metro Ethernet services and high-density service-aware
Ethernet aggregation over IP/ MPLS-based networks.
The supported protocols are layer 2 / layer 3 encapsulation and Internet Protocol (IP), and
Ethernet. Other protocols may be supported by the product, but are not evaluated (see
section 1.4.3).
The major security features of the TOE are:
l
Handling of packet flows using the RIPv2, OSPFv2, IS-IS and BGPv4 protocols
l
Local and remote administration
l
Authentication, either in the TOE or through TACACS+ or RADIUS.
l
Administrator Profiles to permit or deny access to a hierarchical branch or specific
commands.
l
Audit
l
Management and configuration of the TOE
l
Mitigate DoS attacks
l
URPF (Unicast Reverse Path Forwarding) to limit the malicious traffic
1.3.2 Non-TOE components
The TOE requires the following IT in its environment:
A local or remote console for administration (required)
At least one is needed, but both are allowed.
l
For a local console: Any platform that supports terminal emulation to the ANSI X3.64
standard;
l
For a remote console, any platform that supports terminal emulation to the ANSI X3.64
standard and the SSH protocol.
A SNMP/SYSLOG server for logging (required)
This may be two platforms or one combined platform.
l
For the SNMP server, any platform that supports RFC 3411-RFC 3418 (SNMPv3)
l
For the SYSLOG server, any platform that supports RFC 3164 (SYSLOG Protocol);
SJ-20110815105844-030|2011/08/19(R1.6)
1-4
ZTE CORPORATION