8
Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy
OL-6262-01
The 2621XM/2651XM Router
• Define Rules and Filters—create packet Filters that are applied to User data streams on each
interface. Each Filter consists of a set of Rules, which define a set of packets to permit or deny based
characteristics such as protocol ID, addresses, ports, TCP connection establishment, or packet
direction.
• Status Functions—view the router configuration, routing tables, active sessions, use Gets to view
SNMP MIB II statistics, health, temperature, memory status, voltage, packet statistics, review
accounting logs, and view physical interface status
• Manage the router—log off users, shutdown or reload the outer, manually back up router
configurations, view complete configurations, manager user rights, and restore router
configurations.
• Set Encryption/Bypass—set up the configuration tables for IP tunneling. Set keys and algorithms
to be used for each IP range or allow plaintext packets to be set from specified IP address.
• Change Network Modules—insert and remove modules in the Network Module slot as described
in the “Initial Setup” section of this document.
• Change WAN Interface Cards—insert and remove WICs in the WAN interface slot as described
in the “Initial Setup” section of this document.
User Services
A User enters the system by accessing the console port with a terminal program. The IOS prompts the
User for their password. If the password is correct, the User is allowed entry to the IOS executive
program. The services available to the User role consist of the following:
• Status Functions—view state of interfaces, state of layer 2 protocols, version of IOS currently
running
• Network Functions—connect to other network devices through outgoing telnet, PPP, etc. and
initiate diagnostic network services (i.e., ping, mtrace)
• Terminal Functions—adjust the terminal session (e.g., lock the terminal, adjust flow control)
• Directory Services—display directory of files kept in flash memory
Physical Security
The router is entirely encased by a thick steel chassis. The rear of the unit provides 1 Network Module
slot, 2 WIC slots, on-board LAN connectors, Console/Auxiliary connectors, the power cable connection
and a power switch. The top portion of the chassis may be removed (see Figure 5) to allow access to the
motherboard, memory, and expansion slots.
To Next Page
Loading...
