Cisco Cat4K NDPP ST 11 March 2014
EDCS-1228241
9
WS-X4640-CSFP-E
WS-X4748-UPOE+E
WS-X4748-RJ45-E
The TOE can optionally connect to an NTP server on its internal network for time
services. If an NTP server is used, it must only be accessible via the internal network (an
internal network isolated from user traffic and intended for use by TOE administrators
only).
If the TOE is to be remotely administered, SSHv2 must be used for that purpose.
The TOE will transmit syslog message to a remote syslog server through an IPsec tunnel.
The TOE can also be configured to use a remote AAA server (RADIUS or TACACS+)
for centralized authentication, and can also connect to those servers through an IPsec
tunnel.
1.3.2 TOE Type
The Cisco Catalyst Switches are a switching and routing platform used to construct IP
networks by interconnecting multiple smaller networks or network segments. As a
Layer2 switch, it performs analysis of incoming frames, makes forwarding decisions
based on information contained in the frames, and forwards the frames toward the
destination. As a Layer3 switch, it supports routing of traffic based on tables identifying
available routes, conditions, distance, and costs to determine the best route for a given
packet. Routing protocols used by the TOE include BGPv4, EIGRP, EIGRPv6 for IPv6,
RIPv2, and OSPFv2. BGPv4, EIGRP, and EIGRPv6 supports routing updates with IPv6
or IPv4, while RIPv2 and OSPFv2 routing protocol support routing updates for IPv4
only. Note, the information flow functionality is not included in the scope of the
evaluation. The evaluated configuration is the configuration of the TOE that satisfies the
requirements as defined in this Security Target (ST).
1.3.3 Required non-TOE Hardware/Software/Firmware
The TOE supports (in some cases optionally) the following hardware, software, and
firmware in its environment:
Table 4 IT Environment Components
Usage/Purpose Description for TOE performance
This includes any authentication server (RADIUS RFC
2865, 2866, 2869 and RFC 3162 (IPv6) and TACACS+
RFC 1492)) that can be leveraged for remote user
authentication. The AAA server needs to be able of acting
as an IPsec peer or as an IPsec endpoint.
Management
Workstation
with SSH
Client
This includes any IT Environment Management
workstation with a SSH client installed that is used by the
TOE administrator to support TOE administration through
SSH protected channels. Any SSH client that supports
To Next Page
Loading...
