Cisco Systems Cisco 7206 VXR Self-Tests, Initial Setup, System Initialization and Configuration

Page 11

Secure Operation of the Cisco 7206 VXR NPE-400 Router

Cryptographic Key Management

The router securely administers both cryptographic keys and other critical security parameters such as passwords. The tamper evidence seals provide physical protection for all keys. Keys are also password protected and can be zeroized by the crypto officer. Keys are exchanged manually and entered electronically via manual key exchange or Internet Key Exchange (IKE).

Self-Tests

In order to prevent any secure data from being released, it is important to test the cryptographic components of a security module to insure all components are functioning correctly. The router includes an array of self-tests that are run during startup and periodically during operations. The self-test run at power-up includes a cryptographic known answer test (KAT) on the FIPS-approved cryptographic algorithms (DES, 3DES), on the message digest (SHA-1), and on the Diffie-Hellman algorithm. Also performed at startup are software integrity test using an EDC, and a set of Statistical Random Number Generator (RNG) tests. The following tests are also run periodically or conditionally: a bypass mode test performed conditionally prior to executing IPSec, a software load test for upgrades, and the continuous random number generator test. If any of these self-tests fail, the router transitions into an error state. Within the error state, all secure data transmission is halted and the router outputs status information indicating the failure.

Secure Operation of the Cisco 7206 VXR NPE-400 Router

Cisco 7206 VXR NPE-400 router meets all the Level 2 requirements for FIPS 140-1. Follow the setting instructions provided below to place the module in FIPS mode. Operating this router without maintaining the following settings will remove the module from the FIPS approved mode of operation.

Initial Setup

The crypto officer must apply tamper evidence labels as described in the “Physical Security” section of this document. The crypto officer must securely store tamper evidence labels before use, and any tamper evidence labels not used should also be stored securely.

Only a crypto officer can add and remove port adapters. When removing the tamper evidence label, the crypto officer should remove the entire label from the router and clean the cover of any grease, dirt, or oil with an alcohol-based cleaning pad. The crypto officer must reapply tamper evidence labels on the router as described in the “Physical Security” section in this document.

System Initialization and Configuration

The crypto officer must perform the initial configuration. The IOS version shipped with the router, version 12.1(9)E, is the only allowable image. No other image can be loaded.

The value of the boot field must be 0x0101 (the factory default). This setting disables the break from the console to the ROM monitor and automatically boots the IOS image. From the configure terminal command line, the crypto officer enters the following syntax:

config-register 0x0101

Cisco 7206 VXR Router with ISA Security Policy

11

Image 11
Contents Introduction Document Organization 7206 VXR NPE-400 RouterReferences TerminologyPort adapters 7206 VXR NPE-400 Cryptographic ModuleInput/Output Controller Module InterfacesLED Integrated Service AdapterEnabled Router Physical Interface Fips 140-1 Logical Interface Roles and ServicesPhysical Security Cryptographic Officer ServicesUser Services 7206 VXR NPE-400 Router Shows the tamper evidence label placements Cryptographic Key Management Initial SetupSystem Initialization and Configuration Self-TestsProtocols Remote AccessNon FIPS-Approved Algorithms Ordering Documentation Obtaining DocumentationWorld Wide Web Documentation CD-ROMTechnical Assistance Center Contacting TAC by Using the Cisco TAC WebsiteObtaining Technical Assistance Cisco.comContacting TAC by Telephone

Cisco 7206 VXR specifications

Cisco Systems, a leading company in networking technology, has developed the Cisco 7206 VXR router, which is widely recognized for its robustness and versatility in both enterprise and service provider environments. This router is part of the Cisco 7200 Series and specifically designed to meet various networking needs while delivering high performance and reliability.

One of the main features of the Cisco 7206 VXR is its support for a multitude of interfaces and modules. It boasts the capability to handle multiple protocols, making it suitable for different network environments. The router can accommodate both Ethernet and T1/E1 interfaces, allowing for flexibility in connecting to various types of networks. Moreover, it supports a range of interface modules, including Gigabit Ethernet and DS3, which enables scalability as business demands grow.

In terms of processing power, the Cisco 7206 VXR is equipped with high-performance processors that ensure efficient data handling and routing. It can provide up to 2 Gbps of total throughput, which is essential for applications requiring high bandwidth. This makes it an excellent choice for organizations that rely on consistent network performance for their operations.

The Cisco 7206 VXR also incorporates advanced technologies to enhance network management and security. It supports Cisco Internetwork Operating System (IOS), providing a robust set of features for routing, switching, and security. This includes support for VPNs, firewall capabilities, and network monitoring tools, which are crucial for maintaining a secure and efficient network environment.

Another notable characteristic of the Cisco 7206 VXR is its redundancy features. The router can be equipped with dual power supplies and fans, ensuring uninterrupted service in the event of hardware failure. This redundancy makes it a dependable choice for mission-critical applications where network uptime is paramount.

In conclusion, the Cisco 7206 VXR router stands out as a powerful networking solution that combines flexibility, high performance, and advanced features. Its ability to support various interfaces, protocols, and redundant systems makes it an ideal choice for organizations looking to build robust and scalable network infrastructures. With its proven reliability and innovative technologies, the Cisco 7206 VXR continues to be a pivotal player in the networking landscape.