Manuals / Brands / Computer Equipment / Switch / Cisco Systems / Computer Equipment / Switch

Cisco Systems 3200 Cisco 3270 Rugged Router Card Encryption Module

1 146

Download 146 pages, 7.84 Mb

2-7

Cisco 3200 Series Router Hardware Reference

OL-5816-10

Chapter 2 Cisco 3270 Rugged Router Card

Cisco 3270 Rugged Router Card Encryption Module

The integrated security engine (SEC 2.0) is optimized to handle all the algorithms associated with IP

security (IPSec), Secure Sockets Layer (SSL)/Transport Layer Security (TLS), Secure Real-time

Transport Protocol (SRTP), 802.11i, Internet Small Computer System Interface (iSCSI), and Internet

Key Exchange (IKE) processing. The security engine contains four crypto channels, a controller, and a

set of crypto execution units (EUs). The security engine can act as a master on the internal bus. This

allows the security engine to alleviate the data movement bottleneck normally associated with slave-only

cores.

The host processor accesses the security engine through device drivers, using system memory for data

storage. The security engine resides in the peripheral memory map of the processor; therefore, when an

application requires cryptographic functions, it simply creates descriptors for the security engine that

define the cryptographic function to be performed and the location of the data.

The security engine bus-mastering capability permits the host processor to set up a crypto-channel with

a few short register writes, leaving the security engine to perform reads and writes on system memory.

Security Engine Features

The execution units are:

• Public Key Execution Unit (PKEU) supporting the following:

–

RSA and Diffie-Hellman

–

Programmable field size up to 2048 bits

–

Elliptic curve cryptography

• Data Encryption Standard Execution Unit (DEU)

–

DES, 3DES

–

Two key (K1, K2) or Three Key (K1, K2, K3)

–

Electronic codebook (ECB) and cipher-block chaining (CBC) modes for both DES and 3DES

• Advanced Encryption Standard Unit (AESU)

–

Implements the Rinjdael symmetric key cipher

–

Key lengths of 128, 192, and 256 bits

–

ECB, CBC, Counter with CBC-MAC (CCM), and Counter modes

• ARC Four execution unit (AFEU)

–

Implements a stream cipher compatible with the RC4 algorithm

–

40- to 128-bit programmable key

• Message Digest Execution Unit (MDEU)

–

SHA-1 with 160-bit or 256-bit message digest

–

MD5 with 128-bit message digest

–

Keyed-Hash Message Authentication Code (HMAC) with either SHA or MD5 algorithm

(HMAC-MD5 or HMAC-SHA)

• Random Number Generator (RNG)

Contents

Main Page CONTENTS Page Page Page Introduction to the Cisco 3200 Series Routers Audience and Scope Related Documentation Obtaining Documentation and Submitting a Service Request Conventions 10 this manual. or loss of data. Page Page Cisco 3200 Rugged Enclosures Page Cisco 3270 Rugged Enclosure Cisco 3270 Router Card Stack Cisco 3230 Rugged Enclosure Cisco 3230 Router Card Stack Rugged Enclosure End Caps Antenna End Cap I/O End Caps for the Cisco 3200 Rugged Enclosures End Cap Fast Ethernet and WMIC Console Ports Cisco 3270 Router I/O End Cap Fiber Optic Connector IP67 Integrity Power Connector IP-67 Integrity Smart Serial Port External Seal for System Integrity USB Flash Storage Device Caveat Cisco 3230 Router I/O End Cap 7 8 910 11 14 5 62 3 Protective End Cap Cover Page I/O End Cap Port Signals Gigabit Ethernet Signal Limitations Fast Ethernet Signals Fast Ethernet Port Cabling for the Cisco 3250 and Cisco 3230 Routers Console Port Signals AUX Port Signals Cisco 3200 Rugged Enclosure LED Indications Cisco 3270 Rugged Enclosure I/O End Cap LED Indications Cisco 3230 Rugged Enclosure I/O End Cap LED Indications WMIC Console LEDs Thermal Plates Mounting Brackets Page Page Page Cisco 3270 Rugged Router Card Cisco 3270 Rugged Router Card Component Systems Page Cisco 3270 Rugged Router Card Power Requirements Power Connections (AUX) Hardware Encryption Processor Page Ethernet Port Speed and Duplex Mode Cisco 3270 Rugged Router Card Encryption Module Security Engine Features Temperature Sensor Cisco 3270 Rugged Router Card MAC Address Allocation Mobile Access Router Card MARC Component Systems MARC Power Requirements MARC Router Signals Fast Ethernet Signals on the MARC Console and Auxiliary Signals Fast Ethernet Switch Mobile Interface Card Autonegotiation and Auto-MDI/MDIX MAC Address Allocation FESMIC Component Systems 1 32 46 Signals for the FESMIC 1 32 46 78 FESMIC Rotary Switch Positions Page Serial Mobile Interface Card SMIC Component Systems 1 3 25 24 1 43 Signals for the SMIC 4-Port SMIC Rotary Switch Positions 2-port SMIC Rotary Switch Positions SMIC LED Signals SMIC Power Consumption Page Wireless Mobile Interface Cards WMIC Component Systems Antenna Connector WMIC Console and Fast Ethernet Ports Fast Ethernet Signals on the WMIC LED Behavior Key Features Page MAC Address Allocation WMIC Power Requirement Mean Time Between Failure Differences Between WMICs Page 2.4-GHz (802.11b/g) WMIC Features Page Universal Workgroup Bridge Limitations 4.9-GHz (Public Safety) WMIC Features 4.9-GHz Channels Throughput The throughput is a minimum of: Modulation Receive Sensitivity 5.0-GHz (802.11h) Radio Features 5.0-GHz (802.11h) Channels Throughput Modulation Receive Sensitivity Transmit Sensitivity 5-GHz WMIC (Cisco 3205) Supported Channels Related Documentation Page Managing Firmware and Configurations Working with the Flash File System Displaying Available File Systems Setting the Default File System Displaying Information About Files on a File System Changing Directories and Displaying the Working Directory Creating and Removing Directories Copying Files Deleting Files Creating, Displaying, and Extracting tar Files Creating a tar File Displaying the Contents of a tar File Extracting a tar File Displaying the Contents of a File Working with Configuration Files Guidelines for Creating and Using Configuration Files Configuration File Types and Location Creating a Configuration File by Using a Text Editor Copying Configuration Files by Using TFTP Preparing to Download or Upload a Configuration File by Using TFTP Downloading the Configuration File by Using TFTP Uploading the Configuration File by Using TFTP Copying Configuration Files by Using FTP Preparing to Download or Upload a Configuration File by Using FTP Downloading a Configuration File by Using FTP Uploading a Configuration File by Using FTP Copying Configuration Files by Using RCP Preparing to Download or Upload a Configuration File by Using RCP Downloading a Configuration File by Using RCP Uploading a Configuration File by Using RCP Clearing Configuration Information Deleting a Stored Configuration File Working with Software Images Image Location on the WMIC tar File Format of Images on a Server or Cisco.com Copying Image Files by Using TFTP Preparing to Download or Upload an Image File by Using TFTP Downloading an Image File by Using TFTP Page Uploading an Image File by Using TFTP Copying Image Files by Using FTP Preparing to Download or Upload an Image File by Using FTP Downloading an Image File by Using FTP Page Page Uploading an Image File by Using FTP Copying Image Files by Using RCP Preparing to Download or Upload an Image File by Using RCP Page Downloading an Image File by Using RCP Page Uploading an Image File by Using RCP Cisco 3200 WMIC Image Upload Procedure Overview 7-33 Configuration Example for the MARC Fast Ethernet 0/0 WMIC Configuration Example Configuration WMIC attached to FastEthernet0/0 Configuration 7-34 Configuration Example for the WMIC Attached to Switch Port 4 7-35 Configuration Example for the WMIC Attached to Switch Port 3 Page A Smart Serial Port External Seal Page Page Page B SFP Module Replacement Replacing SFP Modules into SFP Module Slots 1 2 3 4 A B Diagnosing SFP Problems Error Messages Page Page C Switch Port Functionality Port-Based VLAN 802.1Q Trunking C-4 Inter-VLAN Routing Page VLAN Trunk Protocol (VTP) 802.1P CoS Spanning Tree Protocol (STP) Switch Virtual Interface Creating a SVI IP Multicast Layer 3 Switching Enabling IP PIM on Layer 3 Interfaces Verifying IP Multicast Layer 3 Hardware Switching Summary C-12 Verifying the IP Multicast Routing Table Use the show ip mroute command to verify the IP multicast routing table. Step 1 Enter the show ip mroute command. Storm Control Storm Control Configuration Enabling Storm Control Verifying Storm Control IGMP Snooping IGMP Snooping Configuration C-16 To verify IGMP snooping, use the show mac-address-table multicast igmp-snooping command: To verify the multicast routing table, use the show ip mroute command: INDEX Numerics A B D E F Fast Ethernet connections H I K L M N O P R S T U V W Z