activityccdp

ccdp  时间:2021-02-27  阅读:()
CorporateHeadquarters:Copyright2001.
CiscoSystems,Inc.
Allrightsreserved.
CiscoSystems,Inc.
,170WestTasmanDrive,SanJose,CA95134-1706USACisco7206VXRRouterSecurityPolicyIntroductionThisnonproprietaryCryptographicModuleSecurityPolicydescribeshowthe7206VXRNPE-400routersmeetthesecurityrequirementsofFederalInformationProcessingStandards(FIPS)140-1,andhowtheyoperateinasecureFIPS140-1mode.
ThepolicywaspreparedaspartoftheLevel2FIPS140-1certificationofthe7206VXRNPE-400router.
NoteThisdocumentmaybecopiedinitsentiretyandwithoutmodification.
Allcopiesmustincludethecopyrightnoticeandstatementsonthelastpage.
TheFIPS140-1publication,"SecurityRequirementsforCryptographicModules"detailstheU.
S.
Governmentrequirementsforcryptographicmodules.
MoreinformationabouttheFIPS140-1standardandvalidationprogramisavailableatthefollowingNationalInstituteofStandardsandTechnology(NIST)website:http://csrc.
nist.
gov/cryptval/Thisdocumentcontainsthefollowingsections:Introduction,page1The7206VXRNPE-400Router,page2SecureOperationoftheCisco7206VXRNPE-400Router,page10ObtainingDocumentation,page12ObtainingTechnicalAssistance,page132Cisco7206VXRRouterSecurityPolicyThe7206VXRNPE-400RouterReferencesThisdocumentdealswithoperationsandcapabilitiesofthe7206VXRNPE-400routerinthetechnicaltermsofaFIPS140-1cryptographicmodulesecuritypolicy.
FormoreinformationonCisco7206VXRNPE-400routerandtheentire7200series,checkthefollowingsources:TheCiscoSystemswebsitecontainsinformationonthefulllineofCiscoSystemsproducts.
Refertothefollowingwebsite:www.
cisco.
com.
The7200seriesproductdescriptionscanbefoundatthefollowingwebsite:www.
cisco.
com/warp/public/cc/pd/rt/7200/Foranswerstotechnicalorsalesrelatedquestions,pleaserefertothecontactslistedonthefollowingwebsite:www.
cisco.
com.
TerminologyInthisdocument,thecryptographicmoduleisreferredtoasthe7206VXRrouter,therouter,orthesystem.
DocumentOrganizationThesecuritypolicydocumentispartofthecompleteFIPS140-1SubmissionPackage.
Inadditiontothisdocument,thecompletesubmissionpackagecontains:VendorevidencedocumentFinitestatemachineModulesoftwarelistingOthersupportingdocumentationasadditionalreferencesThisdocumentprovidesanoverviewofthe7206VXRNPE-400routerandexplainsthesecureconfigurationandoperationofthecryptographicmodule.
Italsoexplainsthegeneralfeaturesandfunctionalityofthe7206VXRNPE-400routersandaddressestherequiredconfigurationfortheFIPSmodeofoperation.
NoteThissecuritypolicyandothercertificationsubmissiondocumentationwasproducedbyCorsecSecurity,Inc.
undercontracttoCiscoSystems.
Withtheexceptionofthisnonproprietarysecuritypolicy,theFIPS140-1CertificationSubmissiondocumentationisCisco-proprietaryandcanbereleasedonlyunderappropriatenondisclosureagreements.
Foraccesstothesedocuments,pleasecontactCiscoSystems.
The7206VXRNPE-400RouterCisco7200VXRroutersaredesignedtosupportgigabitcapabilitiesandtoimprovedata,voice,andvideointegrationinbothserviceproviderandenterpriseenvironments.
Cisco7200VXRrouterssupportahigh-speednetworkservicesengine(NSE)aswellasthehigh-speednetworkprocessingengine,NPE-400,andallotheravailablenetworkprocessingengines.
3Cisco7206VXRRouterSecurityPolicyThe7206VXRNPE-400RouterCisco7200VXRroutersaccommodateavarietyofnetworkinterfaceportadaptersandanI/Ocontroller.
ACisco7200VXRrouterequippedwithanNPE-400cansupportuptosixhigh-speedportadaptersandcanalsosupporthigher-speedportadapterinterfacesincludingGigabitEthernetandOC-12ATM.
Cisco7200VXRroutersalsocontainbaysforuptotwoAC-inputorDC-inputpowersupplies.
Cisco7200VXRrouterssupportthefollowingfeatures:Onlineinsertionandremoval(OIR)—Add,replace,orremoveportadapterswithoutinterruptingthesystem.
Dualhot-swappable,load-sharingpowersupplies—Providesystempowerredundancy;ifonepowersupplyorpowersourcefails,theotherpowersupplymaintainssystempowerwithoutinterruption.
Also,whenonepowersupplyispoweredoffandremovedfromtherouter,thesecondpowersupplyimmediatelytakesovertherouterpowerrequirementswithoutinterruptingnormaloperationoftherouter.
Environmentalmonitoringandreportingfunctions—Maintainnormalsystemoperationbyresolvingadverseenvironmentalconditionspriortolossofoperation.
Downloadablesoftware—LoadnewimagesintoFlashmemoryremotely,withouthavingtophysicallyaccesstherouter.
The7206VXRNPE-400CryptographicModuleCisco7206VXRrouterssupportmultiprotocolroutingandbridgingwithawidevarietyofprotocolsandportadaptercombinationsavailableforCisco7200seriesrouters.
Themetalcasingthatfullyenclosesthemoduleestablishesthecryptographicboundaryfortherouter.
Allthefunctionalitydiscussedinthisdocumentisprovidedbycomponentswithinthecasing.
Cisco7206VXRroutershavesixslotsforportadapters,oneslotforaninput/output(I/O)controller,andoneslotforanetworkprocessingengineornetworkservicesengine.
Figure1The7206VXRNPE-400RouterCisco7206VXRNPE-400usesanRM7000microprocessorthatoperatesataninternalclockspeedof350MHz.
TheNPE-400usesSDRAMforstoringallpacketsreceivedorsentfromnetworkinterfaces.
TheSDRAMmemoryarrayinthesystemallowsconcurrentaccessbyportadaptersandtheprocessor.
H5997ETHERNET10BTENABLED0213LINK0123FASTSERIALENTDTCRDRCLBCDTDTCRDRCLBCDTDTCRDRCLBCDTDTCRDRCLBCDENABLEDMIILINKRJ45FASTETHERNET0TOKENRING0123MIIENRJ45ENRJ45LINK1OPWROKRJ-45CPURESETFASTETHERNETINPUT/OUTPUTCONTROLLERENABLEDPCMCIAEJECTSLOT0SLOT1FEMIIAuxiliaryportConsoleportPortadapterleverI/Ocontroller0241356ETHERNET-10BFLENRX01234TXRXTXRXTXRXTXRXTXPortadaptersCisco7200SeriesPCcardslotsOptionalFastEthernetport(MIIreceptacleandRJ-45receptacle)4Cisco7206VXRRouterSecurityPolicyThe7206VXRNPE-400RouterTheNPE-400hasthreelevelsofcache:aprimaryandasecondarycachethatareinternaltothemicroprocessor,andatertiary4-MBexternalcachethatprovidesadditionalhigh-speedstoragefordataandinstructions.
Cisco7206VXRrouterscomeequippedwithone280WAC-inputpowersupply.
(A280WDC-inputpowersupplyoptionisavailable.
)Apowersupplyfillerplateisinstalledoverthesecondpowersupplybay.
AfullyconfiguredCisco7206VXRrouteroperateswithonlyoneinstalledpowersupply;however,asecond,optionalpowersupplyofthesametypeprovideshot-swappable,load-sharing,redundantpower.
ModuleInterfacesInput/OutputControllerTheinterfacesfortherouterarelocatedonthefrontpanelInput/Output(I/O)Controller,withtheexceptionofthepowerswitchandpowerplug.
ThemodulehastwoFastEthernet(10/100RJ-45)connectorsfordatatransfersinandout.
ThemodulealsohastwootherRJ-45connectorsforaconsoleterminalforlocalsystemaccessandanauxiliaryportforremotesystemaccessordialbackupusingamodem.
Figure2showsthefrontpanelLEDs,whichprovideoverallstatusoftherouteroperation.
Thefrontpaneldisplayswhetherornottherouterisbooted,iftheredundantpowerisattachedandoperational,andoverallactivity/linkstatus.
Figure2I/OControllerTable1providesdetailedinformationconveyedbytheLEDsonthefrontpaneloftheI/OController.
DUALFASTETHERNETINPUT/OUTPUTCONTROLLERCONSOLEAUX100MbpsLINK100MbpsLINKSLOT0EJECTPCMCIASLOT1ENABLEDCPURESETIOPWROK33444CPURESETIOPWROK100MbpsLINKSLOT0SLOT1C7200-I/O-2FE/EENABLEDFE/E0FE/E15Cisco7206VXRRouterSecurityPolicyThe7206VXRNPE-400Router.
AllofthesephysicalinterfacesareseparatedintothelogicalinterfacesfromFIPSasdescribedinTable2.
Table1FrontPanelLEDsandDescriptionsLEDIndicationDescriptionEnabledGreenIndicatesthatthenetworkprocessingengineornetworkservicesengineandtheI/Ocontrollerareenabledforoperationbythesystem;however,itdoesnotmeanthattheFastEthernetportontheI/Ocontrollerisfunctionalorenabled.
ThisLEDgoesonduringasuccessfulrouterbootandremainsonduringnormaloperationoftherouter.
IOPOWEROKAmberIndicatesthattheI/OcontrollerisonandreceivingDCpowerfromtheroutermidplane.
ThisLEDcomesonduringasuccessfulrouterbootandremainsonduringnormaloperationoftherouter.
OffPoweredofforfailed.
Slot0Slot1GreenTheseLEDsindicatewhichPCCardslotisinusebycomingonwheneitherslotisbeingaccessedbythesystem.
TheseLEDsremainoffduringnormaloperationoftherouter.
LinkGreenIndicatesthattheEthernetRJ-45receptaclehasestablishedavalidlinkwiththenetwork.
OffThisLEDremainsoffduringnormaloperationoftherouterunlessthereisanincomingcarriersignal100MbpsGreenIndicatesthattheportisconfiguredfor100-Mbpsoperation(speed100),orifconfiguredforautonegotiation(speedauto),theporthasdetectedavalidlinkat100Mbps.
OffIftheportisconfiguredfor10-Mbpsoperation,orifitisconfiguredforautonegotiationandtheporthasdetectedavalidlinkat10Mbps,theLEDremainsoff.
Table2FIPS140-1LogicalInterfacesRouterPhysicalInterfaceFIPS140-1LogicalInterface10/100BASE-TXLANPortPortAdapterInterfaceServiceModuleInterfaceConsolePortAuxiliaryPort*PCMCIASlot*DataInputInterface10/100BASE-TXLANPortPortAdapterInterfaceServiceModuleInterfaceConsolePortAuxiliaryPort*PCMCIASlot*DataOutputInterface6Cisco7206VXRRouterSecurityPolicyThe7206VXRNPE-400Router*DisabledinFIPSmode.
Seethe"SecureOperationoftheCisco7206VXRNPE-400Router"sectioninthisdocumentformoreinformation.
Inadditiontothebuilt-ininterfaces,therouteralsohasadditionalportadaptersthatcanoptionallybeplacedinanavailableslot.
Theseportadaptershavemanyembodiments,includingmultipleEthernet,tokenring,andmodemcardstohandleframerelay,ATM,andISDNconnections.
RolesandServicesTherearetwomainrolesintherouter(asrequiredbyFIPS140-1)thatoperatorscanassume:cryptoofficeroradministratorroleanduserrole.
Theadministratoroftherouterassumesthecryptoofficerroleinordertoconfigureandmaintaintherouterusingcryptoofficerservices,whiletheusersexerciseonlythebasicuserservices.
CryptographicOfficerServicesDuringinitialconfigurationoftherouter,acryptographicofficer(cryptoofficer)password(the"enable"password)isdefinedandallmanagementservicesareavailablefromthisrole.
Thecryptoofficerconnectstotherouterthroughtheconsoleportthroughtheterminalprogram.
Acryptoofficercanassignpermissiontoaccessthecryptoofficerroletoadditionalaccounts,therebycreatingadditionalcryptoofficers.
Atthehighestlevel,cryptoofficerservicesincludethefollowing:Configuretherouter:definenetworkinterfacesandsettings,createcommandaliases,settheprotocolstherouterwillsupport,enableinterfacesandnetworkservices,setsystemdateandtime,andloadauthenticationinformation.
Definerulesandfilters:createpacketfiltersthatareappliedtouserdatastreamsoneachinterface.
EachfilterconsistsofasetofRules,whichdefineasetofpacketstopermitordenybasedoncharacteristicssuchasprotocolID,addresses,ports,TCPconnectionestablishment,orpacketdirection.
PowerSwitchConsolePortAuxiliaryPort*ControlInputInterface10/100BASE-TXLANPortLEDsPwrLEDSysRdyLEDConsolePortAuxiliaryPort*StatusOutputInterfacePowerPlugPowerInterfaceTable2FIPS140-1LogicalInterfaces(continued)RouterPhysicalInterfaceFIPS140-1LogicalInterface7Cisco7206VXRRouterSecurityPolicyThe7206VXRNPE-400RouterStatusfunctions:viewtherouterconfiguration,routingtables,andactivesessions;viewSNMPMIBIIstatistics,health,temperature,memorystatus,voltage,andpacketstatistics;reviewaccountinglogs,andviewphysicalinterfacestatus.
Managetherouter:logoffusers,shutdownorreloadtherouter,manuallybackuprouterconfigurations,viewcompleteconfigurations,manageruserrights,andrestorerouterconfigurations.
Setencryption/bypass:setuptheconfigurationtablesforIPtunneling.
SetkeysandalgorithmstobeusedforeachIPrangeorallowplaintextpacketstobesetfromspecifiedIPaddresses.
Changeportadapters:insertandremoveadaptersinportadapterslotsasdescribedinthe"InitialSetup"sectioninthisdocument.
UserServicesAuserentersthesystembyaccessingtheconsoleportwithaterminalprogram.
TheIOSpromptstheuserfortheirpassword.
IfitmatchestheplaintextpasswordstoredinIOSmemory,theuserisallowedentrytotheIOSexecutiveprogram.
Atthehighestlevel,userservicesincludethefollowing:StatusFunctions:viewstateofinterfaces,stateoflayer2protocols,versionofIOScurrentlyrunningNetworkFunctions:connecttoothernetworkdevicesthroughoutgoingtelnetorPPP,andinitiatediagnosticnetworkservices(forexample,pingandmtrace)TerminalFunctions:adjusttheterminalsession(thatis,locktheterminalandadjustflowcontrol)DirectoryServices:displaydirectoryoffileskeptinflashmemoryPhysicalSecurityTherouterisentirelyencasedbyathicksteelchassis.
Thefrontoftherouterprovides4portadapterslots,on-boardLANconnectors,PCCardslots,andConsole/Auxiliaryconnectors.
Thepowercableconnection,apowerswitch,andtheaccesstotheNetworkProcessingEngineareattherearoftherouter.
OncetherouterhasbeenconfiguredtomeetFIPS140-1Level2requirements,theroutercannotbeaccessedwithoutsignsoftampering.
Tosealthesystem,applyserializedtamper-evidencelabelsasfollows:Cleanthecoverofanygrease,dirt,oroilbeforeapplyingthetamperevidencelabels.
Alcohol-basedcleaningpadsarerecommendedforthispurpose.
Theambientairmustbeabove10C,otherwisethelabelsmaynotproperlycure.
Thetamperevidencelabelshouldbeplacedsothattheonehalfofthelabelcoverstheenclosureandtheotherhalfcoversthe7206VXRNPE-400Input/OutputController.
ThetamperevidencelabelshouldbeplacedovertheFlashPCCardslotsontheInput/OutputController.
Thetamperevidencelabelshouldbeplacedsothatonehalfofthelabelcoverstheenclosureandtheotherhalfcoverstheportadapterslot1.
Thetamperevidencelabelshouldbeplacedsothatonehalfofthelabelcoverstheenclosureandtheotherhalfcoverstheportadapterslot2.
Thetamperevidencelabelshouldbeplacedsothatonehalfofthelabelcoverstheenclosureandtheotherhalfcoverstheportadapterslot3.
8Cisco7206VXRRouterSecurityPolicyThe7206VXRNPE-400RouterThetamperevidencelabelshouldbeplacedsothatonehalfofthelabelcoverstheenclosureandtheotherhalfcoverstheportadapterslot4.
Thetamperevidencelabelshouldbeplacedsothatonehalfofthelabelcoverstheenclosureandtheotherhalfcoverstheportadapterslot5.
Thetamperevidencelabelshouldbeplacedsothatonehalfofthelabelcoverstheenclosureandtheotherhalfcoverstheportadapterslot6.
Thetamperevidencelabelshouldbeplacedsothatonehalfofthelabelcoverstheenclosureandtheotherhalfcoversthenetworkprocessingengine.
Thetamperevidencelabelshouldbeplacedsothatonehalfofthelabelcoverstheenclosureandtheotherhalfcoversthepowersupplyplate.
Thetamperevidencelabelshouldbeplacedsothatonehalfofthelabelcoverstheenclosureandtheotherhalfcoverstheredundantpowersupplyplate.
Thelabelscompletelycurewithinfiveminutes.
Figure3showsthetamperevidencelabelplacements.
9Cisco7206VXRRouterSecurityPolicyThe7206VXRNPE-400RouterFigure3TamperEvidenceLabelPlacementThetamperevidencesealsareproducedfromaspecialthingaugevinylwithself-adhesivebacking.
Anyattempttoremoveportadaptersorservicemoduleswilldamagethetamperevidencesealsorthepaintedsurfaceandmetalofthemodulecover.
Sincethetamperevidencelabelshavenonrepeatedserialnumbers,thelabelscanbeinspectedfordamageandcomparedagainsttheappliedserialnumberstoverifythatthemodulehasnotbeentamperedwith.
Tamperevidencelabelscanalsobeinspectedforsignsoftampering,whichincludethefollowing:curledcorners,bubbling,crinkling,rips,tears,andslices.
Theword"Opened"canappearifthelabelwaspeeledback.
NoteTheCisco7206routersupportsthefollowingFIPS-approvedalgorithms:DES,3DES,andSHA-1.
Thesealgorithmsreceivedcertificationnumbers74,17,and26respectively.
61228ETHERNET10BTENABLED0213LINK0123FASTSERIALENTDTCRDRCLBCDTDTCRDRCLBCDTDTCRDRCLBCDTDTCRDRCLBCDENABLEDMIILINKRJ45FASTETHERNET0TOKENRING0123MIIENRJ45ENRJ45LINK1OPWROKRJ-45CPURESETFASTETHERNETINPUT/OUTPUTCONTROLLERENABLEDPCMCIAEJECTSLOT0SLOT1FEMIIAuxiliaryportConsoleportPortadapterleverI/Ocontroller0241356ETHERNET-10BFLENRX01234TXRXTXRXTXRXTXRXTXPortadaptersBlankportadapterPCCardslotsOptionalFastEthernetport(MIIreceptacleandRJ-45receptacle)Cisco7200SeriesVXR61229NETWORKPROCESSINGENGINE-150InternalfansNetworkprocessingengineornetworkservicesengineAC-inputpowersupplyAC-inputreceptaclePowersupplyfillerplateChassisgroundingreceptaclesPowerswitch10Cisco7206VXRRouterSecurityPolicySecureOperationoftheCisco7206VXRNPE-400RouterCryptographicKeyManagementTheroutersecurelyadministersbothcryptographickeysandothercriticalsecurityparameterssuchaspasswords.
Thetamperevidencesealsprovidephysicalprotectionforallkeys.
Keysarealsopasswordprotectedandcanbezeroizedbythecryptoofficer.
KeysareexchangedmanuallyandenteredelectronicallyviamanualkeyexchangeorInternetKeyExchange(IKE).
Self-TestsInordertopreventanysecuredatafrombeingreleased,itisimportanttotestthecryptographiccomponentsofasecuritymoduletoinsureallcomponentsarefunctioningcorrectly.
Therouterincludesanarrayofself-teststhatarerunduringstartupandperiodicallyduringoperations.
Theself-testrunatpower-upincludesacryptographicknownanswertests(KAT)ontheFIPS-approvedcryptographicalgorithms(DES,3DES),onthemessagedigest(SHA-1),andontheDiffie-Hellmanalgorithm.
AlsoperformedatstartupareasoftwareintegritytestusinganEDC,andasetofStatisticalRandomNumberGenerator(RNG)tests.
Thefollowingtestsarealsorunperiodicallyorconditionally:abypassmodetestperformedconditionallypriortoexecutingIPSec,asoftwareloadtestforupgrades,andthecontinuousrandomnumbergeneratortest.
Ifanyoftheseself-testsfail,theroutertransitionsintoanerrorstate.
Withintheerrorstate,allsecuredatatransmissionishaltedandtherouteroutputsstatusinformationindicatingthefailure.
SecureOperationoftheCisco7206VXRNPE-400RouterCisco7206VXRNPE-400routermeetsalltheLevel2requirementsforFIPS140-1.
FollowthesettinginstructionsprovidedbelowtoplacethemoduleinFIPSmode.
OperatingthisrouterwithoutmaintainingthefollowingsettingswillremovethemodulefromtheFIPSapprovedmodeofoperation.
InitialSetupThecryptoofficermustapplytamperevidencelabelsasdescribedinthe"PhysicalSecurity"sectionofthisdocument.
Thecryptoofficermustsecurelystoretamperevidencelabelsbeforeuse,andanytamperevidencelabelsnotusedshouldalsobestoredsecurely.
Onlyacryptoofficercanaddandremoveportadapters.
Whenremovingthetamperevidencelabel,thecryptoofficershouldremovetheentirelabelfromtherouterandcleanthecoverofanygrease,dirt,oroilwithanalcohol-basedcleaningpad.
Thecryptoofficermustreapplytamperevidencelabelsontherouterasdescribedinthe"PhysicalSecurity"sectioninthisdocument.
SystemInitializationandConfigurationThecryptoofficermustperformtheinitialconfiguration.
TheIOSversionshippedwiththerouter,version12.
1(9)E,istheonlyallowableimage.
Nootherimagecanbeloaded.
Thevalueofthebootfieldmustbe0x0101(thefactorydefault).
ThissettingdisablesthebreakfromtheconsoletotheROMmonitorandautomaticallybootstheIOSimage.
Fromtheconfigureterminalcommandline,thecryptoofficerentersthefollowingsyntax:config-register0x010111Cisco7206VXRRouterSecurityPolicySecureOperationoftheCisco7206VXRNPE-400RouterThecryptoofficermustcreatethe"enable"passwordforthecryptoofficerrole.
Thepasswordmustbeatleast8charactersandisenteredwhenthecryptoofficerfirstengagestheenablecommand.
Thecryptoofficerentersthefollowingsyntaxatthe"#"prompt:enablesecret[PASSWORD]Thecryptoofficermustalwaysassignpasswords(ofatleast8characters)tousers.
IdentificationandauthenticationoftheconsoleportisrequiredforUsers.
Fromtheconfigureterminalcommandline,thecryptoofficerentersthefollowingsyntax:linecon0password[PASSWORD]loginlocalThecryptoofficershallonlyassignuserstoaprivilegelevel1(thedefault).
Thecryptoofficershallnotassignacommandtoanyprivilegelevelotherthanitsdefault.
ThePCMCIAFlashmemorycardslotisnotconfiguredinFIPSmode.
Itsuseisrestrictedviatamperevidencelabels.
Seethe"PhysicalSecurity"sectionformoredetails.
NonFIPS-ApprovedAlgorithmsThefollowingalgorithmsarenotFIPSapprovedandshouldbedisabled:–RSAforencryption–MD-5forsigning–AH-SHA-HMAC–ESP-SHA-HMAC–HMACSHA-1ProtocolsThefollowingnetworkservicesaffectthesecuritydataitemsandmustnotbeconfigured:NTP,TACACS+,RADIUS,Kerberos.
SNMPv3overasecureIPSectunnelcanbeemployedforauthenticated,secureSNMPGetsandSets.
SinceSNMPv2Cusescommunitystringsforauthentication,onlygetsareallowedunderSNMPv2C.
RemoteAccessAuxiliaryterminalservicesmustbedisabled,exceptfortheconsole.
Thefollowingconfigurationdisablesloginservicesontheauxiliaryconsoleline.
lineaux0noexec12Cisco7206VXRRouterSecurityPolicyObtainingDocumentationTelnetaccesstothemoduleisonlyallowedviaasecureIPSectunnelbetweentheremotesystemandthemodule.
ThecryptoofficermustconfigurethemodulesothatanyremoteconnectionsviatelnetaresecuredthroughIPSec.
ObtainingDocumentationThefollowingsectionsprovidesourcesforobtainingdocumentationfromCiscoSystems.
WorldWideWebYoucanaccessthemostcurrentCiscodocumentationontheWorldWideWebatthefollowingsites:http://www.
cisco.
comhttp://www-china.
cisco.
comhttp://www-europe.
cisco.
comDocumentationCD-ROMCiscodocumentationandadditionalliteratureareavailableinaCD-ROMpackage,whichshipswithyourproduct.
TheDocumentationCD-ROMisupdatedmonthlyandcanbemorecurrentthanprinteddocumentation.
TheCD-ROMpackageisavailableasasingleunitorasanannualsubscription.
OrderingDocumentationCiscodocumentationisavailableinthefollowingways:RegisteredCiscoDirectCustomerscanorderCiscoProductdocumentationfromtheNetworkingProductsMarketPlace:http://www.
cisco.
com/cgi-bin/order/order_root.
plRegisteredCisco.
comuserscanordertheDocumentationCD-ROMthroughtheonlineSubscriptionStore:http://www.
cisco.
com/go/subscriptionNonregisteredCisco.
comuserscanorderdocumentationthroughalocalaccountrepresentativebycallingCiscocorporateheadquarters(California,USA)at408526-7208or,inNorthAmerica,bycalling800553-NETS(6387).
DocumentationFeedbackIfyouarereadingCiscoproductdocumentationontheWorldWideWeb,youcansubmittechnicalcommentselectronically.
ClickFeedbackinthetoolbarandselectDocumentation.
Afteryoucompletetheform,clickSubmittosendittoCisco.
Youcane-mailyourcommentstobug-doc@cisco.
com.
13Cisco7206VXRRouterSecurityPolicyObtainingTechnicalAssistanceTosubmityourcommentsbymail,usetheresponsecardbehindthefrontcoverofyourdocument,orwritetothefollowingaddress:AttnDocumentResourceConnectionCiscoSystems,Inc.
170WestTasmanDriveSanJose,CA95134-9883Weappreciateyourcomments.
ObtainingTechnicalAssistanceCiscoprovidesCisco.
comasastartingpointforalltechnicalassistance.
Customersandpartnerscanobtaindocumentation,troubleshootingtips,andsampleconfigurationsfromonlinetools.
ForCisco.
comregisteredusers,additionaltroubleshootingtoolsareavailablefromtheTACwebsite.
Cisco.
comCisco.
comisthefoundationofasuiteofinteractive,networkedservicesthatprovidesimmediate,openaccesstoCiscoinformationandresourcesatanytime,fromanywhereintheworld.
ThishighlyintegratedInternetapplicationisapowerful,easy-to-usetoolfordoingbusinesswithCisco.
Cisco.
comprovidesabroadrangeoffeaturesandservicestohelpcustomersandpartnersstreamlinebusinessprocessesandimproveproductivity.
ThroughCisco.
com,youcanfindinformationaboutCiscoandournetworkingsolutions,services,andprograms.
Inaddition,youcanresolvetechnicalissueswithonlinetechnicalsupport,downloadandtestsoftwarepackages,andorderCiscolearningmaterialsandmerchandise.
Valuableonlineskillassessment,training,andcertificationprogramsarealsoavailable.
Customersandpartnerscanself-registeronCisco.
comtoobtainadditionalpersonalizedinformationandservices.
Registereduserscanorderproducts,checkonthestatusofanorder,accesstechnicalsupport,andviewbenefitsspecifictotheirrelationshipswithCisco.
ToaccessCisco.
com,gotothefollowingwebsite:http://www.
cisco.
comTechnicalAssistanceCenterTheCiscoTACwebsiteisavailabletoallcustomerswhoneedtechnicalassistancewithaCiscoproductortechnologythatisunderwarrantyorcoveredbyamaintenancecontract.
ContactingTACbyUsingtheCiscoTACWebsiteIfyouhaveaprioritylevel3(P3)orprioritylevel4(P4)problem,contactTACbygoingtotheTACwebsite:http://www.
cisco.
com/tac14Cisco7206VXRRouterSecurityPolicyObtainingTechnicalAssistanceP3andP4levelproblemsaredefinedasfollows:P3—Yournetworkperformanceisdegraded.
Networkfunctionalityisnoticeablyimpaired,butmostbusinessoperationscontinue.
P4—YouneedinformationorassistanceonCiscoproductcapabilities,productinstallation,orbasicproductconfiguration.
Ineachoftheabovecases,usetheCiscoTACwebsitetoquicklyfindanswerstoyourquestions.
ToregisterforCisco.
com,gotothefollowingwebsite:http://www.
cisco.
com/register/IfyoucannotresolveyourtechnicalissuebyusingtheTAConlineresources,Cisco.
comregistereduserscanopenacaseonlinebyusingtheTACCaseOpentoolatthefollowingwebsite:http://www.
cisco.
com/tac/caseopenContactingTACbyTelephoneIfyouhaveaprioritylevel1(P1)orprioritylevel2(P2)problem,contactTACbytelephoneandimmediatelyopenacase.
Toobtainadirectoryoftoll-freenumbersforyourcountry,gotothefollowingwebsite:http://www.
cisco.
com/warp/public/687/Directory/DirTAC.
shtmlP1andP2levelproblemsaredefinedasfollows:P1—Yourproductionnetworkisdown,causingacriticalimpacttobusinessoperationsifserviceisnotrestoredquickly.
Noworkaroundisavailable.
P2—Yourproductionnetworkisseverelydegraded,affectingsignificantaspectsofyourbusinessoperations.
Noworkaroundisavailable.
AccessPath,AtmDirector,BrowsewithMe,CCIP,CCSI,CD-PAC,CiscoLink,theCiscoPoweredNetworklogo,CiscoSystemsNetworkingAcademy,theCiscoSystemsNetworkingAcademylogo,FastStep,FollowMeBrowsing,FormShare,FrameShare,GigaStack,IGX,InternetQuotient,IP/VC,iQBreakthrough,iQExpertise,iQFastTrack,theiQLogo,iQNetReadinessScorecard,MGX,theNetworkerslogo,Packet,RateMUX,ScriptBuilder,ScriptShare,SlideCast,SMARTnet,TransPath,Unity,VoiceLAN,WavelengthRouter,andWebVieweraretrademarksofCiscoSystems,Inc.
;ChangingtheWayWeWork,Live,Play,andLearn,DiscoverAllThat'sPossible,andEmpoweringtheInternetGeneration,areservicemarksofCiscoSystems,Inc.
;andAironet,ASIST,BPX,Catalyst,CCDA,CCDP,CCIE,CCNA,CCNP,Cisco,theCiscoCertifiedInternetworkExpertlogo,CiscoIOS,theCiscoIOSlogo,CiscoPress,CiscoSystems,CiscoSystemsCapital,theCiscoSystemslogo,Enterprise/Solver,EtherChannel,EtherSwitch,FastHub,FastSwitch,IOS,IP/TV,LightStream,MICA,NetworkRegistrar,PIX,Post-Routing,Pre-Routing,Registrar,StrataViewPlus,Stratm,SwitchProbe,TeleRouter,andVCOareregisteredtrademarksofCiscoSystems,Inc.
and/oritsaffiliatesintheU.
S.
andcertainothercountries.
Byprintingormakingacopyofthisdocument,theuseragreestousethisinformationforproductevaluationpurposesonly.
SaleofthisinformationinwholeorinpartisnotauthorizedbyCiscoSystems.
AllothertrademarksmentionedinthisdocumentorWebsitearethepropertyoftheirrespectiveowners.
TheuseofthewordpartnerdoesnotimplyapartnershiprelationshipbetweenCiscoandanyothercompany.
(0110R)Cisco7206VXRRouterSecurityPolicyCopyright2001,CiscoSystems,Inc.
Allrightsreserved.

Vultr VPS新增第18个数据中心 瑞典斯德哥尔摩欧洲VPS主机机房

前几天还在和做外贸业务的网友聊着有哪些欧洲机房的云服务器、VPS商家值得选择的。其中介绍他选择的还是我们熟悉的Vultr VPS服务商,拥有比较多达到17个数据中心,这不今天在登录VULTR商家的时候看到消息又新增一个新的机房。这算是第18个数据中心,也是欧洲VPS主机,地区是瑞典斯德哥尔摩。如果我们有需要欧洲机房的朋友现在就可以看到开通的机房中有可以选择瑞典机房。目前欧洲已经有五个机房可以选择,...

日本CN2独立物理服务器 E3 1230 16G 20M 500元/月 提速啦

提速啦的来历提速啦是 网站 本着“良心 便宜 稳定”的初衷 为小白用户避免被坑 由赣州王成璟网络科技有限公司旗下赣州提速啦网络科技有限公司运营 投资1000万人民币 在美国Cera 香港CTG 香港Cera 国内 杭州 宿迁 浙江 赣州 南昌 大连 辽宁 扬州 等地区建立数据中心 正规持有IDC ISP CDN 云牌照 公司。公司购买产品支持3天内退款 超过3天步退款政策。提速啦的市场定位提速啦主...

腾讯云新用户省钱秘笈购买云服务器

目前国内云计算市场竞争异常激烈,尤其是国内的腾讯云、阿里云、景安等商家促销活动一波接一波的进行,对于有需要的用户确实得到不小的实惠。但是这样给予国内的主机商确实是比较大的打击,毕竟这些商家的背景和实例强劲,即便是贴本补贴优惠,也是不怕的。前两年阿里一家各种活动促销,确实在国内市场占据主要的市场地位,腾讯云开始两年没有较大的吸引用户,不过这两年的发展还是比较稳健的。我们很多网友在之前肯定也享受到一些...

ccdp为你推荐
qq讨论组QQ群和讨论组的区别在哪里怎么在qq空间里添加背景音乐如何在qq空间中添加背景音乐伪静态什么是伪静态数码资源网哪个网站可以直接在线做照片?功能要齐全的`怎么点亮qq空间图标QQ空间图标怎么点亮?保护气球抖音里面看的,这是什么游戏宕机宕机是什么意思网站优化方案网站优化方案应该从哪些方面去分析?宽带接入服务器什么是宽带接入系统?怎样绕过宽带接入系统上网网络虚拟机VMware虚拟机三种网络模式的区别有哪些?
中国域名交易中心 mediafire cpanel 新世界电讯 本网站服务器在美国 gtt 服务器监测 网站在线扫描 免费mysql数据库 七夕快乐英语 东莞idc 帽子云排名 实惠 万网主机 架设代理服务器 美国代理服务器 web服务器 优惠服务器 linux服务器系统 认证机构 更多