Guest

Cisco Catalyst 4000 Series Switches

Catalyst 4000 Service Encryption Adapter Installation and Configuration Note

  • Viewing Options

  • PDF (612.8 KB)
  • Feedback

Table Of Contents

Catalyst 4000 Encryption Service Adapter Installation and Configuration Note

Contents

Overview

Top View of the Module

Bottom View of the Module

Safety Overview

Requirements

Hardware Requirements

Software Requirements

Verifying the Software Version

Required Tools

Installing the Encryption Service Adapter

Using Catalyst 4000 Slots

Removing the Access Gateway Module

Installing the Encryption Service Adapter

Reinstalling the Access Gateway Module

Configuring the Encryption Service Adapter

Configuring the T1 Channel Group

Configuring the Internet Key Exchange Security Protocol

Configuring IPSec Network Security

Configuring Encryption on the T1 Channel Group Serial Interface

Verifying the Configuration

Sample Configurations

Encrypting Traffic Between Two Networks

Exchanging Encrypted Data Through an IPSec Tunnel

Standards Compliance Specifications

FCC Class A (or B) Compliance

Translated Safety Warnings

Safety Information Referral Warning

Qualified Personnel Warning

Power Supply Warning

Wrist Strap Warning

Faceplates and Cover Panel Requirement

Related Documentation

Obtaining Documentation

World Wide Web

Documentation CD-ROM

Ordering Documentation

Documentation Feedback

Obtaining Technical Assistance

Cisco.com

Technical Assistance Center

Contacting TAC by Using the Cisco TAC Website

Contacting TAC by Telephone


Catalyst 4000 Encryption Service Adapter Installation and Configuration Note


Product Numbers: WS-U4604-ESA(=)

This publication contains the procedures for installing and configuring the Catalyst 4000 Encryption Service Adapter for the Access Gateway Module.


Note For translations of the warnings in this publication, see the "Translated Safety Warnings" section.


Contents

This publication consists of these sections:

Overview

Safety Overview

Requirements

Verifying the Software Version

Required Tools

Installing the Encryption Service Adapter

Configuring the Encryption Service Adapter

Verifying the Configuration

Standards Compliance Specifications

FCC Class A (or B) Compliance

Translated Safety Warnings

Related Documentation

Obtaining Documentation

Obtaining Technical Assistance

Overview

The Encryption Service Adapter (ESA) is a high-performance data encryption module that implements data encryption and authentication algorithms. The ESA attaches to the Peripheral Component Interconnect (PCI) connector on the Catalyst 4000 Access Gateway Module.

The ESA includes a public key math processor and a hardware random number generator. These features support public key cryptography for key generation, exchange, and authentication. The ESA can encrypt and authenticate two full duplex T1 or two E1 communication links. Each data line can be channelized with a separate encryption context. The ESA provides IPSec Data Encryption Standard (DES) 56-bit and 3DES 168-bit encryption.

The remainder of this section includes the following topics:

Top View of the Module

Bottom View of the Module

Top View of the Module

Figure 1 shows a top view of the ESA.

Figure 1 Top View of the Encryption Service Adapter

Bottom View of the Module

Figure 2 shows a bottom view of the ESA, including the PCI connector.

Figure 2 Bottom View of the Encryption Service Adapter

Safety Overview

Safety warnings appear in this publication together with procedures that may harm you if you perform them incorrectly. A warning symbol precedes each warning statement.


Warning This warning symbol means danger. You are in a situation that could cause bodily injury. Before you work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with standard practices for preventing accidents. To see translations of the warnings that appear in this publication, refer to the "Translated Safety Warnings" section in this document.

Waarschuwing

Dit waarschuwingssymbool betekent gevaar. U verkeert in een situatie die lichamelijk letsel kan veroorzaken. Voordat u aan enige apparatuur gaat werken, dient u zich bewust te zijn van de bij elektrische schakelingen betrokken risico's en dient u op de hoogte te zijn van standaard maatregelen om ongelukken te voorkomen. Voor vertalingen van de waarschuwingen die in deze publicatie verschijnen, kunt u het gedeelte "Translated Safety Warnings" (Vertalingen van veiligheidsvoorschriften) raadplegen in dit document.

Varoitus

Tämä varoitusmerkki merkitsee vaaraa. Olet tilanteessa, joka voi johtaa ruumiinvammaan. Ennen kuin työskentelet minkään laitteiston parissa, ota selvää sähkökytkentöihin liittyvistä vaaroista ja tavanomaisista onnettomuuksien ehkäisykeinoista. Tässä julkaisussa esiintyvien varoitusten käännökset löydät tämän asiakirjan "Translated Safety Warnings" (käännetyt turvallisuutta koskevat varoitukset).

Attention

Ce symbole d'avertissement indique un danger. Vous vous trouvez dans une situation pouvant causer des blessures ou des dommages corporels. Avant de travailler sur un équipement, soyez conscient des dangers posés par les circuits électriques et familiarisez-vous avec les procédures couramment utilisées pour éviter les accidents. Pour prendre connaissance des traductions d'avertissements figurant dans cette publication, consultez la section « Translated Safety Warnings » (Traduction des avis de sécurité) de ce document.

Warnung

Dieses Warnsymbol bedeutet Gefahr. Sie befinden sich in einer Situation, die zu einer Körperverletzung führen könnte. Bevor Sie mit der Arbeit an irgendeinem Gerät beginnen, seien Sie sich der mit elektrischen Stromkreisen verbundenen Gefahren und der Standardpraktiken zur Vermeidung von Unfällen bewußt. Übersetzungen der in dieser Veröffentlichung enthaltenen Warnhinweise finden Sie im Abschnitt "Translated Safety Warnings" (Übersetzung der Warnhinweise) in diesem Dokument.

Avvertenza

Questo simbolo di avvertenza indica un pericolo. La situazione potrebbe causare infortuni alle persone. Prima di lavorare su qualsiasi apparecchiatura, occorre conoscere i pericoli relativi ai circuiti elettrici ed essere al corrente delle pratiche standard per la prevenzione di incidenti. La traduzione delle avvertenze riportate in questa pubblicazione si trova nella documento "Translated Safety Warnings" (Traduzione delle avvertenze di sicurezza) nel presente documento.

Advarsel

Dette varselsymbolet betyr fare. Du befinner deg i en situasjon som kan føre til personskade. Før du utfører arbeid på utstyr, må du vare oppmerksom på de faremomentene som elektriske kretser innebærer, samt gjøre deg kjent med vanlig praksis når det gjelder å unngå ulykker. Hvis du vil se oversettelser av de advarslene som finnes i denne publikasjonen, kan du se i avsnittet "Translated Safety Warnings" [Oversatte sikkerhetsadvarsler] i dette dokumentet.

Aviso

Este símbolo de aviso indica perigo. Encontra-se numa situação que lhe poderá causar danos físicos. Antes de começar a trabalhar com qualquer equipamento, familiarize-se com os perigos relacionados com circuitos eléctricos, e com quaisquer práticas comuns que possam prevenir possíveis acidentes. Para ver as traduções dos avisos que constam desta publicação, consulte a secção "Translated Safety Warnings" - "Traduções dos Avisos de Segurança" neste documento.

¡Advertencia!

Este símbolo de aviso significa peligro. Existe riesgo para su integridad física. Antes de manipular cualquier equipo, considerar los riesgos que entraña la corriente eléctrica y familiarizarse con los procedimientos estándar de prevención de accidentes. Para ver una traducción de las advertencias que aparecen en esta publicación, consultar la sección titulada "Translated Safety Warnings" que aparece en este documento.

Varning!

Denna varningssymbol signalerar fara. Du befinner dig i en situation som kan leda till personskada. Innan du utför arbete på någon utrustning måste du vara medveten om farorna med elkretsar och känna till vanligt förfarande för att förebygga skador. Om du vill se översättningar av de varningar som visas i denna publikation, se avsnittet "Translated Safety Warnings" [Översatta säkerhetsvarningar] i detta dokument.



Warning Before you install, operate, or service the system, read the Site Preparation and Safety Guide. This guide contains important safety information you should know before working with the system.

Warning Only trained and qualified personnel should be allowed to install or replace this equipment.

Requirements

The ESA has both hardware and software requirements:

Hardware Requirements

Software Requirements

Hardware Requirements

The ESA requires a minimum of 8 MB of IO memory. If you configure a lower value with the memory-size iomem command, the system automatically changes this value to the minimum amount required.

Software Requirements

The software requirements are as follows:

Cisco IOS Release 12.1(5)YF or later

Cisco IOS feature set that includes IPSec

Verifying the Software Version

To verify the version of Cisco IOS software on your Catalyst 4000 Access Gateway Module, follow this procedure:


Step 1 Log in to IOS through either an ASCII terminal or a PC running emulation software.

Step 2 Enter the show version command in EXEC mode.


For example:

gateway> show version
Cisco Internetwork Operating System Software 
IOS (tm) 12.1 Software (c4gwy-io3s56i-mz), Version 12.1(5)YF, RELEASE SOFTWARE

Required Tools

You need these tools to install the ESA:

Small flat-head screwdriver

Number 1 and 2 Phillips screwdrivers

Antistatic mat or foam

ESD-preventive wrist strap or other grounding device

Installing the Encryption Service Adapter

Before installing the ESA, you must remove the Access Gateway Module from Catalyst 4000 family switches.


Note If you are installing the Access Gateway Module for the first time, install the ESA before you install the Access Gateway Module.


To install the ESA, follow the procedures in the following sections:

Using Catalyst 4000 Slots

Removing the Access Gateway Module

Installing the Encryption Service Adapter

Reinstalling the Access Gateway Module

Using Catalyst 4000 Slots

The Catalyst 4000 family switch reserves the top slot (slot 1) for a supervisor engine. You can use slots 2 or 3 (on the Catalyst 4003 switch, or slots 2 to 5 on the Catalyst 4006 switch) for other modules, such as the Access Gateway Module. Figure 3 shows the supervisor engine and switching module slots on the Catalyst 4003 switch.

Figure 3 Catalyst 4003 Switch Chassis


Warning Only trained and qualified personnel should be allowed to install, replace, or service this equipment.

Removing the Access Gateway Module

To remove a module from a Catalyst 4000 family switch, follow this procedure:


Warning Do not touch the power supply when the power cord is connected. For systems with a power switch, line voltages are present within the power supply even when the power switch is OFF and the power cord is connected. For systems without a power switch, line voltages are present within the power supply when the power cord is connected.

Warning During this procedure, wear grounding wrist straps to avoid ESD damage to the card. Do not directly touch the backplane with your hand or any metal tool, or you could shock yourself.

Caution To prevent ESD damage, handle modules by the carrier edges only.

To remove the Access Gateway Module from a Catalyst 4000 family switch, follow this procedure:


Step 1 Disconnect any network interface cables attached to the ports on the module.

Step 2 Loosen the captive installation screws (as shown in Figure 4) using the small flat-head or number 1 Phillips screwdriver.

Figure 4 Captive Installation Screws and Ejector Levers

Step 3 Grasp the left and right ejector levers and simultaneously pivot the levers outward to release the module from the backplane connector. Figure 4 shows a close-up of the right ejector lever.

Step 4 Grasp the module front panel with one hand and place your other hand under the module to support and guide it out of the slot, as shown in Figure 5. Do not touch the printed circuit boards or connector pins.

Figure 5 Removing the Access Gateway Module from the Catalyst 4000 Switch

Step 5 Carefully pull the Access Gateway Module straight out of the slot.

Step 6 Place the Access Gateway Module on an antistatic mat or antistatic foam, or immediately install it in another slot.

Step 7 If the slot will remain empty, install a module filler plate (part number 800-00292-01) to keep dust out of the chassis, to maintain proper airflow through the module compartment, and to prevent exposure to hazardous voltages and currents.



Warning Blank faceplates and cover panels serve three important functions: they prevent exposure to hazardous voltages and currents inside the chassis; they contain electromagnetic interference (EMI) that might disrupt other equipment; and they direct the flow of cooling air through the chassis. Do not operate the system unless all cards, faceplates, front covers, and rear covers are in place.

Caution Before connecting system power or turning on the switch, ensure that the system is connected to a supplementary ground. For complete instructions on connecting the supplementary ground, refer to the Catalyst 4000 Family Installation Guide.


Warning Before you install, operate, or service the system, read the Site Preparation and Safety Guide. This guide contains important safety information you should know before working with the system.

Installing the Encryption Service Adapter

To install the ESA, follow this procedure:


Step 1 Remove the Access Gateway Module as described in the previous section.

Step 2 Remove the three metal screws in the standoffs nearest the PCI connector with a small flat-head or number 2 Phillips screwdriver. Figure 6 shows the location of the screws.

Figure 6 Removing the Three Screws from the Standoffs


Note In the illustration, we assume that you have already installed the Catalyst 4000 8-Port RJ21 FXS module. If not, refer to the Catalyst 4000 8-Port RJ21 FXS Module Installation and Configuration Note.


Step 3 Align the three holes on the ESA with the standoffs on the Access Gateway Module.

Step 4 Press down on the ESA until it is seated firmly in the PCI connector. Figure 7 shows how to align the adapter.

Figure 7 Aligning the Encryption Service Adapter and Reinstalling the
Six Screws into the Access Gateway Module

.

Step 5 Reinsert the screws (removed from the Access Gateway Module) through the holes in the adapter. Hand tighten with the flat-head or Phillips screwdriver.

Step 6 After you have installed the ESA, the Access Gateway Module should look like Figure 8.

Figure 8 Installed Encryption Service Adapter


Reinstalling the Access Gateway Module

To reinstall the Access Gateway Module, follow this procedure:


Step 1 Connect an ASCII terminal or a PC running terminal emulation software to the console port on the supervisor engine.

Step 2 Choose a slot for the Access Gateway Module. Ensure that you have enough clearance to accommodate any interface equipment that you will connect directly to the Access Gateway Module ports. If possible, place modules between empty slots that contain only module filler plates.

Step 3 Align the sides of the Access Gateway Module with the guides in the slot (see Figure 9).

Figure 9 Reinstalling the Access Gateway Module in the Chassis

Step 4 Insert the Access Gateway Module into the slot until its front panel contacts the ejector levers. (See Figure 4 for an illustration of the ejector levers.) Avoid touching the components on the board.

Step 5 Using the thumb and forefinger of each hand, simultaneously push the left and right ejector levers in to seat the Access Gateway Module all the way into the backplane connector.


Caution Always use the ejector levers when installing or removing modules. A module that is only partially seated in the backplane causes the system to halt.

Step 6 Use the flat-head or number 1 Phillips screwdriver to tighten the captive installation screws on the left and right sides of the Access Gateway Module. (See Figure 4.)

Step 7 Check the status of the Access Gateway Module as follows:

a. After the module has booted and run diagnostics, ensure that its Status LED is green, indicating that the module is operational.

b. Enter the show module command to verify that the system acknowledges the Access Gateway Module and reports its Status as ok in the screen display.


Configuring the Encryption Service Adapter

This section contains the following topics:

Configuring the T1 Channel Group

Configuring the Internet Key Exchange Security Protocol

Configuring IPSec Network Security

Configuring Encryption on the T1 Channel Group Serial Interface

Verifying the Configuration

Sample Configurations

Configuring the T1 Channel Group

Your first step toward configuring the ESA is to establish a T1 connection. This means defining the characteristics of a configuration group (such as speed and slot number).

To configure the T1 channel group, follow this procedure:

 
Command
Purpose

Step 1 

Gateway(config)# controller {t1|e1} slot|port

Select a controller and enter controller configuration mode.

Step 2 

Gateway(config-controller)# clock source  
{line|internal|loop-timed}

Specify which end of the circuit provides clocking.

Step 3 

Gateway(config-controller)# framing {sf|esf}

Specify the framing type.

Step 4 

Gateway(config-controller)# linecode  
{ami|b8zs|hdb3}

Specify the line code format.

Step 5 

Gateway(config-controller)# channel-group 
channel_number timeslots range 

Specify the channel group and time slots to be mapped.

Step 6 

Gateway(config-controller)# exit

Return to global configuration mode.

Configuring the Internet Key Exchange Security Protocol

Your second step is to establish a key exchange for encryption. This requires that you configure an exchange protocol.

To configure Internet Key Exchange (IKE) Security Protocol, follow this procedure:

 
Command
Purpose

Step 1 

Gateway(config)# crypto isakmp policy priority

Create an IKE policy with a unique priority number and enter ISAKMP policy configuration mode.

Note You can configure multiple policies on each peer, but at least one of these policies must contain exactly the same encryption, authentication, and other parameters as one of the policies on the remote peer.

Step 2 

Gateway(config-isakmp)# authentication
{rsa-sig|rsa-encr|pre-share}

Specify the authentication method to be used in an IKE policy.

Step 3 

Gateway(config-isakmp)# exit

Return to global configuration mode.

Step 4 

Gateway(config)# crypto isakmp key keystring address peer_address|peer_hostname

Configure the authentication key for each peer that shares a key.


Note For information on how to create a private/public key and to download a certificate, refer to the following website: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/
scprt4/scdipsec.htm


Configuring IPSec Network Security

Your third step is to define how the T1 data will be handled.

To configure IPSec network security, follow this procedure:

Step
Command
Purpose

Step 1 

Gateway(config)# crypto ipsec security-association 
lifetime seconds seconds kilobytes kilobytes

Specify the lifetime of a security association. The default lifetimes are 3600 seconds (one hour) and 4608000 kilobytes (10 megabytes per second for one hour).

Step 2 

Gateway(config)# crypto ipsec transform-set 
transform_set_name transform1 [transform2 
[transform3]]

Specify a transform set and enter transform-set configuration mode.

Note A transform set represents a specific combination of security protocols and algorithms. During the IPSec security association negotiation, the peers search for a transform set that is the same on both peers. When such a transform set is found, it is selected applied to the protected traffic as part of both peers' IPSec security associations.

Step 3 

Gateway(cfg-crypto-trans)# exit

Return to global configuration mode.

Step 4 

Gateway(config)# crypto map map_name seq_num ipsec-isakmp [dynamic dynamic_map_name] [discover]

Create a crypto map. Enter crypto map configuration mode, unless you use the dynamic keyword.

Step 5 

Gateway(config-crypto map)# set peer hostname|ip_address

Specify a remote IPSec peer.

Note This is the same peer specified in Step 4 in the previous procedure, Configuring the Internet Key Exchange Security Protocol.

Step 6 

Gateway(config-crypto map)# set transform-set transform_set_name

Specify the transform set allowed for this crypto map entry.

Note This should be the same transform set specified in Step 2 of this procedure.

Step 7 

Gateway(config-crypto map)# match address [access_list_id | name]

Specify an extended access list for a crypto map entry.

Step 8 

Gateway(cfg-crypto-trans)# exit

Return to global configuration mode.

Step 9 

Gateway(config)# access-list access_list_number 
{permit | deny} {type_code wild_mask | address mask}

Create an access list.

Configuring Encryption on the T1 Channel Group Serial Interface

Your fourth step is to configure a T1 serial interface with an IP address and a crypto map.

To configure encryption on the T1 channel group, follow this procedure:

Step
Command
Purpose

Step 1 

Gateway (config)# interface serial 
slot|port:timeslot

Select the serial interface and enter interface configuration mode

Step 2 

Gateway (config-if)# ip address address mask

Specify an IP address followed by the subnet mask for this interface.

Step 3 

Gateway (config-if)# crypto map map_name

Assign a crypto map to this interface.

Step 4 

Gateway(config-if)# exit

Return to global configuration mode.

Step 5 

Gateway(config)# exit

Return to the enable prompt.

Step 6 

Gateway# show running-config

Display the current operating configuration, including any changes just made.

Step 7 

Gateway# show startup-config

Display the configuration currently stored in nonvolatile random-access memory (NVRAM).

Step 8 

Gateway# copy running-config startup-config

Write your changes to NVRAM at the enable prompt.

Note The results of the show running-config and show startup-config commands differ if you have made changes to the configuration but have not yet written them to NVRAM.

For complete information about configuration commands and about configuring LAN and WAN interfaces on your switch, refer to the Cisco IOS configuration guides and command references.

Verifying the Configuration

After configuring the new interface, use the following commands to verify that it is operating correctly:

show versionDisplay the router hardware configuration. Check that the list includes the new interface.

show controllersDisplay all network modules and their interfaces.

show interfaces [type slot/port]Display the details of a specified interface. Verify that the first line of the display shows the correct slot and port number and that the interface and line protocol are in the correct state (up or down).

show protocolsDisplay the protocols configured for the entire router and for individual interfaces. If necessary, add or remove protocol routing on the router or its interfaces.

show running-configDisplay the running configuration.

show startup-config—Display the configuration stored in NVRAM.

ping—Send an echo request to a specified IP address.


Note When you install the ESA hardware encryption is enabled by default . You can enable software encryption with the no crypto engine accel command. This command is useful for debugging problems with the ESA or for testing features available only with software encryption.



Note If you have questions or need help, see Obtaining Technical Assistance.


Sample Configurations

The following topics are discussed:

Encrypting Traffic Between Two Networks

Exchanging Encrypted Data Through an IPSec Tunnel

Encrypting Traffic Between Two Networks

This sample configuration shows how to encrypt traffic between a private network (10.103.1.x) and a public network (98.98.98.x) using IPSec. The 98.98.98.x network knows the 10.103.1.x network by the private addresses. The 10.103.1.x network knows the 98.98.98.x network by the public addresses.

Configuration File for the 3640-2b "Public" Router

rp-3640-2b#show running config
Building configuration...
 
 
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname rp-3640-2b
!
ip subnet-zero
!
ip audit notify log
ip audit po max-events 100
!
crypto isakmp policy 1
hash md5 
authentication pre-share
crypto isakmp key cisco123 address 95.95.95.2 
!
crypto ipsec transform-set rtpset esp-des esp-md5-hmac 
!
crypto map rtp 1 ipsec-isakmp 
set peer 95.95.95.2
set transform-set rtpset 
match address 115
!
interface Ethernet0/0
ip address 98.98.98.1 255.255.255.0
no ip directed-broadcast
!
interface Ethernet0/1
ip address 99.99.99.2 255.255.255.0
no ip directed-broadcast
no ip route-cache
no ip mroute-cache
crypto map rtp
!
interface Ethernet0/2
no ip address
no ip directed-broadcast
shutdown
!
interface Ethernet0/3
no ip address
no ip directed-broadcast
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 99.99.99.1
no ip http server
!
access-list 115 permit ip 98.98.98.0 0.0.0.255 10.103.1.0 0.0.0.255
access-list 115 deny ip 98.98.98.0 0.0.0.255 any
!
line con 0
transport input none
line aux 0
line vty 0 4
login
!
end

Configuration File for the 3640-6a "Private" Router

rp-3640-6a#show running config
Building configuration...
 
 
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname rp-3640-6a
!
enable secret 5 $1$S/yK$RE603ZNv8N71GDYDbdMWd0
enable password ww
!
ip subnet-zero
!
ip audit notify log
ip audit PO max-events 100
isdn switch-type basic-5ess
isdn voice-call-failure 0
!
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key cisco123 address 99.99.99.2 
!
crypto ipsec transform-set rtpset esp-des esp-md5-hmac 
crypto map rtp 1 ipsec-isakmp 
set peer 99.99.99.2
set transform-set rtpset 
match address 115
!
interface Ethernet0/0
no ip address
no ip directed-broadcast
!
interface Serial0/0
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
!
interface Ethernet0/1
no ip address
no ip directed-broadcast
!
interface Serial0/1
no ip address
no ip directed-broadcast
shutdown
!
interface BRI1/0
no ip address
no ip directed-broadcast
shutdown
isdn switch-type basic-5ess
!
interface Ethernet1/0
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/0
no ip address
no ip directed-broadcast
shutdown
!
interface TokenRing1/0
no ip address
no ip directed-broadcast
shutdown
ring-speed 16
!
interface Ethernet3/0
ip address 95.95.95.2 255.255.255.0
no ip directed-broadcast
ip nat outside
no ip route-cache
no ip mroute-cache
crypto map rtp
! 
interface Ethernet3/1
no ip address
no ip directed-broadcast
shutdown
!
interface Ethernet3/2
ip address 10.103.1.75 255.255.255.0
no ip directed-broadcast
ip nat inside
!
interface Ethernet3/3
no ip address
no ip directed-broadcast
shutdown
!
ip nat pool FE30 95.95.95.10 95.95.95.10 netmask 255.255.255.0
ip nat inside source route-map nonat pool FE30 overload
ip classless
ip route 0.0.0.0 0.0.0.0 95.95.95.1
ip route 171.68.120.0 255.255.255.0 10.103.1.1
no ip http server
!
access-list 110 deny ip 10.103.1.0 0.0.0.255 98.98.98.0 0.0.0.255
access-list 110 permit ip 10.103.1.0 0.0.0.255 any
access-list 115 permit ip 10.103.1.0 0.0.0.255 98.98.98.0 0.0.0.255
access-list 115 deny ip 10.103.1.0 0.0.0.255 any
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
route-map nonat permit 10
match ip address 110
!
tftp-server flash:c3640-io3s56i-mz.120-7.T
!
line con 0
transport input none
line 65 72
line aux 0
line vty 0 4
password WW
login
!
end

Exchanging Encrypted Data Through an IPSec Tunnel

This section contains sample configuration files for two peer routers set up to exchange encrypted data through a secure IPSec tunnel over a channelized T1 interface channel group, serial 1/0:0.

Configuration File for Peer 1

version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Rose
!
logging buffered 100000 debugging
enable password lab
!
ip subnet-zero
no ip domain-lookup
!
crypto isakmp policy 10
 authentication pre-share
crypto isakmp key pre-shared address 6.6.6.2        
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set transform-1 esp-des 
!
crypto map cmap 1 ipsec-isakmp   
 set peer 6.6.6.2
 set transform-set transform-1 
 match address 101
!
controller T1 1/0
 framing esf
 linecode b8zs
 channel-group 0 timeslots 1-23 speed 64
 channel-group 1 timeslots 24 speed 64
!
controller T1 1/1
 channel-group 0 timeslots 1-23 speed 64
 channel-group 1 timeslots 24 speed 64
!
process-max-time 200
!
interface FastEthernet0/0
 ip address 111.0.0.2 255.0.0.0
 no ip directed-broadcast
 no ip route-cache
 no ip mroute-cache
 speed 10
!
interface Serial0/0
 no ip address
 no ip directed-broadcast
 shutdown
!
interface FastEthernet0/1
 ip address 4.4.4.1 255.0.0.0
 no ip directed-broadcast
 no ip route-cache
 no ip mroute-cache
 load-interval 30
 speed 10 
!
interface Serial1/0:0
 bandwidth 1472
 ip address 6.6.6.1 255.0.0.0
 no ip directed-broadcast
 encapsulation ppp
 no ip route-cache
 load-interval 30
 no fair-queue
 crypto map cmap
!
interface Serial1/0:1
 no ip address
 no ip directed-broadcast
 fair-queue 64 256 0
!
interface Serial1/1:0
 no ip address
 no ip directed-broadcast
!
interface Serial1/1:1
 no ip address
 no ip directed-broadcast
 fair-queue 64 256 0
!
router rip
 network 4.0.0.0
 network 6.0.0.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 111.0.0.1
no ip http server
!
access-list 101 deny   udp any eq rip any
access-list 101 deny   udp any any eq rip
access-list 101 permit ip 6.6.6.0 0.0.0.255 6.6.6.0 0.0.0.255
!
line con 0
 exec-timeout 0 0
 transport input none
line aux 0
line vty 0 4
 password lab
 login    
!
end
 
 

Configuration File for Peer 2

version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Peony
!
logging buffered 100000 debugging
enable password lab
!
ip subnet-zero
no ip domain-lookup
!
crypto isakmp policy 10
 authentication pre-share
crypto isakmp key pre-shared address 6.6.6.1        
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set transform-1 esp-des 
!
crypto map cmap 1 ipsec-isakmp   
 set peer 6.6.6.1
 set transform-set transform-1 
 match address 101
!
controller T1 1/0
 framing esf
 linecode b8zs
 channel-group 0 timeslots 1-23 speed 64
 channel-group 1 timeslots 24 speed 64
!
controller T1 1/1
 channel-group 0 timeslots 1-23 speed 64
 channel-group 1 timeslots 24 speed 64
!
process-max-time 200
!
interface FastEthernet0/0
 ip address 172.0.0.13 255.0.0.0
 no ip directed-broadcast
 no ip mroute-cache
 load-interval 30
 no keepalive
 speed 10
!
interface FastEthernet0/1
 ip address 3.3.3.2 255.0.0.0
 no ip directed-broadcast
 no ip route-cache
 no ip mroute-cache
 load-interval 30
 speed 10
!
interface Serial1/0:0
 bandwidth 1472
 ip address 6.6.6.2 255.0.0.0
 no ip directed-broadcast
 encapsulation ppp
 no ip route-cache
 load-interval 30
 no fair-queue
 crypto map cmap
!
interface Serial1/0:1
 no ip address
 no ip directed-broadcast
 fair-queue 64 256 0
!
interface Serial1/1:0
 no ip address
 no ip directed-broadcast
!
interface Serial1/1:1
 no ip address
 no ip directed-broadcast
 fair-queue 64 256 0
!
router rip
 network 3.0.0.0
 network 6.0.0.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 111.0.0.1
no ip http server
!
access-list 101 deny   udp any eq rip any
access-list 101 deny   udp any any eq rip
access-list 101 permit ip 6.6.6.0 0.0.0.255 6.6.6.0 0.0.0.255
!
line con 0
 exec-timeout 0 0
 transport input none
line aux 0
line vty 0 4
 login
!!
end

Standards Compliance Specifications

For the standards compliance specifications for the ESA see the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/inst_nts/cn11408.htm#xtocid103599At

FCC Class A (or B) Compliance

For the FCC compliance specifications for the ESA see the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/inst_nts/cn11408.htm#xtocid103599At

Translated Safety Warnings

This section describes the following warning types:

Safety Information Referral Warning

Qualified Personnel Warning

Power Supply Warning

Wrist Strap Warning

Faceplates and Cover Panel Requirement

Safety Information Referral Warning


Warning Before you install, operate, or service the system, read the Site Preparation and Safety Guide. This guide contains important safety information you should know before working with the system.

Waarschuwing

Lees de handleiding Voorbereiding en veiligheid van de locatie Handleiding voordat u het systeem installeert of gebruikt of voordat u onderhoud aan het systeem uitvoert. Deze handleiding bevat belangrijke beveiligingsvoorschriften waarvan u op de hoogte moet zijn voordat u met het systeem gaat werken.

Varoitus

Ennen kuin asennat järjestelmän tai käytät tai huollat sitä, lue Asennuspaikan valmistelu-jaturvaopas -opasta. Tässä oppaassa on tärkeitä turvallisuustietoja, jotka tulisi tietää ennen järjestelmän käyttämistä.

Attention

Avant d'installer le système, de l'utiliser ou d'assurer son entretien, veuillez lire le Guide de sécurité et de préparation du site. Celui-ci présente des informations importantes relatives à la sécurité, dont vous devriez prendre connaissance.

Warnung

Warnhinweis Bevor Sie das System installieren, in Betrieb setzen oder warten, lesen Sie die Anleitung zur Standortvorbereitung und Sicherheitshinweise. Dieses Handbuch enthält wichtige Informationen zur Sicherheit, mit denen Sie sich vor dem Verwenden des Systems vertraut machen sollten.

Avvertenza

Prima di installare, mettere in funzione o effettuare interventi di manutenzione sul sistema, leggere le informazioni contenute nella documentazione sulla Guida alla sicurezza. Tale guida contiene importanti informazioni che è necessario acquisire prima di iniziare qualsiasi intervento sul sistema.

Advarsel

Før du installerer, tar i bruk eller utfører vedlikehold på systemet, må du lese Veiledning for stedsklargjøring og sikkerhet. Denne håndboken inneholder viktig informasjon om sikkerhet som du bør være kjent med før du begynner å arbeide med systemet.

Aviso

Antes de instalar, funcionar com, ou prestar assistência ao sistema, leia o Guia de Preparação e Segurança do Local. Este guia contém informações de segurança importantes que deve conhecer antes de trabalhar com o sistema.

¡Advertencia!

Antes de instalar, manejar o arreglar el sistema, le aconsejamos que consulte la Guía de prevención y preparación de una instalación. Esta guía contiene importante información para su seguridad que debe saber antes de comenzar a trabajar con el sistema.

Varning!

Innan du installerar, använder eller utför service på systemet ska du läsa Förberedelser och säkerhet Handbok. Denna handbok innehåller viktig säkerhetsinformation som du bör känna till innan du arbetar med systemet.


Qualified Personnel Warning


Warning Only trained and qualified personnel should be allowed to install or replace this equipment.

Waarschuwing

Installatie en reparaties mogen uitsluitend door getraind en bevoegd personeel uitgevoerd worden.

Varoitus

Ainoastaan koulutettu ja pätevä henkilökunta saa asentaa tai vaihtaa tämän laitteen.

Avertissement

Tout installation ou remplacement de l'appareil doit être réalisé par du personnel qualifié et compétent.

Achtung

Gerät nur von geschultem, qualifiziertem Personal installieren oder auswechseln lassen.

Avvertenza

Solo personale addestrato e qualificato deve essere autorizzato ad installare o sostituire questo apparecchio.

Advarsel

Kun kvalifisert personell med riktig opplæring bør montere eller bytte ut dette utstyret.

Aviso

Este equipamento deverá ser instalado ou substituído apenas por pessoal devidamente treinado e qualificado.

¡Atención!

Estos equipos deben ser instalados y reemplazados exclusivamente por personal técnico adecuadamente preparado y capacitado.

Varning

Denna utrustning ska endast installeras och bytas ut av utbildad och kvalificerad personal.


Power Supply Warning


Warning Do not touch the power supply when the power cord is connected. For systems with a power switch, line voltages are present within the power supply even when the power switch is off and the power cord is connected. For systems without a power switch, line voltages are present within the power supply when the power cord is connected.

Waarschuwing

U dient de voeding niet aan te raken zolang het netsnoer aangesloten is. Bij systemen met een stroomschakelaar zijn er lijnspanningen aanwezig in de voeding, zelfs wanneer de stroomschakelaar uitgeschakeld is en het netsnoer aangesloten is. Bij systemen zonder een stroomschakelaar zijn er lijnspanningen aanwezig in de voeding wanneer het netsnoer aangesloten is.

Varoitus

Älä kosketa virtalähdettä virtajohdon ollessa kytkettynä. Virrankatkaisimella varustetuissa järjestelmissä on virtalähteen sisällä jäljellä verkkojännite, vaikka virrankatkaisin on katkaistu-asennossa virtajohdon ollessa kytkettynä. Järjestelmissä, joissa ei ole virrankatkaisinta, on virtalähteen sisällä verkkojännite, kun virtajohto on kytkettynä.

Attention

Ne pas toucher le bloc d'alimentation quand le cordon d'alimentation est branché. Avec les systèmes munis d'un commutateur marche-arrêt, des tensions de ligne sont présentes dans l'alimentation quand le cordon est branché, même si le commutateur est à l'arrêt. Avec les systèmes sans commutateur marche-arrêt, l'alimentation est sous tension quand le cordon d'alimentation est branché.

Warnung

Berühren Sie das Netzgerät nicht, wenn das Netzkabel angeschlossen ist. Bei Systemen mit Netzschalter liegen Leitungsspannungen im Netzgerät vor, wenn das Netzkabel angeschlossen ist, auch wenn das System ausgeschaltet ist. Bei Systemen ohne Netzschalter liegen Leitungsspannungen im Netzgerät vor, wenn das Netzkabel angeschlossen ist.

Avvertenza

Non toccare l'alimentatore se il cavo dell'alimentazione è collegato. Per i sistemi con un interruttore di alimentazione, tensioni di linea sono presenti all'interno dell'alimentatore anche quando l'interruttore di alimentazione è en posizione di disattivazione (off), se il cavo dell'alimentazione è collegato. Per i sistemi senza un interruttore, tensioni di linea sono presenti all'interno dell'alimentatore quando il cavo di alimentazione è collegato.

Advarsel

Berør ikke strømforsyningsenheten når strømledningen er tilkoblet. I systemer som har en strømbryter, er det spenning i strømforsyningsenheten selv om strømbryteren er slått av og strømledningen er tilkoblet. Når det gjelder systemer uten en strømbryter, er det spenning i strømforsyningsenheten når strømledingen er tilkoblet.

Aviso

Não toque na unidade abastecedora de energia quando o cabo de alimentação estiver ligado. Em sistemas com interruptor, a corrente eléctrica estará presente na unidade abastecedora, sempre que o cabo de alimentação de energia estiver ligado, mesmo quando o interruptor se encontrar desligado. Para sistemas sem interruptor, a tensão eléctrica dentro da unidade abastecedora só estará presente quando o cabo de alimentação estiver ligado.

¡Advertencia!

No tocar la fuente de alimentación mientras el cable esté enchufado. En sistemas con interruptor de alimentación, hay voltajes de línea dentro de la fuente, incluso cuando el interruptor esté en Apagado (OFF) y el cable de alimentación enchufado. En sistemas sin interruptor de alimentación, hay voltajes de línea en la fuente cuando el cable está enchufado.

Varning!

Vidrör inte strömförsörjningsenheten när nätsladden är ansluten. För system med strömbrytare finns det nätspänning i strömförsörjningsenheten även när strömmen har slagits av men nätsladden är ansluten. För system utan strömbrytare finns det nätspänning i strömförsörjningsenheten när nätsladden är ansluten.


Wrist Strap Warning


Warning During this procedure, wear grounding wrist straps to avoid ESD damage to the card. Do not directly touch the backplane with your hand or any metal tool, or you could shock yourself.

Waarschuwing

Draag tijdens deze procedure aardingspolsbanden om te vermijden dat de kaart beschadigd wordt door elektrostatische ontlading. Raak het achterbord niet rechtstreeks aan met uw hand of met een metalen werktuig, omdat u anders een elektrische schok zou kunnen oplopen.

Varoitus

Käytä tämän toimenpiteen aikana maadoitettuja rannesuojia estääksesi kortin vaurioitumisen sähköstaattisen purkauksen vuoksi. Älä kosketa taustalevyä suoraan kädelläsi tai metallisella työkalulla sähköiskuvaaran takia.

Attention

Lors de cette procédure, toujours porter des bracelets antistatiques pour éviter que des décharges électriques n'endommagent la carte. Pour éviter l'électrocution, ne pas toucher le fond de panier directement avec la main ni avec un outil métallique.

Warnung

Zur Vermeidung einer Beschädigung der Karte durch elektrostatische Entladung während dieses Verfahrens ein Erdungsband am Handgelenk tragen. Bei Berührung der Rückwand mit der Hand oder einem metallenen Werkzeug besteht Elektroschockgefahr.

Avvertenza

Durante questa procedura, indossare bracciali antistatici per evitare danni alla scheda causati da un'eventuale scarica elettrostatica. Non toccare direttamente il pannello delle connessioni, né con le mani né con un qualsiasi utensile metallico, perché esiste il pericolo di folgorazione.

Advarsel

Bruk jordingsarmbånd under prosedyren for å unngå ESD-skader på kortet. Unngå direkte berøring av bakplanet med hånden eller metallverktøy, slik at di ikke får elektrisk støt.

Aviso

Durante este procedimento e para evitar danos ESD causados à placa, use fitas de ligação à terra para os pulsos. Para evitar o risco de choque eléctrico, não toque directamente na parte posterior com a mão ou com qualquer ferramenta metálica.

¡Advertencia!

Usartiras conectadas a tierra en las muñecas durante este procedimiento para evitar daños en la tarjeta causados por descargas electrostáticas. No tocar el plano posterior con las manos ni con ninguna herramienta metálica, ya que podría producir un choque eléctrico.

Varning!

Använd jordade armbandsremmar under denna procedur för att förhindra elektrostatisk skada på kortet. Rör inte vid baksidan med handen eller metallverktyg då detta kan orsaka elektrisk stöt.


Faceplates and Cover Panel Requirement


Warning Blank faceplates and cover panels serve three important functions: they prevent exposure to hazardous voltages and currents inside the chassis; they contain electromagnetic interference (EMI) that might disrupt other equipment; and they direct the flow of cooling air through the chassis. Do not operate the system unless all cards, faceplates, front covers, and rear covers are in place.

Waarschuwing

Lege vlakplaten en afdekpanelen vervullen drie belangrijke functies: ze voorkomen blootstelling aan gevaarlijke voltages en stroom binnenin het frame, ze bevatten elektromagnetische storing (EMI) hetgeen andere apparaten kan verstoren en ze leiden de stroom van koellucht door het frame. Het systeem niet bedienen tenzij alle kaarten, vlakplaten en afdekkingen aan de voor- en achterkant zich op hun plaats bevinden.

Varoitus

Tyhjillä tasolaikoilla ja suojapaneeleilla on kolme tärkeää käyttötarkoitusta: Ne suojaavat asennuspohjan sisäisille vaarallisille jännitteille ja sähkövirralle altistumiselta; ne pitävät sisällään elektromagneettisen häiriön (EMI), joka voi häiritä muita laitteita; ja ne suuntaavat tuuletusilman asennuspohjan läpi. Järjestelmää ei saa käyttää, elleivät kaikki tasolaikat, etukannet ja takakannet ole kunnolla paikoillaan.

Attention

Ne jamais faire fonctionner le système sans que l'intégralité des cartes, des plaques métalliques et des panneaux avant et arrière ne soient fixés à leur emplacement. Ceux-ci remplissent trois fonctions essentielles : ils évitent tout risque de contact avec des tensions et des courants dangereux à l'intérieur du châssis, ils évitent toute diffusion d'interférences électromagnétiques qui pourraient perturber le fonctionnement des autres équipements, et ils canalisent le flux d'air de refroidissement dans le châssis.

Warnung

Blanke Faceplates und Abdeckungen haben drei wichtigen Funktionen: (1) Sie schützen vor gefährlichen Spannungen und Strom innerhalb des Chassis; (2) sie halten elektromagnetische Interferenzen (EMI) zurück, die andere Geräte stören könnten; (3) sie lenken den kühlenden Luftstrom durch das Chassis. Das System darf nur betrieben werden, wenn alle Karten, Faceplates, Voder- und Rückabdeckungen an Ort und Stelle sind.

Avvertenza

Le piattaforme bianche e i panelli di protezione hanno tre funzioni importanti: Evitano l'esposizione a voltaggi e correnti elettriche pericolose nello chassis, trattengono le interferenze elettromagnetiche (EMI) che potrebbero scombussolare altri apparati e dirigono il flusso di aria per il raffreddamento attraverso lo chassis. Non mettete in funzione il sistema se le schede, le piattaforme, i panelli frontali e posteriori non sono in posizione.

Advarsel

Blanke ytterplater og deksler sørger for tre viktige funksjoner: de forhindrer utsettelse for farlig spenning og strøm inni kabinettet; de inneholder elektromagnetisk forstyrrelse (EMI) som kan avbryte annet utstyr, og de dirigerer luftavkjølingsstrømmen gjennom kabinettet. Betjen ikke systemet med mindre alle kort, ytterplater, frontdeksler og bakdeksler sitter på plass.

Aviso

As faces furadas e os painéis de protecção desempenham três importantes funções: previnem contra uma exposição perigosa a voltagens e correntes existentes no interior do chassis; previnem contra interferência electromagnética (EMI) que poderá danificar outro equipamento; e canalizam o fluxo do ar de refrigeração através do chassis. Não deverá operar o sistema sem que todas as placas, faces, protecções anteriores e posteriores estejam nos seus lugares.

¡Advertencia!

Las placas frontales y los paneles de relleno cumplen tres funciones importantes: evitan la exposición a niveles peligrosos de voltaje y corriente dentro del chasis; reducen la interferencia electromagnética (EMI) que podría perturbar la operación de otros equipos y dirigen el flujo de aire de enfriamiento a través del chasis. No haga funcionar el sistema a menos que todas las tarjetas, placas frontales, cubiertas frontales y cubiertas traseras estén en su lugar.

Varning!

Tomma framplattor och skyddspaneler har tre viktiga funktioner: de förhindrar att personer utsätts för farlig spänning och ström som finns inuti chassit; de innehåller elektromagnetisk interferens (EMI) som kan störa annan utrustning; och de styr riktningen på kylluftsflödet genom chassit. Använd inte systemet om inte alla kort, framplattor, fram- och bakskydd är på plats.


Related Documentation

For more detailed installation and configuration information, refer to these publications (these are examples only):

Site Preparation and Safety Guide

Catalyst 4000 Family Software Configuration Guide

Catalyst 4000 Access Gateway Module Installation and Configuration Note

Catalyst 4000 8-Port RJ21 FXS Module Installation and Configuration Note

Obtaining Documentation

The following sections provide sources for obtaining documentation from Cisco Systems.

World Wide Web

You can access the most current Cisco documentation on the World Wide Web at the following sites:

http://www.cisco.com

http://www-china.cisco.com

http://www-europe.cisco.com

Documentation CD-ROM

Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM is updated monthly and may be more current than printed documentation. The CD-ROM package is available as a single unit or as an annual subscription.

Ordering Documentation

Cisco documentation is available in the following ways:

Registered Cisco Direct Customers can order Cisco Product documentation from the Networking Products MarketPlace:

http://www.cisco.com/cgi-bin/order/order_root.pl

Registered Cisco.com users can order the Documentation CD-ROM through the online Subscription Store:

http://www.cisco.com/go/subscription

Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco corporate headquarters (California, USA) at 408 526-7208 or, in North America, by calling 800 553-NETS(6387).

Documentation Feedback

If you are reading Cisco product documentation on the World Wide Web, you can submit technical comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco.

You can e-mail your comments to bug-doc@cisco.com.

To submit your comments by mail, for your convenience many documents contain a response card behind the front cover. Otherwise, you can mail your comments to the following address:

Cisco Systems, Inc.
Document Resource Connection
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Obtaining Technical Assistance

Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools. For Cisco.com registered users, additional troubleshooting tools are available from the TAC website.

Cisco.com

Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information and resources at anytime, from anywhere in the world. This highly integrated Internet application is a powerful, easy-to-use tool for doing business with Cisco.

Cisco.com provides a broad range of features and services to help customers and partners streamline business processes and improve productivity. Through Cisco.com, you can find information about Cisco and our networking solutions, services, and programs. In addition, you can resolve technical issues with online technical support, download and test software packages, and order Cisco learning materials and merchandise. Valuable online skill assessment, training, and certification programs are also available.

Customers and partners can self-register on Cisco.com to obtain additional personalized information and services. Registered users can order products, check on the status of an order, access technical support, and view benefits specific to their relationships with Cisco.

To access Cisco.com, go to the following website:

http://www.cisco.com

Technical Assistance Center

The Cisco TAC website is available to all customers who need technical assistance with a Cisco product or technology that is under warranty or covered by a maintenance contract.

Contacting TAC by Using the Cisco TAC Website

If you have a priority level 3 (P3) or priority level 4 (P4) problem, contact TAC by going to the TAC website:

http://www.cisco.com/tac

P3 and P4 level problems are defined as follows:

P3—Your network performance is degraded. Network functionality is noticeably impaired, but most business operations continue.

P4—You need information or assistance on Cisco product capabilities, product installation, or basic product configuration.

In each of the above cases, use the Cisco TAC website to quickly find answers to your questions.

To register for Cisco.com, go to the following website:

http://www.cisco.com/register/

If you cannot resolve your technical issue by using the TAC online resources, Cisco.com registered users can open a case online by using the TAC Case Open tool at the following website:

http://www.cisco.com/tac/caseopen

Contacting TAC by Telephone

If you have a priority level 1(P1) or priority level 2 (P2) problem, contact TAC by telephone and immediately open a case. To obtain a directory of toll-free numbers for your country, go to the following website:

http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml

P1 and P2 level problems are defined as follows:

P1—Your production network is down, causing a critical impact to business operations if service is not restored quickly. No workaround is available.

P2—Your production network is severely degraded, affecting significant aspects of your business operations. No workaround is available.

To submit your comments by mail, for your convenience many documents contain a response card behind the front cover. Otherwise, you can mail your comments to the following address:

Cisco Systems, Inc.
Document Resource Connection
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate and value your comments.