Table Of Contents
Catalyst 4000 Encryption Service Adapter Installation and Configuration Note
Contents
Overview
Top View of the Module
Bottom View of the Module
Safety Overview
Requirements
Hardware Requirements
Software Requirements
Verifying the Software Version
Required Tools
Installing the Encryption Service Adapter
Using Catalyst 4000 Slots
Removing the Access Gateway Module
Installing the Encryption Service Adapter
Reinstalling the Access Gateway Module
Configuring the Encryption Service Adapter
Configuring the T1 Channel Group
Configuring the Internet Key Exchange Security Protocol
Configuring IPSec Network Security
Configuring Encryption on the T1 Channel Group Serial Interface
Verifying the Configuration
Sample Configurations
Encrypting Traffic Between Two Networks
Exchanging Encrypted Data Through an IPSec Tunnel
Standards Compliance Specifications
FCC Class A (or B) Compliance
Translated Safety Warnings
Safety Information Referral Warning
Qualified Personnel Warning
Power Supply Warning
Wrist Strap Warning
Faceplates and Cover Panel Requirement
Related Documentation
Obtaining Documentation
World Wide Web
Documentation CD-ROM
Ordering Documentation
Documentation Feedback
Obtaining Technical Assistance
Cisco.com
Technical Assistance Center
Contacting TAC by Using the Cisco TAC Website
Contacting TAC by Telephone
Catalyst 4000 Encryption Service Adapter Installation and Configuration Note
Product Numbers: WS-U4604-ESA(=)
This publication contains the procedures for installing and configuring the Catalyst 4000 Encryption Service Adapter for the Access Gateway Module.
Note 
For translations of the warnings in this publication, see the "Translated Safety Warnings" section.
Contents
This publication consists of these sections:
•Overview
•Safety Overview
•Requirements
•Verifying the Software Version
•Required Tools
•Installing the Encryption Service Adapter
•Configuring the Encryption Service Adapter
•Verifying the Configuration
•Standards Compliance Specifications
•FCC Class A (or B) Compliance
•Translated Safety Warnings
•Related Documentation
•Obtaining Documentation
•Obtaining Technical Assistance
Overview
The Encryption Service Adapter (ESA) is a high-performance data encryption module that implements data encryption and authentication algorithms. The ESA attaches to the Peripheral Component Interconnect (PCI) connector on the Catalyst 4000 Access Gateway Module.
The ESA includes a public key math processor and a hardware random number generator. These features support public key cryptography for key generation, exchange, and authentication. The ESA can encrypt and authenticate two full duplex T1 or two E1 communication links. Each data line can be channelized with a separate encryption context. The ESA provides IPSec Data Encryption Standard (DES) 56-bit and 3DES 168-bit encryption.
The remainder of this section includes the following topics:
•Top View of the Module
•Bottom View of the Module
Top View of the Module
Figure 1 shows a top view of the ESA.
Figure 1 Top View of the Encryption Service Adapter
Bottom View of the Module
Figure 2 shows a bottom view of the ESA, including the PCI connector.
Figure 2 Bottom View of the Encryption Service Adapter
Safety Overview
Safety warnings appear in this publication together with procedures that may harm you if you perform them incorrectly. A warning symbol precedes each warning statement.
|
Warning This warning symbol means danger. You are in a situation that could cause bodily injury. Before you work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with standard practices for preventing accidents. To see translations of the warnings that appear in this publication, refer to the "Translated Safety Warnings" section in this document.
|
Waarschuwing
|
Dit waarschuwingssymbool betekent gevaar. U verkeert in een situatie die lichamelijk letsel kan veroorzaken. Voordat u aan enige apparatuur gaat werken, dient u zich bewust te zijn van de bij elektrische schakelingen betrokken risico's en dient u op de hoogte te zijn van standaard maatregelen om ongelukken te voorkomen. Voor vertalingen van de waarschuwingen die in deze publicatie verschijnen, kunt u het gedeelte "Translated Safety Warnings" (Vertalingen van veiligheidsvoorschriften) raadplegen in dit document.
|
Varoitus
|
Tämä varoitusmerkki merkitsee vaaraa. Olet tilanteessa, joka voi johtaa ruumiinvammaan. Ennen kuin työskentelet minkään laitteiston parissa, ota selvää sähkökytkentöihin liittyvistä vaaroista ja tavanomaisista onnettomuuksien ehkäisykeinoista. Tässä julkaisussa esiintyvien varoitusten käännökset löydät tämän asiakirjan "Translated Safety Warnings" (käännetyt turvallisuutta koskevat varoitukset).
|
Attention
|
Ce symbole d'avertissement indique un danger. Vous vous trouvez dans une situation pouvant causer des blessures ou des dommages corporels. Avant de travailler sur un équipement, soyez conscient des dangers posés par les circuits électriques et familiarisez-vous avec les procédures couramment utilisées pour éviter les accidents. Pour prendre connaissance des traductions d'avertissements figurant dans cette publication, consultez la section « Translated Safety Warnings » (Traduction des avis de sécurité) de ce document.
|
Warnung
|
Dieses Warnsymbol bedeutet Gefahr. Sie befinden sich in einer Situation, die zu einer Körperverletzung führen könnte. Bevor Sie mit der Arbeit an irgendeinem Gerät beginnen, seien Sie sich der mit elektrischen Stromkreisen verbundenen Gefahren und der Standardpraktiken zur Vermeidung von Unfällen bewußt. Übersetzungen der in dieser Veröffentlichung enthaltenen Warnhinweise finden Sie im Abschnitt "Translated Safety Warnings" (Übersetzung der Warnhinweise) in diesem Dokument.
|
Avvertenza
|
Questo simbolo di avvertenza indica un pericolo. La situazione potrebbe causare infortuni alle persone. Prima di lavorare su qualsiasi apparecchiatura, occorre conoscere i pericoli relativi ai circuiti elettrici ed essere al corrente delle pratiche standard per la prevenzione di incidenti. La traduzione delle avvertenze riportate in questa pubblicazione si trova nella documento "Translated Safety Warnings" (Traduzione delle avvertenze di sicurezza) nel presente documento.
|
Advarsel
|
Dette varselsymbolet betyr fare. Du befinner deg i en situasjon som kan føre til personskade. Før du utfører arbeid på utstyr, må du vare oppmerksom på de faremomentene som elektriske kretser innebærer, samt gjøre deg kjent med vanlig praksis når det gjelder å unngå ulykker. Hvis du vil se oversettelser av de advarslene som finnes i denne publikasjonen, kan du se i avsnittet "Translated Safety Warnings" [Oversatte sikkerhetsadvarsler] i dette dokumentet.
|
Aviso
|
Este símbolo de aviso indica perigo. Encontra-se numa situação que lhe poderá causar danos físicos. Antes de começar a trabalhar com qualquer equipamento, familiarize-se com os perigos relacionados com circuitos eléctricos, e com quaisquer práticas comuns que possam prevenir possíveis acidentes. Para ver as traduções dos avisos que constam desta publicação, consulte a secção "Translated Safety Warnings" - "Traduções dos Avisos de Segurança" neste documento.
|
¡Advertencia!
|
Este símbolo de aviso significa peligro. Existe riesgo para su integridad física. Antes de manipular cualquier equipo, considerar los riesgos que entraña la corriente eléctrica y familiarizarse con los procedimientos estándar de prevención de accidentes. Para ver una traducción de las advertencias que aparecen en esta publicación, consultar la sección titulada "Translated Safety Warnings" que aparece en este documento.
|
Varning!
|
Denna varningssymbol signalerar fara. Du befinner dig i en situation som kan leda till personskada. Innan du utför arbete på någon utrustning måste du vara medveten om farorna med elkretsar och känna till vanligt förfarande för att förebygga skador. Om du vill se översättningar av de varningar som visas i denna publikation, se avsnittet "Translated Safety Warnings" [Översatta säkerhetsvarningar] i detta dokument.
|
Warning Before you install, operate, or service the system, read the Site Preparation and Safety Guide. This guide contains important safety information you should know before working with the system.
Warning Only trained and qualified personnel should be allowed to install or replace this equipment.
Requirements
The ESA has both hardware and software requirements:
•Hardware Requirements
•Software Requirements
Hardware Requirements
The ESA requires a minimum of 8 MB of IO memory. If you configure a lower value with the memory-size iomem command, the system automatically changes this value to the minimum amount required.
Software Requirements
The software requirements are as follows:
•Cisco IOS Release 12.1(5)YF or later
•Cisco IOS feature set that includes IPSec
Verifying the Software Version
To verify the version of Cisco IOS software on your Catalyst 4000 Access Gateway Module, follow this procedure:
Step 1 Log in to IOS through either an ASCII terminal or a PC running emulation software.
Step 2 Enter the show version command in EXEC mode.
For example:
Cisco Internetwork Operating System Software
IOS (tm) 12.1 Software (c4gwy-io3s56i-mz), Version 12.1(5)YF, RELEASE SOFTWARE
Required Tools
You need these tools to install the ESA:
•Small flat-head screwdriver
•Number 1 and 2 Phillips screwdrivers
•Antistatic mat or foam
•ESD-preventive wrist strap or other grounding device
Installing the Encryption Service Adapter
Before installing the ESA, you must remove the Access Gateway Module from Catalyst 4000 family switches.
Note If you are installing the Access Gateway Module for the first time, install the ESA before you install the Access Gateway Module.
To install the ESA, follow the procedures in the following sections:
•Using Catalyst 4000 Slots
•Removing the Access Gateway Module
•Installing the Encryption Service Adapter
•Reinstalling the Access Gateway Module
Using Catalyst 4000 Slots
The Catalyst 4000 family switch reserves the top slot (slot 1) for a supervisor engine. You can use slots 2 or 3 (on the Catalyst 4003 switch, or slots 2 to 5 on the Catalyst 4006 switch) for other modules, such as the Access Gateway Module. Figure 3 shows the supervisor engine and switching module slots on the Catalyst 4003 switch.
Figure 3 Catalyst 4003 Switch Chassis
Warning Only trained and qualified personnel should be allowed to install, replace, or service this equipment.
Removing the Access Gateway Module
To remove a module from a Catalyst 4000 family switch, follow this procedure:
Warning Do not touch the power supply when the power cord is connected. For systems with a power switch, line voltages are present within the power supply even when the power switch is OFF and the power cord is connected. For systems without a power switch, line voltages are present within the power supply when the power cord is connected.
Warning During this procedure, wear grounding wrist straps to avoid ESD damage to the card. Do not directly touch the backplane with your hand or any metal tool, or you could shock yourself.
Caution To prevent ESD damage, handle modules by the carrier edges only.
To remove the Access Gateway Module from a Catalyst 4000 family switch, follow this procedure:
Step 1 Disconnect any network interface cables attached to the ports on the module.
Step 2 Loosen the captive installation screws (as shown in Figure 4) using the small flat-head or number 1 Phillips screwdriver.
Figure 4 Captive Installation Screws and Ejector Levers
Step 3 Grasp the left and right ejector levers and simultaneously pivot the levers outward to release the module from the backplane connector. Figure 4 shows a close-up of the right ejector lever.
Step 4 Grasp the module front panel with one hand and place your other hand under the module to support and guide it out of the slot, as shown in Figure 5. Do not touch the printed circuit boards or connector pins.
Figure 5 Removing the Access Gateway Module from the Catalyst 4000 Switch
Step 5 Carefully pull the Access Gateway Module straight out of the slot.
Step 6 Place the Access Gateway Module on an antistatic mat or antistatic foam, or immediately install it in another slot.
Step 7 If the slot will remain empty, install a module filler plate (part number 800-00292-01) to keep dust out of the chassis, to maintain proper airflow through the module compartment, and to prevent exposure to hazardous voltages and currents.
Warning Blank faceplates and cover panels serve three important functions: they prevent exposure to hazardous voltages and currents inside the chassis; they contain electromagnetic interference (EMI) that might disrupt other equipment; and they direct the flow of cooling air through the chassis. Do not operate the system unless all cards, faceplates, front covers, and rear covers are in place.
Caution Before connecting system power or turning on the switch, ensure that the system is connected to a supplementary ground. For complete instructions on connecting the supplementary ground, refer to the Catalyst 4000 Family Installation Guide.
Warning Before you install, operate, or service the system, read the Site Preparation and Safety Guide. This guide contains important safety information you should know before working with the system.
Installing the Encryption Service Adapter
To install the ESA, follow this procedure:
Step 1 Remove the Access Gateway Module as described in the previous section.
Step 2 Remove the three metal screws in the standoffs nearest the PCI connector with a small flat-head or number 2 Phillips screwdriver. Figure 6 shows the location of the screws.
Figure 6 Removing the Three Screws from the Standoffs
Note In the illustration, we assume that you have already installed the Catalyst 4000 8-Port RJ21 FXS module. If not, refer to the Catalyst 4000 8-Port RJ21 FXS Module Installation and Configuration Note.
Step 3 Align the three holes on the ESA with the standoffs on the Access Gateway Module.
Step 4 Press down on the ESA until it is seated firmly in the PCI connector. Figure 7 shows how to align the adapter.
Figure 7 Aligning the Encryption Service Adapter and Reinstalling the
Six Screws into the Access Gateway Module
.
Step 5 Reinsert the screws (removed from the Access Gateway Module) through the holes in the adapter. Hand tighten with the flat-head or Phillips screwdriver.
Step 6 After you have installed the ESA, the Access Gateway Module should look like Figure 8.
Figure 8 Installed Encryption Service Adapter
Reinstalling the Access Gateway Module
To reinstall the Access Gateway Module, follow this procedure:
Step 1 Connect an ASCII terminal or a PC running terminal emulation software to the console port on the supervisor engine.
Step 2 Choose a slot for the Access Gateway Module. Ensure that you have enough clearance to accommodate any interface equipment that you will connect directly to the Access Gateway Module ports. If possible, place modules between empty slots that contain only module filler plates.
Step 3 Align the sides of the Access Gateway Module with the guides in the slot (see Figure 9).
Figure 9 Reinstalling the Access Gateway Module in the Chassis
Step 4 Insert the Access Gateway Module into the slot until its front panel contacts the ejector levers. (See Figure 4 for an illustration of the ejector levers.) Avoid touching the components on the board.
Step 5 Using the thumb and forefinger of each hand, simultaneously push the left and right ejector levers in to seat the Access Gateway Module all the way into the backplane connector.
Caution Always use the ejector levers when installing or removing modules. A module that is only partially seated in the backplane causes the system to halt.
Step 6 Use the flat-head or number 1 Phillips screwdriver to tighten the captive installation screws on the left and right sides of the Access Gateway Module. (See Figure 4.)
Step 7 Check the status of the Access Gateway Module as follows:
a. After the module has booted and run diagnostics, ensure that its Status LED is green, indicating that the module is operational.
b. Enter the show module command to verify that the system acknowledges the Access Gateway Module and reports its Status as ok in the screen display.
Configuring the Encryption Service Adapter
This section contains the following topics:
•Configuring the T1 Channel Group
•Configuring the Internet Key Exchange Security Protocol
•Configuring IPSec Network Security
•Configuring Encryption on the T1 Channel Group Serial Interface
•Verifying the Configuration
•Sample Configurations
Configuring the T1 Channel Group
Your first step toward configuring the ESA is to establish a T1 connection. This means defining the characteristics of a configuration group (such as speed and slot number).
To configure the T1 channel group, follow this procedure:
| |
Command
|
Purpose
|
Step 1
|
Gateway(config)# controller {t1|e1} slot|port
|
Select a controller and enter controller configuration mode.
|
Step 2
|
Gateway(config-controller)# clock source
{line|internal|loop-timed}
|
Specify which end of the circuit provides clocking.
|
Step 3
|
Gateway(config-controller)# framing {sf|esf}
|
Specify the framing type.
|
Step 4
|
Gateway(config-controller)# linecode
{ami|b8zs|hdb3}
|
Specify the line code format.
|
Step 5
|
Gateway(config-controller)# channel-group
channel_number timeslots range
|
Specify the channel group and time slots to be mapped.
|
Step 6
|
Gateway(config-controller)# exit
|
Return to global configuration mode.
|
Configuring the Internet Key Exchange Security Protocol
Your second step is to establish a key exchange for encryption. This requires that you configure an exchange protocol.
To configure Internet Key Exchange (IKE) Security Protocol, follow this procedure:
| |
Command
|
Purpose
|
Step 1
|
Gateway(config)# crypto isakmp policy priority
|
Create an IKE policy with a unique priority number and enter ISAKMP policy configuration mode.
Note You can configure multiple policies on each peer, but at least one of these policies must contain exactly the same encryption, authentication, and other parameters as one of the policies on the remote peer.
|
Step 2
|
Gateway(config-isakmp)# authentication
{rsa-sig|rsa-encr|pre-share}
|
Specify the authentication method to be used in an IKE policy.
|
Step 3
|
Gateway(config-isakmp)# exit
|
Return to global configuration mode.
|
Step 4
|
Gateway(config)# crypto isakmp key keystring address peer_address|peer_hostname
|
Configure the authentication key for each peer that shares a key.
|
Note For information on how to create a private/public key and to download a certificate, refer to the following website: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/
scprt4/scdipsec.htm
Configuring IPSec Network Security
Your third step is to define how the T1 data will be handled.
To configure IPSec network security, follow this procedure:
Step
|
Command
|
Purpose
|
Step 1
|
Gateway(config)# crypto ipsec security-association
lifetime seconds seconds kilobytes kilobytes
|
Specify the lifetime of a security association. The default lifetimes are 3600 seconds (one hour) and 4608000 kilobytes (10 megabytes per second for one hour).
|
Step 2
|
Gateway(config)# crypto ipsec transform-set
transform_set_name transform1 [transform2
[transform3]]
|
Specify a transform set and enter transform-set configuration mode.
Note A transform set represents a specific combination of security protocols and algorithms. During the IPSec security association negotiation, the peers search for a transform set that is the same on both peers. When such a transform set is found, it is selected applied to the protected traffic as part of both peers' IPSec security associations.
|
Step 3
|
Gateway(cfg-crypto-trans)# exit
|
Return to global configuration mode.
|
Step 4
|
Gateway(config)# crypto map map_name seq_num ipsec-isakmp [dynamic dynamic_map_name] [discover]
|
Create a crypto map. Enter crypto map configuration mode, unless you use the dynamic keyword.
|
Step 5
|
Gateway(config-crypto map)# set peer hostname|ip_address
|
Specify a remote IPSec peer.
Note This is the same peer specified in Step 4 in the previous procedure, Configuring the Internet Key Exchange Security Protocol.
|
Step 6
|
Gateway(config-crypto map)# set transform-set transform_set_name
|
Specify the transform set allowed for this crypto map entry.
Note This should be the same transform set specified in Step 2 of this procedure.
|
Step 7
|
Gateway(config-crypto map)# match address [access_list_id | name]
|
Specify an extended access list for a crypto map entry.
|
Step 8
|
Gateway(cfg-crypto-trans)# exit
|
Return to global configuration mode.
|
Step 9
|
Gateway(config)# access-list access_list_number
{permit | deny} {type_code wild_mask | address mask}
|
Create an access list.
|
Configuring Encryption on the T1 Channel Group Serial Interface
Your fourth step is to configure a T1 serial interface with an IP address and a crypto map.
To configure encryption on the T1 channel group, follow this procedure:
Step
|
Command
|
Purpose
|
Step 1
|
Gateway (config)# interface serial
slot|port:timeslot
|
Select the serial interface and enter interface configuration mode
|
Step 2
|
Gateway (config-if)# ip address address mask
|
Specify an IP address followed by the subnet mask for this interface.
|
Step 3
|
Gateway (config-if)# crypto map map_name
|
Assign a crypto map to this interface.
|
Step 4
|
|
Return to global configuration mode.
|
Step 5
|
|
Return to the enable prompt.
|
Step 6
|
Gateway# show running-config
|
Display the current operating configuration, including any changes just made.
|
Step 7
|
Gateway# show startup-config
|
Display the configuration currently stored in nonvolatile random-access memory (NVRAM).
|
Step 8
|
Gateway# copy running-config startup-config
|
Write your changes to NVRAM at the enable prompt.
Note The results of the show running-config and show startup-config commands differ if you have made changes to the configuration but have not yet written them to NVRAM.
|
For complete information about configuration commands and about configuring LAN and WAN interfaces on your switch, refer to the Cisco IOS configuration guides and command references.
Verifying the Configuration
After configuring the new interface, use the following commands to verify that it is operating correctly:
•show version—Display the router hardware configuration. Check that the list includes the new interface.
•show controllers—Display all network modules and their interfaces.
•show interfaces [type slot/port]—Display the details of a specified interface. Verify that the first line of the display shows the correct slot and port number and that the interface and line protocol are in the correct state (up or down).
•show protocols—Display the protocols configured for the entire router and for individual interfaces. If necessary, add or remove protocol routing on the router or its interfaces.
•show running-config—Display the running configuration.
•show startup-config—Display the configuration stored in NVRAM.
•ping—Send an echo request to a specified IP address.
Note When you install the ESA hardware encryption is enabled by default . You can enable software encryption with the no crypto engine accel command. This command is useful for debugging problems with the ESA or for testing features available only with software encryption.
Note If you have questions or need help, see Obtaining Technical Assistance.
Sample Configurations
The following topics are discussed:
•Encrypting Traffic Between Two Networks
•Exchanging Encrypted Data Through an IPSec Tunnel
Encrypting Traffic Between Two Networks
This sample configuration shows how to encrypt traffic between a private network (10.103.1.x) and a public network (98.98.98.x) using IPSec. The 98.98.98.x network knows the 10.103.1.x network by the private addresses. The 10.103.1.x network knows the 98.98.98.x network by the public addresses.
Configuration File for the 3640-2b "Public" Router
rp-3640-2b#show running config
Building configuration...
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
ip audit po max-events 100
crypto isakmp key cisco123 address 95.95.95.2
crypto ipsec transform-set rtpset esp-des esp-md5-hmac
crypto map rtp 1 ipsec-isakmp
ip address 98.98.98.1 255.255.255.0
ip address 99.99.99.2 255.255.255.0
ip route 0.0.0.0 0.0.0.0 99.99.99.1
access-list 115 permit ip 98.98.98.0 0.0.0.255 10.103.1.0 0.0.0.255
access-list 115 deny ip 98.98.98.0 0.0.0.255 any
Configuration File for the 3640-6a "Private" Router
rp-3640-6a#show running config
Building configuration...
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
enable secret 5 $1$S/yK$RE603ZNv8N71GDYDbdMWd0
ip audit PO max-events 100
isdn switch-type basic-5ess
isdn voice-call-failure 0
crypto isakmp key cisco123 address 99.99.99.2
crypto ipsec transform-set rtpset esp-des esp-md5-hmac
crypto map rtp 1 ipsec-isakmp
isdn switch-type basic-5ess
ip address 95.95.95.2 255.255.255.0
ip address 10.103.1.75 255.255.255.0
ip nat pool FE30 95.95.95.10 95.95.95.10 netmask 255.255.255.0
ip nat inside source route-map nonat pool FE30 overload
ip route 0.0.0.0 0.0.0.0 95.95.95.1
ip route 171.68.120.0 255.255.255.0 10.103.1.1
access-list 110 deny ip 10.103.1.0 0.0.0.255 98.98.98.0 0.0.0.255
access-list 110 permit ip 10.103.1.0 0.0.0.255 any
access-list 115 permit ip 10.103.1.0 0.0.0.255 98.98.98.0 0.0.0.255
access-list 115 deny ip 10.103.1.0 0.0.0.255 any
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
route-map nonat permit 10
tftp-server flash:c3640-io3s56i-mz.120-7.T
Exchanging Encrypted Data Through an IPSec Tunnel
This section contains sample configuration files for two peer routers set up to exchange encrypted data through a secure IPSec tunnel over a channelized T1 interface channel group, serial 1/0:0.
Configuration File for Peer 1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
logging buffered 100000 debugging
crypto isakmp key pre-shared address 6.6.6.2
crypto ipsec security-association lifetime seconds 86400
crypto ipsec transform-set transform-1 esp-des
crypto map cmap 1 ipsec-isakmp
set transform-set transform-1
channel-group 0 timeslots 1-23 speed 64
channel-group 1 timeslots 24 speed 64
channel-group 0 timeslots 1-23 speed 64
channel-group 1 timeslots 24 speed 64
interface FastEthernet0/0
ip address 111.0.0.2 255.0.0.0
interface FastEthernet0/1
ip address 4.4.4.1 255.0.0.0
ip address 6.6.6.1 255.0.0.0
ip route 0.0.0.0 0.0.0.0 111.0.0.1
access-list 101 deny udp any eq rip any
access-list 101 deny udp any any eq rip
access-list 101 permit ip 6.6.6.0 0.0.0.255 6.6.6.0 0.0.0.255
Configuration File for Peer 2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
logging buffered 100000 debugging
crypto isakmp key pre-shared address 6.6.6.1
crypto ipsec security-association lifetime seconds 86400
crypto ipsec transform-set transform-1 esp-des
crypto map cmap 1 ipsec-isakmp
set transform-set transform-1
channel-group 0 timeslots 1-23 speed 64
channel-group 1 timeslots 24 speed 64
channel-group 0 timeslots 1-23 speed 64
channel-group 1 timeslots 24 speed 64
interface FastEthernet0/0
ip address 172.0.0.13 255.0.0.0
interface FastEthernet0/1
ip address 3.3.3.2 255.0.0.0
ip address 6.6.6.2 255.0.0.0
ip route 0.0.0.0 0.0.0.0 111.0.0.1
access-list 101 deny udp any eq rip any
access-list 101 deny udp any any eq rip
access-list 101 permit ip 6.6.6.0 0.0.0.255 6.6.6.0 0.0.0.255
Standards Compliance Specifications
For the standards compliance specifications for the ESA see the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/inst_nts/cn11408.htm#xtocid103599At
FCC Class A (or B) Compliance
For the FCC compliance specifications for the ESA see the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/inst_nts/cn11408.htm#xtocid103599At
Translated Safety Warnings
This section describes the following warning types:
•Safety Information Referral Warning
•Qualified Personnel Warning
•Power Supply Warning
•Wrist Strap Warning
•Faceplates and Cover Panel Requirement
Safety Information Referral Warning
|
Warning Before you install, operate, or service the system, read the Site Preparation and Safety Guide. This guide contains important safety information you should know before working with the system.
|
Waarschuwing
|
Lees de handleiding Voorbereiding en veiligheid van de locatie Handleiding voordat u het systeem installeert of gebruikt of voordat u onderhoud aan het systeem uitvoert. Deze handleiding bevat belangrijke beveiligingsvoorschriften waarvan u op de hoogte moet zijn voordat u met het systeem gaat werken.
|
Varoitus
|
Ennen kuin asennat järjestelmän tai käytät tai huollat sitä, lue Asennuspaikan valmistelu-jaturvaopas -opasta. Tässä oppaassa on tärkeitä turvallisuustietoja, jotka tulisi tietää ennen järjestelmän käyttämistä.
|
Attention
|
Avant d'installer le système, de l'utiliser ou d'assurer son entretien, veuillez lire le Guide de sécurité et de préparation du site. Celui-ci présente des informations importantes relatives à la sécurité, dont vous devriez prendre connaissance.
|
Warnung
|
Warnhinweis Bevor Sie das System installieren, in Betrieb setzen oder warten, lesen Sie die Anleitung zur Standortvorbereitung und Sicherheitshinweise. Dieses Handbuch enthält wichtige Informationen zur Sicherheit, mit denen Sie sich vor dem Verwenden des Systems vertraut machen sollten.
|
Avvertenza
|
Prima di installare, mettere in funzione o effettuare interventi di manutenzione sul sistema, leggere le informazioni contenute nella documentazione sulla Guida alla sicurezza. Tale guida contiene importanti informazioni che è necessario acquisire prima di iniziare qualsiasi intervento sul sistema.
|
Advarsel
|
Før du installerer, tar i bruk eller utfører vedlikehold på systemet, må du lese Veiledning for stedsklargjøring og sikkerhet. Denne håndboken inneholder viktig informasjon om sikkerhet som du bør være kjent med før du begynner å arbeide med systemet.
|
Aviso
|
Antes de instalar, funcionar com, ou prestar assistência ao sistema, leia o Guia de Preparação e Segurança do Local. Este guia contém informações de segurança importantes que deve conhecer antes de trabalhar com o sistema.
|
¡Advertencia!
|
Antes de instalar, manejar o arreglar el sistema, le aconsejamos que consulte la Guía de prevención y preparación de una instalación. Esta guía contiene importante información para su seguridad que debe saber antes de comenzar a trabajar con el sistema.
|
Varning!
|
Innan du installerar, använder eller utför service på systemet ska du läsa Förberedelser och säkerhet Handbok. Denna handbok innehåller viktig säkerhetsinformation som du bör känna till innan du arbetar med systemet.
|
Qualified Personnel Warning
|
Warning Only trained and qualified personnel should be allowed to install or replace this equipment.
|
Waarschuwing
|
Installatie en reparaties mogen uitsluitend door getraind en bevoegd personeel uitgevoerd worden.
|
Varoitus
|
Ainoastaan koulutettu ja pätevä henkilökunta saa asentaa tai vaihtaa tämän laitteen.
|
Avertissement
|
Tout installation ou remplacement de l'appareil doit être réalisé par du personnel qualifié et compétent.
|
Achtung
|
Gerät nur von geschultem, qualifiziertem Personal installieren oder auswechseln lassen.
|
Avvertenza
|
Solo personale addestrato e qualificato deve essere autorizzato ad installare o sostituire questo apparecchio.
|
Advarsel
|
Kun kvalifisert personell med riktig opplæring bør montere eller bytte ut dette utstyret.
|
Aviso
|
Este equipamento deverá ser instalado ou substituído apenas por pessoal devidamente treinado e qualificado.
|
¡Atención!
|
Estos equipos deben ser instalados y reemplazados exclusivamente por personal técnico adecuadamente preparado y capacitado.
|
Varning
|
Denna utrustning ska endast installeras och bytas ut av utbildad och kvalificerad personal.
|
Power Supply Warning
|
Warning Do not touch the power supply when the power cord is connected. For systems with a power switch, line voltages are present within the power supply even when the power switch is off and the power cord is connected. For systems without a power switch, line voltages are present within the power supply when the power cord is connected.
|
Waarschuwing
|
U dient de voeding niet aan te raken zolang het netsnoer aangesloten is. Bij systemen met een stroomschakelaar zijn er lijnspanningen aanwezig in de voeding, zelfs wanneer de stroomschakelaar uitgeschakeld is en het netsnoer aangesloten is. Bij systemen zonder een stroomschakelaar zijn er lijnspanningen aanwezig in de voeding wanneer het netsnoer aangesloten is.
|
Varoitus
|
Älä kosketa virtalähdettä virtajohdon ollessa kytkettynä. Virrankatkaisimella varustetuissa järjestelmissä on virtalähteen sisällä jäljellä verkkojännite, vaikka virrankatkaisin on katkaistu-asennossa virtajohdon ollessa kytkettynä. Järjestelmissä, joissa ei ole virrankatkaisinta, on virtalähteen sisällä verkkojännite, kun virtajohto on kytkettynä.
|
Attention
|
Ne pas toucher le bloc d'alimentation quand le cordon d'alimentation est branché. Avec les systèmes munis d'un commutateur marche-arrêt, des tensions de ligne sont présentes dans l'alimentation quand le cordon est branché, même si le commutateur est à l'arrêt. Avec les systèmes sans commutateur marche-arrêt, l'alimentation est sous tension quand le cordon d'alimentation est branché.
|
Warnung
|
Berühren Sie das Netzgerät nicht, wenn das Netzkabel angeschlossen ist. Bei Systemen mit Netzschalter liegen Leitungsspannungen im Netzgerät vor, wenn das Netzkabel angeschlossen ist, auch wenn das System ausgeschaltet ist. Bei Systemen ohne Netzschalter liegen Leitungsspannungen im Netzgerät vor, wenn das Netzkabel angeschlossen ist.
|
Avvertenza
|
Non toccare l'alimentatore se il cavo dell'alimentazione è collegato. Per i sistemi con un interruttore di alimentazione, tensioni di linea sono presenti all'interno dell'alimentatore anche quando l'interruttore di alimentazione è en posizione di disattivazione (off), se il cavo dell'alimentazione è collegato. Per i sistemi senza un interruttore, tensioni di linea sono presenti all'interno dell'alimentatore quando il cavo di alimentazione è collegato.
|
Advarsel
|
Berør ikke strømforsyningsenheten når strømledningen er tilkoblet. I systemer som har en strømbryter, er det spenning i strømforsyningsenheten selv om strømbryteren er slått av og strømledningen er tilkoblet. Når det gjelder systemer uten en strømbryter, er det spenning i strømforsyningsenheten når strømledingen er tilkoblet.
|
Aviso
|
Não toque na unidade abastecedora de energia quando o cabo de alimentação estiver ligado. Em sistemas com interruptor, a corrente eléctrica estará presente na unidade abastecedora, sempre que o cabo de alimentação de energia estiver ligado, mesmo quando o interruptor se encontrar desligado. Para sistemas sem interruptor, a tensão eléctrica dentro da unidade abastecedora só estará presente quando o cabo de alimentação estiver ligado.
|
¡Advertencia!
|
No tocar la fuente de alimentación mientras el cable esté enchufado. En sistemas con interruptor de alimentación, hay voltajes de línea dentro de la fuente, incluso cuando el interruptor esté en Apagado (OFF) y el cable de alimentación enchufado. En sistemas sin interruptor de alimentación, hay voltajes de línea en la fuente cuando el cable está enchufado.
|
Varning!
|
Vidrör inte strömförsörjningsenheten när nätsladden är ansluten. För system med strömbrytare finns det nätspänning i strömförsörjningsenheten även när strömmen har slagits av men nätsladden är ansluten. För system utan strömbrytare finns det nätspänning i strömförsörjningsenheten när nätsladden är ansluten.
|
Wrist Strap Warning
|
Warning During this procedure, wear grounding wrist straps to avoid ESD damage to the card. Do not directly touch the backplane with your hand or any metal tool, or you could shock yourself.
|
Waarschuwing
|
Draag tijdens deze procedure aardingspolsbanden om te vermijden dat de kaart beschadigd wordt door elektrostatische ontlading. Raak het achterbord niet rechtstreeks aan met uw hand of met een metalen werktuig, omdat u anders een elektrische schok zou kunnen oplopen.
|
Varoitus
|
Käytä tämän toimenpiteen aikana maadoitettuja rannesuojia estääksesi kortin vaurioitumisen sähköstaattisen purkauksen vuoksi. Älä kosketa taustalevyä suoraan kädelläsi tai metallisella työkalulla sähköiskuvaaran takia.
|
Attention
|
Lors de cette procédure, toujours porter des bracelets antistatiques pour éviter que des décharges électriques n'endommagent la carte. Pour éviter l'électrocution, ne pas toucher le fond de panier directement avec la main ni avec un outil métallique.
|
Warnung
|
Zur Vermeidung einer Beschädigung der Karte durch elektrostatische Entladung während dieses Verfahrens ein Erdungsband am Handgelenk tragen. Bei Berührung der Rückwand mit der Hand oder einem metallenen Werkzeug besteht Elektroschockgefahr.
|
Avvertenza
|
Durante questa procedura, indossare bracciali antistatici per evitare danni alla scheda causati da un'eventuale scarica elettrostatica. Non toccare direttamente il pannello delle connessioni, né con le mani né con un qualsiasi utensile metallico, perché esiste il pericolo di folgorazione.
|
Advarsel
|
Bruk jordingsarmbånd under prosedyren for å unngå ESD-skader på kortet. Unngå direkte berøring av bakplanet med hånden eller metallverktøy, slik at di ikke får elektrisk støt.
|
Aviso
|
Durante este procedimento e para evitar danos ESD causados à placa, use fitas de ligação à terra para os pulsos. Para evitar o risco de choque eléctrico, não toque directamente na parte posterior com a mão ou com qualquer ferramenta metálica.
|
¡Advertencia!
|
Usartiras conectadas a tierra en las muñecas durante este procedimiento para evitar daños en la tarjeta causados por descargas electrostáticas. No tocar el plano posterior con las manos ni con ninguna herramienta metálica, ya que podría producir un choque eléctrico.
|
Varning!
|
Använd jordade armbandsremmar under denna procedur för att förhindra elektrostatisk skada på kortet. Rör inte vid baksidan med handen eller metallverktyg då detta kan orsaka elektrisk stöt.
|
Faceplates and Cover Panel Requirement
|
Warning Blank faceplates and cover panels serve three important functions: they prevent exposure to hazardous voltages and currents inside the chassis; they contain electromagnetic interference (EMI) that might disrupt other equipment; and they direct the flow of cooling air through the chassis. Do not operate the system unless all cards, faceplates, front covers, and rear covers are in place.
|
Waarschuwing
|
Lege vlakplaten en afdekpanelen vervullen drie belangrijke functies: ze voorkomen blootstelling aan gevaarlijke voltages en stroom binnenin het frame, ze bevatten elektromagnetische storing (EMI) hetgeen andere apparaten kan verstoren en ze leiden de stroom van koellucht door het frame. Het systeem niet bedienen tenzij alle kaarten, vlakplaten en afdekkingen aan de voor- en achterkant zich op hun plaats bevinden.
|
Varoitus
|
Tyhjillä tasolaikoilla ja suojapaneeleilla on kolme tärkeää käyttötarkoitusta: Ne suojaavat asennuspohjan sisäisille vaarallisille jännitteille ja sähkövirralle altistumiselta; ne pitävät sisällään elektromagneettisen häiriön (EMI), joka voi häiritä muita laitteita; ja ne suuntaavat tuuletusilman asennuspohjan läpi. Järjestelmää ei saa käyttää, elleivät kaikki tasolaikat, etukannet ja takakannet ole kunnolla paikoillaan.
|
Attention
|
Ne jamais faire fonctionner le système sans que l'intégralité des cartes, des plaques métalliques et des panneaux avant et arrière ne soient fixés à leur emplacement. Ceux-ci remplissent trois fonctions essentielles : ils évitent tout risque de contact avec des tensions et des courants dangereux à l'intérieur du châssis, ils évitent toute diffusion d'interférences électromagnétiques qui pourraient perturber le fonctionnement des autres équipements, et ils canalisent le flux d'air de refroidissement dans le châssis.
|
Warnung
|
Blanke Faceplates und Abdeckungen haben drei wichtigen Funktionen: (1) Sie schützen vor gefährlichen Spannungen und Strom innerhalb des Chassis; (2) sie halten elektromagnetische Interferenzen (EMI) zurück, die andere Geräte stören könnten; (3) sie lenken den kühlenden Luftstrom durch das Chassis. Das System darf nur betrieben werden, wenn alle Karten, Faceplates, Voder- und Rückabdeckungen an Ort und Stelle sind.
|
Avvertenza
|
Le piattaforme bianche e i panelli di protezione hanno tre funzioni importanti: Evitano l'esposizione a voltaggi e correnti elettriche pericolose nello chassis, trattengono le interferenze elettromagnetiche (EMI) che potrebbero scombussolare altri apparati e dirigono il flusso di aria per il raffreddamento attraverso lo chassis. Non mettete in funzione il sistema se le schede, le piattaforme, i panelli frontali e posteriori non sono in posizione.
|
Advarsel
|
Blanke ytterplater og deksler sørger for tre viktige funksjoner: de forhindrer utsettelse for farlig spenning og strøm inni kabinettet; de inneholder elektromagnetisk forstyrrelse (EMI) som kan avbryte annet utstyr, og de dirigerer luftavkjølingsstrømmen gjennom kabinettet. Betjen ikke systemet med mindre alle kort, ytterplater, frontdeksler og bakdeksler sitter på plass.
|
Aviso
|
As faces furadas e os painéis de protecção desempenham três importantes funções: previnem contra uma exposição perigosa a voltagens e correntes existentes no interior do chassis; previnem contra interferência electromagnética (EMI) que poderá danificar outro equipamento; e canalizam o fluxo do ar de refrigeração através do chassis. Não deverá operar o sistema sem que todas as placas, faces, protecções anteriores e posteriores estejam nos seus lugares.
|
¡Advertencia!
|
Las placas frontales y los paneles de relleno cumplen tres funciones importantes: evitan la exposición a niveles peligrosos de voltaje y corriente dentro del chasis; reducen la interferencia electromagnética (EMI) que podría perturbar la operación de otros equipos y dirigen el flujo de aire de enfriamiento a través del chasis. No haga funcionar el sistema a menos que todas las tarjetas, placas frontales, cubiertas frontales y cubiertas traseras estén en su lugar.
|
Varning!
|
Tomma framplattor och skyddspaneler har tre viktiga funktioner: de förhindrar att personer utsätts för farlig spänning och ström som finns inuti chassit; de innehåller elektromagnetisk interferens (EMI) som kan störa annan utrustning; och de styr riktningen på kylluftsflödet genom chassit. Använd inte systemet om inte alla kort, framplattor, fram- och bakskydd är på plats.
|
Related Documentation
For more detailed installation and configuration information, refer to these publications (these are examples only):
•Site Preparation and Safety Guide
•Catalyst 4000 Family Software Configuration Guide
•Catalyst 4000 Access Gateway Module Installation and Configuration Note
•Catalyst 4000 8-Port RJ21 FXS Module Installation and Configuration Note
Obtaining Documentation
The following sections provide sources for obtaining documentation from Cisco Systems.
World Wide Web
You can access the most current Cisco documentation on the World Wide Web at the following sites:
•http://www.cisco.com
•http://www-china.cisco.com
•http://www-europe.cisco.com
Documentation CD-ROM
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM is updated monthly and may be more current than printed documentation. The CD-ROM package is available as a single unit or as an annual subscription.
Ordering Documentation
Cisco documentation is available in the following ways:
•Registered Cisco Direct Customers can order Cisco Product documentation from the Networking Products MarketPlace:
http://www.cisco.com/public/ordsum.html
•Registered Cisco.com users can order the Documentation CD-ROM through the online Subscription Store:
http://www.cisco.com/go/subscription
•Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco corporate headquarters (California, USA) at 408 526-7208 or, in North America, by calling 800 553-NETS(6387).
Documentation Feedback
If you are reading Cisco product documentation on the World Wide Web, you can submit technical comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco.
You can e-mail your comments to bug-doc@cisco.com.
To submit your comments by mail, for your convenience many documents contain a response card behind the front cover. Otherwise, you can mail your comments to the following address:
Cisco Systems, Inc.
Document Resource Connection
170 West Tasman Drive
San Jose, CA 95134-9883
We appreciate your comments.
Obtaining Technical Assistance
Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools. For Cisco.com registered users, additional troubleshooting tools are available from the TAC website.
Cisco.com
Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information and resources at anytime, from anywhere in the world. This highly integrated Internet application is a powerful, easy-to-use tool for doing business with Cisco.
Cisco.com provides a broad range of features and services to help customers and partners streamline business processes and improve productivity. Through Cisco.com, you can find information about Cisco and our networking solutions, services, and programs. In addition, you can resolve technical issues with online technical support, download and test software packages, and order Cisco learning materials and merchandise. Valuable online skill assessment, training, and certification programs are also available.
Customers and partners can self-register on Cisco.com to obtain additional personalized information and services. Registered users can order products, check on the status of an order, access technical support, and view benefits specific to their relationships with Cisco.
To access Cisco.com, go to the following website:
http://www.cisco.com
Technical Assistance Center
The Cisco TAC website is available to all customers who need technical assistance with a Cisco product or technology that is under warranty or covered by a maintenance contract.
Contacting TAC by Using the Cisco TAC Website
If you have a priority level 3 (P3) or priority level 4 (P4) problem, contact TAC by going to the TAC website:
http://www.cisco.com/tac
P3 and P4 level problems are defined as follows:
•P3—Your network performance is degraded. Network functionality is noticeably impaired, but most business operations continue.
•P4—You need information or assistance on Cisco product capabilities, product installation, or basic product configuration.
In each of the above cases, use the Cisco TAC website to quickly find answers to your questions.
To register for Cisco.com, go to the following website:
http://www.cisco.com/register/
If you cannot resolve your technical issue by using the TAC online resources, Cisco.com registered users can open a case online by using the TAC Case Open tool at the following website:
http://www.cisco.com/tac/caseopen
Contacting TAC by Telephone
If you have a priority level 1(P1) or priority level 2 (P2) problem, contact TAC by telephone and immediately open a case. To obtain a directory of toll-free numbers for your country, go to the following website:
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
P1 and P2 level problems are defined as follows:
•P1—Your production network is down, causing a critical impact to business operations if service is not restored quickly. No workaround is available.
•P2—Your production network is severely degraded, affecting significant aspects of your business operations. No workaround is available.
To submit your comments by mail, for your convenience many documents contain a response card behind the front cover. Otherwise, you can mail your comments to the following address:
Cisco Systems, Inc.
Document Resource Connection
170 West Tasman Drive
San Jose, CA 95134-9883
We appreciate and value your comments.
