|
|
This document describes how to install and configure the following hardware:
Use this document in conjunction with your router hardware installation guide, software configuration guide, the Regulatory Compliance and Safety Information document for your router, and the applicable Cisco IOS configuration guides and command references. See the "Related Documentation" section.
This document contains the following sections:
 |
Note Before performing procedures described in this document, review the section "Safety Recommendations" section. |
The data encryption Advanced Integration Modules (AIM) and Network Module (NM) provide hardware-based encryption for the Cisco 2600 and 3600 series routers. These data encryption products require Cisco IOS Release 12.1(3)XI, or later. They require one of the Cisco IOS feature sets that includes IPSec.
The data encryption AIMs and NM are hardware Layer 3 (IPSec) encryption modules and provide DES(56-bit) and 3DES(168-bit) IPsec encryption for multiple T1s or E1s of bandwidth. This level of performance is a dramatic increase over that achievable when running IPSec in software on the main CPU of the Cisco 2600 or 3600. These products also have hardware support for DH, RSA, and DSA key generation.
In addition to encryption, the data encryption AIM is intended to increase the security of passwords and various encryption keys over that provided by IOS software and the platform hardware. Specifically, these products have been submitted for Level 2 of the Federal Information Processing Standard (FIPS) 140-1 in general as well as more stringent levels for some parameters such as Level 3 tamper resistance.
Cisco IOS Release 12.1(3)XI or later, is required to use the encryption AIM and network module.
To determine the version of Cisco IOS software running on your router, log in to the router and enter the show version EXEC command:
router> show version Cisco Internetwork Operating System Software IOS (tm) 12.1 Software (c3600-i-mz), Version 12.1(2)X, RELEASE SOFTWARE
Follow these guidelines to ensure general safety:
Safety warnings appear throughout this publication in procedures that, if performed incorrectly, may harm you. A warning symbol precedes each warning statement.
 |
Warning Means danger. You are in a situation that could cause bodily injury. Before you work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with standard practices for preventing accidents. To see translations of the warnings that appear in this publication, refer to the Regulatory Compliance and Safety Information document that accompanied this device. |
Waarschuwing Dit waarschuwingssymbool betekent gevaar. U verkeert in een situatie die lichamelijk letsel kan veroorzaken. Voordat u aan enige apparatuur gaat werken, dient u zich bewust te zijn van de bij elektrische schakelingen betrokken risico's en dient u op de hoogte te zijn van standaard maatregelen om ongelukken te voorkomen. Voor vertalingen van de waarschuwingen die in deze publicatie verschijnen, kunt u het document Regulatory Compliance and Safety Information (Informatie over naleving van veiligheids- en andere voorschriften raadplegen dat bij dit toestel is ingesloten.
Varoitus Tämä varoitusmerkki merkitsee vaaraa. Olet tilanteessa, joka voi johtaa ruumiinvammaan. Ennen kuin työskentelet minkään laitteiston parissa, ota selvää sähkökytkentöihin liittyvistä vaaroista ja tavanomaisista onnettomuuksien ehkäisykeinoista. Tässä julkaisussa esiintyvien varoitusten käännökset löydät laitteen mukana olevasta Regulatory Compliance and Safety Information -kirjasesta (määräysten noudattaminen ja tietoa turvallisuudesta).
Attention Ce symbole d'avertissement indique un danger. Vous vous trouvez dans une situation pouvant causer des blessures ou des dommages corporels. Avant de travailler sur un équipement, soyez conscient des dangers posés par les circuits électriques et familiarisez-vous avec les procédures couramment utilisées pour éviter les accidents. Pour prendre connaissance des traductions d'avertissements figurant dans cette publication, consultez le document Regulatory Compliance and Safety Information (Conformité aux règlements et consignes de sécurité) qui accompagne cet appareil.
Warnung Dieses Warnsymbol bedeutet Gefahr. Sie befinden sich in einer Situation, die zu einer Körperverletzung führen könnte. Bevor Sie mit der Arbeit an irgendeinem Gerät beginnen, seien Sie sich der mit elektrischen Stromkreisen verbundenen Gefahren und der Standardpraktiken zur Vermeidung von Unfällen bewußt. Übersetzungen der in dieser Veröffentlichung enthaltenen Warnhinweise finden Sie im Dokument Regulatory Compliance and Safety Information (Informationen zu behördlichen Vorschriften und Sicherheit), das zusammen mit diesem Gerät geliefert wurde.
Avvertenza Questo simbolo di avvertenza indica un pericolo. La situazione potrebbe causare infortuni alle persone. Prima di lavorare su qualsiasi apparecchiatura, occorre conoscere i pericoli relativi ai circuiti elettrici ed essere al corrente delle pratiche standard per la prevenzione di incidenti. La traduzione delle avvertenze riportate in questa pubblicazione si trova nel documento Regulatory Compliance and Safety Information (Conformità alle norme e informazioni sulla sicurezza) che accompagna questo dispositivo.
Advarsel Dette varselsymbolet betyr fare. Du befinner deg i en situasjon som kan føre til personskade. Før du utfører arbeid på utstyr, må du vare oppmerksom på de faremomentene som elektriske kretser innebærer, samt gjøre deg kjent med vanlig praksis når det gjelder å unngå ulykker. Hvis du vil se oversettelser av de advarslene som finnes i denne publikasjonen, kan du se i dokumentet Regulatory Compliance and Safety Information (Overholdelse av forskrifter og sikkerhetsinformasjon) som ble levert med denne enheten.
Aviso Este símbolo de aviso indica perigo. Encontra-se numa situação que lhe poderá causar danos físicos. Antes de começar a trabalhar com qualquer equipamento, familiarize-se com os perigos relacionados com circuitos eléctricos, e com quaisquer práticas comuns que possam prevenir possíveis acidentes. Para ver as traduções dos avisos que constam desta publicação, consulte o documento Regulatory Compliance and Safety Information (Informação de Segurança e Disposições Reguladoras) que acompanha este dispositivo.
¡Advertencia! Este símbolo de aviso significa peligro. Existe riesgo para su integridad física. Antes de manipular cualquier equipo, considerar los riesgos que entraña la corriente eléctrica y familiarizarse con los procedimientos estándar de prevención de accidentes. Para ver una traducción de las advertencias que aparecen en esta publicación, consultar el documento titulado Regulatory Compliance and Safety Information (Información sobre seguridad y conformidad con las disposiciones reglamentarias) que se acompaña con este dispositivo.
Varning! Denna varningssymbol signalerar fara. Du befinner dig i en situation som kan leda till personskada. Innan du utför arbete på någon utrustning måste du vara medveten om farorna med elkretsar och känna till vanligt förfarande för att förebygga skador. Se förklaringar av de varningar som förkommer i denna publikation i dokumentet Regulatory Compliance and Safety Information (Efterrättelse av föreskrifter och säkerhetsinformation), vilket medföljer denna anordning.
Follow these guidelines when working on equipment powered by electricity:
If an electrical accident occurs, proceed as follows:
Electrostatic discharge (ESD) can damage equipment and impair electrical circuitry. ESD can occur when printed circuit cards are improperly handled and can result in complete or intermittent failures. Always follow ESD prevention procedures when removing and replacing cards. Ensure that the router chassis is electrically connected to earth ground. Wear an ESD-preventive wrist strap, ensuring that it makes good skin contact. Connect the clip to an unpainted surface of the chassis frame to safely channel unwanted ESD voltages to ground. To guard against ESD damage and shocks, the wrist strap and cord must be used properly. If no wrist strap is available, ground yourself by touching the metal part of the chassis.
 |
Caution For safety, periodically check the resistance value of the ESD-preventive wrist strap, which should be between 1 and 10 megohms (Mohm). |
These documents are available for the Cisco 2600 series and Cisco 3600 series on CCO and the Documentation CD-ROM:
On CCO, beginning under the Service & Support heading:
Technical Documents: Documentation Home Page: Access Servers and Access Routers: Modular Access Router
On the Documentation CD-ROM at:
Cisco Product Documentation: Access Servers and Access Routers: Modular Access Routers
You need the following tools and equipment to install an encryption AIM or network module in a chassis:
The encryption AIM does not require an external network connection; it attaches directly to an internal AIM connector located on the system board. (See Figure 1.)
To install an encryption AIM in a Cisco 2600 series router, complete these procedures:
The sections that follow describe these procedures.
This section describes how to open the Cisco 2600 series chassis to access internal components.
|
Warning Do not touch the power supply when the power cord is connected. For systems with a power switch, line voltages are present within the power supply even when the power switch is OFF and the power cord is connected. For systems without a power switch, line voltages are present within the power supply when the power cord is connected. |
|
Warning Before opening the chassis, disconnect the telephone-network cables to avoid contact with telephone-network voltages. |
To remove the chassis cover, do the following:
Step 2 Disconnect all cables from the rear panel of the router.
Step 3 Remove the screws located on the top of the chassis with the Phillips screwdriver. Note that the chassis is comprised of two sections: top and bottom.
Step 4 Holding the chassis with both hands, position it as shown in Figure 2.
Step 5 Slide the top section away from the bottom section as shown in Figure 3.
Step 6 When the top cover is off, set it aside.
To install an encryption AIM, do the following:
|
Note You will reuse one of these screws after the AIM is installed. The other two will be replaced with two long screws that come with the AIM. |
Step 2 Install the plastic standoff (included with your AIM) by pressing the locking end of the plastic standoff into the bottom of the AIM. (See Figure 5 for the location of the standoff.)
Step 3 Align the molded plastic legs on the encryption AIM with the screw holes on the system board and insert the encryption AIM into the AIM connector on the system board. (See Figure 5.)
|
Note Be sure to press down on the encryption AIM until it is seated firmly in the connector. In addition, the plastic standoff must snap firmly into the hole in the system board, and the two molded plastic legs must align with the screw holes on the system board. |
Step 4 Install the bracket (shipped with the encryption AIM) over the two holes on the AIM closest to the AIM connector. (See Figure 5.)
Step 5 Insert one long metal screw (shipped with the encryption AIM) and one of the short screws (removed from the system board) through the holes in the bracket and into the AIM. Hand tighten with a flat-blade screwdriver. (See Figure 5.)
Step 6 Insert the other long metal screw (shipped with the encryption AIM) into the remaining hole in the AIM. Hand tighten with the flat-blade screwdriver. (See Figure 5.)
Step 7 Check that the AIM is installed correctly on the system board. (See Figure 6.)
To close the chassis, do the following:
Step 2 Referring to Figure 3, press the two chassis sections together and ensure the following:
|
Caution To fit the two sections together, it might be necessary to work them together at one end and then the other, working back and forth; however, use care to prevent bending the chassis edges. |
Step 3 When the two sections fit together snugly, slide the chassis top until it fits into the front bezel.
Step 4 Replace the cover screws. Tighten the screws to no more than 8 or 9 inches/pound of torque.
Step 5 Apply the AIM-VPN/BP label that comes with the encryption AIM onto the rear of the chassis. (See Figure 7)
Step 6 Reinstall the chassis on the wall, rack, desktop, or table.
Step 7 Reconnect all cables.
Follow this procedure to install an encryption network module:
|
Caution Cisco 3620 and 3640 routers do not support online insertion and removal of network modules or other system components. To avoid damaging the module, before you insert a network module into a chassis slot, you must turn OFF electrical power and disconnect network cables. |
Before installing an encryption network module in routers that use a DC power supply, be aware of the following:
|
Warning Before performing any of the following procedures, ensure that power is removed from the DC circuit. To ensure that all power is OFF, locate the circuit breaker on the panel board that services the DC circuit, switch the circuit breaker to the OFF position, and tape the switch handle of the circuit breaker in the OFF position. |
Step 2 Using either a number 2 Phillips screwdriver or a regular flat-blade screwdriver, remove the blank filler panel from the chassis slot where you plan to install the module. Save the blank panel for future use.
|
Note The encryption network module can be installed in any available slot in the router chassis. However, the router only supports one installed encryption network module. |
Step 3 Holding the network module by the handle, align it with the guides in the chassis and slide it gently into the slot. (see Figure 8).
Step 4 Push the module into place until you feel its edge connector mate securely with the connector on the backplane.
Step 5 Fasten the module's captive mounting screws into the holes in the chassis, using the Phillips or flat-blade screwdriver.
These screws prevent accidental removal, provide proper grounding for the system, and ensure that the network module connectors are securely seated in the backplane.
Step 6 If the router was previously running, reinstall the network interface cables and turn ON power to the router.
The following warning applies to routers that use a DC power supply:
|
Warning After wiring the DC power supply, remove the tape from the circuit breaker switch handle and reinstate power by moving the handle of the circuit breaker to the ON position. |
When you have finished installing the network module, complete the procedure described in the "Configuring Internet Encryption" section.
Step 7 If the router is not fully configured with network modules, make sure that blank panels fill the unoccupied chassis slots to provide proper airflow. (See Figure 9.)
All network modules have an enable LED. This LED indicates that the module has passed its self-tests and is available to the router. (See Figure 10.)
The encryption AIM does not require an external network connection; it attaches directly to an internal AIM connector on the Cisco 3660 system board. (See Figure 11.)
To install an encryption AIM in a Cisco 3660 router, complete these procedures:
1. Removing the System Board Tray
2. Installing the Encryption AIM
The sections that follow describe these procedures.
This section describes the procedure for removing the Cisco 3660 system board tray. You must remove the system board tray to access the internal components.
|
Warning Before removing the system board tray, disconnect the telephone-network cables to avoid contact with telephone-network voltages. |
|
Warning Do not touch the power supply when the power cord is connected. For systems with a power switch, line voltages are present within the power supply even when the power switch is OFF and the power cord is connected. For systems without a power switch, line voltages are present within the power supply when the power cord is connected. |
To remove the system board tray, do the following:
Step 2 Disconnect all cables from the system board panel.
Step 3 Loosen the captive mounting screw on the front of the system board tray. (See part 1 of Figure 12.)
Step 4 Rotate the tray levers to their open position (out and away from the system board tray). (See part 2 of Figure 12.)
Step 5 Pull the tray levels to slide the system board tray out of the chassis. (See part 3 of Figure 12).
To install an encryption AIM, do the following:
Step 2 Install the metal standoff (included with your AIM) by inserting the threaded end into the system board. Hand tighten with the 3/16 inch nut driver. (See Figure 14 for the location.)
Step 3 Align the molded plastic legs on the encryption AIM with the screw holes on the system board and insert the encryption AIM into the AIM connector on the system board. (See Figure 14.)
|
Note Be sure to press down firmly on the encryption AIM until it seats firmly into the connector. |
Step 4 Attach the metal standoff to the AIM with the small screw included with the AIM. Hand tighten with the flat-blade screwdriver. (See Figure 14.)
Step 5 Insert the two long metal screws (shipped with the encryption AIM) through the holes in the AIM and into the holes where the two system board screws were. Hand tighten with the screwdriver. (See Figure 14.)
Step 6 Check that the AIM is installed correctly on the system board. (See Figure 15.)
To replace the system board tray in the chassis:
Step 2 Push the system board tray into place until you feel its edge connector mate securely with the connector on the backplane. (See part 2 of Figure 16.)
Step 3 Rotate the tray levers in to their closed position so that the system board tray is secure. (See part 3 of Figure 16.)
Step 4 Fasten the system board tray's captive mounting screw into the hole on the chassis, using a Phillips screwdriver. (See part 4 of Figure 16.)
Step 5 Apply the AIM-VPN/HP label that comes with the encryption AIM onto the faceplate of the system board tray. (See Figure 17.)
Step 6 Reinstall the chassis on the wall, rack, desktop, or table.
Step 7 Reconnect all cables.
|
Note There are no commands specific to configuring the encryption hardware. Both software-based and hardware-based encryption are configured in the same way. The system automatically detects the presence of an encryption card at bootup and uses it to encrypt data; if no encryption hardware is detected, software is used to encrypt data. |
Whenever you install a new interface, or if you want to change the configuration of an existing interface, you must configure the interface. If you replace a module that was already configured, the router recognizes it and brings up the interface in the existing configuration.
Before you configure an interface, have the following information available:
 |
TimeSaver Obtain this information from your system administrator or network plan before you begin router configuration. |
This section describes basic encryption configuration including:
|
Note Depending on your own requirements and the protocols you plan to route, you might also need to enter other configuration commands. |
To configure the Internet Key Exchange Security Protocol, follow this procedure:
| Step | Command | Purpose | ||
|---|---|---|---|---|
Step 1 | Router(config)# crypto isakmp policy priority | Create an Internet Key Exchange (IKE) policy with a unique priority number. You can configure multiple policies on each peer, but at least one of these policies must contain exactly the same encryption, authentication and other parameters as one of the policies on the remote peer.
| ||
Step 2 | Router(config-isakmp)# authentication rsa-sig/rsa-encr/pre-share | Use this command to specify the authentication method to be used in an IKE policy.
| ||
Step 3 | Router(config-isakmp)# exit | Enter the exit command to return to global configuration mode. | ||
Step 4 | Router(config)# crypto isakmp key keystring address peer-address/peer-hostname | Configure the authentication key that will be shared by each peer.
|
To configure IPSec network security, follow this procedure:
| Step | Command | Purpose | ||
Step 1 | Router(config)# crypto ipsec security-association lifetime seconds seconds/ kilobytes kilobytes | Specify the time a security association will live before expiring. The default lifetimes are 3600 seconds (one hour) and 4,608,000 kilobytes (10 megabytes per second for one hour). | ||
Step 2 | Router(config)# crypto ipsec transform-set transform-set-name transform1 [transform2 [transform3]] | A transform set represents a specific combination of security protocols and algorithms. During the IPSec security association negotiation, the peers search for a transform set that is the same at both peers. When such a transform set is found, it is selected and will be applied to the protected traffic as part of both peers' IPSec security associations.
| ||
Step 3 | Router(cfg-crypto-trans)# exit | Enter the exit command to return to global configuration mode. | ||
Step 4 | Router(config)# crypto map map-name seq-num ipsec-isakmp [dynamic dynamic-map-name] [discover] | Create a crypto map.
| ||
Step 5 | Router(config-crypto map)# set peer hostname/ip-address | Specify a remote IPSec peer.
| ||
Step 6 | Router(config-crypto map)# set transform-set transform-set-name | Specify the transform set allowed for this crypto map entry.
| ||
Step 7 | Router(config-crypto map)# match address [access-list-id | name] | Specify an extended access list for a crypto map entry. | ||
Step 8 | Router(cfg-crypto-trans)# exit | Enter the exit command to return to global configuration mode. | ||
Step 9 | Router(config)# access-list access-list-number {permit | deny} {type-code wild-mask | address mask}
| Create an access list. |
To configure the T1 channel group, follow this procedure:
| Step | Command | Purpose | ||
|---|---|---|---|---|
Step 1 | Router(config)# controller t1|e1 slot/port | Select a controller.
| ||
Step 2 | Router(config-controller)# clock source line|internal|loop-timed | Specify which end of the circuit provides clocking. | ||
Step 3 | Router(config-controller)# framing sf/esf | Specify the framing type. | ||
Step 4 | Router(config-controller)# linecode ami|b8zs|hdb3 | Specify the line code format. | ||
Step 5 | Router(config-controller)# channel-group channel-number timeslots range speed 48|56|64 | Specify the channel group and time slots to be mapped. | ||
Step 6 | Router(config-controller)# exit | Enter the exit command to return to global configuration mode. |
To configure encryption on the T1 channel group, follow this procedure:
| Step | Command | Purpose | ||
|---|---|---|---|---|
Step 1 | Router (config)# interface Serial number:timeslot | Select the serial interface.
| ||
Step 2 | Router (config-if)# ip address address mask | Specify an ip address followed by the subnet mask for this interface. | ||
Step 3 | Router (config-if)# crypto map map-name | Assign a crypto map to this interface. | ||
Step 4 | Router(config-if)# exit | Enter the exit command to return to global configuration mode. | ||
Step 5 | Router(config)# exit | Enter the exit command to return to the enable prompt. | ||
Step 6 | Router# show running-config | Display the current operating configuration, including any changes just made. | ||
Step 7 | Router# show startup-config | Display the configuration currently stored in nonvolatile random-access memory (NVRAM). | ||
Step 8 | Router# copy running-config startup-config | To write your changes to NVRAM, making them permanent, enter the command copy running-config startup-config at the enable prompt.
| ||
Step 9 | Router# reload | Boot the router with the new configuration. |
For complete information about global configuration commands, and about configuring LAN and WAN interfaces on your router, refer to the Cisco IOS configuration guides and command references.
After configuring the new interface, you can use the following commands to verify that the new interface is operating correctly:
|
Note Hardware encryption is the default with the encryption AIM installed. You may enable software encryption by using the no crypto engine accel command. This command is useful for debugging problems with the encryption module or testing features available only with software encryption. |
|
Note If you have questions or need help, refer to the section "Obtaining Technical Assistance" section. |
This section contains sample configuration files for two peer routers set up to exchange encrypted data through a secure IPSec tunnel over a channelized T1 interface channel group, serial 1/0:0.
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Rose
!
logging buffered 100000 debugging
enable password lab
!
ip subnet-zero
no ip domain-lookup
!
!
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key pre-shared address 6.6.6.2
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set transform-1 esp-des
!
!
crypto map cmap 1 ipsec-isakmp
set peer 6.6.6.2
set transform-set transform-1
match address 101
!
!
controller T1 1/0
framing esf
linecode b8zs
channel-group 0 timeslots 1-23 speed 64
channel-group 1 timeslots 24 speed 64
!
controller T1 1/1
channel-group 0 timeslots 1-23 speed 64
channel-group 1 timeslots 24 speed 64
!
!
process-max-time 200
!
interface FastEthernet0/0
ip address 111.0.0.2 255.0.0.0
no ip directed-broadcast
no ip route-cache
no ip mroute-cache
speed 10
!
interface Serial0/0
no ip address
no ip directed-broadcast
shutdown
!
interface FastEthernet0/1
ip address 4.4.4.1 255.0.0.0
no ip directed-broadcast
no ip route-cache
no ip mroute-cache
load-interval 30
speed 10
!
interface Serial1/0:0
bandwidth 1472
ip address 6.6.6.1 255.0.0.0
no ip directed-broadcast
encapsulation ppp
no ip route-cache
load-interval 30
no fair-queue
crypto map cmap
!
interface Serial1/0:1
no ip address
no ip directed-broadcast
fair-queue 64 256 0
!
interface Serial1/1:0
no ip address
no ip directed-broadcast
!
interface Serial1/1:1
no ip address
no ip directed-broadcast
fair-queue 64 256 0
!
router rip
network 4.0.0.0
network 6.0.0.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 111.0.0.1
no ip http server
!
access-list 101 deny udp any eq rip any
access-list 101 deny udp any any eq rip
access-list 101 permit ip 6.6.6.0 0.0.0.255 6.6.6.0 0.0.0.255
!
line con 0
exec-timeout 0 0
transport input none
line aux 0
line vty 0 4
password lab
login
!
!
end
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Peony
!
logging buffered 100000 debugging
enable password lab
!
!
!
!
!
ip subnet-zero
no ip domain-lookup
!
!
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key pre-shared address 6.6.6.1
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set transform-1 esp-des
!
!
crypto map cmap 1 ipsec-isakmp
set peer 6.6.6.1
set transform-set transform-1
match address 101
!
!
controller T1 1/0
framing esf
linecode b8zs
channel-group 0 timeslots 1-23 speed 64
channel-group 1 timeslots 24 speed 64
!
controller T1 1/1
channel-group 0 timeslots 1-23 speed 64
channel-group 1 timeslots 24 speed 64
!
!
process-max-time 200
!
interface FastEthernet0/0
ip address 172.0.0.13 255.0.0.0
no ip directed-broadcast
no ip mroute-cache
load-interval 30
no keepalive
speed 10
!
interface FastEthernet0/1
ip address 3.3.3.2 255.0.0.0
no ip directed-broadcast
no ip route-cache
no ip mroute-cache
load-interval 30
speed 10
!
interface Serial1/0:0
bandwidth 1472
ip address 6.6.6.2 255.0.0.0
no ip directed-broadcast
encapsulation ppp
no ip route-cache
load-interval 30
no fair-queue
crypto map cmap
!
interface Serial1/0:1
no ip address
no ip directed-broadcast
fair-queue 64 256 0
!
interface Serial1/1:0
no ip address
no ip directed-broadcast
!
interface Serial1/1:1
no ip address
no ip directed-broadcast
fair-queue 64 256 0
!
router rip
network 3.0.0.0
network 6.0.0.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 111.0.0.1
no ip http server
!
access-list 101 deny udp any eq rip any
access-list 101 deny udp any any eq rip
access-list 101 permit ip 6.6.6.0 0.0.0.255 6.6.6.0 0.0.0.255
!
line con 0
exec-timeout 0 0
transport input none
line aux 0
line vty 0 4
login
!
!
end
You can access the most current Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM is updated monthly. Therefore, it is probably more current than printed documentation. The CD-ROM package is available as a single unit or as an annual subscription.
Registered CCO users can order the Documentation CD-ROM and other Cisco Product documentation through our online Subscription Services at http://www.cisco.com/cgi-bin/subcat/kaojump.cgi.
Nonregistered CCO users can order documentation through a local account representative by calling Cisco's corporate headquarters (California, USA) at 408 526-4000 or, in North America, call 800 553-NETS (6387).
Cisco provides Cisco Connection Online (CCO) as a starting point for all technical assistance. Warranty or maintenance contract customers can use the Technical Assistance Center. All customers can submit technical feedback on Cisco documentation using the web, e-mail, a self-addressed stamped response card included in many printed documents, or by sending mail to Cisco.
Cisco continues to revolutionize how business is done on the Internet. Cisco Connection Online is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information and resources at anytime, from anywhere in the world. This highly integrated Internet application is a powerful, easy-to-use tool for doing business with Cisco.
CCO's broad range of features and services helps customers and partners to streamline business processes and improve productivity. Through CCO, you will find information about Cisco and our networking solutions, services, and programs. In addition, you can resolve technical issues with online support services, download and test software packages, and order Cisco learning materials and merchandise. Valuable online skill assessment, training, and certification programs are also available.
Customers and partners can self-register on CCO to obtain additional personalized information and services. Registered users may order products, check on the status of an order and view benefits specific to their relationships with Cisco.
You can access CCO in the following ways:
You can e-mail questions about using CCO to cco-team@cisco.com.
The Cisco Technical Assistance Center (TAC) is available to warranty or maintenance contract customers who need technical assistance with a Cisco product that is under warranty or covered by a maintenance contract.
To display the TAC web site that includes links to technical support information and software upgrades and for requesting TAC support, use www.cisco.com/techsupport.
To contact by e-mail, use one of the following:
Language | E-mail Address |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
In North America, TAC can be reached at 800 553-2447 or 408 526-7209. For other telephone numbers and TAC e-mail addresses worldwide, consult the following web site: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml.
If you have a CCO log-in account, you can access the following URL, which contains links and tips on configuring your Cisco products:
http://www.cisco.com/kobayashi/technotes/serv_tips.shtml
This URL is subject to change without notice. If it changes, point your Web browser to CCO, press Login, and click on this path: Technical Assistance Center: Technical Tips.
The following sections are provided from the Technical Tips page:
If you are reading Cisco product documentation on the World Wide Web, you can submit technical comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco.
You can e-mail your comments to bug-doc@cisco.com.
To submit your comments by mail, for your convenience many documents contain a response card behind the front cover. Otherwise, you can mail your comments to the following address:
Cisco Systems, Inc.
Document Resource Connection
170 West Tasman Drive
San Jose, CA 95134-9883
We appreciate and value your comments.
Posted: Wed Sep 20 08:40:45 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.