Name: Cisco 2811
Brand: Cisco
Rating: 5 (1 reviews)

To Next Page

To Previous Page

Cisco 2811 and Cisco 2821 Integrated Services Router FIPS 140-2 Non Proprietary Security Policy

OL-8663-01

Secure Operation of the Cisco 2811 or Cisco 2821 router

–

3DES Known Answer Test

–

SHA-1 Known Answer Test

–

HMAC-SHA-1 Known Answer Test

Secure Operation of the Cisco 2811 or Cisco 2821 router

The Cisco 2811 and Cisco 2821 routers meet all the Level 2 requirements for FIPS 140-2. Follow the

setting instructions provided below to place the module in FIPS-approved mode. Operating this router

without maintaining the following settings will remove the module from the FIPS approved mode of

operation.

Initial Setup

• The Crypto Officer must apply tamper evidence labels as described in the “Physical Security”

section on page 12 of this document.

• The Crypto Officer must disable IOS Password Recovery by executing the following commands:

configure terminal

no service password-recovery

end

show version

Note Once Password Recovery is disabled, administrative access to the module without the password will not

be possible.

System Initialization and Configuration

• The Crypto Officer must perform the initial configuration. IOS version 12.3(11)T03, Advanced

Security build (advsecurity) is the only allowable image; no other image should be loaded.

• The value of the boot field must be 0x0102. This setting disables break from the console to the ROM

monitor and automatically boots the IOS image. From the “configure terminal” command line, the

Crypto Officer enters the following syntax:

config-register 0x0102

• The Crypto Officer must create the “enable” password for the Crypto Officer role. The password

must be at least 8 characters to include at least one number and one letter and is entered when the

Crypto Officer first engages the “enable” command. The Crypto Officer enters the following syntax

at the “#” prompt:

enable secret [PASSWORD]

• The Crypto Officer must always assign passwords (of at least 8 characters) to users. Identification

and authentication on the console port is required for Users. From the “configure terminal”

command line, the Crypto Officer enters the following syntax:

line con 0

password [PASSWORD]

Questions and Answers:

Need help?

Do you have a question about the Cisco 2811 and is the answer not in the manual?

Cisco 2811 Specifications

General

Full duplex	Yes
Networking standards	-
Ethernet LAN data rates	10, 100 Mbit/s
Supports ISDN connection	No
Safety	UL 60950, CAN/CSA C22.2 No. 60950, IEC 60950, EN 60950-1, AS/NZS 60950
Flash memory	128 MB
Internal memory	256 MB
I/O ports	2 x USB\\r 2 x 10/100 Base-T
Ethernet LAN (RJ-45) ports	2
Storage temperature (T-T)	-40 - 70 °C
Firewall security	Cisco IOS
Security algorithms	128-bit AES, 192-bit AES, 256-bit AES, 3DES, DES
Product color	Blue, Stainless steel
Rack capacity	1U