Cisco Systems OL-16066-01 manual

K-1 User Guide for Cisco Security Manager 3.2 OL-16066-01 APPENDIX K Router Platform User Interface Reference The main pages a vail able in Cisco Security Manager for conf iguring and managing platform-specif ic policies on Ci sco IOS routers are d iscussed in the follo wing topics: N A T policies: • N A T Policy Page, page K-3 Interface policies[...]

Appendix K Router Platform User Interface Reference K-2 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 • CPU Policy Page, page K-107 • Device Access policies: – HTTP Policy Page, page K-110 – Console Policy Page, page K-117 – VTY Policy Page, page K-12 9 – Secure Shell Policy Page, page K- 147 – SNMP Policy Page, page K-149 ?[...]

K-3 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence NAT Policy Page Ti p Use the Policy Management page in the Securit y Manager Administ ration windo w to control which r outer platform p olicy p ages are a v ailable in Secu rity Manager . For more information, see Polic y Management Pag[...]

Appendix K Router Platform User Interface Reference NAT Policy Page K-4 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Navigation Path Go to the NA T Polic y Page, page K-3 , then click the Interface Specifi cation tab . Related Topics • N A T Page—Static Rules T ab, page K-6 • N A T Page —Dynamic Rules T ab, page K-12 • N A T Pa[...]

K-5 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence NAT Policy Page Field Reference Edit Interfaces Dialog B ox—NAT Outside Interfaces When you conf igure a translation rules polic y on a Cisco IOS router , use the Edit Interfaces dial og box to specify which inte rfaces will act as the[...]

Appendix K Router Platform User Interface Reference NAT Policy Page K-6 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Field Reference NAT Page—Static Rules Tab Use the N A T Static Rules tab to create, edit, and delete static address translation rules. For more information, see Def inin g Static NA T Rules, page 1 5-8 . Navigation Path [...]

K-7 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence NAT Policy Page Field Reference Ti p T o choose which co lumns to display in the t a ble, right-click a column h eader , then select Show Columns . F or more information about table disp lay options, see T able Columns and Column Heading[...]

Appendix K Router Platform User Interface Reference NAT Policy Page K-8 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Related Topics • Defining Static N A T Rules, pa ge 15-8 • Disabling the Alias Opt ion for Attached Subnets, page 15-15 • Disabling the P ayload Option for Over lapping Networks, page 15-15 • Basic Interface Sett i[...]

K-9 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence NAT Policy Page T ranslated Address The type of address translation to perform: • Specify IP—The IP address that acts as the translated address. Enter an address or the name of a network/ host object in the T ranslated IP/Network f i[...]

Appendix K Router Platform User Interface Reference NAT Policy Page K-10 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Port Redirection Applies o nly when Static Port is the selected static rule type. Redirect Port—When se lected, specifie s port informatio n for the inside de vice in the translation. This enables you to use the same pu[...]

K-11 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence NAT Policy Page Adv anced Applies only when using the T ran slated IP option for address translation. Defines ad vanced options: • No Alias—When selected , prohibits an alias from being created for the global address. The alias opti[...]

Appendix K Router Platform User Interface Reference NAT Policy Page K-12 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 NAT Page—Dynamic Rules Tab Use the N A T Dynamic Rules tab to crea te, edit, and delete dynamic address translation rules. A dynamic add ress translation rule dynamically maps ho sts to addresses, using eith er the glob[...]

K-13 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence NAT Policy Page Ti p T o choose which co lumns to display in the t a ble, right-click a column h eader , then select Show Columns . F or more information about table disp lay options, see T able Columns and Column Heading F eatures, pag[...]

Appendix K Router Platform User Interface Reference NAT Policy Page K-14 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Field Reference T able K-7 NA T Dynamic Rule Dialo g Bo x Element Description T raff ic Flo w Access List —The ex tended A CL that sp ecif ies the traf fic requiring dynamic translation. Enter the name of an A CL object[...]

K-15 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence NAT Policy Page NAT Page—Timeouts Tab Use the N A T T imeouts tab to vie w or modify the def a ult timeout v alues for P A T (ov erload) translatio ns. Thes e timeouts cause a dynamic transl ation to e xpire after a defin e d period o[...]

Appendix K Router Platform User Interface Reference NAT Policy Page K-16 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Related Topics • Specifying N A T Timeouts, page 15-19 • N A T Page—Int erface Specif ication T ab, page K-3 • N A T Page—Static Rules T ab, page K-6 • N A T Page —Dynamic Rules T ab, page K-12 Field Referen[...]

K-17 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Router Interfaces Page Router Interfaces Page Use the Router Interfaces page to vi ew , create, edit, and delete interf ace definitions (physical and v irtual) on a selected Cisco IOS router . The Router Interfaces page displays interfa[...]

Appendix K Router Platform User Interface Reference Router Interfaces Page K-18 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Field Reference Ti p T o choose which co lumns to display in the t a ble, right-click a column h eader , then select Show Columns . F or more information about table disp lay options, see T able Columns and Column [...]

K-19 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Router Interfaces Page Note Unlike other rout er policies, the Interf aces policy cannot be shared among multiple de vices. The Advanced Settings polic y , howe ver , may be shared. See Local Policies vs. Shared Policies, page 7-4 . Nav[...]

Appendix K Router Platform User Interface Reference Router Interfaces Page K-20 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Subinterf a ce ID Applies only to su binterfaces. The ID number of the subinterface. IP The source of the IP address for the interface: • Static IP—Defines a static IP addres s and subnet mask for the interface[...]

K-21 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Router Interfaces Page Layer T y pe The OSI layer at which the interface is defined: • Unkno wn—The layer is unknown. • Layer 2—The data link laye r , which contains the protocols th at control the physical la yer (Layer 1 ) and[...]

Appendix K Router Platform User Interface Reference Router Interfaces Page K-22 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Speed Applies only to Fast Ethernet and Gigabit Ethernet interfaces. The speed of the interface: • 10—10 me gabits per second ( 10Base-T networks ). • 100—100 meg abits per second (100Base-T networks). This[...]

K-23 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Router Interfaces Page VLAN ID Ap plies only to subi nterfaces with encapsulation t ype DO T1Q. The VLAN ID associated with this subinterface. The VLAN ID spe cifies where 802.1Q tagged packets are sent and received on this subinterface[...]

Appendix K Router Platform User Interface Reference Router Interfaces Page K-24 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Interface Auto Name Generator Dialog Box Use the Interface Auto Name Generator dialog box to have Securi ty Manager generate a name for the interface based on the interface typ e and its location in the router . Na[...]

K-25 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Advanced Interfa ce Settings Page Field Reference Advanced Interface Settings Page Use the Advanced Interface Settings pa ge to view , create , edit, and delete adv a nced interf ace definitions (physical and v irtual) on a selected Cis[...]

Appendix K Router Platform User Interface Reference Advanced Interface Settings Page K-26 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Navigation Path • ( De vice view ) Select Interfaces > Settings > Adv anced Settings from the Policy selector . • ( Polic y vie w ) Select Router Interfaces > Settings > Advanced Settings [...]

K-27 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Advanced Interfa ce Settings Page Ti p T o choose which co lumns to display in the t a ble, right-click a column h eader , then select Show Columns . F or more information about table disp lay options, see T able Columns and Column Head[...]

Appendix K Router Platform User Interface Reference Advanced Interface Settings Page K-28 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Field Reference T able K-13 Adv anced Interf ace Settings Dialog Bo x Element Description Interface The interface on which the adv anced settin gs are defined. Enter the na me of an interface or interface[...]

K-29 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Advanced Interfa ce Settings Page TCP Maximum Segment Size The maximum segment size (MSS) of TCP SYN pac kets that pass through this interface. V alid values range from 500 to 1460 b ytes. If you do not specify a v alue, the MSS is dete[...]

Appendix K Router Platform User Interface Reference Advanced Interface Settings Page K-30 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Cisco Discovery Protocol settings Enable CDP When selected, the Cisco D iscov e ry Protocol (CDP) is enabl ed on this interface. This the def a ult. When deselected, CDP is di sabled on this interf ace. C[...]

K-31 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Advanced Interfa ce Settings Page ICMP Messages settings Enable Redirect Messages When selected, enables the sendi ng of Internet Control Message Protocol (ICMP) redirect messages if the device is forced to resend a packet through the s[...]

Appendix K Router Platform User Interface Reference Advanced Interface Settings Page K-32 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Additional settings Enable V irtual Fragment Reassembly (VFR) When selected, virtual f ragmentation reassembly (VFR) is enab led on this interface. When deselected, disabl es VFR. This is the default. VFR[...]

K-33 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Advanced Interfa ce Settings Page Enable Directed Broadcasts When selected, directed broadcast pack ets are “exploded” as a link-layer broadcast when th is interface is direc tly connected to the destination subnet. When deselected,[...]

Appendix K Router Platform User Interface Reference AIM-IPS Interface Settings Page K-34 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 AIM-IPS Interface Settings Page Use the AIM-IPS Interface Setting s page to def ine the settings on the Ci sco Intrusion Pre vention System Adv anced Integr ation Module. Y ou can install AIM-IPS in Cisco [...]

K-35 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence AIM-IPS Interfa ce Settings Page Ti p T o choose which co lumns to display in the t a ble, right-click a column h eader , then select Show Columns . F or more information about table disp lay options, see T able Columns and Column Headi[...]

Appendix K Router Platform User Interface Reference Dialer Policy Page K-36 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Related Topics • Basic Interface Sett ings on Cisco IOS Routers, page 15-20 Field Reference Dialer Policy Page Use the Dialer page to de fine the re lationship b etween physical Basic Rate Interface (BRI) and virtual[...]

K-37 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Dialer Policy Page • ( Polic y vie w ) Select Router Interfaces > Settin gs > Dialer from the Policy T ype selector . Right-click Dial er to create a policy , or select an existing policy from th e Shar ed Policy selector . Rela[...]

Appendix K Router Platform User Interface Reference Dialer Policy Page K-38 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Ti p T o choose which co lumns to display in the t a ble, right-click a column h eader , then select Show Columns . F or more information about table disp lay options, see T able Columns and Column Heading F eatures, p[...]

K-39 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Dialer Policy Page • Basic Interface Sett ings on Cisco IOS Routers, page 15-20 • Understanding Interface Ro le Objects, page 9-132 Field Reference T able K-1 7 Dialer Pr ofile Dial og Box Element Description Name A descripti ve nam[...]

Appendix K Router Platform User Interface Reference Dialer Policy Page K-40 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Dialer Physical Interface Dialog Box Use the Dialer Physical Interface dialog box to add or edit th e properties that associate physical BRI interf aces with dialer interfaces. Note Use FlexConf igs to define other typ[...]

K-41 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Dialer Policy Page Field Reference T able K-18 Dialer Ph ysical Interf ace Dialog Box Element Description ISDN BRI The physical BRI interface associat ed with the dialer interface. Enter the name of an interface or interface role, or cl[...]

Appendix K Router Platform User Interface Reference ADSL Policy Page K-42 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 ADSL Policy Page Use the ADSL page to create, e dit, and delete ADSL definitions on the A TM interfaces of the ro uter . For more in formation, see Def ining ADSL Settings, page 15-40 . Navigation Path • ( De vice view[...]

K-43 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence ADSL Policy Page Related Topics • PVC Policy Page, page K-54 • SHDSL Policy Page, page K-47 • ADSL on Cisco IOS Routers, page 15 -38 • Chapter K, “Router Platform User Interface R eference” Field Reference T able K-19 ADSL P[...]

Appendix K Router Platform User Interface Reference ADSL Policy Page K-44 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Ti p T o choose which co lumns to display in the t a ble, right-click a column h eader , then select Show Columns . F or more information about table disp lay options, see T able Columns and Column Heading F eatures, pag[...]

K-45 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence ADSL Policy Page Field Reference T able K-20 ADSL Settings Dialog Box Element Description A TM Interface The A TM interface on which ADSL settings are defined. Enter the name of an interface or interface role, or click Select to disp la[...]

Appendix K Router Platform User Interface Reference ADSL Policy Page K-46 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Interface Card (continued) • 857 ADSL—Cisco 857 Integrated Service Ro uter with an ADSL interface. • 876 ADSL—Cisco 876 Integrated Services Ro uter with an ADSL interface. • 877 ADSL—Cisco 877 Integrated Serv[...]

K-47 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence SHDSL Policy Page SHDSL Policy Page Use the SHDS L page to crea te, edit, and de lete DSL co ntroller de finitions on the router . For more infor mation, see Defining SHDSL Controllers, page 15-44 . Navigation Path • ( De vice view ) [...]

Appendix K Router Platform User Interface Reference SHDSL Policy Page K-48 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 • ( Polic y vie w ) Select Router Interfaces > Settings > DSL > SHDSL from the Policy T ype s elector . Rig ht-click SHDSL to create a policy , or select an existing p olicy from the Shared Polic y selector .[...]

K-49 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence SHDSL Policy Page Ti p T o choose which co lumns to display in the t a ble, right-click a column h eader , then select Show Columns . F or more information about table disp lay options, see T able Columns and Column Heading F eatures, p[...]

Appendix K Router Platform User Interface Reference SHDSL Policy Page K-50 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Shutdo wn When sele cted, the DSL controller is in shutdown state. Ho wever , its defini tion is not deleted. When deselected, the DS L controller is en abled. This is the default. Configure A TM mode When selected, set[...]

K-51 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence SHDSL Policy Page Line Mode The line mode us ed by the controller: • auto—The controller operates in th e same mode as the other line termination (2-wire li ne 0, 2-wire line 1, or 4-wire enhanced). This is the default for CPE line [...]

Appendix K Router Platform User Interface Reference SHDSL Policy Page K-52 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Line Rate Doe s not apply wh en the Line Mo de is defined as Auto. The DSL line rate (in kbps) a vailable f or the SHDSL port: • auto—The controller selects t he line rate. This is av ailable only in 2-wire mode. ?[...]

K-53 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence SHDSL Policy Page Controller Auto Name Generator Dialog Box Use the Contro ller Auto Name Generator dial og box to ha ve Security Manager generate a name for the DSL controll er based on its locat ion in the router . Navigation Path Go [...]

Appendix K Router Platform User Interface Reference PVC Policy Page K-54 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 PVC Policy Page Use the PVC page to create, edit, and dele te permanen t vi rtual connections (PVCs) on the rout er . PVCs allow direct and perman ent conn ections be tween sites to provide a service th at is similar to a[...]

K-55 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence PVC Policy Page Field Reference Ti p T o choose which co lumns to display in the t a ble, right-click a column h eader , then select Show Columns . F or more information about table disp lay options, see T able Columns and Column Headin[...]

Appendix K Router Platform User Interface Reference PVC Policy Page K-56 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 PVC Dialog Box Use the PVC dialog box to configure A T M permanent virtual circuits (PVCs). Navigation Path Go to the PVC Policy Page, page K -54 , then click the Add or Edit bu tton beneath the table. Related Topics • [...]

K-57 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence PVC Policy Page Interface Card The type of W AN interface card in stalled on the router or the rout er type: • [blank]—The interf ace card type is not def ined. • WIC-1ADSL—A 1-port AD SL W AN inte rface c ard that provides ADSL[...]

Appendix K Router Platform User Interface Reference PVC Policy Page K-58 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Interface Card (continued) • NM-1A-E3—A 1-port A T M network module wi th an E3 link. • 857 ADSL—Cisco 857 Integrated Service Ro uter with an ADSL interface. • 876 ADSL—Cisco 876 Integrated Services Ro uter wi[...]

K-59 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence PVC Policy Page PVC Dialog Box—Settings Tab Use the Settings tab of the PVC dialog b ox to configure the basic settings of the PVC, including: • ID settings. • Encapsulation settings. • Whether ILMI and In verse ARP are enabled.[...]

Appendix K Router Platform User Interface Reference PVC Policy Page K-60 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Field Reference T able K-26 PV C Dialog Bo x—Settings T ab Element Description PVC ID settings VPI The virtual path identifier of the PVC. In co njunction with the VCI, identif ies the next destination of a cell as it p[...]

K-61 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence PVC Policy Page Encapsulatio n settings T ype Does not apply when the Manage me nt PVC (ILMI) check box is enabled. The A TM adaptation la yer (AAL) and en capsulation type to use on the PVC: • [blank]—The encapsulation type is not [...]

Appendix K Router Platform User Interface Reference PVC Policy Page K-62 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 V irtual T emplate The virtual template used fo r PPP ove r A TM on this PVC. Enter the name of a virtual template interface or interface role, or click Select to display an Object Select ors, page F-593 . If the interfac[...]

K-63 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence PVC Policy Page PVC Dialog Box—QoS Tab Use the QoS t ab of the PVC di alog box to co nfigure the A TM traf fi c shaping and other quality-of-service setti ngs of the PVC, includin g: • The limit on pack ets placed on transmission ri[...]

Appendix K Router Platform User Interface Reference PVC Policy Page K-64 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Navigation Path Go to the PVC Dialog Box, p age K-56 , then click th e QoS tab . Related Topics • PVC Dialog Box—Setting s T ab, page K-59 • PVC Dialog Box—Pro tocol T ab, page K-67 • PVC Adv anced Settings Dial[...]

K-65 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence PVC Policy Page T raff ic Shaping setting s T raff ic Shaping The type of service to def ine on the PVC: • [null]—The bit rate is not def ined. • ABR—A vailable Bi t Rate. A best-effor t service suitable for applications that do[...]

Appendix K Router Platform User Interface Reference PVC Policy Page K-66 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 UBR The follo wing field is disp layed wh en UBR is se lected as the Bit Rate: • PCR—The peak cell rate for output in k ilobits per second (kbps). Cells in excess of th e PCR may be discarded. UBR+ The follo wing fiel[...]

K-67 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence PVC Policy Page PVC Dialog Box—Protocol Tab Use the Protocol tab of the PVC di alog box to add, edit, or d elete the protocol mappings conf igured for the PVC. Y ou ma y configured st atic mappings or In verse ARP (broadcast or nonbro[...]

Appendix K Router Platform User Interface Reference PVC Policy Page K-68 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Field Reference Define Mapping Dialog Box Use the Defi ne Mapping dialog box to con figure t h e IP protocol mappings to use on the A TM PVC. Mappings are required b y the PVC to disco ver which IP addr ess is reachable a[...]

K-69 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence PVC Policy Page Field Reference PVC Advanced Settings Dialog Box Use the PVC Adv anced Settings dialog box to conf igure F5 Operation, Administration, an d Maintenance (O AM) fu nctionality on an A TM PVC. O AM is used to detect connect[...]

Appendix K Router Platform User Interface Reference PVC Policy Page K-70 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 For more information, see Def ining O AM Management on A TM PVCs, page 15-56 . Navigation Path Go to the PVC Dialog Box, p age K-56 , then click Adv ance d . Related Topics • PVC Policy Page, page K-54 Field Reference P[...]

K-71 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence PVC Policy Page Note The settings def ined in this tab are depe ndent on the sett ings def ined in the O AM-PVC tab . See PVC Advanced S e ttings Dial og Box—OA M-PVC T ab, page K-73 . Navigation Path Go to the PVC Adv anced Settings [...]

Appendix K Router Platform User Interface Reference PVC Policy Page K-72 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 AIS-RDI setting s Enable AIS-RDI Detection When selecte d, alarm ind ication sign al (AIS) cells and remote defect indication (RDI) cells ar e used to report connecti vity failures at the A TM layer of the PVC. When desel[...]

K-73 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence PVC Policy Page PVC Advanced Settings Dialog Box—OAM-PVC Tab Use the O AM-PVC tab of the PVC Advanced Settings dialog box to en able loopback cells and connectivity checks (C Cs) on the PVC. These fu nctions test the connecti vity of [...]

Appendix K Router Platform User Interface Reference PVC Policy Page K-74 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Related Topics • PVC Dialog Box, pag e K-56 Field Reference T able K-32 PV C Adv anced Settings Dialog Bo x—OAM-PV C T ab Element Description O AM settings Enable O AM Manage ment When selected, O AM loopback cell gen[...]

K-75 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence PVC Policy Page Direction Applies o nly when CC management is en abled. The direction in which CC cel ls are transmitted: • both—CC cells are tran smitted in both directio ns. • sink—CC cells are transmitted toward the router t [...]

Appendix K Router Platform User Interface Reference PPP/MLP Policy Page K-76 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 PPP/MLP Policy Page Use the PPP/MLP page to create, edit, a nd delete PPP connections on the router . For more information, see Def ining PPP Connections, page 15-61 . Navigation Path • ( De vice view ) Select Inter[...]

K-77 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence PPP/MLP Policy Page Field Reference Ti p T o choose which co lumns to display in the t a ble, right-click a column h eader , then select Show Columns . F or more information about table disp lay options, see T able Columns and Column He[...]

Appendix K Router Platform User Interface Reference PPP/MLP Policy Page K-78 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 PPP Dialog Box Use the PPP dialog box to conf igure PPP co nnections on the router . When you configure a PPP connect ion, you can defi ne the type of authentication and authorization to perform and def ine multilink [...]

K-79 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence PPP/MLP Policy Page Field Reference T able K-34 PPP Dialog Bo x Element Description Interface The interface on which PPP encapsul ation is enabled. Enter the name of an interface or interf ace role, or click Select to display an Object [...]

Appendix K Router Platform User Interface Reference PPP/MLP Policy Page K-80 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 PPP Dialog Box—PPP Tab Use the PPP tab of the PPP dialog box to def ine the types of authentication and authorization to perform on t he PPP connection. Navigation Path Go to the PPP Dialog Box, page K-78 , then cli[...]

K-81 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence PPP/MLP Policy Page Protocol The authentication protocols t o use: • CHAP—Challenge-Handshak e Authentication Protocol. • P AP—Password Authentica tion Protoco l. • MS-CHAP—V ersion 1 of the Microsoft v ersion of CHAP (RFC 2[...]

Appendix K Router Platform User Interface Reference PPP/MLP Policy Page K-82 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Authenticate Using AAA authenticati on settings for the PPP connection: • PPP Default List—Def ines a default lis t of methods to be queried when authenticating a user for PPP . Ente r the names of one or more AAA[...]

K-83 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence PPP/MLP Policy Page CHAP Authentication sett ings Hostname By default, th e router uses i ts hostname to id entify itself to the peer . If required, you can enter a dif ferent host name to use for all C HAP challenges and responses. F o[...]

Appendix K Router Platform User Interface Reference PPP/MLP Policy Page K-84 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 PPP Dialog Box—MLP Tab Use the MLP tab of the PPP dialog box to def ine Multilink PPP (MLP) parameters for the selected PPP connection. Navigation Path Go to the PPP Dialog Box, page K-78 , then click t he MLP tab .[...]

K-85 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence PPP/MLP Policy Page Multilink Group Applies only to serial, Group-Async, an d multilink interfaces. Restricts the physical link to the sel ected multilink- group interface. Enter the name of a multilink interfac e or interface role, or [...]

Appendix K Router Platform User Interface Reference PPP/MLP Policy Page K-86 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Endpoint T ype The identifier u sed by the ro uter when transmitting p ackets on the MLP bund le: • [null]—Ne gotiation is conducted without u sing an endp oint discriminator . (No CLI command is generated.) • H[...]

K-87 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence AAA Policy Page AAA Policy Page Use the AAA page to def ine the default authentication , authorization, and accounting methods to use on the router . Y ou do this b y conf iguring method lists, which define which m ethods to u se and th[...]

Appendix K Router Platform User Interface Reference AAA Policy Page K-88 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 • VTY Policy Page, page K-12 9 • Chapter K, “Router Platform User Interface R eference” Field Reference AAA Page—Authentication Tab Use the Authentication tab of th e AAA page to defin e the methods used to auth[...]

K-89 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence AAA Policy Page • Understanding Method Lists, pag e 15-69 • AAA Server G roup Dialog Box, page F-12 • Predefined AAA Authenticati on Server Groups, page 9-15 Field Reference T able K-38 AAA P a ge—A uthentication T ab Element De[...]

Appendix K Router Platform User Interface Reference AAA Policy Page K-90 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 AAA Page—Authorization Tab Use the Authorization tab o f the AAA page to def ine the type of authorization services to enable on the de vice and the methods to use for each type. Security Manager supports the fo llo win[...]

K-91 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence AAA Policy Page Prioritized Method List Defi nes a sequential list of methods to be queried when autho rizing a user . Enter the names of one or more AAA serv er group objects (up to four), or click Select to display an Object Selectors[...]

Appendix K Router Platform User Interface Reference AAA Policy Page K-92 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Command Authorization Dialog Box Use the Command Authorization d ialog box to def ine which methods to use when authorizing the EXEC comman ds that are associated wit h a gi ven pri vilege le vel. This enables you to auth[...]

K-93 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence AAA Policy Page AAA Page—Accounting Tab Use the Accounting tab of the AAA page to def ine the type of accounting ser v ices to enable on the device a nd the methods to use for each type. Security Manager supports the follo wing types [...]

Appendix K Router Platform User Interface Reference AAA Policy Page K-94 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Note Y ou can use the method lists def ined in this polic y on the console and VTY lines that are used to communicate with the device. See Console Policy Page, page K-117 and VTY Line Dialog Box—Authentication T ab, pag[...]

K-95 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence AAA Policy Page Prioritized Method List Defines a se quential list of method s to be queried when creating connection accounting records for a user . Enter th e names of one or more AAA server group objects (up to fo ur), or click Selec[...]

Appendix K Router Platform User Interface Reference AAA Policy Page K-96 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Command Accounting Dialog Box Use the Command Accounting dialog box to def ine which methods to use when recording information about the EXEC commands that are ex ecuted for a given pri vilege le vel. Each accoun ting rec[...]

K-97 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence AAA Policy Page Field Reference T able K-42 Command Accounting Dialog Box Element Description Pri vilege Level The pri vilege le vel for which you w ant to define a command accounti ng list. V alid va lues range from 0 to 15. Generate A[...]

Appendix K Router Platform User Interface Reference Accounts and Credential s Policy Pag e K-98 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Accounts and Credential s Policy Page Use the Accounts and Credentials page to define the enable password or enable secret password assigned to the router . In addition, you can def ine a list of us[...]

K-99 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Accounts and Cr edential s Policy Page Field Reference T able K-43 Accounts and Cr edentials P age Element Description Enable Secret Password The enable secret passwo rd for entering pri vileged EXEC mo de on the router . This option of[...]

Appendix K Router Platform User Interface Reference Accounts and Credential s Policy Pag e K-100 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Ti p T o choose which co lumns to display in the t a ble, right-click a column h eader , then select Show Columns . F or more information about table disp lay options, see T able Columns and Column[...]

K-101 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Accounts and Cr edential s Policy Page Navigation Path Go to the Accounts and Credential s Policy P age, page K-98 , then click the Add or Edit b utton beneath the table. Related Topics • Defin i ng Accounts and Credential Policies, [...]

Appendix K Router Platform User Interface Reference Bridging Policy Page K-102 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Bridging Policy Page Use the Bridging page t o define bri dge groups that can perform integrat ed routing and bridging on the router . For more information, see Defining Bridge Groups , page 15-78 . Navigation Path [...]

K-103 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Bridging Policy Page Ti p T o choose which co lumns to display in the t a ble, right-click a column h eader , then select Show Columns . F or more information about table disp lay options, see T able Columns and Column Heading F eature[...]

Appendix K Router Platform User Interface Reference Clock Policy Page K-104 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Field Reference Clock Policy Page Use the Clock page to conf igure the time zone in which t he router is located and the settings for Dayl ight Sa ving T ime (DST). For more information, see T ime Zone Settings on Ci s[...]

K-105 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Clock Policy Page Ti p Y ou can conf igure the local t ime on the router b y defining an NTP pol icy or by configuring the cloc k set command using the CLI. Navigation Path • ( De vice view ) Select Platf o rm > Device Admin > [...]

Appendix K Router Platform User Interface Reference Clock Policy Page K-106 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Additional Set b y Date fields Start The date and time when DST be gins: • Date—Click the calendar icon to select the start date. • Hour—Select the start hour . • Minute—Select the start minute. End The dat[...]

K-107 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence CPU Policy Page CPU Policy Page Use the CPU page to conf igure settings related to router CPU utilization, including the thresho lds for sending log messages, th e size of the CPU history table, and whether to enable automatic CPU Hog [...]

Appendix K Router Platform User Interface Reference CPU Policy Page K-108 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Field Reference Ta b l e K - 4 8 C P U P a g e Element Description CPU Utilization Statistics Settings related to the history table for CPU utilization statistics: • History T able Entry Limit—The pe rcentage of CPU [...]

K-109 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence CPU Policy Page CPU Interrupt Utilization The thresholds for CPU int errupt utilizati on that trigger notifications: • Enable CPU Interrupt Utilization—When select ed, CPU interrupt utilization thresholds are enabled. Wh en deselec[...]

Appendix K Router Platform User Interface Reference HTTP Policy Page K-110 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 HTTP Policy Page Use the HTTP page to configure HTTP and HTTPS access on the router . Y ou can configure HTTP policies on a Cisco IOS router from the follo wing tabs on the HTTP policy page: • HTTP Page—Setup T ab, [...]

K-111 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence HTTP Policy Page HTTP Page—Setup Tab Use the Setup tab of the HTTP page t o enable HTTP and HTTP over Secure Socket Lay er (HTTP ov er SSL or HTTPS) on the router . Y ou can optionally l imit access to these protocols to the addre ss[...]

Appendix K Router Platform User Interface Reference HTTP Policy Page K-112 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 HTTP Page—AAA Tab Use the AAA tab of the HTTP page to define the auth entication and auth orization methods to perform on users who att empt to access the router using HTTP or HTTPS. Navigation Path Go to the HTTP Pol[...]

K-113 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence HTTP Policy Page Related Topics • HTTP Page—Setup T ab, page K-111 • HTTP and HTTPS on Cisc o IOS Routers, page 15-83 Field Reference T able K-50 HTTP P age—AAA T ab Element Description Authenticate Using The type of authentica[...]

Appendix K Router Platform User Interface Reference HTTP Policy Page K-114 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Prioritized Method List Applies only wh en the Enable De vice Login Authentication ch eck box is selected. Defines a sequ ential list of methods to b e queried when authenticating a user . Enter the names of one or more[...]

K-115 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence HTTP Policy Page Prioritized Method List Applie s only when the En able CLI/EXEC Operations Authorization check box is selected. Defines a sequ ential list of methods to be queried when author izing a user to open an EXEC (CLI) session[...]

Appendix K Router Platform User Interface Reference HTTP Policy Page K-116 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Command Authorization Override Dialog Box Use the Command Authorizat ion Override dialog box to def ine which methods to use when authorizing the EXEC commands that are associated with a giv en pri vilege. This enables [...]

K-117 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Console Policy Page Console Policy Page Use the Console page to configure access to the route r ov er th e console port. Y ou can config ure console policies on a Cisco IOS router from the follo wing tabs on the Console policy page: ?[...]

Appendix K Router Platform User Interface Reference Console Policy Page K-118 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Console Page—Setup Tab Use the Setup tab of the Console page to def ine the basic parameters of the console port. This includes the password for acce ssing the port, the privileg e lev el assigned to users, the pro[...]

K-119 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Console Policy Page Pri v ilege Le vel The privile ge level assigned to users connected to the console port. V alid va lues range from 0 to 15: • 0—Grants access to these commands only: disable , enable , exit , help , and logout .[...]

Appendix K Router Platform User Interface Reference Console Policy Page K-120 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Output Protocols The protocols that you can use for outgoing connections on t he console port: • All—All supported proto cols are permitted. Supported pro t ocols include LA T , MOP , N A SI, P AD, rlogin, SSH, T[...]

K-121 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Console Policy Page Console Page—Authentication Tab Use the Authentication tab of the Console page to define the A AA authentication methods to perform on users who att empt to access the console port. Navigation Path Go to the Conso[...]

Appendix K Router Platform User Interface Reference Console Policy Page K-122 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Field Reference T able K-53 Console Pag e—Authentication T ab Element Description Authenticate Using Authentication settings f or the console port: • None—Authenticatio n is not perf ormed . This is the default[...]

K-123 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Console Policy Page Console Page—Authorization Tab Use the Authorization t ab of the Con sole page to def ine the EXEC and command authorization metho ds to perform on users who access the console por t. Note Y ou must enable A AA se[...]

Appendix K Router Platform User Interface Reference Console Policy Page K-124 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Prioritized Method List Applies only when Custom Method List is selecte d as the EXEC me thod. Defines a sequential list of methods to be queried when authorizin g a user . Enter the names of one or more AAA serv er [...]

K-125 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Console Policy Page Console Page—Accounting Tab Use the Accounting tab of the Console pa ge to define the EXEC, connection, and command accounting met hods to perform on user s who access the console port. Note Y ou must enable A AA [...]

Appendix K Router Platform User Interface Reference Console Policy Page K-126 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Generate Accounting Records for Applies only when Custom Method List is sele cted as the EX EC method. Defines when the de vice s ends an accoun ting notice to the accounting se rver: • Start and Stop—Generates a[...]

K-127 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Console Policy Page Connection Ac counting settings Perform Connection Accounting Using The accounting method to use for recording infor mation about outbound connections made o ver the console l ine: • None—Accounting is not perfo[...]

Appendix K Router Platform User Interface Reference Console Policy Page K-128 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Prioritized Method List Applies only when Custom Metho d List is select ed as the connection method. Defines a sequential list of m ethods to be queried w hen creating accounting methods for a user . Enter the names [...]

K-129 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence VTY Policy Page VTY Policy Page Use the VTY page to conf igure up to 16 VTY lines for remo te access to the rout er . In addition t o configuring individual lines, you can configure a g roup of line s that share the same def inition. F[...]

Appendix K Router Platform User Interface Reference VTY Policy Page K-130 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Line The relati ve line number of the VTY line. This f ield may also contain multiple VTY lines con figured as a contiguous group. Line/Line G roup Parameters Input Protocols The protocols that you can use for i n coming[...]

K-131 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence VTY Policy Page Ti p T o choose which co lumns to display in the t a ble, right-click a column h eader , then select Show Columns . F or more information about table disp lay options, see T able Columns and Column Heading F eatures, pa[...]

Appendix K Router Platform User Interface Reference VTY Policy Page K-132 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 VTY Line Dialog Box—Setup Tab Use the Setup tab of the VTY Line di alog box to def ine the basic parameters of the VTY line. This includes the pa ssword for accessing the line, the privile g e le vel assigned to users,[...]

K-133 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence VTY Policy Page Ending VTY Line Number Applies only when conf iguring a group of lines. The relati ve line number of the last VTY line in the group. Note When you conf igure a group of lines, all t he lines in the group must fall withi[...]

Appendix K Router Platform User Interface Reference VTY Policy Page K-134 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Exec T imeout The amount of time (in seconds ) that the EXEC command interprete r waits to detect user input on the li ne. If no input is detected, the line is disconnected. V alid v alues range from 0 to 2147483. The de[...]

K-135 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence VTY Policy Page Output Protocols The protocols that you can use for outgoi ng connections on this line: • All—All supported proto cols are permitted. Supported pro t ocols include LA T , MOP , N A SI, P AD, rlogin, SSH, T elnet, an[...]

Appendix K Router Platform User Interface Reference VTY Policy Page K-136 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 VTY Line Dialog Box—Authentication Tab Use the Authentication tab o f the VTY Line dialog box to def ine the authentication methods to perform on us ers who attempt to access the selected VTY line or group of lines. Na[...]

K-137 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence VTY Policy Page VTY Line Dialog Box—Authorization Tab Use the Authorization tab o f the VTY Line dialog box to def ine the EXEC and command authorization met hods to perfo rm on users who access the selected VTY line or group of line[...]

Appendix K Router Platform User Interface Reference VTY Policy Page K-138 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 • Console Page—Auth e ntication T ab, page K-121 Field Reference T able K-60 VTY Line Dial og Box—A uthor ization T ab Element Description EXEC Authorization setti ngs Authorize EXEC Operation s Using The authoriza[...]

K-139 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence VTY Policy Page VTY Line Dialog Box—Accounting Tab Use the Accounting tab of th e VTY Line dialog box to def ine the EXEC, connection, and command accounting meth ods to perform on users who access the selected VTY line or gro up of [...]

Appendix K Router Platform User Interface Reference VTY Policy Page K-140 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Field Reference T able K-61 VTY Line Di alog Bo x—Accounti ng T ab Element Description EXEC Accounting settings Perform EXEC Accounting Using The accounting method to use for recording basic infor mation about user EXE[...]

K-141 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence VTY Policy Page Prioritized Method List Applies only when Custom Method List is selecte d as the EXEC me thod. Defines a sequential list of m ethods to be queried w hen creating accounting methods for a user . Enter the names of one or[...]

Appendix K Router Platform User Interface Reference VTY Policy Page K-142 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Generate Accounting Records for Applies only when Custom M ethod List is selected as the connec tion method. Defines when the de vice s ends an accoun ting notice to the accounting se rver: • Start and Stop—Generates[...]

K-143 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence VTY Policy Page Command Authorization Dialog Box—Line Access Use the Command Authorization d ialog box to def ine which methods to use when authorizing the EXEC command s that are a ssociated with a gi ven privile ge. This enables yo[...]

Appendix K Router Platform User Interface Reference VTY Policy Page K-144 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Field Reference T able K-62 Command A uthor ization Dialog Bo x—Line Access Element Description Pri v ilege Le vel The privile ge lev el for which you w a nt to def ine a command authorization list. V alid v alues rang[...]

K-145 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence VTY Policy Page Command Accounting Dialog Box—Line Access Use the Command Accounting dialog box to def ine which methods to use when recording information about the EXEC commands that are ex ecuted for a given priv ilege. Each accoun[...]

Appendix K Router Platform User Interface Reference VTY Policy Page K-146 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Generate Accounting Records for Applies only when Custom Method List is selecte d. Defines when the de vice s ends an accoun ting notice to the accounting se rver: • Start and Stop—Generates accounting records at the[...]

K-147 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Secure Shell Policy Page Secure Shell Policy Page Use the Secure Shell page to change the defaul t SSH settings on the router and to def ine additional opt ional settings, if required. For more information, see Optio nal SSH Settings o[...]

Appendix K Router Platform User Interface Reference Secure Shell Policy Page K-148 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Field Reference T able K-64 Secure Shell P age Element Description SSH V ersion The version of SSH to use when connecting to th e router: • 1 and 2—SSH v ersion 1 and SSH v e rsion 2. This is the d e fault. [...]

K-149 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence SNMP Policy Page SNMP Policy Page Use the SNMP page to configure the para meters necessary to send traps from the router to a designated SNMP host. Th ese traps are unsolicited messages that notify the SNMP host of i mportant e vents o[...]

Appendix K Router Platform User Interface Reference SNMP Policy Page K-150 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 • ( Polic y vie w ) Select Router Platform > Device Admin > De vice A ccess > SNMP from the Polic y T ype selector . Right-click SNMP to create a policy , or select an existi ng policy from the Sha red Policy[...]

K-151 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence SNMP Policy Page Ti p T o choose which co lumns to display in the t a ble, right-click a column h eader , then select Show Columns . F or more information about table disp lay options, see T able Columns and Column Heading F eatures, p[...]

Appendix K Router Platform User Interface Reference SNMP Policy Page K-152 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Related Topics • SNMP Policy Page, page K-149 • T rap Receiver Dialog Box, page K-153 • SNMP T raps Dialog Box, page K-155 • Defining SNMP Agent Properties, pa ge 15-102 • SNMP on Cisco IOS Routers, page 15-10[...]

K-153 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence SNMP Policy Page Trap Receiver Dialog Box Use the Tr ap Receiv e r dialog box to de fine the SNMP hosts that recei ve traps generate d by the router . This incl udes defining the version of SNMP to use. Navigation Path Go to the SNMP P[...]

Appendix K Router Platform User Interface Reference SNMP Policy Page K-154 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Community String Applies only when v ersion 1 or version 2 c is selected. The password required to access the SNMP host. Enter the string again in the Conf irm field. Note W e recommend that you use one of the st rings [...]

K-155 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence SNMP Policy Page SNMP Traps Dialog Box Use the SNMP Tr aps dialog box to select the e vents in the router that should generate SNMP traps. Ti p Y ou can conf igure SNMP traps not includ ed in this dialog box b y defining FlexConf igs. [...]

Appendix K Router Platform User Interface Reference SNMP Policy Page K-156 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Field Reference Ta b l e K - 6 8 S N M P Tr a p s D i a l o g B o x Element Description Standard SNMP T raps Enables or disables stan dard SNMP traps. Options are: • Cold start—Sends a trap when the rout er reinitia[...]

K-157 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence SNMP Policy Page Other T raps Enables or disables addit ional SNMP traps. Options are: • Syslog—Sends syslog mess ages to the SNMP host. • TTY—Sends Cisco-specif ic notifications when a T ransmission Control Protocol (TCP) conn[...]

Appendix K Router Platform User Interface Reference DNS Policy Page K-158 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 DNS Policy Page Use the DNS policy page to def ine the local IP host table and the Domain Name System (DNS) servers that the router shou ld use for tran slating ho stnames to I P addresses. Y ou can also prevent the rout[...]

K-159 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence DNS Policy Page IP Host Dialog Box Use the IP Host dia log box to configure the h ost table on th e router . This is the table of static, local mappings that the ro uter uses to translate hostnames to IP addresses. If the router does n[...]

Appendix K Router Platform User Interface Reference Hostname Policy Page K-160 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Hostname Policy Page Use the Hostn ame page to define the hostname an d domain name assigned to the router . For more infor mation, see Def ining Hostname Policies, page 15-107 . Navigation Path • ( Device vie w )[...]

K-161 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Memory Policy Page Memory Policy Page Use the Memory page to def ine settings related to router memory , including: • The amount of time to retain th e memory log. • The thresholds for a vailable processor and I/O memory . • The [...]

Appendix K Router Platform User Interface Reference Memory Policy Page K-162 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Field Reference Ta b l e K - 7 2 M e m o r y P a g e Element Description Maintain Memory Log The number of hours that the router shoul d maintain the log containing the history of memo ry consumption on th e device. V[...]

K-163 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Secure Device Provisioning Policy Pag e Secure Device Provisioning Policy Page Secure De vice Prov isioning (SDP) poli cies (formerly known as Easy Secure Dev i ce Deployment or EzSDD) enable you to conf igure a Cisco IOS router as a r[...]

Appendix K Router Platform User Interface Reference Secure Device Prov isioning Policy Page K-164 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 • Chapter K, “Router Platform User Interface R eference” • Secure De vice Prov isioning W orkflo w , page 15-112 • Understanding AAA Serv er Group Objects, page 9-15 • Understanding PK[...]

K-165 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Secure Device Provisioning Policy Pag e Petitioner Authentication The CA server that au thentica tes the iden tity of the p etitioner: • Local CA Server—Se lect this op tion when the r outer itself is already config ured to act as [...]

Appendix K Router Platform User Interface Reference Secure Device Prov isioning Policy Page K-166 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Bootstrap Conf iguration The source of the bootst rap config uration to provide to the petitioner fo r first-t ime configuration: • Non-Security Manager URL—Used when the bootstrap configurati[...]

K-167 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence DHCP Policy Page DHCP Policy Page Use the DHCP policy page to define a DHCP ser ver policy on the selected rou ter . This includes specifying the address pools used by the DHCP serv er when assigning addresses to requesting clien ts. F[...]

Appendix K Router Platform User Interface Reference DHCP Policy Page K-168 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Delete but ton Deletes the sel ected DHCP database age nts. Excluded IPs Excluded IPs or IP Ranges The IP addresses and/or address ra nges to exclude from DHCP . These addresses are not assigned by the DHCP serv er to D[...]

K-169 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence DHCP Policy Page Option 66 The IP address of the TFTP server required by IP phones for configuration, as def ined using DHCP optio n 66. Add b utton Opens the IP Pool Dialog Box, pa ge K-171 . From here you can def ine a DHCP IP addres[...]

Appendix K Router Platform User Interface Reference DHCP Policy Page K-170 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Ti p T o choose which co lumns to display in the t a ble, right-click a column h eader , then select Show Columns . F or more information about table disp lay options, see T able Columns and Column Heading F eatures, pa[...]

K-171 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence DHCP Policy Page IP Pool Dialog Box Use the IP Poo l dialog box to define one or mo re address p ools, which the DHCP server uses to assign dynamic addresses to DHCP c lients. Y ou must define at least one address pool, unless you ha v[...]

Appendix K Router Platform User Interface Reference DHCP Policy Page K-172 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Network The IP address and subnet mask of the IP pool. This subnet contains the range of av ailable IP addresses that th e DHCP server may assign to clients. Enter an address and mask or the nam e of a network/host ob j[...]

K-173 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence DHCP Policy Page Domain Name The domain name for DH CP clients using this IP poo l. This name places these clients in the general grouping o f networks that mak e up the domain. Import All When sel e cted, enables remote DHCP serv ers [...]

Appendix K Router Platform User Interface Reference NTP Policy Page K-174 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 NTP Policy Page Use the NTP page to def i ne one or more NTP serv ers that the router can use for time synchronization . This includes enab ling authenti cation, if required, and defining a global source int erface fo r [...]

K-175 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence NTP Policy Page • Understanding Interface Ro le Objects, page 9-132 Field Reference T able K-77 NTP P age Element Description Source Interface The sourc e address for all pack ets sent to an NTP server . This setting might be necessa[...]

Appendix K Router Platform User Interface Reference NTP Policy Page K-176 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Ti p T o choose which co lumns to display in the t a ble, right-click a column h eader , then select Show Columns . F or more information about table disp lay options, see T able Columns and Column Heading F eatures, pag[...]

K-177 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence NTP Policy Page Field Reference T able K-78 NTP Server Dialog Bo x Element Description IP Address The IP address of the NTP serv er . Enter an address or the name of a network/host object, or click Sel ect to disp lay an Object Selecto[...]

Appendix K Router Platform User Interface Reference NTP Policy Page K-178 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Preferred When selected, this NTP server is preferred over other N TP servers of similar accuracy . If this server is used fo r synchronization, the time of fset used to correct the local clock is calculated from this se[...]

K-179 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence 802.1x Policy Page 802.1x Policy Page Use the 802.1x policy page to create poli cies that limit VPN access to authorized users. Authenticated traf fic is allo wed to pass through a designated physical interface on the router . Unau the[...]

Appendix K Router Platform User Interface Reference 802.1x Policy Page K-180 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Field Reference T able K-79 802.1x Pag e Element Description AAA Serv er Group The RADIUS AAA serv er group that authenti cates the cred entials of users trying to access a VPN tunnel. Enter t h e name of a AAA server[...]

K-181 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence 802.1x Policy Page Interface The trusted, physical interf ace that provides VPN ac cess to authentica ted traff ic. Enter the name of an interf ace or interface role, or click Select to display an Object Selectors, page F-59 3 . If the[...]

Appendix K Router Platform User Interface Reference 802.1x Policy Page K-182 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Client reauthenticatio n period timeout Applies only when the Enable client re authentication chec k box is selected. The number of seconds between client reauthentication at tempts. V alid va lues range from 1 to 655[...]

K-183 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Network Admission Control Policy Pag e Network Admission Control Policy Page Network Adm ission Control (N A C) policies enable Cisco IOS routers acting as network access devices (N ADs) to enforce access privile ges w hen an endpoint [...]

Appendix K Router Platform User Interface Reference Network Admission Control Policy Page K-184 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Navigation Path Go to the Network Adm ission Control Policy P age, page K-183 , then click the Setup tab . Related Topics • Def ining N A C Setup Parameter s , page 15-138 • Network Admission Co[...]

K-185 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Network Admission Control Policy Pag e Allo w Clientless When selecte d, enables de vice s that do not ha ve the Cisco T rust Agent (CT A) installed to be authen ticated through the use of a username and password conf igured on the A C[...]

Appendix K Router Platform User Interface Reference Network Admission Control Policy Page K-186 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Network Admission Control Page—Interfaces Tab Use the Network Ad mission Contro l Interf aces tab to select and configure the router interfaces on wh ich to perform N A C. This includes configurin[...]

K-187 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Network Admission Control Policy Pag e Ti p T o choose which co lumns to display in the t a ble, right-click a column h eader , then select Show Columns . F or more information about table disp lay options, see T able Columns and Colum[...]

Appendix K Router Platform User Interface Reference Network Admission Control Policy Page K-188 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Field Reference T able K-82 NAC Int erface Configur ation Dialog Box Element Description Interface The interf ace that will perform N A C on connecting de vices. Enter the name of an interface or in[...]

K-189 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Network Admission Control Policy Pag e Network Admission Control Page—Identities Tab Use the Network Admissio n Control Identities tab to view , create, edit, and delete N AC iden tity profiles and ident ity actions. Identity pro fil[...]

Appendix K Router Platform User Interface Reference Network Admission Control Policy Page K-190 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Ti p T o choose which co lumns to display in the t a ble, right-click a column h eader , then select Show Columns . F or more information about table disp lay options, see T able Columns and Column [...]

K-191 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Network Admission Control Policy Pag e Related Topics • N AC Id entity Action Dialog Box, page K-191 • Defin ing NA C Identity P arameters, page 15-143 Field Reference NAC Identity Acti on Dialog Box Use the N AC I dentity Action d[...]

Appendix K Router Platform User Interface Reference Logging Setup Policy Page K-192 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 • Defin ing NA C Identity P arameters, page 15-143 • Understanding Access Control List Objects, page 9-30 Field Reference Logging Setup Policy Page Use the Logging Setup page to en able logging and def ine [...]

K-193 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Logging Setup Policy Page Note W e strongly recommend that you defi ne an NTP policy on all router s on which logging is enabled in orde r to create accurate timesta mps for each log message. For more information, see NTP Policy P age,[...]

Appendix K Router Platform User Interface Reference Logging Setup Policy Page K-194 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Source Interface The sourc e address for all out going log messages sent to a syslog server . This setting may be necessary wh en the syslog serv er cannot respond to the address from which the log message or i[...]

K-195 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Logging Setup Policy Page Logging Buf fer Defines wh ether log messages are sa ved locally to a b uffer on the d evice. • Enable Buffer—When s ele cted, log messages are saved to a b uffer on the de vice. This is the default. When [...]

Appendix K Router Platform User Interface Reference Logging Setup Policy Page K-196 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Rate Limit Limits the rate of log messages sent to the syslog ser ver . • Enable Rate Limit—When selected, t he rate limit is enabled. When deselected, the rate limit is disabled. • Messages per Sec.—Th[...]

K-197 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Syslog Servers Policy Page Syslog Servers Policy Page Use the Syslog Servers page to create, ed it, and delete serv ers that collect log messages from the router . For more information, see Def ining Syslog Serv ers, page 15-149 . Note[...]

Appendix K Router Platform User Interface Reference Syslog Servers Policy Page K-198 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Ti p T o choose which co lumns to display in the t a ble, right-click a column h eader , then select Show Columns . F or more information about table disp lay options, see T able Columns and Column Heading F e[...]

K-199 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Quality of Service Policy Page Related Topics • Defin ing Syslog Servers, page 15-149 • Logging on Cisco IOS Routers, page 15-144 • Understanding Netw ork/Ho st Objects, page 9-144 Field Reference Quality of Service Policy Page U[...]

Appendix K Router Platform User Interface Reference Quality of Service Policy Page K-200 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 • ( Polic y vie w ) S elect Router Platf orm > Quality of Service from the Policy T ype selector . Right-click Qual ity of Service to create a polic y , or select an existing p olicy from the Shared P[...]

K-201 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Quality of Service Policy Page Sustained Burst Applies only when you enable hierarchical shaping on this interf ace. The normal burst size allo wed on this interface, in milliseconds. Excess Burst Applies only when you enable hierarchi[...]

Appendix K Router Platform User Interface Reference Quality of Service Policy Page K-202 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Ti p T o choose which co lumns to display in the t a ble, right-click a column h eader , then select Show Columns . F or more information about table disp lay options, see T able Columns and Column Heading[...]

K-203 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Quality of Service Policy Page QoS Policy Dialog Box Use the QoS Policy dialog box to select an in terface on which you want to define QoS parameters. In addition, you can use th is dialog bo x to configure a singl e set of shaping par[...]

Appendix K Router Platform User Interface Reference Quality of Service Policy Page K-204 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Direction The direction of the traf fic on which to conf igure QoS: • Output—T raff ic that exits the interface. • Input—T r af fic that en ters the interface. Hierarchic al Shaping settings Enable[...]

K-205 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Quality of Service Policy Page QoS Class Dialog Box Use the QoS Class dial og box to create or edit a QoS class on a selected interface or control plan e of a Cisco IOS router . Y ou can def ine up to 16 classes on a single interface a[...]

Appendix K Router Platform User Interface Reference Quality of Service Policy Page K-206 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Note QoS is applied to packets on a first-match basis. The router e x amines the table of QoS classes starting from the top and appl ies the properties of the first class whose matching criteria matches th[...]

K-207 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Quality of Service Policy Page Field Reference Note When you confi gure a QoS polic y on the control plane, only the Matchin g tab and Policing tab ar e av ailable. T able K-91 QoS Class Dialog Bo x Element Description Set as Default C[...]

Appendix K Router Platform User Interface Reference Quality of Service Policy Page K-208 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 QoS Class Dialog Box—Matching Tab Use the Matching tab of the QoS Class dialog box to def ine which traff ic over t he selected interface is considered to be part of th is class. Note When you defin e th[...]

K-209 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Quality of Service Policy Page Protocol One or more protocols i ncluded in this class map. Click Add to display a selector . Select one or more items from the A v ailable Protocols list, then click >> to add them to t he Selected[...]

Appendix K Router Platform User Interface Reference Quality of Service Policy Page K-210 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Edit ACLs Dialog Box—QoS Classes When configuring a QoS policy on a Cisc o IOS router , use the Edit A CLs dial og box to specify which A CLs should be i ncluded in the matching criteria fo r the selecte[...]

K-211 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Quality of Service Policy Page QoS Class Dialog Box—Marking Tab Use the Marking tab of the QoS Class dialog box to cl as sify packets. T raffic policers and shapers use these classifi cations to ensure adherenc e to the contracted le[...]

Appendix K Router Platform User Interface Reference Quality of Service Policy Page K-212 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 QoS Class Dialog Box—Queui ng and Congesti on Avoidance Tab Use the Queuing and Congest ion A voidance tab of the QoS Class dialog box t o perform Class-Based W eighted Fair Queu ing (CBWFQ) on the outpu[...]

K-213 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Quality of Service Policy Page • Def ining QoS on the Contr ol Plane, page 15-168 • Quality of Service Polic y Page, page K-199 Field Reference T able K-95 QoS Class Dialog Box—Queuin g and Cong estion A voidan ce T ab Element De[...]

Appendix K Router Platform User Interface Reference Quality of Service Policy Page K-214 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 QoS Class Dialog Box—Policing Tab Use the Policing tab of the QoS Class d ialog box to configure rate limits on th e traff ic in a selected QoS cla ss. Excess traff ic is either dropped or transmitted wi[...]

K-215 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Quality of Service Policy Page • Quality of Service Polic y Page, page K-199 Field Reference T able K-96 QoS Class Dialog Bo x—Policing T ab Element Description Enable Policing Whe n selected, enab les you to configure Class-Based [...]

Appendix K Router Platform User Interface Reference Quality of Service Policy Page K-216 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Excess Burst The excess bu rst size, which determines ho w large traf fic bursts can be before all traf fic exceeds the rate limit. In the token b ucket algorithm, it represents the full size of the second[...]

K-217 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Quality of Service Policy Page QoS Class Dialog Box—Shaping Tab Use the Shaping tab of the QoS Cl ass dialog box to control the rate of outp ut traff ic for the sele cted QoS class. Shapin g typically delays excess traf fic b y using[...]

Appendix K Router Platform User Interface Reference Quality of Service Policy Page K-218 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 T ype The type of shaping to perform: • A verage—Limits the data rate for each interv al to the sustained burst rate (also kno wn as the committed burst rate o r Bc), achie ving an av erage rate no hig[...]

K-219 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence BGP Routing Policy Page BGP Routing Policy Page Border Gate way Protocol (BGP) is an e xterior gatew ay protocol (EGP) that performs routing between mu ltiple autonomou s systems or domains and exchanges routing and reachab ility infor[...]

Appendix K Router Platform User Interface Reference BGP Routing Policy Page K-220 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Related Topics • Chapter K, “Router Platform User Interface R eference” BGP Page—Setup Tab Use the BGP Setup tab to def ine the number of the autonomous system (AS) in which the selected rou ter is locate[...]

K-221 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence BGP Routing Policy Page Networks The networks associated with the BGP rout e. Enter one or more netw ork addresses or network /host objects, or click Select to display an Object Selectors, page F-593 . If the networ k you want is not l[...]

Appendix K Router Platform User Interface Reference BGP Routing Policy Page K-222 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Neighbors Dialog Box Use the Neighbors dialog box to def ine the internal and ex ternal neighbors of the selected router . Navigation Path Go to the BGP Page—Setup T ab, page K-220 , then click the Add or Edit [...]

K-223 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence BGP Routing Policy Page BGP Page—Redistribution Tab Use the BGP Redistrib ution tab to view , create, edit, and delete redistrib ution settings when performing redistribution into a BGP autonomo u s system (AS). Note Y ou m ust defin[...]

Appendix K Router Platform User Interface Reference BGP Routing Policy Page K-224 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Ti p T o choose which co lumns to display in the t a ble, right-click a column h eader , then select Show Columns . F or more information about table disp lay options, see T able Columns and Column Heading F eatu[...]

K-225 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence BGP Routing Policy Page Field Reference T able K-1 0 1 BGP Redistr ibution Mapping Dial og Bo x Element Description Protocol to Redistrib ute The routing protocol that i s being redistrib uted: • Static—Redistrib utes IP or OSI sta[...]

Appendix K Router Platform User Interface Reference EIGRP Routing Policy Page K-226 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 EIGRP Routing Policy Page Enhanced Interior G ate way Routing Prot ocol (EIGRP) is a scalab le interior gate way protocol that pro v ides extremely quick con ver gence times with minimal network traffic. Y ou c[...]

K-227 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence EIGRP Routing Policy Page Field Reference Ti p T o choose which co lumns to display in the t a ble, right-click a column h eader , then select Show Columns . F or more information about table disp lay options, see T able Columns and Co[...]

Appendix K Router Platform User Interface Reference EIGRP Routing Policy Page K-228 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Related Topics • Defin ing EIGRP Routes, page 15-185 • Supported IP Address F ormats, page 9-145 • Understanding Netw ork/Ho st Objects, page 9-144 Field Reference T able K-1 03 EIGRP Setup Dialog Bo x El[...]

K-229 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence EIGRP Routing Policy Page Edit Interfaces Dialog Box—EIGRP Passive Interfaces When you conf igure an EIGRP routing policy on a Cisco IOS ro uter , use the Edit Interfaces dial og box to specify which inte rfaces wi ll not send update[...]

Appendix K Router Platform User Interface Reference EIGRP Routing Policy Page K-230 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Note Y ou c an access the EIGRP Interfaces tab only after defining at least one EIGRP autonomous system in the Setup tab . See EIGRP P age—Setup T ab, page K-226 . Navigation Path Go to the EIGRP Routing Poli[...]

K-231 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence EIGRP Routing Policy Page Ti p T o choose which co lumns to display in the t a ble, right-click a column h eader , then select Show Columns . F or more information about table disp lay options, see T able Columns and Column Heading F e[...]

Appendix K Router Platform User Interface Reference EIGRP Routing Policy Page K-232 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 EIGRP Page—Redistribution Tab Use the EIGRP Redistrib ution tab to create, edit, and delete EIGRP redistributio n mappings. Navigation Path Go to the EIGRP Routing Policy P age, page K-226 , then clic k the R[...]

K-233 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence EIGRP Routing Policy Page Field Reference Ti p T o choose which co lumns to display in the t a ble, right-click a column h eader , then select Show Columns . F or more information about table disp lay options, see T able Columns and Co[...]

Appendix K Router Platform User Interface Reference EIGRP Routing Policy Page K-234 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 EIGRP Redistribution Mapping Dialog Box Use the EIGRP Redistrib ution Mapping dialog box to add or edit the properties of an EIGRP redistribution mapping. Navigation Path Go to the EIGRP Page—Redi stribution [...]

K-235 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence EIGRP Routing Policy Page Protocol to Redist ribute (continued) • OSPF—Redistrib utes a different OSPF pr ocess. Y ou can define a single mapping for each process. Select a process from the displayed list, t hen select one or more [...]

Appendix K Router Platform User Interface Reference OSPF Interface Policy Page K-236 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 OSPF Interface Policy Page Use the OSPF Interface page to vie w , crea te, edit, and delete interface-specif ic OSPF settings. For more information, see Def ining OSPF Interface Settings, page 15-200 . Navigat[...]

K-237 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence OSPF In terface Po licy Pag e Ti p T o choose which co lumns to display in the t a ble, right-click a column h eader , then select Show Columns . F or more information about table disp lay options, see T able Columns and Column Heading[...]

Appendix K Router Platform User Interface Reference OSPF Interface Policy Page K-238 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 OSPF Interface Dialog Box Use the OSPF Interface dialog box to add or edit the properties of OSPF interfaces. Navigation Path Go to the OSPF Interface Policy P age, page K-236 , then click the Add or Edi t but[...]

K-239 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence OSPF In terface Po licy Pag e Authentication T ype—The authentication ty pe used by the selected interface: • MD5—Uses the MD5 hash algori thm fo r authenticatio n. This is the default. • Clear T ext—Uses a clear te xt passwo[...]

Appendix K Router Platform User Interface Reference OSPF Interface Policy Page K-240 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Priority The default priority of the interface. The priority is us ed to determine whic h routers become the designated router (DR) and backup designated router (BDR) for that seg ment. The higher the number ,[...]

K-241 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence OSPF In terface Po licy Pag e Retransmit Interv al The interv al between LSA retransmissions (in seco nds) ov er the selected interface. The default is 5 seconds. V alid v alu es range from 1 to 65535 second s. Note W e recommend that [...]

Appendix K Router Platform User Interface Reference OSPF Interface Policy Page K-242 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Conf igure Network Ty p e When selected, enables you to sele ct a network type that dif fers from the default medium used by the interface. When desele cted, the network type is eq ui valent to the def ault me[...]

K-243 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence OSPF Process Policy Page OSPF Process Policy Page OSPF is an interior gate way routing prot ocol that uses link states instead of distance vectors for path selection. O SPF propagates link-state adv ertisements (LSAs) instead of routin[...]

Appendix K Router Platform User Interface Reference OSPF Process Policy Page K-244 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Navigation Path Go to the OSPF Process Policy P age, page K-243 , then click the Setup tab . Related Topics • Defining OSPF Process Setti ngs, page 15-193 • OSPF Process Page—Area T ab, page K-247 • OSPF[...]

K-245 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence OSPF Process Policy Page OSPF Setup Dialog Box Use the OSPF Setup dialog box to add or edit an OSPF process. Navigation Path Go to the OSPF Process Page—Setup T ab, page K-243 , then clic k the Add or Edit but ton beneath the table. [...]

Appendix K Router Platform User Interface Reference OSPF Process Policy Page K-246 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Edit Interfaces Dialog B ox—OSPF Passive Interfaces When you configure an OSPF routing polic y on a Cisco IOS router, use the Edit Interfaces dial og box to specify which inte rfaces wi ll not send updates to [...]

K-247 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence OSPF Process Policy Page OSPF Process Page—Area Tab Use the OSPF Area tab to create, edit, an d delete the ar eas an d networks cont ained in each OSPF process. This in cludes selecting the type of authent ication used by each ar ea.[...]

Appendix K Router Platform User Interface Reference OSPF Process Policy Page K-248 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Ti p T o choose which co lumns to display in the t a ble, right-click a column h eader , then select Show Columns . F or more information about table disp lay options, see T able Columns and Column Heading F eat[...]

K-249 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence OSPF Process Policy Page OSPF Process Page—Redistribution Tab Use the OSPF Process Redistribu tion ta b to create, edit, and delete OSPF redistrib ution mappings. This includes def ining the maximum number of routes that can be redis[...]

Appendix K Router Platform User Interface Reference OSPF Process Policy Page K-250 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Field Reference T able K-1 16 OSPF Pr ocess Redistr ibution T ab Element Description OSPF Redistrib ution Mapping T able Filter Enables you to f ilter the information displayed i n the table. For more informatio[...]

K-251 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence OSPF Process Policy Page Ti p T o choose which co lumns to display in the t a ble, right-click a column h eader , then select Show Columns . F or more information about table disp lay options, see T able Columns and Column Heading F ea[...]

Appendix K Router Platform User Interface Reference OSPF Process Policy Page K-252 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Field Reference T able K-1 17 OSPF Redistr ibution Mapping Dialog Box Element Description Process ID The OSPF process into which other routes are being redistrib uted. Y ou must select a process ID number fro m [...]

K-253 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence OSPF Process Policy Page Protocol to Redist ribute (continued) • OSPF—Redistrib utes a different OSPF pr ocess. Y ou can define a single mapping for each process. Select a process from the displayed list, t hen select one or more m[...]

Appendix K Router Platform User Interface Reference OSPF Process Policy Page K-254 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 OSPF Max Prefix Mapping Dialog Box Use the OSPF Max Prefix Ma pping dialog box to add or edit the maximum number of routes that can be re distrib u ted into an OSPF process. Navigation Path Go to the OSPF Proces[...]

K-255 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence RIP Routing Policy Page RIP Routing Policy Page RIP is a distance-v ector routing protocol th at uses h o p count as the metric for path selection. Security Man ager supports RIP v ersion 2 only , which includes support for neighbor au[...]

Appendix K Router Platform User Interface Reference RIP Routing Policy Page K-256 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Related Topics • Def ining RIP Setup P arameters, page 15-210 • RIP Page—Aut hentication T ab, page K-257 • RIP Page—Redistrib ution T ab, page K-260 • Supported IP Address F ormats, page 9-145 • Un[...]

K-257 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence RIP Routing Policy Page Edit Interfaces Dialog Box—RIP Passive Interfaces When you conf igure a RIP routing policy o n a Cisco IOS router , use the Edit Interfaces dial og box to specify which inte rfaces wi ll not send updates to th[...]

Appendix K Router Platform User Interface Reference RIP Routing Policy Page K-258 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Navigation Path Go to the RIP Routing Polic y Page, page K-255 , then cl ick the A uthentication tab . Related Topics • Def ining RIP Interf ace Authentication Set tings, page 15-211 • RIP Page—Setup T ab, [...]

K-259 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence RIP Routing Policy Page RIP Authentication Dialog Box Use the RIP Authentication dialog box to add or edit the neighbo r authentication properties of RIP interfaces. Navigation Path Go to the RIP Page—Authenti cation T ab, page K-257[...]

Appendix K Router Platform User Interface Reference RIP Routing Policy Page K-260 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 RIP Page—Redistribution Tab Use the RIP Redistrib u tion tab to vie w , create, edit, and delete redistribution settings when performi ng redistrib ution into an RIP routing domain. Note Y ou must de fine RIP s[...]

K-261 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence RIP Routing Policy Page Field Reference RIP Redistribution Mapping Dialog Box Use the RIP Redistrib ution Mapping dialog box to ad d or edit the properties of an RIP redistrib ution mapping. Navigation Path Go to the RIP Page—Redistr[...]

Appendix K Router Platform User Interface Reference RIP Routing Policy Page K-262 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Field Reference T able K-124 RIP Redistr ibution Mapping Dial og Box Element Description Protocol to Redistrib ute The routing protocol that i s being redistrib uted: • Static—Redistributes static routes. Y o[...]

K-263 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Static Routing Policy Page Static Routing Policy Page Use the Static Routing page to create, ed it, and delete static routes. For more informatio n, see Def ining Static Routes, page 15-215 . Navigation Path • ( De vice view ) Select[...]

Appendix K Router Platform User Interface Reference Static Routing Policy Page K-264 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Ti p T o choose which co lumns to display in the t a ble, right-click a column h eader , then select Show Columns . F or more information about table disp lay options, see T able Columns and Column Heading F e[...]

K-265 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Static Routing Policy Page Related Topics • Def ining Static Routes, page 15- 215 • Static Routing on Cisco IOS Routers, page 15-215 Field Reference T able K-126 Static Routing Dialog Bo x Element Description Destination Network Ad[...]

Appendix K Router Platform User Interface Reference Static Routing Policy Page K-266 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Forw arding (Ne xt Hop) The method of forward ing data to the destinati on network: • Forwarding Interf a ce—The router interf ace that forwards packets to the remote network. Enter the name of an inte rfa[...]

K-267 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01 Appendix K Router Platform User Interface Refer ence Static Routing Policy Page OK bu tton Saves you r changes locally on the cli ent and closes the dialog box. Note T o save your changes to the Security Manager serv er so that they are not lost when you lo g out or close your client, cl[...]

Appendix K Router Platform User Interface Reference Static Routing Policy Page K-268 User Guide for Cisco S ecurity Manager 3 .2 OL-16066-01[...]