Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipmentA9014CFD
12345678910
Cisco Aggregation Services Router (ASR) 901 Series Security Target
Page 10 of 50
1.3 TOE DESCRIPTION
This section provides an overview of the Cisco Aggregation Services Router (ASR) 901 Series
Target of Evaluation (TOE). This section also defines the TOE components included in the
evaluated configuration of the TOE. The TOE consists of a number of components including:
Chassis: The TOE chassis is designed for low power consumption, line rate performance
for all Layer 2 and Layer 3 interfaces, the different hardware models include A901-12C-
F-D, A901-12C-FT-D, A901-4C-F-D, A901-4C-FT-D, A901-6CZ-F-D, A901-6CZ-FT-
D, A901-6CZ-F-A, A901-6CZ-FT-A, A901-6CZ-FS-D, A901-6CZ-FS-A. There are
also flexible clocking options, and redundant power and cooling. The chassis is the
component of the TOE in which all other TOE components are housed.
Cisco IOS software is a Cisco-developed highly configurable proprietary operating
system that provides for efficient and effective routing and switching. Although IOS
performs many networking functions, this TOE only addresses the functions that provide
for the security of the TOE itself as described in Section 1.7 Logical Scope of the TOE
below.
1.4 TOE Evaluated Configuration
The TOE consists of one or more physical devices as specified in section 1.5 below and includes
the Cisco IOS software. The TOE has two or more network interfaces and is connected to at
least one internal and one external network. The Cisco IOS configuration determines how
packets are handled to and from the TOE’s network interfaces. The router configuration will
prioritize and process cell-site voice, data and signaling traffic for transport across the available
backhaul networks. Typically, packet flows are passed through the internetworking device and
forwarded to their configured destination. The TOE supports IPv4, IPv6, Open Shortest Path
First (OSPF), Border Gateway Protocol (BGP) and Intermediate System-to-Intermediate System
(IS-IS) routing, IPv4-to-IPv6 Multicast, MPLS, IPsec, Layer 2 Tunneling Protocol Version 3
(L2TPv3) and Bidirectional Forwarding Detection (BFD) protocols.
The TOE can optionally connect to an NTP server on its internal network for time services. Also,
if the ASR901 is to be remotely administered, then the management workstation station must be
connected to an internal network, SSHv2 must be used to connect to the TOE. A syslog server is
also used to store audit records. If these servers are used, they must be attached to the internal
(trusted) network. The internal (trusted) network is meant to be separated effectively from
unauthorized individuals and user traffic; one that is in a controlled environment where
implementation of security policies can be enforced.
The following figure provides a visual depiction of an example TOE deployment. The TOE
boundary is surrounded with a hashed red line.