Cisco 3270 Rugged Router Card

Table Of Contents

Cisco 3270 Rugged Router Card

Cisco 3270 Rugged Router Card Component Systems

Cisco 3270 Rugged Router Card Power Requirements

Hardware Encryption Processor

Ethernet Port Speed and Duplex Mode

Cisco 3270 Rugged Router Card Encryption Module

Security Engine Features

Temperature Sensor

Cisco 3270 Rugged Router Card MAC Address Allocation

Cisco 3270 Rugged Router Card

This chapter describes the features of the Cisco 3270 Rugged Router card. The Cisco 3270 Rugged Router card is the core component of a Cisco 3270 Mobile Access Router. It is compatible with other Cisco 3200 Series router mobile interface cards (MICs), such as the Wireless Mobile Interface Card (WMIC). The Cisco 3270 Rugged Router card is also available as a standalone router card (to be embedded into a third-party enclosure).

The Cisco 3270 Rugged Router card includes the host processor, memory, ports, and LED signals. Additional components provide power and link interfaces; for example, the Serial Mobile Interface Card (SMIC) provides the serial interfaces. The exact configuration of your router will vary, depending on how the device was configured by the vendor.

The Cisco 3270 Rugged Router card has the following features:

•Support for the PC/104-Plus form factor.

•Dual 32-bit PCI buses, one running at 66 MHz and the other at 25 MHz.

•256-MB, 64-bit, unbuffered, double data rate (DDR), synchronous DRAM.

•64-MB, 16-bit flash memory.

•Two Fast Ethernet ports with autonegotiation.

•Two Gigabit Ethernet port signal sets with autonegotiation; the router can be ordered with support for one fiber-optic port and one copper port, or with two copper ports.

•Console port signals, with modem flow control.

•Asynchronous EIA/ITA 232 serial port signals with 5V auxiliary power for GPS/AUX devices.

•Two USB 2.0 high-speed (480-Mbps) port signal sets.

•High-performance hardware encryption processor.

•Zeroization to clear up any trace of user data or binary code.

•Industrial-grade components that support local component ambient temperature ranges.¹

•An enhanced PCI-to-PCI bridge that supports asynchronous operation. The asynchronous bridge allows each port to run from a separate independent clock for the highest performance. A synchronous clock forces one side of the bridge to slow down to support a slow device on the other side of the bridge; asynchronous bridge clock domains can be arbitrarily different.

Note The Cisco 3270 router can be ordered with one Gigabit Ethernet copper interface and one fiber optic interface, or with two Gigabit Ethernet copper interfaces. The port configurations are not interchangeable.

The PCI bus connector supports communication between the Serial Mobile Interface Card (SMIC), the Fast Ethernet Switch Mobile Interface Card (FESMIC), and the Cisco 3270 Rugged Router card. The Wireless Mobile Interface Card (WMIC) communicates with the router through an internal Fast Ethernet port. The WMIC is configured through an independent console port; the card draws power only from the bus.

Note For detailed information about the Cisco 3270 Rugged Router card, such as header pin assignments, see the "Cisco 3200 Series Mobile Access Router Technical Reference" (OL-1927).

Cisco 3270 Rugged Router Card Component Systems

The industry-standard architecture (ISA) buses and peripheral component interconnect (PCI) buses on the Cisco 3200 Series Mobile Access Router cards provide power to the components on the cards. Both buses comply with the PC/104-Plus standard. The ISA bus allows PC/104-Plus ISA signals to pass through the card bus, but the Cisco cards do not use any of the signals.

The PCI bus signals allow the Cisco SMIC and FESMIC to communicate with the Cisco 3270 Rugged Router card. The WMIC draws power from the bus, but it does not communicate with the router through the buses. It communicates with the router through an internal Fast Ethernet port. Non-Cisco cards cannot communicate with the router over the PCI bus.

Caution If you add non-Cisco cards that generate signals on the PCI bus, the router might shut down. Please do not add non-Cisco cards that generate signals on the PCI bus.

Figure 2-1 shows the Cisco 3270 Rugged Router card header and bus locations.

Figure 2-1 Cisco 3270 Rugged Router Card Header and Bus Locations

1

Gigabit Ethernet 1 (fiber-optic or copper)

2

Gigabit Ethernet 0

3

Fast Ethernet 1

4

Fast Ethernet 0

5

USB ports and USB LEDs

6

PCI bus for future expansion

7

ISA bus

8

Jumper for optional Fast Ethernet 0¹

9

Optional Fast Ethernet 0

10

Multifunction (AUX, console, LED) header

11

GPIO² Zeroization pins and USB header

12

PCI bus

¹Factory set. Do not modify.

²General Purpose Input/Output.

Note The PC/104-Plus standard requires that the PCI bus and the ISA bus use keying features in the standard stacking headers to guarantee proper module installation. On the PCI bus, pin D30 is removed and the D30 opening is plugged. On the ISA bus, pin C19 and pin B10 are removed, and the C19 and B10 openings are plugged.

Cisco 3270 Rugged Router Card Power Requirements

The Cisco 3270 Rugged Router card uses +3.3 V, +5 V, and +12 V power sources. Typical power consumption is 20 W. The maximum calculated wattage is 26.5 W.

Table 2-1 Cisco 3270 Rugged Router Card Voltages

Voltage

Current

Power

+3.3 V

1.8 A

5.9 W

+5.0 V

4.0 A

20.0 W

+12.0 V

0.05 A

0.6 W

Power Connections (AUX)

The speed of the AUX port for the Cisco 3270 Rugged Router card can be configured as 2400, 4800, 9600, 19200, 38400, 57600, 115200, 230400, or 460800 bps. Use the line aux linenumber speed command to modify the speed of the port.

A +5V power supply is provided for devices connected to the AUX port. A Global Positioning System (GPS) modem is used as an example in this section. Typically the +5V power supply current to GPS modems should be limited to less than 200 mA.

Table 2-2 shows the pin assignments for power on the AUX port.

Table 2-2 Cisco 3270 Rugged Router Card Multifunction Header Pin Assignments for Power

Pin

Signal

Description

Function

9

GND

Ground

GND

26

+5 V

+5 V DC Power Supply

Power

Hardware Encryption Processor

The Cisco 3270 Rugged Router card integrated security engine (SEC 2.0) is optimized to handle all the algorithms associated with IPSec, Secure Sockets Layer (SSL)/Transport Layer Security (TLS), Secure Real-time Transport Protocol (SRTP), 802.11i, Internet SCSI (iSCSI), and Internet key exchange (IKE) processing. The security engine contains four crypto channels, a controller, and a set of crypto execution units (EUs).

The SEC can act as a master on the internal bus. This allows the SEC to alleviate the data movement bottleneck normally associated with slave-only cores. The host processor accesses the SEC through its device drivers, using system memory for data storage. The SEC resides in the peripheral memory map of the processor; therefore, when an application requires cryptographic functions, it creates descriptors for the SEC that define the cryptographic function to be performed and the location of the data.

The SEC bus-mastering capability permits the host processor to set up a crypto channel with a few short register writes, leaving the SEC to perform reads and writes on system memory to complete the required task.

The EUs are:

•Public Key Execution Unit (PKEU) supporting:

–RSA and Diffie-Hellman

–Programmable field size up to 2048 bits

–Elliptical curve cryptography

•Data Encryption Standard Execution Unit (DEU)

–Data Encryption Standard (DES)

–Triple Data Encryption Standard (3DES)

–Two-key (K1, K2) or three-key (K1, K2, K3)

–Ethernet Bundling Controller (EBC) and Cipher Block Chaining (CBC) modes for both DES and 3DES

• Advanced Encryption Standard Unit (AESU)

–Implements the Rinjdael symmetric key cipher

–Key lengths of 128, 192, and 256 bits

–ECB, CBC, CCM, and AES Counter Mode (a block cipher that encrypts 128-bit blocks of data at a time with a 128-bit encryption key)

•ARC Four execution unit (AFEU)

–A stream cipher compatible with the RC4 algorithm

–40- to 128-bit programmable key

•Message Digest Execution Unit (MDEU)

–Secure Hash Algorithm (SHA) with a 160-bit or 256-bit message digest

–Message Digest 5 (MD5) with a 128-bit message digest

–Hash-based Message Authentication Code (HMAC) with either algorithm

•Random Number Generator (RNG)

•Four crypto channels, each supporting multi command descriptor chains

–Static or dynamic assignment of crypto-execution units through an integrated controller

–Buffer size of 256 bytes for each EU, with flow control for large data sizes

Caution Zeroization is a feature that erases all potentially sensitive information from the router. It is disabled by default on the router. When Zeroization is not configured on the router, the AUX port functions as a modem port or a terminal port.

Zeroization is configured through the command-line interface (CLI), but it cannot be activated through the CLI. Zeroization is activated by actuating a custom switch connected to the GPIO pins or an actuator (such as a push button) that must be attached to the AUX port.

There is no way for the router to reliably determine whether a device attached to the AUX port is an actuator. Therefore, any device attached to the AUX port could potentially trigger declassification. When declassification is enabled through the CLI, we recommend that you do not use the AUX port for any function other than declassification.

Ethernet Port Speed and Duplex Mode

The router cannot automatically negotiate port speed and duplex mode unless the connecting port is configured speed auto, duplex auto, or no speed. If the port speed is set to a value other than auto, such as 10, 100, or 1000-Mbps, configure the remote link partner port to match the local settings; do not configure the link partner port to auto.

If a copper Gigabit Ethernet port speed is configured as 1000-Mbps, it must be configured as duplex auto mode; otherwise the link will not come up. We recommend that you use the speed auto command and duplex auto command to configure a Gigabit Ethernet port.

The fiber-optic Gigabit Ethernet port does not allow users to configure the mode as speed or duplex. The port speed and mode are determined by the SFP module.

Note Changing the Ethernet port speed and duplex mode configuration might shut down and reenable the interface during the reconfiguration.

The procedure to set the port speed for a copper Gigabit Ethernet port is as follows:

Command

Purpose

Step 1

Router(config)# interface GigabitEthernet slot/port

Selects the Ethernet port to be configured.

Step 2

Router(config-if)# speed {10 | 100 | 1000 | auto}

Sets the speed of the Ethernet interface.

Default

Router(config-if)# no speed

Reverts to the default configuration (speed auto). If you set the port speed to auto on a 10/100/1000-Mbps Ethernet port, speed is autonegotiated.

To set the mode on a copper Gigabit Ethernet port to duplex?

Command

Purpose

Step 1

Router(config)# interface GigabitEthernet slot/port

Selects the Ethernet port to be configured.

Step 2

Router(config-if)# duplex [auto | full | half]

Sets the duplex mode of the Ethernet port.

Default

Router(config-if)# no duplex

Reverts to the default configuration (duplex auto).

Note The Gigabit Ethernet optical fiber interface only supports full duplex mode; a Cisco IOS command to set the mode is not is supported.

Cisco 3270 Rugged Router Card Encryption Module

The integrated security engine (SEC 2.0) is optimized to handle all the algorithms associated with IP security (IPSec), Secure Sockets Layer (SSL)/Transport Layer Security (TLS), Secure Real-time Transport Protocol (SRTP), 802.11i, Internet Small Computer System Interface (iSCSI), and Internet Key Exchange (IKE) processing. The security engine contains four crypto channels, a controller, and a set of crypto execution units (EUs). The security engine can act as a master on the internal bus. This allows the security engine to alleviate the data movement bottleneck normally associated with slave-only cores.

The host processor accesses the security engine through device drivers, using system memory for data storage. The security engine resides in the peripheral memory map of the processor; therefore, when an application requires cryptographic functions, it simply creates descriptors for the security engine that define the cryptographic function to be performed and the location of the data.

The security engine bus-mastering capability permits the host processor to set up a crypto-channel with a few short register writes, leaving the security engine to perform reads and writes on system memory.

Security Engine Features

The execution units are:

•Public Key Execution Unit (PKEU) supporting the following:

–RSA and Diffie-Hellman

–Programmable field size up to 2048 bits

–Elliptic curve cryptography

•Data Encryption Standard Execution Unit (DEU)

–DES, 3DES

–Two key (K1, K2) or Three Key (K1, K2, K3)

–Electronic codebook (ECB) and cipher-block chaining (CBC) modes for both DES and 3DES

•Advanced Encryption Standard Unit (AESU)

–Implements the Rinjdael symmetric key cipher

–Key lengths of 128, 192, and 256 bits

–ECB, CBC, Counter with CBC-MAC (CCM), and Counter modes

•ARC Four execution unit (AFEU)

–Implements a stream cipher compatible with the RC4 algorithm

–40- to 128-bit programmable key

•Message Digest Execution Unit (MDEU)

–SHA-1 with 160-bit or 256-bit message digest

–MD5 with 128-bit message digest

–Keyed-Hash Message Authentication Code (HMAC) with either SHA or MD5 algorithm (HMAC-MD5 or HMAC-SHA)

•Random Number Generator (RNG)

•4 crypto channels, each supporting multicommand descriptor chains

–Static and/or dynamic assignment of crypto execution units through an integrated controller

–Buffer size of 256 bytes for each execution unit, with flow control for large data sizes

•256 (PBGA), 17x17 in., typical power 1.7 W

Temperature Sensor

A router equipped with the Cisco 3270 Rugged Router card includes a high-precision digital thermometer and thermostat (DS1631). The temperature is sampled every 30 seconds. A warning is sent to users by means of SNMP traps and by flashing the overtemperature LED if temperature falls below -40�C or exceeds +95�C until the temperature falls back to its normal range.

Note The signal and LED are available only on the Cisco 3270 Rugged Router card, not on the Cisco 3200 rugged enclosures.

Cisco 3270 Rugged Router Card MAC Address Allocation

Cisco 3270 Rugged Router card-equipped routers are allocated 37 MAC addresses, starting from the base MAC address. A card-equipped Cisco 3270 Rugged Router supports four interface ports. Fast Ethernet ports can be port 0 and 1. Gigabit Ethernet ports are port 2 and 3, depending on the router configuration.

The assignments for MAC addresses are as follows:

•Four MAC addresses for each of the for four Ethernet ports, offset 0 to 3 from the base MAC address.

•One switch virtual interface (SVI) for the FESMIC; offset 4 from the base MAC address.

•Thirty-two MAC addresses for FESMIC Spanning Tree Protocol (STP), offset 5 to 36 from the base MAC address.

¹Except optical small form-factor pluggable (SFP) modules. Optical SFPs have a temperature range of -40 to +85�C device temperature as opposed to local component ambient temperature.

1	Gigabit Ethernet 1 (fiber-optic or copper)	2	Gigabit Ethernet 0
3	Fast Ethernet 1	4	Fast Ethernet 0
5	USB ports and USB LEDs	6	PCI bus for future expansion
7	ISA bus	8	Jumper for optional Fast Ethernet 0¹
9	Optional Fast Ethernet 0	10	Multifunction (AUX, console, LED) header
11	GPIO² Zeroization pins and USB header	12	PCI bus

	Command	Purpose
Step 1	Router(config)# interface GigabitEthernet slot/port	Selects the Ethernet port to be configured.
Step 2	Router(config-if)# speed {10 \| 100 \| 1000 \| auto}	Sets the speed of the Ethernet interface.
Default	Router(config-if)# no speed	Reverts to the default configuration (speed auto). If you set the port speed to auto on a 10/100/1000-Mbps Ethernet port, speed is autonegotiated.