SERTIT, P.O. Box 14, N-1306 Bærum postterminal, NORWAY
Phone: +47 67 86 40 00 Fax: +47 67 86 40 09 E-mail: post@sertit.no Internet: www.sertit.no
Sertifiseringsmyndigheten for IT-sikkerhet Norwegian Certification Authority for IT Security
SERTIT-028 CR Certification Report
Issue 1.0 21 October 2011
ZXR10 3900 Series Switches Running the ZXROS Operating System
v4.08
CERTIFICATION REPORT - SERTIT STANDARD REPORT TEMPLATE SD 009 VERSION 2.0 13.09.2007
ZXR10 3900 Series Switches Running the
ZXROS Operating System Version v4.08
EAL3 +
Page 2 of 20 SERTIT-028 CR Issue 1.0
21 October 2011
ARRANGEMENT ON THE RECOGNITION OF COMMON CRITERIA CERTIFICATES IN
THE FIELD OF INFORMATION TECHNOLOGY SECURITY
SERTIT, the Norwegian Certification Authority for IT Security, is a member of the
above Arrangement and as such this confirms that the Common Criteria certificate
has been issued by or under the authority of a Party to this Arrangement and is the
Party’s claim that the certificate has been issued in accordance with the terms of
this Arrangement
The judgements contained in the certificate and Certification Report are those of
SERTIT which issued it and the Norwegian evaluation facility (EVIT) which carried
out the evaluation. There is no implication of acceptance by other Members of the
Agreement Group of liability in respect of those judgements or for loss sustained as
a result of reliance placed upon those judgements by a third party. *
* Mutual Recognition under the CC recognition arrangement applies to EAL 3 but not
to ALC_FLR.2
ZXR10 3900 Series Switches Running the
ZXROS Operating System Version v4.08
EAL3 +
SERTIT-028 CR Issue 1.0
21 October 2011
Page 3 of 20
Contents1 Certification Statement 5
2 Abbreviations 6
3 References 8
4 Executive Summary 9
4.1 Introduction 9
4.2 Evaluated Product 9
4.3 TOE scope 9
4.4 Protection Profile Conformance 9
4.5 Assurance Level 9
4.6 Security Policy 10
4.7 Security Claims 10
4.8 Threats Countered 10
4.9 Threats Countered by the TOE’s environment 10
4.10 Threats and Attacks not Countered 10
4.11 Environmental Assumptions and Dependencies 10
4.12 IT Security Objectives 11
4.13 Non-IT Security Objectives 11
4.14 Security Functional Requirements 12
4.15 Security Function Policy 13
4.16 Evaluation Conduct 13
4.17 General Points 13
5 Evaluation Findings 15
5.1 Introduction 16
5.2 Delivery 16
5.3 Installation and Guidance Documentation 16
5.4 Misuse 16
5.5 Vulnerability Analysis 16
5.6 Developer’s Tests 17
5.7 Evaluators’ Tests 17
6 Evaluation Outcome 18
6.1 Certification Result 18
6.2 Recommendations 18
Annex A: Evaluated Configuration 19
TOE Identification 19
TOE Documentation 20
TOE Configuration 20
Environmental Configuration 20
ZXR10 3900 Series Switches Running the
ZXROS Operating System Version v4.08
EAL3 +
Page 4 of 20 SERTIT-028 CR Issue 1.0
21 October 2011
ZXR10 3900 Series Switches Running the
ZXROS Operating System Version v4.08
EAL3 +
. .. .. .. . . . ..... " ......
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • 0 • • •
. . .. ... .. ..
• • • • • • • • • • • • • • • • • • • • • • • • • • • 0 •• , . . . • • • • • • • • • • • • • • • • • • • • • • • • • 0 • • • • •
• • • • • • • • • • • • • ' " • • • • • • • • • • " 0 • • • • • " • • • • • •
1 Certification Statement
ZTE Corporation ZXR10 3900 Series Switches Running the ZXROS Operating System is
the 3900 Series of ESS (Ethernet Service Switches) running the ZXROS Operating
System v4.08. An ESS enables the delivery of metro Ethernet services and high-
density service-aware Ethernet aggregation over IPI MPLS-based networks.
ZXR10 3900 Series Switches Running the ZXROS Operating System version v4.08 has
been evaluated under the terms of the Norwegian Certification Scheme for IT
Security and have met the Common Criteria Part 3 conformant requirements of
Evaluation Assurance Level EAL3 augmented with ALC_FLR.2 for the specified
Common Criteria Part 2 conformant functionality for the specified environment when
running on the platforms specified in Annex A.
Quality Assurance
Kjell W. Bergan
Head of SERTIT
21 October 2011
Approved
,-- - _......_-_.---~-----,----- - -
Author IKjar~a.n J~ger Kvassnes /11/
,....
1.... Certifier /1/~&"""""~V'-"LM'A
- - - - - - - + 1 - J - - - - - - - - I
!Quality Assurance Lars Borgos
IDate approved
SERTIT -028 CR Issue 1.0
21 October 2011
Page 5 of 20
ZXR10 3900 Series Switches Running the
ZXROS Operating System Version v4.08
EAL3 +
Page 6 of 20 SERTIT-028 CR Issue 1.0
21 October 2011
2 Abbreviations
ACL Access Control List
ATM Asynchronous Transfer Mode
BGP Border Gateway Protocol
CC Common Criteria for Information Technology Security Evaluation
CCRA Arrangement on the Recognition of Common Criteria Certificates in the
Field of Information Technology Security
CEM Common Methodology for Information Technology Security Evaluation
CLI Command Client Interface
DoS Denial of Service
CHAP Challenge Handshake Authentication Protocol
EAL Evaluation Assurance Level
EOR Evaluation Observation Report
ESS Ethernet Service Switches
ETR Evaluation Technical Report
EVIT Evaluation Facility under the Norwegian Certification Scheme f or IT
Security
EXIF External Interface
EWP Evaluation Work Plan
LAN Local Area Network
MAC Media Access Control
MPLS Multi-Protocol Label Switching
NTP Network Time Protocol
OAM Operational, Administration and Management
OSPF Open Shortest Path First
PAP Password Authentication Protocol
PoE Power over Ethernet
POC Point of Contact
QP Qualified Participant
RADIUS Remote Authentication Dial-In User Service
RFC Request for Comments
RIP Routing Information Protocol
ZXR10 3900 Series Switches Running the
ZXROS Operating System Version v4.08
EAL3 +
SERTIT-028 CR Issue 1.0
21 October 2011
Page 7 of 20
SERTIT Norwegian Certification Authority for IT Security
SNMP Simple Network Management Protocol
SPM Security Policy Model
SSH Secure Shell
ST Security Target
TACACS+ Terminal Access Controller Access Control System Plus
TCP Transmission Control Protocol
TOE Target of Evaluation
TSF TOE Security Functions
TSP TOE Security Policy
UDP User Datagram Protocol
VPN Virtual Private Network
QoS Quality of Service
ZXR10 3900 Series Switches Running the
ZXROS Operating System Version v4.08
EAL3 +
Page 8 of 20 SERTIT-028 CR Issue 1.0
21 October 2011
3 References
[1] Security Target, ZTE Corporation, ZXR10 3900 Series Switches Running the
ZXROS Operating System Security Target, Version R1.5, 2011/08/19 .
[2] Common Criteria Part 1, CCMB-2009-07-001, Version 3.1 R3, July 2009.
[3] Common Criteria Part 2, CCMB-2009-07-002, Version 3.1 R3, July 2009.
[4] Common Criteria Part 3, CCMB-2009-07-003, Version 3.1 R3, July 2009.
[5] The Norwegian Certification Scheme, SD001E, Version 8.0, 20 August 2010.
[6] Common Methodology for Information Technology Security Evaluation,
Evaluation Methodology, CCMB-2009-07-004, Version 3.1 R3, July 2009
[7] Evaluation Technical Report, Common Criteria EAL3+ Evaluation of ZXR10
3900 Series Switches running the ZXROS Operating System, version 1.1, 6
October 2011.
[8] Operational User Guidance ZTE 3900 Series Switches Running ZXROS
Operating System, version 1.9, 19 August 2011
[9] Preparative Procedures ZTE 3900 Series Switches Running ZXROS Operating
System, version 1.6, 20 June 2011
ZXR10 3900 Series Switches Running the
ZXROS Operating System Version v4.08
EAL3 +
SERTIT-028 CR Issue 1.0
21 October 2011
Page 9 of 20
4 Executive Summary
4.1 Introduction
This Certification Report states the outcome of the Common Criteria security
evaluation of ZXR10 3900 Series Switches Running the ZXROS Operating System
version v4.08 to the Sponsor, ZTE Corporation, and is intended to assist prospective
consumers when judging the suitability of the IT security of the product for their
particular requirements.
Prospective consumers are advised to read this report in conjunction with the
Security Target[1] which specifies the functional, environmental and assurance
evaluation requirements.
4.2 Evaluated Product
The version of the product evaluated was ZXR10 3900 Series Switches Running the
ZXROS Operating System version v4.08.
This product is also described in this report as the Target of Evaluation (TOE). The
developer was ZTE Corporation.
The TOE is a 3900 series ESS running the operating system ZXROS 4.08.
An ESS is a device with Layer-2 switch and offers Layer-3 capabilities. As a Layer 2
switch – it analyzes incoming frames, makes forwarding decisions based on
information contained in the frames, and forwards the frames toward the
destination. The layer-3 enabled switch supports routing of the traffic. ESSs may
create or maintain a table of the available routes and their conditions and use this
information along with distance and cost algorithms to determine the best route for
a given packet. Routing protocols include BGPv4, RIPv2 and OSPFv2.
Details of the evaluated configuration, including the TOE’s supporting guidance
documentation, are given in Annex A.
4.3 TOE scope
The TOE scope is described in the ST[1], chapter 1.4.
4.4 Protection Profile Conformance
The Security Target[1] did not claim conformance to any protection profile.
4.5 Assurance Level
The assurance incorporated predefined evaluation assurance level EAL3, augmented
with ALC_FLR.2. Common Criteria Part 3[4] describes the scale of assurance given by
predefined assurance levels EAL1 to EAL7. An overview of CC is given in CC Part 1 [2].
ZXR10 3900 Series Switches Running the
ZXROS Operating System Version v4.08
EAL3 +
Page 10 of 20 SERTIT-028 CR Issue 1.0
21 October 2011
4.6 Security Policy
The TOE security policies are detailed in ST[1], chapter 3.3
4.7 Security Claims
The Security Target[1] fully specifies the TOE’s security objectives, the threats which
these objectives meet and security functional requirements and security functions to
elaborate the objectives. All of the SFR’s are taken from CC Part 2[3]; use of this
standard facilitates comparison with other evaluated products.
4.8 Threats Countered
 Actions performed by users may not be known to the administrators due to
actions not being recorded or the audit records not being reviewed prior to
the machine shutting down, or an unauthorized administrator modifies or
destroys audit data.
 An unauthorized user may gain access to inappropriately view, tamper, modify,
or delete TOE Security Functionality data
 An unauthorized entity may send impermissible information through the TOE
which results in the exploitation of resources on the network
 A user may gain unauthorized access to an unattended session and alter the
TOE security configuration
 An unauthorized user gains management access to the TOE and alter the TOE
security configuration
4.9 Threats Countered by the TOE’s environment
There are no threats countered by the TOE’s environment.
4.10 Threats and Attacks not Countered
No threats or attacks that are not countered are described
4.11 Environmental Assumptions and Dependencies
 The authorized administrators are not careless, wilfully negligent, or hostile,
and will follow and abide by the instructions provided by the TOE
documentation, including the administrator guidance; however, they are
capable of error. The administrators are trained in the appropriate use of the
TOE
 All TOE external interfaces except for the network traffic/data interface are
attached to the internal (trusted) network. This includes:
[1] RADIUS, TACACS+ server interface (optional)
[2] SNMP/SYSLOG interface (required)
[3] NTP interface (required)
[4] SSH interface for remote client (at least one of the local or remote
administration client is required)
ZXR10 3900 Series Switches Running the
ZXROS Operating System Version v4.08
EAL3 +
SERTIT-028 CR Issue 1.0
21 October 2011
Page 11 of 20
 The TOE will be located in an environment that provides physical security to
prevent unauthorized physical access, commensurate with the value of the IT
assets protected by the TOE and uninterruptible power, temperature control
required for reliable operation
 External NTP services will be available
4.12 IT Security Objectives
 The TOE will provide the privileged administrators and authentication
administrators the capability to review Audit data and will restrict audit
review to administrators who have been granted explicit read-access. The TOE
will generate audit records which will include the time that the event
occurred and the identity of the administrator performing the event.
 The TOE must provide services that allow effective management of its
functions and data and restrict access to the TOE Management functions to
the privileged administrators and authentication administrators.
 The TOE must uniquely identify and authenticate the claimed identity of all
administrative users before granting management access.
 The TOE shall control the flow of information among its network connections
according to routing rules and BGPv4/OSPFv2/RIPv2 routing protocols which
prevent the communication with trusted routers from modification, insertion
and replay errors.
 The TOE will provide mechanisms that control an administrator’s logical access
to the TOE and to deny access to unattached session to configure the TOE.
 The TOE shall be able to accept routing data from trusted routers according to
BGPv4/OSPFv2/RIPv2.
4.13 Non-IT Security Objectives
 NTP server must be available to provide accurate/synchronized time services to
the TOE.
 All TOE external interfaces except for the network traffic/data interface are
attached to the internal (trusted) network. This includes:
[1] RADIUS, TACACS+ server interface (optional)
[2] SNMP, SYSLOG interface (required)
[3] NTP interface (required)
[4] SSH interface for remote client (at least one of the local or remote
administration client is required)
 The authorized administrators are not careless, willfully negligent, or hostile,
and will follow and abide by the instructions provided by the TOE
documentation, including the administrator guidance; however, they are
capable of error. The administrators are trained in the appropriate use of the
TOE.
 The operational environment provides the TOE with appropriate physical
security to prevent unauthorized physical access,
 commensurate with the value of the IT assets protected by the TOE and
uninterruptible power, temperature control required for reliable operation.
ZXR10 3900 Series Switches Running the
ZXROS Operating System Version v4.08
EAL3 +
Page 12 of 20 SERTIT-028 CR Issue 1.0
21 October 2011
 All administrators are assessed for their trustworthiness, and administrator
connectivity to the TOE is restricted. Non-administrative entities may have
their packets routed by the TOE, but that is the extent of their authorization
to the TOE's resources.
 The SYSLOG/SNMP server will provide the privileged administrators and
authentication administrators the capability to review Audit data stored in the
log servers and will restrict audit review to administrators who have been
granted explicit read-access.
4.14 Security Functional Requirements
The TOE provides security functions to satisfy the following Security Functional
Requirements (SFRs):
 FAU_GEN.1 Audit data generation
 FAU_GEN.2 User identity association
 FAU_SAR.1 Audit review
 FAU_STG.1 Protected audit trail storage
 FAU_STG.4 Prevention of audit data loss
 FDP_IFC.1(1) Subset information flow control (unauthenticated policy)
 FDP_IFF.1(1) Simple security attributes (unauthenticated policy)
 FDP_IFC.1(2) Subset information flow control (export policy)
 FDP_IFF.1(2) Simple security attributes (export policy)
 FDP_UIT.1 Data exchange integrity
 FIA_AFL.1 Authentication failure handling
 FIA_SOS.1 Verification of secrets
 FIA_UAU.2 User authentication before any action
 FIA_UAU.5 Multiple authentication mechanisms
 FIA_UID.2 User identification before any action
 FMT_MOF.1 Management of security functions behaviour
 FMT_MSA.1 Management of security attributes
 FMT_MSA.3 Static attribute initialization
 FMT_MTD.1(1) Management of TSF data
 FMT_MTD.1(2) Management of TSF data
 FMT_MTD.1(3) Management of TSF data
 FMT_MTD.1(4) Management of TSF data
 FMT_SMF.1 Specification of management functions
 FMT_SMR.1 Security roles
 FTA_SSL.3 TSF-initiated termination
 FTA_TSE.1 TOE session establishment
 FTP_ITC.1(1) Trusted channel for SSH client
 FTP_ITC.1(2) Trusted channel for RADIUS/TACACS+ server
 FTP_ITC.1(3) Trusted channel for NTP
ZXR10 3900 Series Switches Running the
ZXROS Operating System Version v4.08
EAL3 +
SERTIT-028 CR Issue 1.0
21 October 2011
Page 13 of 20
4.15 Security Function Policy
The TOE provides:
 Handling of packet flows using the RIPv2, OSPFv2, and BGPv4 protocols
 Local and remote administration
 Authentication, either in the TOE or through TACACS+ or RADIUS.
 Administrator Profiles to permit or deny access to a hierarchical branch or
specific commands.
 Audit functions
 Management and configuration of the TOE
 Mitigation of DoS attacks
4.16 Evaluation Conduct
The evaluation was carried out in accordance with the requirements of the
Norwegian Certification Scheme for IT Security as described in SERTIT Document
SD001E[5]. The Scheme is managed by the Norwegian Certification Authority for IT
Security (SERTIT). As stated on page 2 of this Certification Report, SERTIT is a
member of the Arrangement on the Recognition of Common Criteria Certificates in
the Field of Information Technology Security (CCRA), and the evaluation was
conducted in accordance with the terms of this Arrangement.
The purpose of the evaluation was to provide assurance about the effectiveness of
the TOE in meeting its Security Target[1], which prospective consumers are advised to
read. To ensure that the Security Target[1] gave an appropriate baseline for a CC
evaluation, it was first itself evaluated. The TOE was then evaluated against this
baseline. Both parts of the evaluation were performed in accordance with CC Part
3[4] and the Common Evaluation Methodology (CEM) [6].
SERTIT monitored the evaluation which was carried out by the Brightsight B.V.
Commercial Evaluation Facility (CLEF/EVIT). The evaluation was completed when the
EVIT submitted the final Evaluation Technical Report (ETR)[7] to SERTIT in 2 August
2011. SERTIT then produced this Certification Report.
4.17 General Points
The evaluation addressed the security functionality claimed in the Security Target[1]
with reference to the assumed operating environment specified by the Security
Target[1]. The evaluated configuration was that specified in Annex A. Prospective
consumers are advised to check that this matches their identified requirements and
give due consideration to the recommendations and caveats of this rep ort.
Certification does not guarantee that the IT product is free from security
vulnerabilities. This Certification Report and the belonging Certificate only reflect
the view of SERTIT at the time of certification. It is furthermore the responsibility of
users (both existing and prospective) to check whether any security vulnerabilities
have been discovered since the date shown in this report. This Certification Report is
not an endorsement of the IT product by SERTIT or any other organization that
recognizes or gives effect to this Certification Report, and no warranty of the IT
ZXR10 3900 Series Switches Running the
ZXROS Operating System Version v4.08
EAL3 +
Page 14 of 20 SERTIT-028 CR Issue 1.0
21 October 2011
product by SERTIT or any other organization that recognizes or gives effect to this
Certification Report is either expressed or implied.
ZXR10 3900 Series Switches Running the
ZXROS Operating System Version v4.08
EAL3 +
SERTIT-028 CR Issue 1.0
21 October 2011
Page 15 of 20
5 Evaluation Findings
The evaluators examined the following assurance classes and components taken from
CC Part 3[4]. These classes comprise the EAL 3 assurance package augmented with
ALC_FLR.2.
Assurance class Assurance components
Development ADV_ARC.1 Security architecture description
ADV_FSP.3 Functional specification with complete
summary
ADV_TDS.2 Architectural design
Guidance documents AGD_OPE.1 Operational user guidance
AGD_PRE.1 Preparative procedures
Life-cycle support ALC_CMC.3 Authorisation controls
ALC_CMS.3 Implementation representation CM
coverage
ALC_DEL.1 Delivery procedures
ALC_DVS.1 Identification of security measures
ALC_FLR.2 Flaw reporting procedures
ALC_LCD.1 Developer defined life-cycle model
Security Target
evaluation
ASE_CCL.1 Conformance claims
ASE_ECD.1 Extended components definition
ASE_INT.1 ST introduction
ASE_OBJ.2 Security objectives
ASE_REQ.2 Derived security requirements
ASE_SPD.1 Security problem definition
ASE_TSS.1 TOE summary specification
Tests ATE_COV.2 Analysis of coverage
ATE_DPT.1 Testing: basic design
ATE_FUN.1 Functional testing
ATE_IND.2 Independent testing – sample
Vulnerability assessment AVA_VAN.2 Vulnerability analysis
All assurance classes were found to be satisfactory and were awarded an overall
“pass” verdict.
ZXR10 3900 Series Switches Running the
ZXROS Operating System Version v4.08
EAL3 +
Page 16 of 20 SERTIT-028 CR Issue 1.0
21 October 2011
5.1 Introduction
The evaluation addressed the requirements specified in the Security Target [1]. The
results of this work were reported in the ETR[7] under the CC Part 3[4] headings. The
following sections note considerations that are of particular relevance to either
consumers or those involved with subsequent assurance maintenance and re -
evaluation of the TOE.
5.2 Delivery
On receipt of the TOE, the consumer is recommended to check that the evaluated
version has been supplied, and to check that the security of the TOE has not been
compromised in delivery.
5.3 Installation and Guidance Documentation
Installation of the TOE must be performed completely in accordance with the
guidance in the Operational User Guidance[8] and Preparative Procedures[9]
documents provided by the developer.
These documents are a collection of all security relevant operations and settings that
must be observed to ensure that the TOE operates in a secure manner.
5.4 Misuse
There is always a risk of intentional and unintentional misconfigurations that could
possibly compromise confidential information. Developers should follow the guidance
for the TOE in order to ensure that the TOE operates in a secure manner.
The guidance documents adequately describe the mode of operation of the TOE, all
assumptions about the intended environment and all requirements for external
security. Sufficient guidance is provided for the consumer to effectively use the TOE’s
security functions.
5.5 Vulnerability Analysis
The Evaluators’ vulnerability analysis was based on both public domain sources and
the visibility of the TOE given by the evaluation process.
The TOE are substantially similar to other router/switches on the market. This
technology is well-established. The technology and possible vulnerabilities are
described in a series of public documents.
The evaluators assessed all possible vulnerabilities found during evaluation. This
resulted in a shortlist with a number of possible vulnerabilities to be tested. The
evaluators assessed which potential vulnerabilities were already tested by the
developer and assessed the results. The remaining potential vulnerabilities where
tested by the evaluator.
ZXR10 3900 Series Switches Running the
ZXROS Operating System Version v4.08
EAL3 +
SERTIT-028 CR Issue 1.0
21 October 2011
Page 17 of 20
5.6 Developer’s Tests
The testing results from the developer show that the TOE exhibits the expected
behaviour at TSFI and SFR enforcing module level. The developers test specification
are directly linked to its corresponding functional specification, and passing one test
shows that that specific functional specification works according to the
documentation.
The developer test effort is considered already fairly complete. Any major missing
features reported by the evaluators are added to the developer test set. Nevertheless
the evaluator has defined 8 additional tests.
In May 2011 tests on a preliminary version of the TOE are performed at the premises
of Brightsight. Subsequently the evaluator has witnessed tests of similar TOEs at the
site of ZTE in Nanjing, China from 7 – 10 June 2011. During the tests the evaluator
has extended some tests to create more variety in the tests. As a last step the
evaluators have tested the final TOE at the premises of Brightsight, in July 2011.
5.7 Evaluators’ Tests
For independent testing, the evaluator has chosen to perform some additional testing
although the developer’s testing was extensive but some additional assurance could
be gained by additional testing.
For independent testing, the evaluator has repeated 11 of the 40 developer's tests.
For each of the TSFI available one test was performed.
ZXR10 3900 Series Switches Running the
ZXROS Operating System Version v4.08
EAL3 +
Page 18 of 20 SERTIT-028 CR Issue 1.0
21 October 2011
6 Evaluation Outcome
6.1 Certification Result
After due consideration of the ETR[7], produced by the Evaluators, and the conduct
of the evaluation, as witnessed by the Certifier, SERTIT has determined that ZXR10
3900 Series Switches Running the ZXROS Operating System version v4.08 meet the
Common Criteria Part 3 conformant requirements of Evaluation Assurance Level EAL3
augmented with ALC_FLR.2 for the specified Common Criteria Part 2 conformant
functionality, in the specified environment, when running on platforms specified in
Annex A.
6.2 Recommendations
Prospective consumers of ZXR10 3900 Series Switches Running the ZXROS Operating
System version v4.08 should understand the specific scope of the certification by
reading this report in conjunction with the Security Target [1]. The TOE should be
used in accordance with a number of environmental considerations as specified in
the Security Target.
Only the evaluated TOE configuration should be installed. This is specified in Annex A
with further relevant information given above under Section 4.3 “TOE Scope” and
Section 5 “Evaluation Findings”.
The TOE should be used in accordance with the supporting guidance documentation
included in the evaluated configuration.
ZXR10 3900 Series Switches Running the
ZXROS Operating System Version v4.08
EAL3 +
SERTIT-028 CR Issue 1.0
21 October 2011
Page 19 of 20
Annex A: Evaluated Configuration
TOE Identification
The TOE consists of ZXR10 3900 Series Switches running the ZXROS v4.08
The ZXR 3900 series consists of the ESSs as listed below. The major difference
between models is the type, capacity and number of the physical interfaces. No other
hardware requirements are applicable.
SERIES MODEL INTERFACE DESCRIPTION TYPE
39A Series
3928A
24 x 100Mbps Base-T
2 x 1Gbps Optical Ethernet (SFP)
1 x Line Cards* (optional)
1 x RJ-45 Ethernet management port
1 x RS232 console port
ESS
3928A-FI
24 x 100Mbps Optical Ethernet (SFP)
2 x 1Gbps Optical Ethernet (SFP)
1 x Line Cards* (optional)
1 x RJ-45 Ethernet management port
1 x RS232 console port
3928A-PS
24 x 100Mbps Base-T (PoE)
2 x 1Gbps Optical Ethernet (SFP)
1 x Line Cards* (optional)
1 x RJ-45 Ethernet management port
1 x RS232 console port
3952A
48 x 100Mbps Optical Ethernet (SFP)
4 x 1Gbps Optical Ethernet (SFP)
1 x RJ-45 Ethernet management port
1 x RS232 console port
*Line Card: there are 4 kinds of line card supported
2 x 1Gbps Base-X
2 x 1Gbps Optical Ethernet (SFP)
1 x 1Gbps Base-X + 1 x 1Gbps Optical Ethernet (SFP)
2 x 100Mbps Optical Ethernet (SFP)
39E Series
3928E 24 x 100Mbps Base-T
4 x 1Gbps Optical Ethernet (QGLB)/ Electrical Ethernet
(QGTB)
1 x RJ-45 Ethernet management port
1 x RS232 console port
ESS
3928E-FI 24 x 100Mbps Optical Ethernet (SFP)
4 x 1Gbps Optical Ethernet (QGLB)/ Electrical Ethernet
(QGTB)
1 x RJ-45 Ethernet management port
1 x RS232 console port
3952E 16 x 100Mbps Optical Ethernet (SFP)
4 x 8 x 100Mbps Base-T/Optical Ethernet (SFP) (4 line
card)
4 x 1Gbps Optical Ethernet (QGLB)/ Electrical Ethernet
(QGTB)
1 x RJ-45 Ethernet management port
1 x RS232 console port
ZXR10 3900 Series Switches Running the
ZXROS Operating System Version v4.08
EAL3 +
Page 20 of 20 SERTIT-028 CR Issue 1.0
21 October 2011
TOE
Ports
Serial
Management
PC with tools PC to route to
SSH Serial
Route Route
TOE Documentation
The supporting guidance documents evaluated were:
[a] Operational User Guidance ZTE 3900 Series Switches Running ZXROS
Operating System, version 1.9, 19 August 2011
[b] Preparative Procedures ZTE 3900 Series Switches Running ZXROS Operating
System, version 1.6, 20 June 2011
Further discussion of the supporting guidance material is given in Section 5.3
“Installation and Guidance Documentation”.
TOE Configuration
The TOE was tested on a representative ESS from the 3900 Series, the 3928A.
ZXR10_3928E Software, Version ZXR10 3900E&3900A&3200A V2.8.23.B2.06.P08.IT01,
RELEASE SOFTWARE
ZXR10 ROS Version V4.08
Compiled May 26 2011, 19:33:19
Environmental Configuration
The TOE is tested in the following test set-up.