Cisco CISCO851-K9 - 851 Integrated Services Router Configuration Manual
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Network Router
  5. 851-K9 - 851 Integrated Services Router
  6. Configuration manual

Cisco CISCO851-K9 - 851 Integrated Services Router Configuration Manual

Access routers
Hide thumbs
Table of Contents

Advertisement

Quick Links

Cisco 850 Series and Cisco 870 Series
Access Routers Software

Configuration Guide

Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Text Part Number: OL-5332-01

Advertisement

Table of Contents
loading

Related Manuals for Cisco CISCO851-K9 - 851 Integrated Services Router

Summary of Contents for Cisco CISCO851-K9 - 851 Integrated Services Router

  • Page 1: Configuration Guide

    Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Text Part Number: OL-5332-01...
  • Page 2 OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CCSP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.;...

  • Page 3: Table Of Contents

    Verifying Your Configuration Configuring Command-Line Access to the Router Configuration Example Configuring Static Routes Configuration Example Verifying Your Configuration Configuring Dynamic Routes Configuring RIP Configuration Example Verifying Your Configuration Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...
  • Page 4 Assign a Switch Port to a VLAN Verify Your VLAN Configuration Configuring a VPN Using Easy VPN and an IPSec Tunnel C H A P T E R Configure the IKE Policy Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...
  • Page 5 Configure Bridging on VLANs Configure Radio Station Subinterfaces Configuration Example Sample Configuration C H A P T E R Configuring Additional Features and Troubleshooting P A R T Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...
  • Page 6 Troubleshooting C H A P T E R Getting Started Before Contacting Cisco or Your Reseller ADSL Troubleshooting SHDSL Troubleshooting ATM Troubleshooting Commands ping atm interface Command Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...
  • Page 7 Command-Line Error Messages Saving Configuration Changes Summary Where to Go Next Concepts A P P E N D I X ADSL SHDSL Network Protocols Routing Protocol Options Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...
  • Page 8 Disaster Recovery with TFTP Download TFTP Download Command Variables Required Variables Optional Variables Using the TFTP Download Command Configuration Register Changing the Configuration Register Manually Changing the Configuration Register Using Prompts Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...
  • Page 9 Console Download Command Description Error Reporting Debug Commands Exiting the ROM Monitor Common Port Assignments A P P E N D I X N D E X Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...
  • Page 10 Contents Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 11: Preface

    You can use this guide in the following situations: You have configured the software by using the Cisco Router Web Setup tool, and you want to • configure additional advanced software features by using the command-line interface (CLI).
  • Page 12 Chapter 6, “Configuring a VPN Using Easy VPN and an IPSec Tunnel”—Provides instructions on • how to configure a virtual private network (VPN) with a secure IP tunnel using the Cisco Easy VPN. Chapter 7, “Configuring VPNs Using an IPSec Tunnel and Generic Routing •...

  • Page 13: Notes, Cautions, And Timesavers

    Control key while you press the D key. Examples of information displayed on the screen. screen font Examples of information that you must enter. boldface screen font Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 14: Related Documents

    Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html...
  • Page 15 A R T Getting Started...

  • Page 17: Basic Router Configuration

    C H A P T E R Basic Router Configuration This chapter provides procedures for configuring the basic parameters of your Cisco router, including global parameter settings, routing protocols, interfaces, and command-line access. It also describes the default configuration on startup.

  • Page 18: Viewing The Default Configuration

    ISDN S/T Viewing the Default Configuration When you first boot up your Cisco router, some basic configuration has already been performed. All of the LAN and WAN interfaces have been created, console and VTY ports are configured, and the inside interface for Network Address Translation has been assigned.

  • Page 19: Chapter 1 Basic Router Configuration

    0 transport preferred all transport output all line vty 0 4 login transport preferred all transport input all transport output all Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...
  • Page 20 Annex A (North America) or Annex B (Europe). Once you have collected the appropriate information, you can perform a full configuration on your router, beginning with the tasks in the “Configuring Basic Parameters” section. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 21: Configuring Basic Parameters

    (typos) into IP addresses. Example: Router(config)# no ip domain-lookup Router(config)# For complete information on the global parameter commands, see the Cisco IOS Release 12.3 documentation set. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 22: Configure Fast Ethernet Lan Interfaces

    Chapter 5, “Configuring a LAN with DHCP and VLANs.” Configure WAN Interfaces The Cisco 851 and Cisco 871 routers each have one Fast Ethernet interface for WAN connection. The Cisco 857, Cisco 877, and Cisco 878 routers each have one ATM interface for WAN connection.

  • Page 23: Configure The Atm Wan Interface

    Basic Router Configuration Configuring Basic Parameters Configure the ATM WAN Interface This procedure applies only to the Cisco 857, Cisco 876, Cisco 877 and Cisco 878 models. Perform these steps to configure the ATM interface, beginning in global configuration mode: Command...

  • Page 24: Configuring A Loopback Interface

    The loopback interface acts as a placeholder for the static IP address and provides default routing information. For complete information on the loopback commands, see the Cisco IOS Release 12.3 documentation set. Perform these steps to configure a loopback interface:...

  • Page 25: Verifying Your Configuration

    This example specifies a console terminal for Router(config)# line console 0 access. Router(config)# Step 2 password password Specifies a unique password for the console terminal line. Example: Router(config)# password 5dr4Hepw3 Router(config)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...
  • Page 26 Exits line configuration mode, and returns to privileged EXEC mode. Example: Router(config)# end Router# For complete information about the command line commands, see the Cisco IOS Release 12.3 documentation set. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 1-10 OL-5332-01...

  • Page 27: Configuring Static Routes

    Example: Router(config)# end Router# For complete information on the static routing commands, see the Cisco IOS Release 12.3 documentation set. For more general information on static routing, see Appendix B, “Concepts.” Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide...

  • Page 28: Configuring Dynamic Routes

    Changes in dynamic routes are shared with other routers in the network. The Cisco routers can use IP routing protocols, such as Routing Information Protocol (RIP) or Enhanced Interior Gateway Routing Protocol (EIGRP), to learn routes dynamically. You can configure either of these routing protocols on your router.

  • Page 29: Configuring Rip

    Example: Router(config-router)# end Router# For complete information on the dynamic routing commands, see the Cisco IOS Release 12.3 documentation set. For more general information on RIP, see Appendix B, “Concepts.” Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide...

  • Page 30: Configuring Enhanced Igrp

    EIGRP on the router. The autonomous-system number identifies the route to other EIGRP routers Example: and is used to tag the EIGRP information. Router(config)# router eigrp 109 Router(config)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 1-14 OL-5332-01...

  • Page 31: Configuration Example

    EXEC mode. Example: Router(config-router)# end Router# For complete information on the IP EIGRP commands, see the Cisco IOS Release 12.3 documentation set. For more general information on EIGRP concepts, see Appendix B, “Concepts.” Configuration Example The following configuration example shows the EIGRP routing protocol enabled in IP networks 192.145.1.0 and 10.10.12.115.
  • Page 32 Chapter 1 Basic Router Configuration Configuring Enhanced IGRP Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 1-16 OL-5332-01...

  • Page 33: Configuring Your Router For Ethernet And Dsl Access

    A R T Configuring Your Router for Ethernet and DSL Access...

  • Page 35: Chapter 2 Sample Network Deployments

    The Cisco 851 and Cisco 871 router models can be used in the Ethernet-based scenarios and the Cisco 857, Cisco 876, Cisco 877, and Cisco 878 router models can be used in the DSL-based scenarios.
  • Page 36 Chapter 2 Sample Network Deployments Chapter 7, “Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation” • Chapter 8, “Configuring a Simple Firewall” • Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...
  • Page 37 Point at which NAT occurs Fast Ethernet WAN interface (outside interface for NAT) Cable modem or other server (for example, a Cisco 6400 server) that is connected to the Internet PPPoE session between the client and a PPPoE server Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide...

  • Page 38: Configure The Virtual Private Dialup Network Group Number

    Ethernet interface, but each session must use a separate dialer interface and a separate dialer pool. A PPPoE session is initiated on the client side by the Cisco 850 or Cisco 870 series router.An established PPPoE client session can be terminated in one of two ways: By entering the clear vpdn tunnel pppoe command.

  • Page 39: Configure The Fast Ethernet Wan Interfaces

    Router(config)# Configure the Fast Ethernet WAN Interfaces In this scenario, the PPPoE client (your Cisco router) communicates over a 10/100 Mbps-Ethernet interface on both the inside and the outside. Perform these steps to configure the Fast Ethernet WAN interfaces, starting in global configuration...

  • Page 40: Configure The Dialer Interface

    Router(config-if)# ip mtu 1492 Router(config-if)# Step 4 encapsulation encapsulation-type Sets the encapsulation type to PPP for the data packets being transmitted and received. Example: Router(config-if)# encapsulation ppp Router(config-if)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...
  • Page 41 For details about this command and additional Example: parameters that can be set, see the Cisco IOS IP Router(config)# ip route 10.10.25.2 Command Reference, Volume 2; Routing 255.255.255.255 dialer 0 Protocols. Router(config)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 42: Configure Network Address Translation

    Router(config-if)# about enabling static translation, see the Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and Services. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...
  • Page 43 If you want to use NAT with a virtual-template interface, you must configure a loopback interface. See Note Chapter 1, “Basic Router Configuration,” for information on configuring a loopback interface. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 44: Configuration Example

    Chapter 3 Configuring PPP over Ethernet with NAT Configuration Example For complete information on the NAT commands, see the Cisco IOS Release 12.3 documentation set. For more general information on NAT concepts, see Appendix B, “Concepts.” Configuration Example The following configuration example shows a portion of the configuration file for the PPPoE scenario described in this chapter.

  • Page 45: Verifying Your Configuration

    CEF Translated packets: 0, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source [Id: 1] access-list 1 interface Dialer0 refcount 0 Queued Packets: 0 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...
  • Page 46 Chapter 3 Configuring PPP over Ethernet with NAT Configuration Example Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 3-10 OL-5332-01...

  • Page 47: Chapter 4 Configuring Ppp Over Atm With Nat

    C H A P T E R Configuring PPP over ATM with NAT The Cisco 857, Cisco 876, Cisco 877, and Cisco 878 access routers support Point-to-Point Protocol over Asynchronous Transfer Mode (PPPoA) clients and network address translation (NAT). Multiple PCs can be connected to the LAN behind the router. Before traffic from the PCs is sent to the PPPoA session, it can be encrypted, filtered, and so forth.
  • Page 48 ATM interface, but each session must use a separate dialer interface and a separate dialer pool. A PPPoA session is initiated on the client side by the Cisco 850 or Cisco 870 series router. NAT (represented as the dashed line at the edge of the Cisco router) signifies two addressing domains and the inside source address.

  • Page 49: Configure The Dialer Interface

    Security Command Reference. Step 6 dialer pool number Specifies the dialer pool to use to connect to a specific destination subnetwork. Example: Router(config-if)# dialer pool 1 Router(config-if)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...
  • Page 50 Router(config)# ip route 10.10.25.2 Command Reference, Volume 1 of 4: Routing 0.255.255.255 dialer 0 Protocols. Router(config)# Repeat these steps for any additional dialer interfaces or dialer pools needed. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 51: Configure The Atm Wan Interface

    Specifies the ATM interface as a member of a dialer profile dialing pool. The pool number must be in the range of 1–255. Example: Router(config-if-atm-vc)# dialer pool-member 1 Router(config-if-atm-vc)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 52: Configure Dsl Signaling Protocol

    Router(config)# Configure DSL Signaling Protocol DSL signaling must be configured on the ATM interface for connection to your ISP. The Cisco 857 and Cisco 877 routers support ADSL signaling over POTS, the Cisco 876 supports ADSL signaling over ISDN, and the Cisco 878 supports SHDSL signaling. Based on the router you are configuring, see one of the following sections to configure the appropriate DSL signaling protocol.

  • Page 53: Verify The Configuration

    • dsl enable-training-log • See the Cisco IOS Wide-Area Networking Command Reference for details of these commands. Verify the Configuration You can verify that the configuration is set the way you want by using the show dsl interface atm command from privileged EXEC mode.

  • Page 54: Verify The Configuration

    Example: Router(config-controller)# exit Router(config)# If you are integrating your Cisco router into a European network, use the dsl dsl-mode shdsl symmetric Note annex {A | B} command to choose annex B. The router uses annex A by default (United States).

  • Page 55: Configure Network Address Translation

    Enters configuration mode for the VLAN (on which the Fast Ethernet LAN interfaces [FE0–FE3] reside) to be the inside interface for Example: NAT. Router(config)# interface vlan 1 Router(config-if)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...
  • Page 56 Reference, Volume 1 of 4: Addressing and Services. Step 9 no shutdown Enables the configuration changes just made to the Ethernet interface. Example: Router(config-if)# no shutdown Router(config-if)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 4-10 OL-5332-01...

  • Page 57: Configuration Example

    Note Chapter 1, “Basic Router Configuration,” for information on configuring the loopback interface. For complete information on NAT commands, see the Cisco IOS Release 12.3 documentation set. For more general information on NAT concepts, see Appendix B, “Concepts.” Configuration Example The following configuration example shows a portion of the configuration file for a client in the PPPoA scenario described in this chapter.

  • Page 58: Verifying Your Configuration

    CEF Translated packets: 0, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source [Id: 1] access-list 1 interface Dialer0 refcount 0 Queued Packets: 0 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 4-12 OL-5332-01...

  • Page 59: Chapter 5 Configuring A Lan With Dhcp And Vlans

    DHCP, which is described in RFC 2131, uses a client/server model for address allocation. As an administrator, you can configure your Cisco 800 series router to act as a DHCP server, providing IP address assignment and other TCP/IP-oriented configuration information to your workstations. DHCP frees you from having to manually assign an IP address to each client.

  • Page 60: Configure Dhcp

    Note Network Registrar database. VLANs The Cisco 870 series access routers support four Fast Ethernet ports on which you can configure VLANs. VLANs enable networks to be segmented and formed into logical groups of users, regardless of the user’s physical location or LAN connection.
  • Page 61 Specifies up to 8 default routers for a DHCP client. Example: Router(config-dhcp)# default-router 10.10.10.10 Router(config-dhcp)# Step 8 dns-server address [address2...address8] Specifies up to 8 DNS servers available to a DHCP client. Example: Router(config-dhcp)# dns-server 192.168.35.2 Router(config-dhcp)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 62: Configuration Example

    : 254 Leased addresses Pending event : none 1 subnet is currently in the pool : Current index IP address range Leased addresses 10.10.0.1 10.10.0.1 - 10.10.0.254 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 63: Configure Vlans

    Router(config-vlan)# Switching Services Command Reference. Step 3 exit Updates the VLAN database, propagates it throughout the administrative domain, and returns to global configuration mode. Example: Router(config-vlan)#exit Router(config)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 64: Assign A Switch Port To A Vlan

    MTU: 1500 Translational Bridged VLAN: 1002 Translational Bridged VLAN: 1003 VLAN ISL Id: 2 Name: VLAN0002 Media Type: Ethernet VLAN 802.10 Id: 100002 State: Operational MTU: 1500 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...
  • Page 65 VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- default active Fa0, Fa1, Fa3 VLAN0002 active 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...
  • Page 66 100001 1500 1002 1003 enet 100002 1500 1002 fddi 101002 1500 1003 1003 tr 101003 1500 1005 1002 1004 fdnet 101004 1500 1005 trnet 101005 1500 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 67: Chapter 6 Configuring A Vpn Using Easy Vpn And An Ipsec Tunnel

    Figure 6-1 shows a typical deployment scenario. The material in this chapter does not apply to Cisco 850 series routers. Cisco 850 series routers do not Note support Cisco Easy VPN. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide...
  • Page 68 Cisco Unity Client protocol. This protocol allows most VPN parameters, such as internal IP addresses, internal subnet masks, DHCP server addresses, WINS server addresses, and split-tunneling flags, to be defined at a VPN server, such as a Cisco VPN 3000 series concentrator that is acting as an IPSec server.
  • Page 69 Chapter 5, “Configuring a LAN with DHCP and VLANs” as appropriate for your router. The examples shown in this chapter refer only to the endpoint configuration on the Cisco 870 series Note router. Any VPN connection requires both endpoints be configured properly to function. See the software configuration documentation as needed to configure VPN for other router models.

  • Page 70: Configure The Ike Policy

    Specifies the lifetime, 60–86400 seconds, for an IKE security association (SA). Example: Router(config-isakmp)# lifetime 480 Router(config-isakmp)# Step 7 exit Exits IKE policy configuration mode, and enters global configuration mode. Example: Router(config-isakmp)# exit Router(config)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 71: Configure Group Policy Information

    For details about this command and additional parameters that can be set, see the Cisco IOS Dial Example: Technologies Command Reference. Router(config)# ip local pool dynpool 30.30.30.20 30.30.30.30 Router(config)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 72: Apply Mode Configuration To The Crypto Map

    You could also use a RADIUS server for this. For Router(config)# aaa authentication login details, see the Cisco IOS Security Configuration rtr-remote local Guide Cisco IOS Security Command Router(config)# Reference. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 73: Configure Ipsec Transforms And Protocols

    During IKE negotiations, the peers search in multiple transform sets for a transform that is the same at both peers. When such a transform set is found, it is selected and applied to the protected traffic as a part of both peers’ configurations. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 74: Configure The Ipsec Crypto Method And Parameters

    Router(config)# crypto dynamic-map dynmap 1 Router(config-crypto-map)# Step 2 set transform-set transform-set-name Specifies which transform sets can be used with [transform-set-name2...transform-set-name6] the crypto map entry. Example: Router(config-crypto-map)# set transform-set vpn1 Router(config-crypto-map)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 75: Apply The Crypto Map To The Physical Interface

    Step 1 interface type number Enters the interface configuration mode for the interface to which you want the crypto map applied. Example: Router(config)# interface fastethernet 4 Router(config-if)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 76: Create An Easy Vpn Remote Configuration

    DNS server available for 192.168.100.1 hostname resolution. Router(config-crypto-ezvpn)# Step 4 mode {client | network-extension | network Specifies the VPN mode of operation. extension plus} Example: Router(config-crypto-ezvpn)# mode client Router(config-crypto-ezvpn)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-10 OL-5332-01...

  • Page 77: Verifying Your Easy Vpn Configuration

    The following configuration example shows a portion of the configuration file for the VPN and IPSec tunnel described in this chapter. aaa new-model aaa authentication login rtr-remote local aaa authorization network rtr-remote local aaa session-id common Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-11 OL-5332-01...
  • Page 78 2 key secret-password mode client peer 192.168.100.1 interface fastethernet 4 crypto ipsec client ezvpn ezvpnclient outside crypto map static-map interface vlan 1 crypto ipsec client ezvpn ezvpnclient inside Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-12 OL-5332-01...

  • Page 79: Chapter 7 Configuring Vpns Using An Ipsec Tunnel And Generic Routing Encapsulation

    Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation The Cisco 850 and Cisco 870 series routers support the creation of virtual private networks (VPNs). Cisco routers and other broadband devices provide high-performance connections to the Internet, but many applications also require the security of VPN connections which perform a high level of authentication and which encrypt the data between two particular endpoints.

  • Page 80: Configure A Vpn

    VPN configuration information must be configured on both endpoints; for example, on your Cisco router and at the remote user, or on your Cisco router and on another router. You must specify parameters, such as internal IP addresses, internal subnet masks, DHCP server addresses, and Network Address Translation (NAT).

  • Page 81: Configure The Ike Policy

    Specifies the lifetime, 60–86400 seconds, for an IKE security association (SA). Example: Router(config-isakmp)# lifetime 480 Router(config-isakmp)# Step 7 exit Exits IKE policy configuration mode, and enters global configuration mode. Example: Router(config-isakmp)# exit Router(config)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 82: Configure Group Policy Information

    For details about this command and additional parameters that can be set, see the Cisco IOS Dial Example: Technologies Command Reference. Router(config)# ip local pool dynpool 30.30.30.20 30.30.30.30 Router(config)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 83: Enable Policy Lookup

    During IKE negotiations, the peers search in multiple transform sets for a transform that is the same at both peers. When such a transform set is found, it is selected and applied to the protected traffic as a part of both peers’ configurations. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 84: Configure The Ipsec Crypto Method And Parameters

    Router(config)# crypto dynamic-map dynmap 1 Router(config-crypto-map)# Step 2 set transform-set transform-set-name Specifies which transform sets can be used with [transform-set-name2...transform-set-name6] the crypto map entry. Example: Router(config-crypto-map)# set transform-set vpn1 Router(config-crypto-map)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 85: Apply The Crypto Map To The Physical Interface

    Step 1 interface type number Enters interface configuration mode for the interface to which you want to apply the crypto map. Example: Router(config)# interface fastethernet 4 Router(config-if)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 86: Configure A Gre Tunnel

    Router(config-if)# tunnel source fastethernet 0 Router(config-if)# Step 4 tunnel destination default-gateway-ip-address Specifies the destination endpoint of the router for the GRE tunnel. Example: Router(config-if)# tunnel destination 192.168.101.1 Router(config-if)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 87: Configuration Example

    0 cisco interface tunnel 1 ip address 10.62.1.193 255.255.255.252 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...
  • Page 88 ! denies Internet-initiated traffic inbound. ip access-group 103 in ip nat outside no cdp enable crypto map to_corporate ! Applies the IPSec tunnel to the outside interface. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 7-10 OL-5332-01...
  • Page 89 ! acl 105 matches addresses for the IPSec tunnel to or from the corporate network. access-list 105 permit ip 10.1.1.0 0.0.0.255 192.168.0.0 0.0.255.255 no cdp run Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 7-11 OL-5332-01...
  • Page 90 Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation Configuration Example Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 7-12 OL-5332-01...

  • Page 91: Chapter 8 Configuring A Simple Firewall

    C H A P T E R Configuring a Simple Firewall The Cisco 850 and Cisco 870 series routers support network traffic filtering by means of access lists. The routers also support packet inspection and dynamic temporary access lists by means of Context-Based Access Control (CBAC).
  • Page 92 In the configuration example that follows, the firewall is applied to the outside WAN interface (FE4) on the Cisco 851 or Cisco 871 and protects the Fast Ethernet LAN on FE0 by filtering and inspecting all traffic entering the router on the Fast Ethernet WAN interface FE4. Note that in this example, the network traffic originating from the corporate network, network address 10.1.1.0, is considered safe traffic and...

  • Page 93: Configure Access Lists

    Router(config)# ip inspect name firewall rtsp Router(config)# ip inspect name firewall h323 Router(config)# ip inspect name firewall netshow Router(config)# ip inspect name firewall ftp Router(config)# ip inspect name firewall sqlnet Router(config)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 94: Apply Access Lists And Inspection Rules To Interfaces

    Assigns the defined ACLs to the outside access-list-name}{in | out} interface on the router. Example: Router(config-if)# ip access-group 103 in Router(config-if)# Step 6 exit Returns to global configuration mode. Example: Router(config-if)# exit Router(config)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 95: Configuration Example

    103 deny ip any any ! Prevents Internet-initiated traffic inbound. ! acl 105 matches addresses for the ipsec tunnel to or from the corporate network. access-list 105 permit ip 10.1.1.0 0.0.0.255 192.168.0.0 0.0.255.255 no cdp run Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...
  • Page 96 Chapter 8 Configuring a Simple Firewall Configuration Example Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 97: Chapter 9 Configuring A Wireless Lan Connection

    VLAN 1 VLAN 2 In the configuration example that follows, a remote user is accessing the Cisco 850 or Cisco 870 series access router using a wireless connection. Each remote user has his own VLAN. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide...

  • Page 98: Configure The Root Radio Station

    Authentication Protocol [PEAP]) can use the access point. This command is not supported on Note bridges. See the Cisco IOS Commands for Access Points and Bridges for more details. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...
  • Page 99 (Optional) Specifies the Request to Send (RTS) threshold or the number of times to send a request before determining the wireless LAN is Example: unreachable. Router(config-if)# rts threshold 2312 Router(config-if)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 100: Configure Bridging On Vlans

    Enters interface configuration mode. We want to set up bridging on the VLANs, so the Example: example enters the VLAN interface Router(config)# interface vlan 1 configuration mode. Router(config)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...
  • Page 101 Specifies the address for the virtual bridge interface. Example: Router(config)# ip address 10.0.1.1 255.255.255.0 Router(config)# Repeat Step 2 through Step 7 above for each VLAN that requires a wireless interface. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 102: Configure Radio Station Subinterfaces

    Router(config-subif)# encapsulation dot1q 1 native Router(config-subif)# Step 4 no cdp enable Disables the Cisco Discovery Protocol (CDP) on the wireless interface. Example: Router(config-subif)# no cdp enable Router(config-subif)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 103: Configuration Example

    1 mode ciphers tkip ssid cisco vlan 1 authentication open wpa-psk ascii 0 cisco123 authentication key-management wpa ssid ciscowep vlan 2 authentication open ssid ciscowpa vlan 3 authentication open Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...
  • Page 104 Vlan3 no ip address bridge-group 3 bridge-group 3 spanning-disabled interface BVI1 ip address 10.0.1.1 255.255.255.0 interface BVI2 ip address 10.0.2.1 255.255.255.0 interface BVI3 ip address 10.0.3.1 255.255.255.0 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 105: Chapter 10 Sample Configuration

    10.0.1.1 auth-port 1812 acct-port 1813 aaa authentication login eap_methods group rad_eap aaa session-id common ip subnet-zero ip cef vpdn enable vpdn-group 1 request-dialin protocol pppoe Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 10-1 OL-5332-01...
  • Page 106 103 in no cdp enable crypto ipsec client ezvpn ezvpnclient outside crypto map static-map crypto isakmp policy 1 encryption 3des authentication pre-share group 2 lifetime 480 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 10-2 OL-5332-01...
  • Page 107 1 native no cdp enable bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 10-3 OL-5332-01...
  • Page 108 10.0.1.1 key 0 cisco123 group rad_eap user jsomeone nthash 7 0529575803696F2C492143375828267C7A760E1113734624452725707C010B065B user AMER\jsomeone nthash 7 0224550C29232E041C6A5D3C5633305D5D560C09027966167137233026580E0B0D radius-server host 10.0.1.1 auth-port 1812 acct-port 1813 key cisco123 control-plane Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 10-4 OL-5332-01...
  • Page 109 0 transport preferred all transport output all line vty 0 4 password cisco123 transport preferred all transport input all transport output all Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 10-5 OL-5332-01...
  • Page 110 Chapter 10 Sample Configuration Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 10-6 OL-5332-01...

  • Page 111: Configuring Additional Features And Troubleshooting

    A R T Configuring Additional Features and Troubleshooting...

  • Page 113: Additional Configuration Options

    Additional Configuration Options This part of the software configuration guide describes additional configuration options and troubleshooting tips for the Cisco 850 series routers (Cisco 851 and Cisco 857) and Cisco 870 series routers (Cisco 871, Cisco 876, Cisco 877, and Cisco 878).
  • Page 114 Chapter 11 Additional Configuration Options Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 11-2 OL-5332-01...

  • Page 115: Configuring Security Features

    C H A P T E R Configuring Security Features This chapter gives an overview of authentication, authorization, and accounting (AAA), the primary Cisco framework for implementing selected security features that can be configured on the Cisco 850 and Cisco 870 series access routers. Note Individual router models may not support every feature described throughout this guide.

  • Page 116: Configuring Autosecure

    {source | source-wildcard | any} Extended ip access-list extended name followed by {permit | deny} protocol {source-addr[source-mask] | any}{destination-addr [destination-mask] | any} Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 12-2 OL-5332-01...

  • Page 117: Access Groups

    For additional information about configuring a CBAC firewall, see the “Configuring Context-Based Access Control” section of the Cisco IOS Release 12.3 Security Configuration Guide. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 12-3 OL-5332-01...

  • Page 118: Configuring Cisco Ios Firewall Ids

    Cisco IOS Firewall IDS identifies 59 of the most common attacks using “signatures” to detect patterns of misuse in network traffic. It acts as an in-line intrusion detection sensor, watching packets and sessions as they flow through the router, scanning each to match any of the IDS signatures.

  • Page 119: Chapter 13 Configuring Dial Backup And Remote Management

    Through the ISDN S/T port on the Cisco 876 and Cisco 878 routers • The console port and the auxiliary port in the Cisco IOS software configuration are on the same physical Note RJ-45 port; therefore, both ports cannot be activated simultaneously, and the command-line interface (CLI) must be used to enable the desired function.

  • Page 120: Backup Interfaces

    Frame Relay circuits because the line protocol may not go down if the data-link connection identifier (DLCI) is inactive. Floating static routes are also encapsulation independent. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 13-2 OL-5332-01...

  • Page 121: Configuring Floating Static Routes

    [ip-address]} [distance] value for the backup interface route. 192.168.2.2 is the peer IP address of the backup interface. Example: Router(config)# ip route 0.0.0.0 0.0.0.0 192.168.2.2 150 Router(config)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 13-3 OL-5332-01...

  • Page 122: Dialer Watch

    {ip-address | interface-type Assigns the primary route. 22.0.0.2 is the peer IP interface-number [ip-address]} address of the primary interface. Example: Router(config)# ip route 0.0.0.0 0.0.0.0 22.0.0.2 Router(config)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 13-4 OL-5332-01...

  • Page 123: Dial Backup Feature Limitations

    Dial backup support on the Cisco 871 router is limited because the Ethernet WAN interface is always up, even when ISP connectivity is down on the other side of the modem connected to the Cisco 871 router. The router must be in a PPPoE environment with the dialer watch feature running. The IP addresses of the peer must be specified in the dialer watch and the static route commands to enable dial backup when the primary line goes down.

  • Page 124: Configuration Example

    1 isdn switch-type basic-net3 interface ATM0 backup interface BRI0 no ip address no atm ilmi-keepalive pvc 1/40 encapsulation aal5snap pppoe-client dial-pool-number 2 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 13-6 OL-5332-01...
  • Page 125 1 isdn switch-type basic-net3 interface ATM0 no ip address no atm ilmi-keepalive pvc 1/40 encapsulation aal5snap pppoe-client dial-pool-number 2 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 13-7 OL-5332-01...
  • Page 126 1 isdn switch-type basic-net3 interface ATM0 no ip address no atm ilmi-keepalive pvc 1/40 encapsulation aal5snap pppoe-client dial-pool-number 2 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 13-8 OL-5332-01...

  • Page 127: Configuring Dial Backup And Remote Management Through The Console Or Auxiliary Port

    The dial backup feature can be added to provide a failover route in case the primary line fails. Cisco 850 and Cisco 870 routers can use the auxiliary port for dial backup and remote management.

  • Page 128: Configuration Tasks

    Main WAN link; primary connection to Internet service provider series router Modem Dial backup; serves as a failover link for Cisco 870 routers when primary line goes down Remote management; serves as dial-in access to allow changes or updates to Cisco IOS configurations...
  • Page 129 Specifies the group number for watch list. Example: Router(config-if)# dialer watch-group 1 Router(config-if)# Step 9 exit Enters global configuration mode. Example: Router(config-if)# exit Router(config)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 13-11 OL-5332-01...
  • Page 130 Switches the port from console to auxiliary port function. Example: Router(config-line)# modem enable Router(config-line)# Step 16 exit Enters global configuration mode. Example: Router(config-line)# exit Router(config)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 13-12 OL-5332-01...

  • Page 131: Configuration Example

    ! Dial backup and remote management physical interface. interface Async1 no ip address encapsulation ppp dialer in-band dialer pool-member 3 async default routing async dynamic routing async mode dedicated ppp authentication pap callin Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 13-13 OL-5332-01...
  • Page 132 0.0.0.0 0.0.0.0 63.203.35.139 80 ip route 0.0.0.0 0.0.0.0 63.203.35.140 80 ip route 0.0.0.0 0.0.0.0 63.203.35.141 80 ip route 0.0.0.0 0.0.0.0 Dialer1 150 no ip http server ip pim bidir-enable Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 13-14 OL-5332-01...
  • Page 133 InOut modem autoconfigure discovery transport input all stopbits 1 speed 115200 flowcontrol hardware line vty 0 4 exec-timeout 0 0 password cisco login scheduler max-task-time 5000 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 13-15 OL-5332-01...

  • Page 134: Configuring Dial Backup And Remote Management Through The Isdn S/T Port

    Configuring Dial Backup and Remote Management Through the ISDN S/T Port Cisco 876 and Cisco 878 routers can use the ISDN S/T port for remote management. With an advanced enterprise (c870-adventerprisek9-mz) image, a Cisco 876 router can also use the ISDN S/T port for dial backup.

  • Page 135: Configuration Tasks

    Traffic of interest must be present to activate the backup ISDN line by means of the backup interface and Note floating static routes methods. Traffic of interest is not needed for the dialer watch to activate the backup ISDN line. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 13-17 OL-5332-01...
  • Page 136 Example: Router(config-if)# exit Router(config)# Step 7 interface dialer dialer-rotary-group-number Creates a dialer interface (numbered 0–255) and enters interface configuration mode. Example: Router(config)# interface dialer 0 Router(config-if)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 13-18 OL-5332-01...
  • Page 137 Router(config)# dialer-list 1 protocol ip For details about this command and additional permit parameters that can be set, see the Cisco IOS Dial Router(config)# Technologies Command Reference. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 13-19 OL-5332-01...

  • Page 138: Configure The Aggregator And Isdn Peer Router

    Configuring Dial Backup and Remote Management Through the ISDN S/T Port Configure the Aggregator and ISDN Peer Router The aggregator is typically a concentrator router where your Cisco router ATM PVC terminates. In the configuration example shown below, the aggregator is configured as a PPPoE server to correspond with the Cisco 876 router configuration example that is given in this chapter.
  • Page 139 192.168.2.1 ip http server ip classless ip route 0.0.0.0 0.0.0.0 192.168.2.1 ip route 40.0.0.0 255.0.0.0 30.1.1.1 dialer-list 1 protocol ip permit Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 13-21 OL-5332-01...
  • Page 140 Chapter 13 Configuring Dial Backup and Remote Management Configuring Dial Backup and Remote Management Through the ISDN S/T Port Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 13-22 OL-5332-01...

  • Page 141: Chapter 14 Troubleshooting

    • • Date you received the hardware Brief description of the problem • • Brief description of the steps you have taken to isolate the problem Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 14-1 OL-5332-01...

  • Page 142: Adsl Troubleshooting

    • The DSLAM supports discrete multi-tone (DMT) Issue 2. • The ADSL cable that you connect to the Cisco router must be 10BASE-T Category 5, unshielded twisted-pair (UTP) cable. Using regular telephone cable can introduce line errors. SHDSL Troubleshooting Symmetrical high-data-rate digital subscriber line (SHDSL) is available on Cisco 878 and Cisco 1803 router models.

  • Page 143: Ping Atm Interface Command

    512 packets input, 59780 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 1024 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 14-3 OL-5332-01...
  • Page 144 Fast Ethernet n is up, line protocol is down The specified Fast Ethernet interface has been correctly configured and enabled, but the Ethernet cable might be disconnected from the LAN. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 14-4 OL-5332-01...

  • Page 145: Show Atm Interface Command

    Table 14-2 show atm interface Command Output Description Field Description ATM interface Interface number. Always 0 for the Cisco 850 and Cisco 870 series access routers. AAL enabled Type of AAL enabled. The Cisco 850 and Cisco 870 series access routers support AAL5.

  • Page 146: Debug Atm Commands

    Example 14-4 Viewing ATM Errors Router# debug atm errors ATM errors debugging is on Router# 01:32:02:ATM(ATM0.2):VC(3) Bad SAP received 4500 01:32:04:ATM(ATM0.2):VC(3) Bad SAP received 4500 01:32:06:ATM(ATM0.2):VC(3) Bad SAP received 4500 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 14-6 OL-5332-01...

  • Page 147: Debug Atm Events Command

    00:02:57: DSL: Using subfunction 0xA 00:02:57: DSL: Using subfunction 0xA 00:02:57: DSL: Sent command 0x5 00:03:00: DSL: 1: Modem state = 0x8 00:03:00: DSL: 1: Modem state = 0x8 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 14-7 OL-5332-01...

  • Page 148: Debug Atm Packet Command

    Table 14-3 debug atm packet Command Output Description Field Description ATM0 Interface that is generating the packet. Output packet. (I) would mean receive packet. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 14-8 OL-5332-01...

  • Page 149: Software Upgrade Methods

    Several methods are available for upgrading software on the Cisco 850 and Cisco 870 series access routers, including: Copy the new software image to flash memory over the LAN or WAN while the existing Cisco IOS • software image is operating.

  • Page 150: Change The Configuration Register

    If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com.

  • Page 151: Reset The Router

    The prompt changes to the privileged EXEC prompt: Router# Enter the show startup-config command to display an enable password in the configuration file: Step 8 Router# show startup-config Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 14-11 OL-5332-01...

  • Page 152: Reset The Password And Save Your Changes

    To return to the configuration being used before you recovered the lost enable password, do not Note save the configuration changes before rebooting the router. Step 4 Reboot the router, and enter the recovered password. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 14-12 OL-5332-01...

  • Page 153: Managing Your Router With Sdm

    Managing Your Router with SDM Managing Your Router with SDM The Cisco SDM tool is a free software configuration utility, supporting the Cisco 850 and Cisco 870 series access routers. It includes a web-based GUI that offers the following features: Simplified setup •...
  • Page 154 Chapter 14 Troubleshooting Managing Your Router with SDM Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 14-14 OL-5332-01...

  • Page 155: Reference Information

    A R T Reference Information...

  • Page 157: Appendix

    A P P E N D I X Cisco IOS Software Basic Skills Understanding how to use Cisco IOS software can save you time when you are configuring your router. If you need a refresher, take a few minutes to read this appendix.

  • Page 158: Understanding Command Modes

    This section describes the Cisco IOS command mode structure. Each command mode supports specific Cisco IOS commands. For example, you can use the interface type number command only from global configuration mode. The following Cisco IOS command modes are hierarchical. When you begin a router session, you are in user EXEC mode. •...
  • Page 159 To exit to privileged from global EXEC mode, enter the configuration mode. end command, or press Ctrl-Z. To enter subinterface • configuration mode, specify a subinterface with the interface command. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 160: Getting Help

    To redisplay a command you previously entered, press the Up Arrow key. You can continue to press the Up Arrow key for more commands. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 161: Enable Secret Passwords And Enable Passwords

    Privileged EXEC mode is indicated by the # in the prompt. You can now make changes to your router configuration. Step 3 Enter the configure terminal command to enter global configuration mode: Router# configure terminal Router(config)# You can now make changes to your router configuration. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 162: Using Commands

    Cisco IOS Software Basic Skills Using Commands Using Commands This section provides some tips about entering Cisco IOS commands at the command-line interface (CLI). Abbreviating Commands You only have to enter enough characters for the router to recognize the command as unique. This...

  • Page 163: Saving Configuration Changes

    Building configuration... Router# Summary Now that you have reviewed some Cisco IOS software basics, you can begin to configure your router. Remember: You can use the question mark (?) and arrow keys to help you enter commands. •...
  • Page 164 Appendix A Cisco IOS Software Basic Skills Where to Go Next Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 165: Appendix

    Concepts This appendix contains conceptual information that may be useful to Internet service providers or network administrators when they configure Cisco routers. To review some typical network scenarios, Chapter 2, “Sample Network Deployments.” For information on additional details or configuration topics, see Chapter 11, “Additional Configuration Options.”...

  • Page 166: Shdsl

    (RIP), a dynamic distance-vector routing protocol. RIP is described in more detail in the following subsections. Routing Protocol Options Routing protocols include the following: Routing Information Protocol (RIP) • Enhanced Interior Gateway Routing Protocol (Enhanced IGRP) • Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 167: Rip

    RIP, see the Cisco IOS Release 12.3 documentation set. Enhanced IGRP Enhanced IGRP is an advanced Cisco proprietary distance-vector and link state routing protocol, which means it uses a metric more sophisticated than distance (hop count) for route selection. Enhanced IGRP uses a metric based on a successor, which is a neighboring router that has a least-cost path to a destination that is guaranteed not to be part of a routing loop.

  • Page 168: Pap

    PAP uses a two-way handshake to verify the passwords between routers. To illustrate how PAP works, imagine a network topology in which a remote office Cisco router is connected to a corporate office Cisco router. After the PPP link is established, the remote office router repeatedly sends a configured username and password until the corporate office router accepts the authentication.

  • Page 169: Tacacs

    TACACS+ also provides support for separate modular authentication, authorization, and accounting (AAA) facilities that are configured at individual routers. Network Interfaces This section describes the network interface protocols that Cisco 850 and Cisco 870 series routers support. The following network interface protocols are supported: Ethernet •...

  • Page 170: Pvc

    Dial Backup Dial backup provides protection against WAN downtime by allowing a user to configure a backup modem line connection. The following can be used to bring up the dial backup feature in Cisco IOS software: • Backup Interface •...

  • Page 171: Floating Static Routes

    The translation function is compatible with standard routing; the feature is required only on the router connecting the inside network to the outside domain. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 172: Easy Ip (Phase 1)

    WAN interface IP address from a central server and to enable all remote hosts to access the Internet using this single registered IP address. Because Easy IP (Phase 1) uses existing port-level multiplexed NAT functionality within Cisco IOS software, IP addresses on the remote LAN are invisible to the Internet.

  • Page 173: Qos

    Interleaving provides the delay bounds for delay-sensitive voice packets on a slow link that is used for other best-effort traffic. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 174: Cbwfq

    PPP to define how data is managed; RSVP or IP Precedence is used to give priority to voice packets. There are two levels of queueing; ATM queues and Cisco IOS queues. CBWFQ is applied to Cisco IOS queues. A first-in-first-out (FIFO) Cisco IOS queue is automatically created when a PVC is created. If you use CBWFQ to create classes and attach them to a PVC, a queue is created for each class.

  • Page 175: Access Lists

    ACK or RST bits are set. (Set ACK or RST bits indicate that the packet is not the first in the session and the packet therefore belongs to an established session.) This filter criterion would be part of an access list applied permanently to an interface. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide B-11 OL-5332-01...
  • Page 176 Appendix B Concepts Access Lists Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide B-12 OL-5332-01...

  • Page 177: Appendix

    You can use the ROM monitor to perform certain configuration tasks, such as recovering a lost password or downloading software over the console port. If there is no Cisco IOS software image loaded on the router, the ROM monitor runs the router.

  • Page 178: Rom Monitor Commands

    Reboots the router with the new configuration register value. The router remains in ROM monitor and does not boot the Cisco IOS software. As long as the configuration value is 0x0, you must manually boot the operating system from the console. See the boot command in the “Command...

  • Page 179: Command Descriptions

    Cisco IOS software, you can load new software while in ROM monitor mode. This section describes how to load a Cisco IOS software image from a remote TFTP server to the router flash memory. Use the tftpdnld command only for disaster recovery, because it erases all existing data in flash memory before downloading a new software image to the router.

  • Page 180: Tftp Download Command Variables

    IP address of the TFTP server from which the TFTP_SERVER= ip_address software will be downloaded. Name of the file that will be downloaded to TFTP_FILE= filename the router. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 181: Optional Variables

    Note not save the software to flash memory. You can then use the image that is in flash memory the next time you enter the reload command. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 182: Configuration Register

    The virtual configuration register is in nonvolatile RAM (NVRAM) and has the same functionality as other Cisco routers. You can view or modify the virtual configuration register from either the ROM monitor or the operating system software. Within the ROM monitor, you can change the configuration register by entering the register value in hexadecimal format, or by allowing the ROM monitor to prompt you for the setting of each bit.

  • Page 183: Console Download

    ROM monitor dnld command. Note If you are using a PC to download a Cisco IOS image over the router console port at 115,200 bps, ensure that the PC serial port is using a 16550 universal asynchronous transmitter/receiver (UART). If the PC serial port is not using a 16550 UART, we recommend using a speed of 38,400 bps or less when downloading a Cisco IOS image over the console port.

  • Page 184: Command Description

    Debug Commands Most ROM monitor debugging commands are functional only when Cisco IOS software has crashed or is halted. If you enter a debugging command and Cisco IOS crash information is not available, you see the following error message: "xxx: kernel context state is invalid, can not proceed."...
  • Page 185 9> meminfo Main memory size: 40 MB. Available main memory starts at 0x10000, size 40896KB IO (packet) memory size: 5 percent of main memory. NVRAM size: 32KB Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 186: Exiting The Rom Monitor

    Exiting the ROM Monitor Exiting the ROM Monitor You must set the configuration register to a value from 0x2 to 0xF for the router to boot a Cisco IOS image from flash memory upon startup or reloading. The following example shows how to reset the configuration register and cause the router to boot a Cisco IOS image stored in flash memory: rommon 1 >...

  • Page 187: Appendix

    Who is LOGIN Login Host Protocol DOMAIN Domain name server BOOTPS Bootstrap Protocol Server BOOTPC Bootstrap Protocol Client TFTP Trivial File Transfer Protocol — Any private dial-out service Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...
  • Page 188 TCP—UNIX remote login UDP—rwho UDP—UNIX broadcast name service TCP—rsh TCP—UNIX remote shell UDP—syslog UDP—system log Printer UNIX line printer remote spooling Routing Information Protocol Timed Time server Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01...

  • Page 189: I N D E X

    Asymmetric Digital Line Subscriber Line See ADSL caution, described CBAC firewall, configuring errors, displaying CBWFQ events, displaying CHAP interface, configuring basic parameters Cisco IOS Firewall IDS Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide IN-1 OL-5332-01...
  • Page 190 10 to 11 permit changing from ROM monitor ping atm interface value, resetting privileged EXEC, accessing configuring redisplaying ATM WAN interface Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide IN-2 OL-5332-01...
  • Page 191 12, 14 context command conventions, command copy running-config startup-config command copy tftp flash command Easy IP corporate network, connecting to Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide IN-3 OL-5332-01...
  • Page 192 IKE policy, configuring 4, 3 applying inspection rules to interfaces inspection rules configuration example applying to interfaces configuration tasks Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide IN-4 OL-5332-01...

  • Page 193: Interface Port Labels

    See NVRAM note, described line configuration mode NVRAM, saving changes to Link Control Protocol See LCP loopback interface, configuring 8 to 9 overloading, defined low latency queuing Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide IN-5 OL-5332-01...

  • Page 194: Verifying Your Configuration

    EXEC commands, accessing Routing Information Protocol privileged EXEC mode 2, 3 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide IN-6 OL-5332-01...

  • Page 195: Configuring Vpns

    See G.SHDSL virtual configuration register sysret command virtual private dialup network group number, configuring VLANs configuring verify configuration TACACS+ VPDN group number, configuring TCP/IP-oriented configuration VPNs Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide IN-7 OL-5332-01...

  • Page 196: Configuration Tasks

    Index configuration example configuration tasks 3, 2 configuring 1, 4 WAN interface, configuring 6, 3 wireless LAN configuration example xmodem command Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide IN-8 OL-5332-01...

This manual is also suitable for:

Cisco876-sec-i-k9 - 876 security bundle routerCisco877-k9 - 877 integrated services routerCisco877-sec-k9 - 877 security bundle routerCisco857w-g-a-k9 - 857w integrated services routerCisco878-k9 - 878 g.shdsl sec routerCisco878-k9-rf - 878 integrated services router ... Show all

Table of Contents