Download  Print this page

Advertisement

Preface
This preface describes the objectives, audience, organization, and conventions of the software
configuration documentation for your router. It contains the following sections:
Objectives
These documents explains how to configure and maintain your Cisco router.
Audience
These documents are designed for the person installing, configuring, and maintaining the Cisco router,
who should be familiar with networking technology and terminology.
Conventions
These documents use the conventions listed in
Corporate Headquarters:
Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA
Copyright © 2004 Cisco Systems, Inc. All rights reserved.
Objectives, page 1
Audience, page 1
Conventions, page 1
Obtaining Documentation, page 2
Documentation Feedback, page 3
Obtaining Technical Assistance, page 3
Obtaining Additional Publications and Information, page 5
Table 1
to convey instructions and information.

Advertisement

Table of Contents

   Related Manuals for Cisco 2800 Series

   Summary of Contents for Cisco 2800 Series

  • Page 1 Objectives These documents explains how to configure and maintain your Cisco router. Audience These documents are designed for the person installing, configuring, and maintaining the Cisco router, who should be familiar with networking technology and terminology. Conventions These documents use the conventions listed in Table 1 to convey instructions and information.
  • Page 2: Obtaining Documentation

    Obtaining Documentation Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.
  • Page 3: Ordering Documentation

    Technical Support provides 24-hour-a-day, award-winning technical assistance. The Cisco Technical Support Website on Cisco.com features extensive online support resources. In addition, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not hold a valid Cisco service contract, contact your reseller.
  • Page 4: Cisco Technical Support Website

    Cisco TAC engineer. The TAC Service Request Tool is located at this URL: http://www.cisco.com/techsupport/servicerequest For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco TAC engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.
  • Page 5: Obtaining Additional Publications And Information

    Severity 3 (S3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.
  • Page 6 Obtaining Additional Publications and Information CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco...
  • Page 7: San Jose, Ca

    Overview Cisco 2800 series integrated service routers provide a range of models in which you can install a variety of modules. The number and type of modules vary by platform. Examples of these modules include WAN interface cards (WICs), voice interface cards (VICs), voice/WAN interface cards (VWICs), high-speed WAN interface cards (HWICs.), packet voice data modules (PVDMs), network modules...
  • Page 8 URL: http://www.cisco.com/go/sdm You must have an account on Cisco.com to access many of the available tools. If you do not have an Note account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions.
  • Page 9: Performing Initial Configuration

    • Initial Configuration Using the Cisco Router and Security Device Manager We recommend that you use the Cisco Router and Security Device Manager to configure your router. Note Built-in verification systems and sanity checks help to ensure both correct configurations and robust security practices.
  • Page 10: Initial Configuration Using The Setup Command Facility

    You should consult the SDM release notes to determine if SDM is supported for the router on which you want to install it. If the following messages appear at the end of the startup sequence, Cisco Router and Security Device Manager (SDM) is installed on your router: yourname con0 is now available Press RETURN to get started.
  • Page 11: Viewing The Configuration

    Configure SNMP Network Management? [yes]: Community string [public]: A summary of the available interfaces is displayed. The interface numbering that appears depends on the type of Cisco modular router platform and on the Note installed interface modules and cards. Current interface summary...
  • Page 12 Router> Step 12 Verify the initial configuration. See the “Verifying the Initial Configuration” section on page 8 verification procedures. For more information, see the Basic Software Configuration Using the Setup Command Facility section, available at this URL: http://www.cisco.com/en/US/docs/routers/access/1800/1841/software/configuration/guide/b_setup.htm Overview OL-6154-01...
  • Page 13 If these messages do not appear, SDM and a default configuration file were installed on the router at the factory. To use SDM to configure the router, see the “Initial Configuration Using the Cisco Router and Security Device Manager” section on page...
  • Page 14: Using The Cisco Ios Startup Sequence

    Note not execute the standard Cisco IOS startup sequence. Using the Cisco IOS setup utility enables you to use TFTP or BOOTP configuration download, or use other features available through the standard Cisco IOS startup sequence. The configuration file shipped with your router does the following: Provides an IP address for your Fast Ethernet interface, enabling an interface to your LAN •...
  • Page 15 These changes can be made using a telnet session or using a console connection. Configuring the Router to Support Web-Based Applications, a User with Priv 15, and Telnet/SSH Enable the HTTP/HTTPS server on the router, using the following Cisco IOS commands in the global Step 1...
  • Page 16 Device Manager” section on page CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco...
  • Page 17: Table Of Contents

    Basic Software Configuration Using the Setup Command Facility You can configure your router by using the Cisco Router and Security Device Manager (SDM), the Cisco IOS setup command facility, or the Cisco IOS command-line interface (CLI). Wherever possible, we recommend that you use SDM to configure your router. For information on the Note availability and use of SDM, see the quick start guide that shipped with your router.
  • Page 18: Information About The Setup Command Facility

    Press Ctrl-C, and enter the setup command in privileged EXEC mode (Router#). Enter the setup command facility by using one of the following methods: Step 1 From the Cisco IOS CLI, enter the setup command in privileged EXEC mode: • Router> enable Password: <password>...
  • Page 19 Configure SNMP Network Management? [yes]: Community string [public]: A summary of the available interfaces is displayed. The interface numbering that appears is dependent on the type of Cisco modular router platform Note and on the installed interface modules and cards.
  • Page 20 Use the enabled mode 'configure' command to modify this configuration. Press RETURN to get started! RETURN The user prompt is displayed: myrouter> After you complete the initial configuration tasks, you can start configuring your Cisco router for specific functions. Basic Software Configuration Using the Setup Command Facility OL-5992-01...
  • Page 21: Examples Of Using The Setup Command Facility To Configure Interface Parameters

    [3] novell-ether (Novell Ethernet_802.3) Enter the encapsulation type [2]: Cisco 1841 and Cisco 2801 routers have a hardware limitation on the Fast Ethernet ports FE0/0 and Note FE0/1. In half-duplex mode, when traffic reaches or exceeds 100% capacity (equal to or greater than 5 Mbps in each direction), the interface will experience excessive collisions and reset once per second.
  • Page 22 The following is a brief example of configuring a Gigabit Ethernet interface by using the setup command facility: Note The Gigabit Ethernet interface is not supported on Cisco 1841, Cisco 2801, or Cisco 2811 routers. Configuring interface GigabitEthernet0/0: Configure IP on this interface? [yes]: IP address for this interface [192.168.200.215]: 1.0.0.1...
  • Page 23 Examples of Using the Setup Command Facility to Configure Interface Parameters The following is a typical show running config command output for gig 0/0: router# show run int gigabitEthernet 0/0 Building configuration... Current configuration : 156 bytes interface GigabitEthernet0/0 no ip address load-interval 30 shutdown duplex auto...
  • Page 24 Examples of Using the Setup Command Facility to Configure Interface Parameters If the speed is set to 1000 Mbps, the CLI duplex options change as follows: router(config-if)# speed 1000 router(config-if)# duplex ? auto Enable AUTO duplex configuration full Force full duplex operation Similarly, when duplex is set to half, the supported speeds are 10 Mbps, 100 Mbps, or “auto”...
  • Page 25 The following lmi-types are available to be set, when connected to a frame relay switch [0] none [1] ansi [2] cisco [3] q933a Enter lmi-type [2]: Note The setup command facility prompts you for the data-link connection identifier (DLCI) number only if you specify none for the Local Management Interface (LMI) type.
  • Page 26 Examples of Using the Setup Command Facility to Configure Interface Parameters Class A network is 2.0.0.0, 8 subnet bits; mask is /8 If Internetwork Packet Exchange (IPX) is configured on the router, the setup command facility prompts you for the IPX map: Do you want to map a remote machine's IPX address to dlci? [yes]: IPX address for the remote interface: 40.0060.34c6.90ed Link Access Procedure, Balanced Encapsulation...
  • Page 27 Examples of Using the Setup Command Facility to Configure Interface Parameters Do you want to map the remote machine’s smds address to IP address? [yes]: IP address for the remote interface: 192.0.0.2 Do you want to map the remote machine’s smds address to IPX address? [yes]: IPX address for the remote interface: 40.1234.5678 Asynchronous/Synchronous Serial Interface—Asynchronous Configuration The following is a sample configuration for asynchronous configuration for an...
  • Page 28 The following is a sample configuration for Frame Relay encapsulation: The following lmi-types are available to be set,when connected to a frame relay switch: [0] none [1] ansi [2] cisco [3] q933a Enter lmi-type [2]: Note The setup command facility prompts you for the data-link connection identifier (DLCI) number only if you specify none for the Link Management Interface (LMI) type.
  • Page 29 Examples of Using the Setup Command Facility to Configure Interface Parameters Do you want to map the remote machine’s x25 address to IP address? [yes]: IP address for the remote interface: 2.0.0.2 Do you want to map the remote machine’s x25 address to IPX address? [yes]: IPX address for the remote interface: 40.1234.5678 Enter lowest 2-way channel [1]: Enter highest 2-way channel [64]:...
  • Page 30 Examples of Using the Setup Command Facility to Configure Interface Parameters Table 1 ISDN Switch Types (continued) Country ISDN Switch Type Description New Zealand basic-nznet3 New Zealand NET3 switches North America basic-5ess AT&T basic rate switches basic-dms100 NT DMS-100 basic rate switches basic-ni1 National ISDN-1 switches The following is a sample configuration for ISDN basic rate communication:...
  • Page 31 The following lmi-types are available to be set, when connected to a frame relay switch [0] none [1] ansi [2] cisco [3] q933a Enter lmi-type [2]: The setup command facility prompts you for the DLCI number only if you specify none for the LMI Note type.
  • Page 32 Examples of Using the Setup Command Facility to Configure Interface Parameters IPX address for the remote interface: 40.0060.34c6.90ed Link Access Procedure, Balanced Encapsulation The following is a sample configuration for Link Access Procedure, Balanced (LAPB) encapsulation, with DTE mode as the default: lapb circuit can be either in dce/dte mode Choose either from (dce/dte) [dte]: ATM-DXI Encapsulation...
  • Page 33 Examples of Using the Setup Command Facility to Configure Interface Parameters ISDN BRI Line Configuration Before using a router with an ISDN basic rate interface (BRI) interface, you must order a correctly configured ISDN BRI line from your local telecommunications service provider. The ordering process varies from provider to provider and from country to country.
  • Page 34: Defining Isdn Service Profile Identifiers

    Examples of Using the Setup Command Facility to Configure Interface Parameters Table 2 ISDN Provisioning by Switch Type (continued) Switch Type Provisioning 5ESS National ISDN For voice and data (NI-1) BRI Terminal type = A. 2 B channels for voice and data. 2 directory numbers assigned by service provider.
  • Page 35: E1 Channelized Mode

    Examples of Using the Setup Command Facility to Configure Interface Parameters Channelized E1/T1 ISDN PRI Interface Configuration Channelized E1/T1 ISDN PRI interfaces are not supported on Cisco 1841 routers. Note The following is a sample configuration for a channelized E1/T1 ISDN PRI interface: The following ISDN switch types are available: [0] none....If you do not want to configure ISDN...
  • Page 36 The following lmi-types are available to be set, when connected to a frame relay switch [0] none [1] ansi [2] cisco [3] q933a Enter lmi-type [2]: The setup command facility prompts you for the data-link connection identifier (DLCI) number only if Note you specify none for the LMI type.
  • Page 37 Examples of Using the Setup Command Facility to Configure Interface Parameters 1200, 2400, 4800, 9600, 19200, 38400 56000, 64000, 72000, 125000, 148000, 500000 800000, 1000000, 1300000, 2000000, 4000000, 8000000 choose speed from above: [2000000]: 1200 Configure IP on this interface? [yes]: IP address for this interface: 192.0.0.1 Subnet mask for this interface [255.0.0.0]: Class A network is 2.0.0.0, 8 subnet bits;...
  • Page 38: T1 Channelized Mode

    The following is a sample configuration for Frame Relay encapsulation: The following lmi-types are available to be set, when connected to a frame relay switch [0] none [1] ansi [2] cisco [3] q933a Enter lmi-type [2]: Basic Software Configuration Using the Setup Command Facility OL-5992-01...
  • Page 39 Examples of Using the Setup Command Facility to Configure Interface Parameters The setup command facility prompts you for the data-link connection identifier (DLCI) number only if Note you specify none for the LMI type. If you accept the default or specify another Local Management Interface (LMI) type, the DLCI number is provided by the specified protocol.
  • Page 40: Switched Mode

    Examples of Using the Setup Command Facility to Configure Interface Parameters Do you want to map the remote machine's smds address to IP address? [yes]: IPX address for the remote interface: 40.0060.34c6.90ed 1-Port, 4-Wire, 56-kbps DSU/CSU Configuration The switched-56 WAN interface card is configured for dedicated or leased-line service by default, but it can also be configured for circuit-switched service, here known as 1-port, 4-wire 56-kbps DSU/CSU configuration.
  • Page 41: Completing The Configuration

    Completing the Configuration Switched 56k interface may either be in switched/Dedicated mode Choose from either (switched/dedicated) [switched]: dedi When in dds mode, the clock for sw56 module can either from line/internal. Choose clock from (line/internal) [line]: If the internal clock is selected, speed cannot be set to “auto.” Autosensing is allowed only when the Note clock source is line.
  • Page 42 Router(config)# CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco...
  • Page 43: Use This Document With The Following Platforms

    Basic Software Configuration Using the Cisco IOS Command-Line Interface This document describes how to use the Cisco IOS command-line interface (CLI) to perform a basic software configuration for your router. Contents Platforms Supported by This Document, page 1 • Prerequisites for Basic Software Configuration Using the Cisco IOS CLI, page 2 •...
  • Page 44: Prerequisites For Basic Software Configuration Using The Cisco Ios Cli

    Restrictions for Basic Software Configuration Using the Cisco IOS CLI If Cisco Router and Security Device Manager (SDM) is installed on your router, we recommend that you use Cisco SDM instead of the Cisco IOS CLI to perform the initial software configuration. To access SDM, see the quick start guide that shipped with your router.
  • Page 45: How To Perform A Basic Software Configuration Using The Cisco Ios Cli

    How to Perform a Basic Software Configuration Using the Cisco IOS CLI Configuring the Router Hostname The hostname is used in CLI prompts and default configuration filenames. If you do not configure the router hostname, the router uses the factory-assigned default hostname “Router.”...
  • Page 46: Configuring The Enable And Enable Secret Passwords

    We recommend that you use the enable secret command because it uses an improved encryption algorithm. Use the enable password command only if you boot an older image of the Cisco IOS software or if you boot older boot ROMs that do not recognize the enable secret command.
  • Page 47 When you configure the console line, you can also set communication parameters, specify autobaud connections, and configure terminal operating parameters for the terminal that you are using. For more information on configuring the console line, see the Cisco IOS Configuration Fundamentals and Network Management Configuration Guide. In particular, see the “Configuring Operating Characteristics for Terminals”...
  • Page 48 How to Perform a Basic Software Configuration Using the Cisco IOS CLI SUMMARY STEPS enable configure terminal line console 0 exec-timeout minutes [seconds] show running-config exit The exec-timeout command or any changes to the exec-command value is triggered only after you exit Note from the EXEC mode and login again.
  • Page 49 For information on interface numbering, see the quick start guide that shipped with your router. Note Cisco 1841 and Cisco 2801 routers have a hardware limitation on the Fast Ethernet ports FE0/0 and FE0/1. In half-duplex mode, when traffic reaches or exceeds 100% capacity (equal to or greater than 5 Mbps in each direction), the interface will experience excessive collisions and reset once per second.
  • Page 50 How to Perform a Basic Software Configuration Using the Cisco IOS CLI description string ip address ip-address mask no shutdown show ip interface brief DETAILED STEPS Command or Action Purpose Step 1 Enables privileged EXEC mode. enable Enter your password if prompted.
  • Page 51: Specifying A Default Route Or Gateway Of Last Resort

    The Cisco IOS software uses the gateway (router) of last resort if it does not have a better route for a packet and if the destination is not a connected network. This section describes how to select a network as a default route (a candidate route for computing the gateway of last resort).
  • Page 52 How to Perform a Basic Software Configuration Using the Cisco IOS CLI SUMMARY STEPS enable configure terminal ip routing ip route dest-prefix mask next-hop-ip-address [admin-distance] [permanent] ip default-network network-number ip route dest-prefix mask next-hop-ip-address show ip route DETAILED STEPS Command or Action...
  • Page 53 How to Perform a Basic Software Configuration Using the Cisco IOS CLI Command or Action Purpose Step 6 Returns to privileged EXEC mode. Example: Router(config)# end Step 7 Displays the current routing table information. show ip route Verify that the gateway of last resort is set.
  • Page 54 How to Perform a Basic Software Configuration Using the Cisco IOS CLI Examples Specifying a Default Route: Example ip routing ip route 192.168.24.0 255.255.255.0 172.28.99.2 ip default-network 192.168.24.0 Sample Output for the show ip route Command Router# show ip route...
  • Page 55 How to Perform a Basic Software Configuration Using the Cisco IOS CLI password password login show running-config From another network device, attempt to open a Telnet session to the router. DETAILED STEPS Command or Action Purpose Step 1 Enables privileged EXEC mode.
  • Page 56: Configuring The Auxiliary Line

    How to Perform a Basic Software Configuration Using the Cisco IOS CLI Command or Action Purpose Step 7 Displays the running configuration file. show running-config • Verify that you properly configured the virtual terminal lines for remote access. Example: Router# show running-config...
  • Page 57: Verifying Network Connectivity

    How to Perform a Basic Software Configuration Using the Cisco IOS CLI Configuring AUX-to-AUX Port Async Backup with Dialer Watch, sample configuration http://www.cisco.com/warp/public/471/aux-aux-watch.html Modem-Router Connection Guide, tech note http://www.cisco.com/warp/public/76/9.html SUMMARY STEPS enable configure terminal line aux 0 See the tech notes and sample configurations to configure the line for your particular implementation of the AUX port.
  • Page 58 How to Perform a Basic Software Configuration Using the Cisco IOS CLI Prerequisites Complete all previous configuration tasks in this document. • The router must be connected to a properly configured network host. • SUMMARY STEPS enable ping [ip-address | hostname]...
  • Page 59: Saving Your Router Configuration

    To aid file recovery and minimize downtime in case of file corruption, we recommend that you save backup copies of the startup configuration file and the Cisco IOS software system image file on a server. For more detailed information, see the “Managing Configuration Files” chapter and the “Loading and Maintaining System Images”...
  • Page 60 How to Perform a Basic Software Configuration Using the Cisco IOS CLI SUMMARY STEPS enable copy nvram:startup-config {ftp: | rcp: | tftp:} show flash: copy flash: {ftp: | rcp: | tftp:} DETAILED STEPS Command or Action Purpose Step 1 Enables privileged EXEC mode.
  • Page 61: Where To Go Next

    IP routing and IP routing protocols Cisco IOS IP Configuration Guide Configuring default routes or a gateway of last resort Configuring a Gateway of Last Resort Using IP Commands tech note Basic Software Configuration Using the Cisco IOS Command-Line Interface OL-5593-01...
  • Page 62 To view this document, you must have an account on Note routers, especially on their border routers, to improve Cisco.com. If you do not have an account or have forgotten security your username or password, click Cancel at the login dialog box and follow the instructions that appear.
  • Page 63 Additional References CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco...
  • Page 64 Additional References Basic Software Configuration Using the Cisco IOS Command-Line Interface OL-5593-01...
  • Page 65 Cisco IOS Intrusion Prevention System (IPS)—The Cisco IOS IPS feature restructures the • existing Cisco IOS Intrusion Detection System (IDS), allowing customers to choose to load the default, built-in signatures or to load a Signature Definition File (SDF) called attack-drop.sdf onto the router.
  • Page 66: Before You Begin

    URL filtering software, thereby allowing you to prevent users from accessing specified websites on the basis of some policy. The Cisco IOS firewall works with the Websense server to know whether a particular URL should be allowed or denied (blocked).
  • Page 67: Configure

    To find additional information on the commands used in this document, use the Command Lookup Tool. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear. Network Diagram This document uses the network setup shown in the diagram below.
  • Page 68 !---Define a set of inspection rules. In this example, the set is called “myfw.” !---Include each protocol that you want the Cisco IOS firewall to inspect. ip inspect name myfw cuseeme timeout 3600 ip inspect name myfw ftp timeout 3600...
  • Page 69 !---Enable the authentication proxy rule for dynamic, per-user authentication !---and authorization. See the previous “aaa authorization auth-proxy default group SJ” !---and “ip auth-proxy name aprule http” command entries. !---Apply the Cisco IPS rule to outbound traffic. interface FastEthernet0/0 ip address 192.168.1.2 255.255.255.0...
  • Page 70: Verify

    Tool, which allows you to view an analysis of show command output. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
  • Page 71 Total requests sent to URL Filter Server :13 Total responses received from URL Filter Server :13 Total requests allowed: 9 Total requests blocked: 4 Commands for Verifying Cisco IOS Firewall Authentication Proxy show ip auth-proxy—Displays the authentication proxy entries or configuration. • Router# show ip auth-proxy cache Authentication Proxy Cache Client Name admin, Client IP 192.168.1.118, Port 1902, timeout 120, Time Remaining...
  • Page 72 Secured Branch Router Configuration Example Verify Commands for Verifying Cisco IOS Intrusion Prevention System show ip ips signature—Displays Cisco IPS signature information, including which signatures are • disabled and marked for deletion. Router# show ip ips signature Signatures were last loaded from tftp://192.168.1.3/attack-drop.sdf...
  • Page 73 Secured Branch Router Configuration Example Verify 5081:0 15 FA 5114:0 15 FA 5114:1 15 FA 5114:2 15 FA 5126:0 15 FA 5159:0 HIGH 15 FA 5184:0 HIGH 15 FA 5188:0 HIGH 15 FA 5188:1 HIGH 15 FA 5188:2 HIGH 15 FA 5188:3 HIGH 15 FA...
  • Page 74: Troubleshoot

    Troubleshooting Commands Before issuing debug commands, please see Important Information on Debug Commands. Note debug ip inspect—Displays messages about Cisco IOS firewall events. • debug ip urlfilter—Enables debug information of URL filter subsystems. • Router# debug ip urlfilter detailed Urlfilter Detailed Debugs debugging is on Router# *Aug 26 20:11:58.538: URLF: got cache idle timer event...
  • Page 75: Related Information

    “Configuring Authentication Proxy” chapter – Cisco IOS Intrusion Prevention System (IPS), Cisco IOS Release 12.3(8)T feature module • Firewall Websense URL Filtering, Cisco IOS Releases 12.2(11)YU and 12.2(15)T feature module • • Troubleshooting CBAC Configurations, tech note • Troubleshooting Authentication Proxy, tech note •...
  • Page 76 Related Information CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco...
  • Page 77 IP Telephony services and may also use other full-service branch (FSB) features of Cisco access routers. These features include Cisco Content Engines (CEs), Voice over IP (VoIP) services and integration with back-end VoIP call control devices. The small branch office requires a robust and integrated voice-mail solution.
  • Page 78: Prerequisites

    IP Communication Solution for Group Applications Configuration Example Prerequisites LAN that are using XML services to directly connect to the radio via the multicast features on Cisco IOS. The LMR can be integrated with the E&M port on the gateway; the commands on the gateway support this router-to-radio adaptation.
  • Page 79 Users of this document should review the documents listed under the“Related Information” section on page Related Products This configuration can also be used with any Cisco 2800 and Cisco 3800 series routers. Conventions For more information on document conventions, see the Cisco Technical Tips Conventions.
  • Page 80: Configure

    Cisco IOS Command Note Lookup tool. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear. Configuration Tips The gigabit port on the router does not provide inline power.
  • Page 81 Cisco 3845 Router 3845-gw#show running-config Building configuration... Current configuration : 17622 bytes !---Last configuration change at 23:07:46 PDT Wed Jul 7 2004 by cisco version 12.3 service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone...
  • Page 82 NAT network 192.168.10.0 255.255.255.0 default-router 192.168.10.1 dns-server 10.1.162.183 1010.1.156.120 option 150 ip 10.1.152.9 domain-name cisco.com ip domain name cisco.com ip name-server 10.1.162.183 ip name-server 10.1.156.120 ip multicast-routing ip sap cache-timeout 30 ip ssh time-out 30 ip ssh version 1...
  • Page 83 !---CallManager-Cisco CME-Cisco Unity Express. The “allow connections h323 to h323” & !---“allow-connections h323 to sip” enable an easy configuration on gateway without the !---need for loopback-dn for incoming calls from Cisco CallManager or for call flow from !---Cisco CallManager to SIP for Voice Mail.
  • Page 84 IP Communication Solution for Group Applications Configuration Example Configure ds0-group 4 timeslots 4 type e&m-immediate-start ds0-group 5 timeslots 5 type e&m-immediate-start ds0-group 6 timeslots 6 type e&m-immediate-start no crypto isakmp enable !---Loopback0 used to bind H323 to the Loopback0 interface. RTP Packets !---originate/terminate on the router using this IP address.
  • Page 85 100 switchport trunk native vlan 100 switchport mode trunk switchport voice vlan 110 no ip address !---Cisco Unity Express used for local voice-mail storage interface Service-Engine4/0 ip unnumbered Loopback2 service-module ip address 10.1.152.242 255.255.255.252 service-module ip default-gateway 10.1.152.241...
  • Page 86 IP Communication Solution for Group Applications Configuration Example Configure access-list 11 permit 192.168.11.0 0.0.0.255 access-list 11 permit 192.168.20.0 0.0.0.255 access-list 11 permit 192.168.10.0 0.0.0.255 !---Router serves as TFTP server for Signed Image for 7960 phone on Local LAN. tftp-server flash:P00306000300.bin tftp-server flash:P00306000300.loads tftp-server flash:P00306000300.sb2 control-plane...
  • Page 87 IP Communication Solution for Group Applications Configuration Example Configure connection trunk 20481 !---Multicast side of the back-to-back T1 used for bridging VoIP to multicast connection !---trunk points to the dial-peer that is used for streaming into multicast voice-port 0/2/1:1 auto-cut-through timeouts call-disconnect 3 connection trunk 20480 voice-port 0/2/1:2...
  • Page 88 27748 session protocol sipv2 session target ipv4:10.1.152.242 dtmf-relay sip-notify codec g711ulaw no vad !---Dial peers for dialing out; pointing to Cisco CallManager Release 3.3(3) dial-peer voice 101 voip description CCM-IT-Cisco destination-pattern .T session target ipv4:10.1.148.178 dtmf-relay h245-alphanumeric codec g711ulaw...
  • Page 89 VoIP to local multicast conference bridge destination-pattern 2111 port 0/2/0:5 dial-peer voice 9 pots description VoIP to local multicast conference bridge destination-pattern 2111 port 0/2/0:6 !---Dial Cisco CME Configuration with services configuration telephony-service fxo hook-flash load 7910 P00403020214 load 7960-7940 P00306000300 max-ephones 27 max-dn 40 ip source-address 10.1.152.9 port 2000...
  • Page 90 IP Communication Solution for Group Applications Configuration Example Configure ephone-dn dual-line number 27725 description Ross name Ross call-forward busy 27749 call-forward noan 27749 timeout 10 ephone-dn dual-line number 27726 description Rachel name Rachel call-forward busy 27749 call-forward noan 27749 timeout 18 ephone-dn dual-line number 27727...
  • Page 91 IP Communication Solution for Group Applications Configuration Example Configure ephone-dn dual-line number 27733 description Jerry name Jerry call-forward busy 27749 call-forward noan 27749 timeout 18 ephone-dn dual-line number 27734 description George name George call-forward busy 27749 call-forward noan 27749 timeout 18 ephone-dn dual-line number 27735...
  • Page 92 IP Communication Solution for Group Applications Configuration Example Configure ephone-dn dual-line number 27743 call-forward busy 27749 call-forward noan 27749 timeout 18 ephone-dn dual-line number 27744 call-forward busy 27749 call-forward noan 27749 timeout 18 ephone-dn dual-line number 27745 call-forward busy 27749 call-forward noan 27749 timeout 18 ephone-dn ephone-dn...
  • Page 93 IP Communication Solution for Group Applications Configuration Example Configure ephone mac-address 0002.8A4B.000B type CIPC button ephone mac-address 0009.6B53.44C6 type CIPC button ephone mac-address 0009.6B30.E399 type CIPC button ephone mac-address 000B.BE37.1AB1 type 7960 button ephone mac-address 0006.D74B.15B3 type 7960 button ephone mac-address 000B.5F92.5784 type 7960 button...
  • Page 94 IP Communication Solution for Group Applications Configuration Example Configure ephone mac-address 0003.47D8.C236 type CIPC button 1:14 ephone mac-address 000C.CE35.1935 type 7960 button 1:15 ephone mac-address 0030.94C3.BE45 type 7960 button 1:16 ephone ephone ephone ephone ephone line con 0 authorization exec LOCAL stopbits 1 line aux 0 stopbits 1...
  • Page 95: Verify

    Certain show commands are supported by the Output Interpreter Tool (registered customers only), which allows you to view an analysis of show command output. In summary, use these commands: show telephony-service—Shows the IP telephony services available for Cisco CallManager server •...
  • Page 96 Representative output for each of these commands is presented in the verification summaries that follow. Note Relevant display output is highlighted as appropriate. The following is an example of output for the show telephony-service command on the Cisco CME: CCME-CUE-SJC# show telephony-service CONFIG (Version=3.2) ===================== Version 3.2...
  • Page 97 IP Communication Solution for Group Applications Configuration Example Verify retain-timer: 15 create cnf-files version-stamp 7960 Apr 12 2004 12:16:53 transfer-system full-consult auto assign 1 to 27 fxo hook-flash local directory service: enabled. The following example illustrates output using the show ephone registered command: CCME-CUE-SJC# show ephone registered ephone-1 Mac:0003.4713.5554 TCP socket:[6] activeLine:0 REGISTERED mediaActive:0 offhook:0 ringing:0 reset:0 reset_sent:0 paging 0 debug:0...
  • Page 98 IP Communication Solution for Group Applications Configuration Example Verify The following is an example of output for the show voice rtp connections command on the branch office router: 3845-gw# show voip rtp connections VoIP RTP active connections : No. CallId dstCallId LocalRTP RmtRTP LocalIP RemoteIP...
  • Page 99 The following is an example of output for the show version command on the CE: sjc22-13a-rb-CE3# show version Application and Content Networking System Software (ACNS) Copyright (c) 1999-2003 by Cisco Systems, Inc. Application and Content Networking System Software Release 5.1.3 (build b15 Feb 13 2004) Version: ce2636-sw-5.1.3...
  • Page 100 IP Communication Solution for Group Applications Configuration Example Verify http dns-cache serial-lookup ip domain-name cisco.com gui-server secure port 8002 interface FastEthernet external shutdown exit interface FastEthernet internal exit primary-interface FastEthernet 0/1 wmt license-key 92W5SNNNSULWCXN78 wmt accept-license-agreement wmt max-concurrent-sessions 9 wmt mms allow extension asf none nsc wma wmv mp3 wmt broadcast alias-name lanka source mms://24.6.215.172/AAA...
  • Page 101 IP Communication Solution for Group Applications Configuration Example Verify CPU usage: Current Peak cpu: 96 % 100 % CPU average usage since last reboot: cpu: 0.03% User, 7.28% System, 1.80% User(nice), 90.90% Idle cpu0: 0.03% User, 7.28% System, 1.80% User(nice), 90.90% Idle -------------------------------------------------------------------- STATE PRI User T...
  • Page 102 IP Communication Solution for Group Applications Configuration Example Verify sjc22-13a-rb-CE3# show statistics wmt all Unicast Requests Statistics =========================== Total unicast requests received: 79 ------------------------------------- Total % of Total Unicast Requests -------------------------------------------- Streaming Requests served: 94.94% Mcast nsc file Request: 0.00% Requests error: 0.00% Total...
  • Page 103 IP Communication Solution for Group Applications Configuration Example Verify ======================== Total unicast outgoing bytes: 4698135144 --------------------------------- Total % of Total Unicast Outgoing Bytes -------------------------------------------- By Type of Content ------------------ Live content: 4698135144 100.00% On-Demand Content: 0.00% By Transport Protocol --------------------- MMSU: 3148201513 67.01%...
  • Page 104 IP Communication Solution for Group Applications Configuration Example Verify ------------------ Cache bypassed: Exceed max-size: Usage Summary ============= Concurrent Unicast Client Sessions ---------------------------------- Current: Max: Concurrent Active Multicast Sessions ------------------------------------ Current: Max: Concurrent Remote Server Sessions --------------------------------- Current: Max: Concurrent Unicast Bandwidth (Kbps) ----------------------------------- Current: 1734.120...
  • Page 105 WMT URL Filter Statistics ================ URL Allowed: URL Filtered: The following is an example of output for the show interface service-engine 4/0 command on the Cisco CME for Cisco Unity Express: 3845-gw# show interface service-engine 4/0 Service-Engine4/0 is up, line protocol is up Hardware is I82559FE, address is 000e.8335.7c30 (bia 000e.8335.7c30)
  • Page 106 Getting status from the Service Module, please wait.. cisco service engine 1.1 The following is an example of output for the service-module service-engine 4/0 status session command on the Cisco CME for Cisco Unity Express: 3845-gw# service-module service-engine 4/0 session Trying 10.1.152.241, 2258 ... Open...
  • Page 107 IP Communication Solution for Group Applications Configuration Example Verify The following is an example of output for the show running-config command on Cisco Unity Express: se-10-32-152-242# show running-config Generating configuration: clock timezone America/Los_Angeles hostname se-10-32-152-242 ip domain-name cisco.com ip name-server 10.64.2.113 10.64.11.48 ntp server 10.1.152.241...
  • Page 108 IP Communication Solution for Group Applications Configuration Example Verify parameter "strMWI_OFF_DN" "8000" parameter "strMWI_ON_DN" "8001" parameter "CallControlGroupID" "0" end application ccn application promptmgmt description "promptmgmt" enabled maxsessions 1 script "promptmgmt.aef" end application ccn application voicemail description "voicemail" enabled maxsessions 8 script "voicebrowser.aef"...
  • Page 109 "Frank mailbox" end mailbox voicemail mailbox owner "Estelle" size 3000 description "Estelle mailbox" end mailbox The following is an example of output for the show voicemail mailboxes command on Cisco Unity Express: se-10-32-152-242# show voicemail mailboxes OWNER MSGS NEW...
  • Page 110 IP Communication Solution for Group Applications Configuration Example Verify The following is an example of output for the show voicemail usage command on Cisco Unity Express: se-10-32-152-242# show voicemail usage personal mailboxes: general delivery mailboxes: orphaned mailboxes: capacity of voicemail (minutes):...
  • Page 111 Description: promptmgmt Script: promptmgmt.aef ID number: Enabled: Maximum number of sessions: The following is an example of output for the show ccn trigger command on Cisco Unity Express: se-10-32-152-242# show ccn trigger Name: 27749 Type: Application: voicemail Locale: en_US...
  • Page 112 IP Communication Solution for Group Applications Configuration Example Verify Cisco CallManager Screen Examples The screen display example below shows Cisco CallManager Release 3.3(3) trunk configuration for a Cisco CME. OL-6574-01...
  • Page 113 IP Communication Solution for Group Applications Configuration Example Verify The screen display example below depicts media termination point (MTP) software configuration. OL-6574-01...
  • Page 114 IP Communication Solution for Group Applications Configuration Example Verify Cisco CME Screen Examples The screen display example below identifies Cisco CallManager extensions. OL-6574-01...
  • Page 115 IP Communication Solution for Group Applications Configuration Example Verify The screen display example below provides details about Cisco CME phones. OL-6574-01...
  • Page 116 IP Communication Solution for Group Applications Configuration Example Verify Cisco Unity Express Screen Examples The screen display example below lists voice mailboxes on Cisco Unity Express user configuration. OL-6574-01...
  • Page 117 IP Communication Solution for Group Applications Configuration Example Verify The screen display example below provides details about voice mailboxes on Cisco Unity Express. OL-6574-01...
  • Page 118: Troubleshoot

    IP Security Troubleshooting - Understanding and Using debug Commands • Troubleshooting Reference Documents and Commands The following references and command recommendations offer guidance for troubleshooting Cisco CME-based Cisco Unity Express implementations. Before issuing debug commands, see Important Information on Debug Commands.
  • Page 119: Related Information

    A six-port chassis might create problems. Use this debug command with any or all of the other debug modes Related Information For additional information about Cisco CallManager Express, go to: http://www.cisco.com/en/US/products/sw/voicesw/ps4625/index.html •...
  • Page 120 Related Information CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco...
  • Page 121 • Headquarters uses an EzVPN concentrator, a Cisco 3800 series router, with an ATM interface. One branch uses a Cisco 2800 series router and employs a network-mode EzVPN client with a serial • interface, while another branch uses a Cisco 1800 series router and uses client mode EzVPN with an SHDSL interface.
  • Page 122: Before You Begin

    IP addresses. Using NETBEUI protocol, it is also compatible with NetBIOS. Before You Begin The following are the requirements for using this configuration example. Conventions For more information on document conventions, see the Cisco Technical Tips Conventions. OL-6340-01...
  • Page 123: Configure

    AIM-VPN module installed: %crypto_ha_ipsec-4-crypto_ha_not_supported_by_hw 2811 Once an AIM-VPN module is installed in the Cisco 2811 router, this error message will no longer appear. Related Products This configuration can also be used with the following hardware: Cisco 1800 series routers •...
  • Page 124 • Public IP address: 10.32.152.26 • Private IP address pool: 192.168.1.0/24 • The Branch 1 location (callout 8) uses a Cisco 1841 router with these characteristics: EzVPN client using client mode • DSL access to the Internet • WIC-1SHDSL interface card installed •...
  • Page 125 Easy VPN Configuration Example Configure Private IP address pool: 192.168.3.0/24 • OL-6340-01...
  • Page 126 Easy VPN Configuration Example Configure The Branch 2 location (callout 9) uses a Cisco 2811 router with these characteristics: EzVPN client using network mode • Serial access to the Internet • Public IP address: 10.32.150.46 • Private IP address pool: 192.168.3.1/24 •...
  • Page 127 SPLIT_T ip access-list extended SPLIT_T permit ip 192.168.0.0 0.0.255.255 any key cisco123 dns 192.168.168.183 192.168.226.120 wins 192.168.179.89 192.168.2.87 domain cisco.com pool VPN-POOL save-password !--- IPSec configuration crypto ipsec transform-set TRANSFORM-1 esp-3des esp-md5-hmac crypto dynamic-map INT_MAP 1 set security-association lifetime kilobytes 530000000...
  • Page 128 Easy VPN Configuration Example Configure protocol ip 10.32.152.25 broadcast crypto map INT_MAP interface FastEthernet4/0 no ip address shutdown interface FastEthernet4/1 switchport access vlan 10 no ip address interface FastEthernet4/2 switchport access vlan 10 no ip address interface FastEthernet4/3 switchport access vlan 10 no ip address interface FastEthernet4/4 switchport access vlan 10...
  • Page 129 0 line aux 0 line vty 0 4 login authentication USERLIST Branch 1 Router Configuration (Cisco 1841 Router) EzVPN-Spoke-1# show running-config Building configuration... Current configuration : 4252 bytes version 12.3 no service pad...
  • Page 130 192.168.2.1 ip dhcp pool PRIVATE_DHCP import all network 192.168.2.0 255.255.255.0 default-router 192.168.2.1 no ip domain lookup ip domain name cisco.com ip sap cache-timeout 30 ip ssh time-out 30 ip ids po max-events 100 no ftp-server write-enable !--- IPSec configuration...
  • Page 131 0 line aux 0 line vty 0 4 login authentication USERLIST Branch 2 Router Configuration (Cisco 2811 Router) EzVPN-Spoke-2# show running-config Building configuration... Current configuration : 4068 bytes version 12.3 no service pad...
  • Page 132 Easy VPN Configuration Example Configure ip dhcp pool PRIVATE_DHCP import all network 192.168.3.0 255.255.255.0 default-router 192.168.3.1 no ip domain lookup ip multicast-routing ip ids po max-events 100 no ftp-server write-enable voice-card 0 no dspfarm !--- IPSec configuration crypto ipsec client ezvpn VPN1 connect auto group VPN1 key cisco123 mode network-extension...
  • Page 133: Verify

    Easy VPN Configuration Example Verify Verify This section provides instructions for verifying that your configuration works properly. Certain show commands are supported by the Output Interpreter Tool (registered customers only), which allows you to view an analysis of show command output. In summary: show crypto engine connections active—Shows the encrypted and decrypted packets.
  • Page 134 Easy VPN Configuration Example Verify inbound esp sas: spi: 0xDBEB20(14412576) transform: esp-3des esp-md5-hmac , in use settings ={Tunnel, } slot: 0, conn id: 5131, flow_id: 11, crypto map: INT_MAP crypto engine type: Hardware, engine_id: 2 sa timing: remaining key lifetime (k/sec): (4570368/14331) ike_cookies: 787F69F1 41C7488D 92A37C71 AE8FEC38 IV size: 8 bytes replay detection support: Y...
  • Page 135: Troubleshoot

    DNS Secondary: 192.168.226.120 NBMS/WINS Primary: 192.168.179.89 NBMS/WINS Secondary: 192.168.2.87 Default Domain: cisco.com The following is sample output from the show crypto ipsec client ezvpn command, performed using the configuration on the EzVPN Spoke 2 location: EzVPN-Spoke-2#show crypto ipsec client ezvpn...
  • Page 136 The following debug commands must be running on both IPSec routers (peers). Security associations must be cleared on both peers. • debug crypto engine—Displays information pertaining to the crypto engine, such as when Cisco IOS software is performing encryption or decryption operations. debug crypto ipsec—Displays the IPSec negotiations of phase 2. • •...
  • Page 137: Related Information

    *May 24 03:04:52.079: EZVPN(VPN1): New State: IPSEC_ACTIVE Related Information Cisco IOS Wide-Area Networking Configuration Guide • Cisco IOS Dial Technologies Configuration Guide • Cisco IOS Security Configuration Guide • Cisco IOS Interface and Hardware Component Configuration Guide • Cisco Technical Assistance Center • OL-6340-01...
  • Page 138 Easy VPN Configuration Example Related Information OL-6340-01...
  • Page 139 Related Information CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco...
  • Page 140 Easy VPN Configuration Example Related Information OL-6340-01...
  • Page 141 Related Information, page 43 • Introduction This document provides a configuration example for Cisco Voice and Video over VPN (V PN). The voice application used in this example is Hoot and Holler, which is typically used in trading floor financial institutions for communications to branch offices. The configuration scenario emphasizes implementation of the quality of service (QoS) and VPN capabilities;...
  • Page 142: Prerequisites

    Hoot and Holler over V3PN Configuration Example Prerequisites One branch uses a Cisco 2800 series router and employs a serial interface, while another branch with • a Cisco 2800 Series router uses a Symmetrical High-Speed Digital Subscriber Line (SHDSL) interface.
  • Page 143: Configure

    Cisco IOS Command Note Lookup tool. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear. Configuration Tips Make sure that the tunnels work before you apply the crypto maps.
  • Page 144 Operating in a Cisco CallManager cluster • Public IP address: 10.32.152.26 • Private IP address pool: 192.168.1.0/24 • The Branch 1 location (callout 8) uses a Cisco 2801 router with these characteristics: DSL access to the Internet • WIC-SHDSL-V2 interface card installed • •...
  • Page 145 HUB-R1 boot-start-marker boot-end-marker enable secret 5 $1$t8oN$hXmGodPh8ZM/ka6k/9aO51 username cisco secret 5 $1$cfjP$kKpBWe3pfKXfpK0RIqX/E. no network-clock-participate slot 1 no network-clock-participate slot 2 no network-clock-participate slot 3 no network-clock-participate slot 4 no network-clock-participate wic 0...
  • Page 146 2 !SPECIFY THAT ISAKMP CLIENTS (SPOKE ROUTERS) WILL NOT NEED TO USE XAUTH (USERNAME AND PASSWORD) WHEN CONNECTING crypto isakmp key cisco address 10.32.150.46 no-xauth crypto isakmp key cisco address 10.32.153.34 no-xauth crypto ipsec transform-set TRANSFORM_1 esp-3des esp-sha-hmac ! DEFINE THE REMOTE SPOKES, THEIR IP ADDRESSES AND ANY POLICIES THAT NEED TO BE...
  • Page 147 Hoot and Holler over V3PN Configuration Example Configure ! CREATE TUNNELS TO THE SPOKE ROUTERS. THE MTU IS LOWERED TO ALLOW THE GRE AND IP-SEC HEADER ! PIM SD IS ENABLED SO AS TO ALLOW MULTICAST, AND THE TUNNEL SOURCE AND DESTINATION ARE SPECIFIED interface Tunnel0 description === Peer device = Branch-2 ===...
  • Page 148 Hoot and Holler over V3PN Configuration Example Configure ip address 10.32.152.26 255.255.255.252 ip ospf network point-to-point no atm ilmi-keepalive crypto map INT_CM pvc 10/100 protocol ip 10.32.152.25 broadcast vbr-rt 100000 100000 service-policy output LLQ ! PLACE ALL SWITCHPORT INTERFACES INTO VLAN 10 interface FastEthernet4/0 switchport access vlan 10 no ip address...
  • Page 149 0 stopbits 1 line vty 0 4 login authentication USERLIST Branch 1 Router Configuration (Cisco 2801 Router) Branch-1# show running-config Building configuration... Current configuration : 6300 bytes ! Last configuration change at 03:11:55 UTC Sat Apr 17 2004 ! NVRAM config last updated at 02:03:50 UTC Sat Apr 17 2004 version 12.3...
  • Page 150 Configure hostname Branch-1 boot-start-marker boot-end-marker logging buffered 4096 informational enable secret 5 $1$b7.Q$Y2x1UXyRifSStbkR/YyrP. username cisco password 7 0519050B234D5C0617 memory-size iomem 20 no network-clock-participate wic 1 no network-clock-participate wic 2 no network-clock-participate wic 3 no network-clock-participate wic 4 no network-clock-participate wic 5...
  • Page 151 ! SET THE IKE POLICY TO USE 3DES crypto isakmp policy 10 encr 3des authentication pre-share group 2 crypto isakmp key cisco address 10.32.152.26 no-xauth crypto ipsec transform-set TRANSFORM_1 esp-3des esp-sha-hmac ! SPECIFY REMOTE PEER crypto map INT_CM 1 ipsec-isakmp description === Peer device = HUB-R1 === set peer 10.32.152.26...
  • Page 152 Hoot and Holler over V3PN Configuration Example Configure qos pre-classify tunnel source 10.32.153.34 tunnel destination 10.32.152.26 crypto map INT_CM ! VIF INTERFACE FOR MULTICAST SOURCE ADDRESS (USED FOR VOICE MULTICAST) interface Vif1 ip address 192.168.7.1 255.255.255.0 ip pim sparse-dense-mode interface FastEthernet0/0 description === Private interface === ip address 192.168.2.1 255.255.255.0 ip pim sparse-dense-mode...
  • Page 153 Hoot and Holler over V3PN Configuration Example Configure interface Vlan1 no ip address router ospf 1 log-adjacency-changes network 192.168.2.0 0.0.0.255 area 0 network 192.168.7.0 0.0.0.255 area 0 ip classless ip route 0.0.0.0 0.0.0.0 10.32.153.33 ip route 192.168.1.0 255.255.255.0 Null0 249 ip http server no ip http secure-server ! SPECIFY TRAFFIC TO BE ENCRYPTED (HERE IT'S ALL GRE TRAFFIC)
  • Page 154 Hoot and Holler over V3PN Configuration Example Configure Branch 2 Router Configuration (Cisco 2811 Router) Branch-2# show running-config Building configuration... Current configuration : 5041 bytes version 12.3 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption hostname Branch-2...
  • Page 155 Hoot and Holler over V3PN Configuration Example Configure crypto isakmp key cisco address 10.32.152.26 no-xauth crypto ipsec transform-set TRANSFORM_1 esp-3des esp-sha-hmac crypto map INT_CM 1 ipsec-isakmp description === Peer device = HUB-R1 === set peer 10.32.152.26 set security-association lifetime kilobytes 530000000...
  • Page 156 Hoot and Holler over V3PN Configuration Example Configure interface FastEthernet0/1 no ip address duplex auto speed auto pppoe enable pppoe-client dial-pool-number 1 interface FastEthernet0/3/0 no ip address shutdown interface FastEthernet0/3/1 no ip address shutdown interface FastEthernet0/3/2 no ip address shutdown interface FastEthernet0/3/3 no ip address shutdown...
  • Page 157: Verify

    Hoot and Holler over V3PN Configuration Example Verify dial-peer voice 100 voip destination-pattern 100 session protocol multicast session target ipv4:239.168.1.100:19890 codec g711ulaw vad aggressive line con 0 exec-timeout 0 0 line aux 0 line vty 0 4 password 7 0002000E0D4B login authentication USERLIST Verify This section provides information you can use to confirm your configuration is working properly.
  • Page 158 Hoot and Holler over V3PN Configuration Example Verify show voice call summary—Shows information about a call (such as the codec being used or the • state of the phone). • show class-map—Displays the QoS marking scheme (such as voice traffic that is marked up). This defines it as a V PN implementation.
  • Page 159 Hoot and Holler over V3PN Configuration Example Verify inbound pcp sas: outbound esp sas: spi: 0x69111392(1762726802) transform: esp-3des esp-sha-hmac , in use settings ={Tunnel, } slot: 0, conn id: 5214, flow_id: 94, crypto map: INT_CM crypto engine type: Hardware, engine_id: 2 sa timing: remaining key lifetime (k/sec): (508968340/10147) ike_cookies: DE2C7D5A FB6197B3 795753FB 41D07F6D IV size: 8 bytes...
  • Page 160 Hoot and Holler over V3PN Configuration Example Verify ike_cookies: 59F8CBF0 5B2E8553 7D356DD4 F5DE05AD IV size: 8 bytes replay detection support: Y spi: 0xD3C362F0(3552797424) transform: esp-3des esp-sha-hmac , in use settings ={Tunnel, } slot: 0, conn id: 5222, flow_id: 102, crypto map: INT_CM crypto engine type: Hardware, engine_id: 2 sa timing: remaining key lifetime (k/sec): (522107166/14204) ike_cookies: 59F8CBF0 5B2E8553 7D356DD4 F5DE05AD...
  • Page 161 Hoot and Holler over V3PN Configuration Example Verify outbound pcp sas: protected vrf: local ident (addr/mask/prot/port): (10.32.152.26/255.255.255.255/47/0) remote ident (addr/mask/prot/port): (10.32.150.46/255.255.255.255/47/0) current_peer: 10.32.150.46:500 PERMIT, flags={origin_is_acl,} #pkts encaps: 165228, #pkts encrypt: 165228, #pkts digest: 165228 #pkts decaps: 124592, #pkts decrypt: 124592, #pkts verify: 124592 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr.
  • Page 162 Hoot and Holler over V3PN Configuration Example Verify outbound pcp sas: interface: ATM1/0 Crypto map tag: INT_CM, local addr. 10.32.152.26 protected vrf: local ident (addr/mask/prot/port): (10.32.152.26/255.255.255.255/47/0) remote ident (addr/mask/prot/port): (10.32.153.34/255.255.255.255/47/0) current_peer: 10.32.153.34:500 PERMIT, flags={origin_is_acl,} #pkts encaps: 172131, #pkts encrypt: 172131, #pkts digest: 172131 #pkts decaps: 124081, #pkts decrypt: 124081, #pkts verify: 124081 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr.
  • Page 163 Hoot and Holler over V3PN Configuration Example Verify local crypto endpt.: 10.32.152.26, remote crypto endpt.: 10.32.150.46 path mtu 1420, media mtu 1420 current outbound spi: D3C362F0 inbound esp sas: spi: 0x4589EBE8(1166666728) transform: esp-3des esp-sha-hmac , in use settings ={Tunnel, } slot: 0, conn id: 5219, flow_id: 99, crypto map: INT_CM crypto engine type: Hardware, engine_id: 2 sa timing: remaining key lifetime (k/sec): (528510577/14263)
  • Page 164 Hoot and Holler over V3PN Configuration Example Verify The following is an output example for the show ip route command, performed using the configuration on the Headquarters router: HUB-R1# show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2...
  • Page 165 Hoot and Holler over V3PN Configuration Example Verify The following is an output example for the show voice trunk-conditioning supervisory command, performed using the configuration on the Headquarters router: HUB-R1# show voice trunk-conditioning supervisory SLOW SCAN 0/1/0 : state : TRUNK_SC_CONNECT, voice : on, signal : on ,master status: trunk connected sequence oos : no-action pattern :...
  • Page 166 Hoot and Holler over V3PN Configuration Example Verify Match: ip dscp af31 Queueing Output Queue: Conversation 265 Bandwidth 5 (%) Bandwidth 5000 (kbps) Max Threshold 64 (packets) (pkts matched/bytes matched) 89887/21932300 (depth/total drops/no-buffer drops) 0/0/0 Class-map: voice (match-all) 6485132 packets, 1893649352 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: ip dscp ef Queueing...
  • Page 167 0500 Maximum SA index: 0500 Maximum Flow index: 1000 Maximum RSA key size: 2048 crypto engine name: Cisco VPN Software Implementation crypto engine type: software serial number: 77C943AD crypto engine state: installed crypto engine in slot: Verify Remote Location Connectivity This section provides instructions for verifying that your configuration works properly.
  • Page 168 Hoot and Holler over V3PN Configuration Example Verify The following is an output example for the show crypto ipsec sa command, performed using the configuration on the Branch 1 router: Branch-1# show crypto ipsec sa interface: Tunnel0 Crypto map tag: INT_CM, local addr. 10.32.153.34 protected vrf: local ident (addr/mask/prot/port): (10.32.153.34/255.255.255.255/47/0)
  • Page 169 Hoot and Holler over V3PN Configuration Example Verify #pkts decaps: 118426, #pkts decrypt: 118426, #pkts verify: 118426 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 11, #recv errors 0 local crypto endpt.: 10.32.153.34, remote crypto endpt.: 10.32.152.26 path mtu 1420, media mtu 1420 current outbound spi: D5823DEF...
  • Page 170 Hoot and Holler over V3PN Configuration Example Verify slot: 0, conn id: 5151, flow_id: 31, crypto map: INT_CM crypto engine type: Hardware, engine_id: 2 sa timing: remaining key lifetime (k/sec): (508937361/10700) ike_cookies: 795753FB 41D07F6D DE2C7D5A FB6197B3 IV size: 8 bytes replay detection support: Y inbound ah sas: inbound pcp sas:...
  • Page 171 Hoot and Holler over V3PN Configuration Example Verify in use settings ={Tunnel, } slot: 0, conn id: 5152, flow_id: 32, crypto map: INT_CM crypto engine type: Hardware, engine_id: 2 sa timing: remaining key lifetime (k/sec): (508938172/10695) ike_cookies: 795753FB 41D07F6D DE2C7D5A FB6197B3 IV size: 8 bytes replay detection support: Y outbound ah sas:...
  • Page 172 Hoot and Holler over V3PN Configuration Example Verify PIM Group-to-RP Mappings Group(s) 224.0.0.0/4 RP 192.168.4.1 (?), v2v1 Info source: 192.168.4.1 (?), elected via Auto-RP Uptime: 00:20:28, expires: 00:02:23 The following is an output example for the show ip mroute active command, performed using the configuration on the Branch 1 router: Branch-1# show ip mroute active Active IP Multicast Sources - sending >= 4 kbps...
  • Page 173 Hoot and Holler over V3PN Configuration Example Verify Class Map match-any class-default (id 0) Match any Class Map match-all video (id 3) Match ip precedence 4 Class Map match-all voice (id 2) Match ip dscp ef The following is an output example for the show policy-map interface virtual-access 4 output command, performed using the configuration on the Branch 1 router: Branch-1 #show policy-map interface virtual-access 4 output Virtual-Access4...
  • Page 174 1000 Maximum SA index: 1000 Maximum Flow index: 2000 Maximum RSA key size: 2048 crypto engine name: Cisco VPN Software Implementation crypto engine type: software serial number: 70107010 crypto engine state: installed crypto engine in slot: Verifying Branch 2 Router...
  • Page 175 Hoot and Holler over V3PN Configuration Example Verify protected vrf: local ident (addr/mask/prot/port): (10.32.150.46/255.255.255.255/47/0) remote ident (addr/mask/prot/port): (10.32.152.26/255.255.255.255/47/0) current_peer: 10.32.152.26:500 PERMIT, flags={origin_is_acl,} #pkts encaps: 1706, #pkts encrypt: 1706, #pkts digest: 1706 #pkts decaps: 1715, #pkts decrypt: 1715, #pkts verify: 1715 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr.
  • Page 176 Hoot and Holler over V3PN Configuration Example Verify Crypto map tag: INT_CM, local addr. 10.32.150.46 protected vrf: local ident (addr/mask/prot/port): (10.32.150.46/255.255.255.255/47/0) remote ident (addr/mask/prot/port): (10.32.152.26/255.255.255.255/47/0) current_peer: 10.32.152.26:500 PERMIT, flags={origin_is_acl,} #pkts encaps: 1864, #pkts encrypt: 1864, #pkts digest: 1864 #pkts decaps: 1874, #pkts decrypt: 1874, #pkts verify: 1874 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr.
  • Page 177 Hoot and Holler over V3PN Configuration Example Verify The following is an output example for the show ip ospf neighbor command, performed using the configuration on the Branch 2 router: Branch-2# show ip ospf neighbor Neighbor ID State Dead Time Address Interface 192.168.1.1...
  • Page 178 Hoot and Holler over V3PN Configuration Example Verify Group: 239.168.1.100, (?) Source: 192.168.5.2 (?) Rate: 50 pps/80 kbps(1sec), 80 kbps(last 10 secs), 2 kbps(life avg) Source: 192.168.7.2 (?) Rate: 50 pps/80 kbps(1sec), 80 kbps(last 30 secs), 2 kbps(life avg) The following is an output example for the show voice trunk-conditioning supervisory command, performed using the configuration on the Branch 2 router: Branch-2# show voice trunk-conditioning supervisory SLOW SCAN...
  • Page 179 Hoot and Holler over V3PN Configuration Example Verify Match: ip dscp ef Queueing Strict Priority Output Queue: Conversation 264 Bandwidth 35 (%) Bandwidth 540 (kbps) Burst 13500 (Bytes) (pkts matched/bytes matched) 13/3532 (total drops/bytes drops) 0/0 Class-map: video (match-all) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: ip precedence 4 Queueing...
  • Page 180: Troubleshoot

    • Cisco IOS software is performing encryption or decryption operations. debug crypto ipsec—Displays IPSec negotiations of phase 2. • debug crypto isakmp—Displays ISAKMP negotiations of phase 1.
  • Page 181 Hoot and Holler over V3PN Configuration Example Troubleshoot Jul 29 16:06:33.635 PDT: ISAKMP:(0:2:SW:1): vendor ID is DPD Jul 29 16:06:33.635 PDT: ISAKMP:(0:2:SW:1): processing vendor id payload Jul 29 16:06:33.635 PDT: ISAKMP:(0:2:SW:1): speaking to another IOS box! Jul 29 16:06:33.635 PDT: ISAKMP:received payload type 20 Jul 29 16:06:33.635 PDT: ISAKMP:received payload type 20 Jul 29 16:06:33.635 PDT: ISAKMP:(0:2:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE...
  • Page 182 Hoot and Holler over V3PN Configuration Example Troubleshoot Jul 29 16:06:33.651 PDT: ISAKMP:(0:2:SW:1): sending packet to 10.32.150.46 my_port 500 peer_port 500 (I) QM_IDLE Jul 29 16:06:33.651 PDT: ISAKMP:(0:2:SW:1):Node 159862783, Input = IKE_MESG_INTERNAL, IKE_INIT_QM Jul 29 16:06:33.651 PDT: ISAKMP:(0:2:SW:1):Old State = IKE_QM_READY New State = IKE_QM_I_QM1 Jul 29 16:06:33.651 PDT: ISAKMP:(0:2:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE...
  • Page 183: Related Information

    Jul 29 16:06:33.935 PDT: IPSEC(create_sa): sa created, (sa) sa_dest= 10.32.150.46, sa_proto= 50, sa_spi= 0x833186D0(2201061072), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 4001 Related Information Cisco IOS Quality of Service Configuration Guide, Release 12.3 • Cisco IOS Security Configuration Guide • Cisco IOS Voice Command Reference, Release 12.3 •...
  • Page 184 Related Information isco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, rvice marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Ce...
  • Page 185 Finding Feature Documentation We recommend that you use the Cisco Router and Security Device Manager (SDM) to configure your Note router. To access SDM, see the quick start guide that you received with your router. You can access Cisco IOS feature documentation in the following ways: Using Cisco.com Feature Resources, page 1...
  • Page 186: Feature Navigator

    Go to Cisco Feature Navigator at http://www.cisco.com/go/fn. Step 1 You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box, and follow the instructions that appear.
  • Page 187 Go to Cisco Feature Navigator at http://www.cisco.com/go/fn. Step 1 You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box, and follow the instructions that appear.
  • Page 188 Finding Feature Documentation by Browsing Feature Modules by Cisco IOS Release If you know the specific feature name and the Cisco IOS release in which the feature was introduced, you can browse the Cisco IOS feature modules by Cisco IOS release to find feature documentation.
  • Page 189 Finding Feature Documentation by Browsing Feature Modules by Cisco IOS Release Finding Feature Documentation OL-5994-01...
  • Page 190 Finding Feature Documentation by Browsing Feature Modules by Cisco IOS Release CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco...
  • Page 191 Enable or disable the Break function Control broadcast addresses • Recover a lost password • Change the console line speed • Corporate Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA Copyright © 2004 Cisco Systems, Inc. All rights reserved.
  • Page 192 Factory default is 9600 baud, where bits 5, 11, and 12 are all zero (clear). You cannot change the console line speed configuration register Note bits from the Cisco IOS command-line interface (CLI). You can, however, change these bits from the ROM monitor (see “Using the ROM Monitor”).
  • Page 193 About the Configuration Register Table 1 Configuration Register Bit Descriptions (continued) Number Hexadecimal Meaning 0x4000 Controls the network and subnet portions of the IP broadcast address: Setting bit 10 causes the processor to use all zeros. • (Factory default) Clearing bit 10 causes the processor to use all ones. •...
  • Page 194 1200 Changing the Configuration Register Settings You can change the configuration register settings from either the ROM monitor or the Cisco IOS CLI. This section describes how to modify the configuration register settings from the Cisco IOS CLI. To change the configuration register from the ROM monitor, see ”...
  • Page 195 Displaying the Configuration Register Settings The Cisco IOS software does not allow you to change the console speed bits directly with the Note config-register command. To change the console speed from the Cisco IOS CLI, see the “Configuring the Console Line Speed (Cisco IOS CLI)” section on page...
  • Page 196 Configuring the Console Line Speed (Cisco IOS CLI) CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco...
  • Page 197 Connect a terminal or PC to the router console port. For help, see the quick start guide or the hardware installation guide for your router. Corporate Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2006 Cisco Systems, Inc. All rights reserved.
  • Page 198 Xmodem Protocol. See the “Downloading Files over the Router Console Port (xmodem)” section on page For more information about using the Xmodem protocol, see the Xmodem Console Download Procedure Using ROMmon at the following URL: http://www.cisco.com/warp/public/130/xmodem_generic.html Using the ROM Monitor OL-5997-02...
  • Page 199 Accessibility This product can be configured using the Cisco command-line interface (CLI). The CLI conforms to accessibility code 508 because it is text based and because it relies on a keyboard for navigation. All functions of the router can be configured and monitored through the CLI.
  • Page 200 How to Use the ROM Monitor—Typical Tasks Exiting ROM Monitor Mode, page 29 • This section does not describe how to perform all possible ROM monitor tasks. Use the command help Note to perform any tasks that are not described in this document. See the “Displaying Commands and Command Syntax in ROM Monitor Mode (?, help, -?)”...
  • Page 201: Entering Rom Monitor Mode

    How to Use the ROM Monitor—Typical Tasks Entering ROM Monitor Mode This section provides two ways to enter ROM monitor mode: Using the Break Key Sequence to Interrupt the System Reload and Enter ROM Monitor Mode, • page 5 • Setting the Configuration Register to Boot to ROM Monitor Mode, page 6 Prerequisites Connect a terminal or PC to the router console port.
  • Page 202 How to Use the ROM Monitor—Typical Tasks Examples This section provides the following example: Sample Output for the reload Command Use break key sequence to enter rom monitor Router# reload Proceed with reload? [confirm] *Sep 23 15:54:25.871: %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload command.
  • Page 203 How to Use the ROM Monitor—Typical Tasks SUMMARY STEPS enable configure terminal config-register 0x0 exit write memory reload DETAILED STEPS Command or Action Purpose Step 1 Enables privileged EXEC mode. enable Enter your password if prompted. • Example: Router> enable Step 2 Enters global configuration mode.
  • Page 204 System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 2006 by cisco Systems, Inc. Initializing memory for ECC Router platform with 262144 Kbytes of main memory Main memory is configured to 64 bit mode with ECC enabled Readonly ROMMON initialized rommon 1 >...
  • Page 205 How to Use the ROM Monitor—Typical Tasks DETAILED STEPS Command or Action Purpose Step 1 Displays a summary of all available ROM monitor commands. help Example: rommon 1 > ? Example: rommon 1 > help Step 2 Displays syntax information for a ROM monitor command. command -? Example: rommon 16 >...
  • Page 206 For more information about using Xmodem, see the Xmodem Console Download Procedure Using ROMmon at the following URL: http://www.cisco.com/warp/public/130/xmodem_generic.html Displaying Files in a File System (dir) To display a list of the files and directories in the file system, use the dir command, as shown in the following example: rommon 4 >...
  • Page 207 How to Use the ROM Monitor—Typical Tasks DETAILED STEPS Command or Action Purpose Step 1 In order, the examples here direct the router to: boot Boot the first image in flash memory. • Boot the first image or a specified image in flash •...
  • Page 208 Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco IOS Software, 2800 Software (C2800NM-IPBASE-M), Version 12.4(3), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by Cisco Systems, Inc. Compiled Fri 22-Jul-05 11:37 by hqluong Image text-base: 0x40098478, data-base: 0x41520000 Port Statistics for unclassified packets is not turned on.
  • Page 209 How to Use the ROM Monitor—Typical Tasks Cisco IOS Software, 2800 Software (C2800NM-IPBASE-M), Version 12.4(3), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by Cisco Systems, Inc. Compiled Fri 22-Jul-05 11:37 by hqluong *Sep 23 16:11:46.331: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing a cold start *Sep 23 16:11:46.539: %SYS-6-BOOTTIME: Time taken to reboot after reload =...
  • Page 210 *Sep 23 16:20:00.139: %SYS-5-CONFIG_I: Configured from memory by console *Sep 23 16:20:00.351: %SYS-5-RESTART: System restarted -- Cisco IOS Software, 2800 Software (C2800NM-IPBASE-M), Version 12.4(3), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by Cisco Systems, Inc.
  • Page 211 TFTP servers or network connections, and a direct PC connection to the router console is the only viable option. For more information about using Xmodem, see the Xmodem Console Download Procedure Using ROMmon at the following URL: http://www.cisco.com/warp/public/130/xmodem_generic.html Prerequisites Download the file to your PC. Go to the Software Center at the following URL: •...
  • Page 212 This section describes how to modify the configuration register by using the confreg ROM monitor command. You can also modify the configuration register setting from the Cisco IOS command-line interface (CLI) by using the config-register command in global configuration mode. For more...
  • Page 213 How to Use the ROM Monitor—Typical Tasks Prerequisites To learn about the configuration register and the function of each of the 16 bits, see the Changing the Configuration Register Settings document. Restrictions The modified configuration register value is automatically written into NVRAM, but the new value does not take effect until you reset or power-cycle the router.
  • Page 214 How to Use the ROM Monitor—Typical Tasks [0]: 0 Configuration Summary enabled are: diagnostic mode console baud: 9600 boot: the ROM Monitor rommon 8> Obtaining Information on USB Flash Devices This section describes how to obtain information on USB devices that are installed in the router. For instructions on booting from a USB flash device, see the “Loading a System Image (boot)”...
  • Page 215 If you need to set the router I/O memory permanently by using a manual method, use the memory-size iomem Cisco IOS command. If you set the I/O memory from the Cisco IOS software, you must restart the router for I/O memory to be set properly.
  • Page 216 NVRAM size: 191KB Recovering the System Image (tftpdnld) This section describes how to download a Cisco IOS software image from a remote TFTP server to the router flash memory by using the tftpdnld command in ROM monitor mode. Use the tftpdnld command only for disaster recovery because it can erase all existing data in flash Caution memory before it downloads a new software image to the router.
  • Page 217 How to Use the ROM Monitor—Typical Tasks TFTP_MACADDR=MAC_address TFTP_RETRY_COUNT=retry_times TFTP_TIMEOUT=time TFTP_VERBOSE=setting tftpdnld [-hr] DETAILED STEPS Command or Action Purpose Step 1 Sets the IP address of the router. IP_ADDRESS=ip_address Example: rommon > IP_ADDRESS=172.16.23.32 Step 2 Sets the subnet mask of the router. IP_SUBNET_MASK=ip_address Example: rommon >...
  • Page 218 Example: mode is available on both gig 0/0 and gig 0/1 (GE_PORT = rommon > MEDIA_TYPE=1 0 or 1). (This option is not available on Cisco 1800 series routers, Cisco 2801 routers, or Cisco 2811 routers.) Step 11 (Optional) Determines whether the router performs a TFTP_CHECKSUM=[0 | 1] checksum test on the downloaded image.
  • Page 219 How to Use the ROM Monitor—Typical Tasks Command or Action Purpose Step 16 (Optional) Configures how the router displays file TFTP_VERBOSE=setting download progress, with these options: • 0—No progress is displayed. Example: rommon > TFTP_VERBOSE=2 • 1—Exclamation points (!!!) are displayed to indicate file download progress.
  • Page 220 If you want to configure the router to load a specified image at the next system reload or power-cycle, see the following documents: “Booting Commands” chapter of the Cisco IOS Configuration Fundamentals Command Reference • Cisco IOS Configuration Fundamentals and Network Management Configuration Guide •...
  • Page 221 How to Use the ROM Monitor—Typical Tasks Traffic does not pass through the router • Router hangs are discussed in detail in the Troubleshooting Router Hangs tech note. ROM Monitor Console Communication Failure Under certain misconfiguration situations, it can be impossible to establish a console connection with the router due to a speed mismatch or other incompatibility.
  • Page 222 How to Use the ROM Monitor—Typical Tasks Command or Action Purpose Step 3 (Optional) Displays an entire individual stack frame. frame [number] • The default is 0 (zero), which is the most recent frame. Example: rommon > frame 4 Step 4 (Optional) Displays return information from the last booted sysret system image.
  • Page 223 How to Use the ROM Monitor—Typical Tasks Sample Output for the stack ROM Monitor Command rommon 6> stack Kernel Level Stack Trace: Initial SP = 0x642190b8, Initial PC = 0x607a0d44, RA = 0x61d839f8 Frame 0 : FP= 0x642190b8, PC= 0x607a0d44, 0 bytes Frame 1 : FP= 0x642190b8, PC= 0x61d839f8, 24 bytes...
  • Page 224 How to Use the ROM Monitor—Typical Tasks : 00000000 00000001 | sp : 00000000 64049cb0 : 00000000 00000000 | s8 : 00000000 6429274c : 00000000 6408d464 | ra : 00000000 60e36fa8 : ffffffff e57fce22 | LO : ffffffff ea545255 : 00000000 60e3b7f4 | ErrPC : ffffffff...
  • Page 225: Exiting Rom Monitor Mode

    • Exiting ROM Monitor Mode This section describes how to exit ROM monitor mode and enter the Cisco IOS command-line interface (CLI). The method that you use to exit ROM monitor mode depends on how your router entered ROM monitor mode: •...
  • Page 226 Now that you have a system image running on your router, configure the router to load the correct image at the next system reload or power-cycle. See the following documents: • “Booting Commands” chapter of the Cisco IOS Configuration Fundamentals Command Reference • Cisco IOS Configuration Fundamentals and Network Management Configuration Guide Using the ROM Monitor...
  • Page 227 60 seconds of rebooting Recovery the router Upgrading the ROM monitor ROM Monitor Download Procedures for Cisco 2691, Cisco, 3631, Cisco 3725, and Cisco 3745 Routers These procedures also apply to Cisco 1841 series, Note Cisco 2800 series, and Cisco 3800 series routers.
  • Page 228 Cisco.com users can log in from this page to access even more content. 1. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
  • Page 229 Using CompactFlash Memory Cards Cisco 3800 series routers, Cisco 2800 series routers, and Cisco 1800 series routers use external CompactFlash (CF) memory cards to store the system image, some software feature data, and configuration files. The CF memory cards use the following file systems. The file system that is supported depends on router model: •...
  • Page 230: Online Insertion And Removal

    Support only external CF memory cards. • The CF memory card file system can be formatted on a Cisco 1800 series router or Cisco 2801 router. After the file system has been formatted, files on the CF memory card can be copied to or from any PC that is equipped with a CF memory reader.
  • Page 231 How to Format CompactFlash Memory Cards How to Format CompactFlash Memory Cards This section contains the following procedures: Determining the File System on a CompactFlash Memory Card, page 3 • Formatting CompactFlash Memory as a Class B Flash File System, page 4 •...
  • Page 232 How to Format CompactFlash Memory Cards ATA CARD GEOMETRY Number of Heads: Number of Cylinders Sectors per Cylinder Sector Size Total Sectors 62720 ATA CARD FORMAT Number of FAT Sectors Sectors Per Cluster Number of Clusters 7796 Number of Data Sectors 62560 Base Root Sector Base FAT Sector Base Data Sector...
  • Page 233: Copying Files

    File Operations on CompactFlash Memory Cards Format:All system sectors written. OK... Format:Total sectors in formatted partition:250592 Format:Total bytes in formatted partition:128303104 Format:Operation completed successfully. Format of flash complete File Operations on CompactFlash Memory Cards File and directory operations vary according to the formatted file system—Class B or Class C. This section describes the following file operations for external CF memory cards: Copying Files, page 5 •...
  • Page 234: Privileged Exec Mode

    File Operations on CompactFlash Memory Cards Displaying File Content To display the content of a file that is stored in flash memory, enter the more flash: command in privileged EXEC mode: Router# more flash:c28xx-i-mz 00000000: 7F454C46 01020100 00000000 00000000 .ELF .... 00000010: 00020061 00000001 80008000 00000034 ...a ..
  • Page 235: Deleting Files

    Class C flash file systems, because unused file space is recovered automatically. Moreover, the squeeze flash command is not supported on Cisco 1800 series routers or Cisco 2801 routers. The dir flash: command does not display deleted files and files with errors. On Class B flash file...
  • Page 236 Directory Operations on a CompactFlash Memory Card Directory operations vary according to the formatted file system—Class B or Class C. The following sections describe directory operations for external CF memory cards on Cisco routers: Entering a Directory and Determining Which Directory You Are In, page 8 •...
  • Page 237: Creating A New Directory

    Directory Operations on a CompactFlash Memory Card To display a list of files in the directory that you are in, enter the dir command in privileged EXEC mode. The command-line interface will display the files in the file system that was specified as the default by the cd command.
  • Page 238: Removing A Directory

    128094208 bytes total (121630720 bytes free) CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco...
  • Page 239 Restrictions for Upgrading the System Image • Cisco 3800 series routers, Cisco 2800 series routers, and Cisco 1800 series routers support only external compact flash memory cards. Internal flash memory is not supported. For more details, see Using CompactFlash Memory Cards.
  • Page 240 Nevertheless, you may want to load a different image onto the router at some point. For example, you may want to upgrade your software to the latest release, or you may want to use the same Cisco IOS release for all the routers in a network. Different system images contain different sets of Cisco IOS features.
  • Page 241 To avoid unexpected downtime if you encounter serious problems using your new system image or startup configuration, we recommend that you save backup copies of your current startup configuration file and Cisco IOS software system image file on a server. For more detailed information, see the “Managing Configuration Files” chapter and the “Loading and Maintaining System Images”...
  • Page 242 Upgrading the System Image How to Upgrade the System Image Command or Action Purpose Step 3 Displays the layout and contents of a flash memory file dir flash: system. • Learn the name of the system image file. Example: Router# dir flash: Step 4 Copies a file from flash memory to a server.
  • Page 243 Step 1 http://www.cisco.com/kobayashi/sw-center/index.shtml. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear. Write down the minimum memory requirements for the image, as displayed in the File Download Step 2 Information table.
  • Page 244 • http://www.cisco.com/kobayashi/sw-center/index.shtml. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear. From the File Download Information table, write down the minimum flash requirements for the image.
  • Page 245 Upgrading the System Image How to Upgrade the System Image dir flash: From the displayed output of the dir flash: command, compare the number of bytes available to the minimum flash requirements for the new system image. If the available memory is equal to or greater than the new system image’s minimum flash requirements, proceed to the “Copying the System Image into Flash Memory”...
  • Page 246 Upgrading the System Image How to Upgrade the System Image DETAILED STEPS enable Step 1 Use this command to enter privileged EXEC mode. Enter your password if prompted. For example: Router> enable Password: Router# (Class B file systems only) squeeze flash: Step 2 Note The squeeze command is only applicable for Class B flash file systems.
  • Page 247 Upgrading the System Image How to Upgrade the System Image Directory of flash:/ -rw- 6458388 Mar 01 1993 00:00:58 c38xx-i-mz.tmp 1580 -rw- 6462268 Mar 06 1993 06:14:02 c38xx-i-mz.2800ata 63930368 bytes total (51007488 bytes free) From the displayed output of the dir /all flash: command, write down the names and directory locations Step 7 of the files that you can delete.
  • Page 248 – Specify the outbound file directory to which you will download and store the system image. – Download the new Cisco IOS software image into the workstation or PC. See the “Where Do I • Download the System Image?” section on page Establish a console session to the router.
  • Page 249 When prompted, enter the IP address of the TFTP or RCP server. When prompted, enter the filename of the Cisco IOS software image to be installed. When prompted, enter the filename as you want it to appear on the router.
  • Page 250 Using the ROM Monitor to Copy the System Image over a Network This section describes how to download a Cisco IOS software image from a remote TFTP server to the router flash memory by using the tftpdnld ROM monitor command.
  • Page 251 Upgrading the System Image How to Upgrade the System Image Before you can enter the tftpdnld ROM monitor command, you must set the ROM monitor environment variables. Prerequisites Connect the TFTP server to a fixed network port on your router. Restrictions The LAN ports on network modules or interface cards are not active in ROM monitor mode.
  • Page 252 > TFTP_FILE=archive/rel22/c2600-i-mz (Optional) Set the input port to use a Gigabit Ethernet port, available on Cisco 2800 series and Step 7 Cisco 3800 series routers. Usage is GE_PORT=[0 | 1], selecting either gig 0/0 or gig 0/1. For example: rommon >...
  • Page 253 For more information about using flash memory cards, see Using CompactFlash Memory Cards. Prerequisites Download the new Cisco IOS Software image to the PC. See the “Where Do I Download the System • Image?” section on page Locate the compact flash memory card slot on the router chassis. For help with locating the slot and •...
  • Page 254 Restrictions • If you use a PC to download a Cisco IOS image over the router console port at 115,200 bps, make sure that the PC serial port uses a 16550 universal asynchronous receiver/transmitter (UART). If the PC serial port does not use a 16550 UART, we recommend using a speed of 38,400 bps or •...
  • Page 255 This section describes how to load the new system image that you copied into flash memory. First, determine whether you are in ROM monitor mode or in the Cisco IOS CLI. Then choose one of the following methods of loading the new system image: Loading the New System Image from the Cisco IOS Software, page 17 •...
  • Page 256 Upgrading the System Image How to Upgrade the System Image SUMMARY STEPS dir flash: configure terminal no boot system (Optional) boot system flash: system-image-filename (Optional) Repeat to specify the order in which the router should attempt to load any backup system images.
  • Page 257 Step 7 Use this command to display the configuration register setting: Router# show version Cisco Internetwork Operating System Software Configuration register is 0x0 Router# Step 8 If the last digit in the configuration register is 0 or 1, proceed to Step 9.
  • Page 258 This section describes how to load the new system image from ROM monitor mode. SUMMARY STEPS dir flash:[partition-number:] confreg 0x2102 boot flash:[partition-number:]filename After the system loads the new system image, press Return a few times to display the Cisco IOS command-line interface (CLI) prompt. enable configure terminal no boot system...
  • Page 259 Use this command to force the router to load the new system image: rommon > boot flash:C2600-j-m2.113-4T After the system loads the new system image, press Return a few times to display the Cisco IOS CLI Step 4 prompt.
  • Page 260 Saving Backup Copies of Your New System Image and Configuration To aid file recovery and to minimize downtime in the event of file corruption, we recommend that you save backup copies of the startup configuration file and the Cisco IOS software system image file on a server.
  • Page 261 Upgrading the System Image How to Upgrade the System Image DETAILED STEPS Command or Action Purpose Step 1 Enables privileged EXEC mode. enable Enter your password if prompted. • Example: Router> enable Step 2 Copies the startup configuration file to a server. copy nvram:startup-config {ftp: | rcp: | tftp:} •...
  • Page 262 How to Upgrade from ROMmon Using the Boot Image 1. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
  • Page 263 Cisco.com users can log in from this page to access even more content. 1. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
  • Page 264 Additional References CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco...
  • Page 265 Technical Assistance Center (TAC) Website • You must have an account on Cisco.com to access the following tools. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box, and follow the instructions.
  • Page 266 CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco...

Comments to this Manuals

Symbols: 0
Latest comments: