Cisco ESW-520-24-K9 Software Guide

Cisco ESW-520-24-K9 Manual

Get Cisco ESW-520-24-K9 PDF manuals and user guides View all Cisco ESW-520-24-K9 manuals
Add to My Manuals
Save this manual to your list of manuals

Cisco ESW-520-24-K9 manual content summary:

  • Cisco ESW-520-24-K9 | Software Guide - Page 1
    Cisco Secure Router 520 Series Software Configuration Guide Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Customer Order Number: Text Part Number: OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 2
    THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco StadiumVision, the Cisco , ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise
  • Cisco ESW-520-24-K9 | Software Guide - Page 3
    1-8 Configuration Example 1-9 Configuring Static Routes 1-10 Configuration Example 1-10 Verifying Your Configuration 1-10 Configuring Dynamic Routes 1-11 Configuring RIP 1-11 Configuration Example 1-12 Verifying Your Configuration 1-12 Cisco Secure Router 520 Series Software Configuration Guide iii
  • Cisco ESW-520-24-K9 | Software Guide - Page 4
    Configure the IKE Policy 6-3 Configure Group Policy Information 6-4 Apply Mode Configuration to the Crypto Map 6-5 Enable Policy Lookup 6-6 Configure IPsec Transforms and Protocols 6-6 Configure the IPsec Crypto Method and Parameters 6-7 Cisco Secure Router 520 Series Software Configuration Guide
  • Cisco ESW-520-24-K9 | Software Guide - Page 5
    Features and Troubleshooting Additional Configuration Options 10-1 Configuring Security Features 11-1 Authentication, Authorization, and Accounting 11-1 Configuring AutoSecure 11-2 Configuring Access Lists 11-2 Access Groups 11-3 Cisco Secure Router 520 Series Software Configuration Guide v
  • Cisco ESW-520-24-K9 | Software Guide - Page 6
    Command Modes A-2 Getting Help A-4 Enable Secret Passwords and Enable Passwords A-4 Entering Global Configuration Mode A-5 Using Commands A-5 Abbreviating Commands A-6 Undoing Commands A-6 Command-Line Error Messages A-6 Cisco Secure Router 520 Series Software Configuration Guide vi OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 7
    B-4 PVC B-5 Dialer Interface B-5 NAT B-5 Easy IP (Phase 1) B-6 Easy IP (Phase 2) B-6 QoS B-7 IP Precedence B-7 PPP Fragmentation and Interleaving B-7 CBWFQ B-8 TFTP Download C-3 TFTP Download Command Variables C-4 Required Variables C-4 Cisco Secure Router 520 Series Software Configuration Guide vii
  • Cisco ESW-520-24-K9 | Software Guide - Page 8
    the Configuration Register Manually C-6 Changing the Configuration Register Using Prompts C-6 Console Download C-7 Command Description C-7 Error Reporting C-8 Debug Commands C-8 Exiting the ROM Monitor C-9 Common Port Assignments D-1 Cisco Secure Router 520 Series Software Configuration Guide viii
  • Cisco ESW-520-24-K9 | Software Guide - Page 9
    and nonwireless Cisco Secure Router 520 Series routers. For warranty, service, and support information, see the "Cisco One-Year Limited Hardware Warranty Terms" section in the Readme First for Cisco Secure Router 520 Series document that was shipped with your router. Audience This guide is intended
  • Cisco ESW-520-24-K9 | Software Guide - Page 10
    Explains basic configuration of Cisco IOS security features, including firewall and VPN configuration. Chapter 12, "Troubleshooting" Provides information on identifying and solving problems with the ADSL line and the telephone interface. Also explains how to recover a lost software password. Part
  • Cisco ESW-520-24-K9 | Software Guide - Page 11
    do something that could result in equipment damage or loss of data. Warning IMPORTANT SAFETY INSTRUCTIONS This warning symbol means danger. You are in a situation that could cause bodily injury. avulla. SÄILYTÄ NÄMÄ OHJEET OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide xi
  • Cisco ESW-520-24-K9 | Software Guide - Page 12
    traduites qui accompagnent cet appareil, référez-vous au numéro de l'instruction situé à la fin de chaque avertissement. CONSERVEZ CES INFORMATIONS Warnung que acompanham este dispositivo. GUARDE ESTAS INSTRUÇÕES Cisco Secure Router 520 Series Software Configuration Guide xii OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 13
    som finns i slutet av varje varning för att hitta dess översättning i de översatta säkerhetsvarningar som medföljer denna anordning. SPARA DESSA ANVISNINGAR OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide xiii
  • Cisco ESW-520-24-K9 | Software Guide - Page 14
    åelse af ulykker. Brug erklæringsnummeret efter hver advarsel for at finde oversættelsen i de oversatte advarsler, der fulgte med denne enhed. GEM DISSE ANVISNINGER Cisco Secure Router 520 Series Software Configuration Guide xiv OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 15
    Preface OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide xv
  • Cisco ESW-520-24-K9 | Software Guide - Page 16
    . In addition to the Cisco Secure Router 520 Series Software Configuration Guide (this document), the Cisco Secure Router 520 Series documentation set includes the following documents. The following documentation is shipped with the product: • For warranty, service, and support information, see the
  • Cisco ESW-520-24-K9 | Software Guide - Page 17
    Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide xvii
  • Cisco ESW-520-24-K9 | Software Guide - Page 18
    Preface xviii Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 19
    PART 1 Getting Started
  • Cisco ESW-520-24-K9 | Software Guide - Page 20
  • Cisco ESW-520-24-K9 | Software Guide - Page 21
    of your Cisco router, including global parameter settings, routing protocols, interfaces, and command-line access using the CLI. It also describes the default configuration at startup. Note Individual router routers may not support every feature described throughout this guide. Features not
  • Cisco ESW-520-24-K9 | Software Guide - Page 22
    your IP address, or you may obtain a static IP address from your service provider. AAL5MUX PPP-With this type of encapsulation, you need to determine the PPP-related configuration items. • If you plan to connect over an ADSL line: Cisco Secure Router 520 Series Software Configuration Guide 1-2 OL
  • Cisco ESW-520-24-K9 | Software Guide - Page 23
    WAN Interfaces • Configuring a Loopback Interface • Configuring Command-Line Access to the Router A configuration example is presented with each task to show the network configuration following completion of that task. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 1-3
  • Cisco ESW-520-24-K9 | Software Guide - Page 24
    words (typos) into IP addresses. For complete information on the global parameter commands, see the Cisco IOS Release 12.3 documentation set. Configure Fast Ethernet LAN Interfaces The Fast Ethernet LAN interfaces on your router are automatically configured as part of the default VLAN and as such
  • Cisco ESW-520-24-K9 | Software Guide - Page 25
    Ethernet interface and returns to global configuration mode. Configure the ATM WAN Interface This procedure applies only to the Cisco Secure Router 520 ADSL-over-POTS and Cisco Secure Router 520 ADSL-over-ISDN routers. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 1-5
  • Cisco ESW-520-24-K9 | Software Guide - Page 26
    The loopback interface acts as a placeholder for the static IP address and provides default routing information. For complete information on the loopback commands, see the Cisco IOS Release 12.3 documentation set. Cisco Secure Router 520 Series Software Configuration Guide 1-6 OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 27
    configuration is used to support Network Address Translation (NAT) on the virtual-template interface. This configuration example shows the loopback interface configured on the Fast Ethernet interface with an IP hang never OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 1-7
  • Cisco ESW-520-24-K9 | Software Guide - Page 28
    waits until user input is detected. The default is 10 minutes. Optionally, add seconds to the interval value. This example shows a timeout of 5 minutes and 30 seconds. Entering a timeout of 0 0 specifies never to time out. Cisco Secure Router 520 Series Software Configuration Guide 1-8 OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 29
    configuration file generated when you use the show running-config command. ! line con 0 exec-timeout 10 0 password 4youreyesonly login transport input none (default) stopbits 1 (default) line vty 0 4 password secret login ! OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide
  • Cisco ESW-520-24-K9 | Software Guide - Page 30
    similar to the following example. Router# show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 1-10 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 31
    1 Basic Router Configuration Configuring Dynamic Routes ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of directly connected networks. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 1-11
  • Cisco ESW-520-24-K9 | Software Guide - Page 32
    - ODR, P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets C 10.108.1.0 is directly connected, Loopback0 R 3.0.0.0/8 [120/1] via 2.2.2.1, 00:00:02, Ethernet0/0 1-12 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 33
    PART 2 Configuring Your Router for Ethernet and DSL Access
  • Cisco ESW-520-24-K9 | Software Guide - Page 34
  • Cisco ESW-520-24-K9 | Software Guide - Page 35
    in configuring your router for DSL-based networks. • Chapter 4, "Configuring PPP over ATM with NAT" • Chapter 5, "Configuring a LAN with DHCP and VLANs" • Chapter 6, "Configuring a VPN Using Easy VPN and an IPsec Tunnel" OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 2-1
  • Cisco ESW-520-24-K9 | Software Guide - Page 36
    Chapter 2 Sample Network Deployments • Chapter 7, "Configuring VPNs Using an IPsec Tunnel and Generic Routing Encapsulation" • Chapter 8, "Configuring a Simple Firewall" Cisco Secure Router 520 Series Software Configuration Guide 2-2 OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 37
    PCs, switches 2 Fast Ethernet LAN interface (inside interface for NAT) 3 PPPoE client-Cisco Secure Router 520 Ethernet- Cisco 6400 server) that is connected to the Internet 7 PPPoE session between the client and a PPPoE server OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide
  • Cisco ESW-520-24-K9 | Software Guide - Page 38
    way of a single IP address. Complete the following steps to configure a VPDN, starting from the global configuration mode. See the "Configure Global Parameters" section on a VPDN group with a customer or VPDN profile. Cisco Secure Router 520 Series Software Configuration Guide 3-2 OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 39
    -if)# pppoe-client dial-pool-number 1 Router(config-if)# Purpose Enters interface configuration mode for a Fast Ethernet WAN interface. Configures the PPPoE client and specifies the dialer interface to use for cloning. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 3-3
  • Cisco ESW-520-24-K9 | Software Guide - Page 40
    . Sets the size of the IP maximum transmission unit (MTU). The default minimum is 128 bytes. The maximum for Ethernet is 1492 bytes. Sets the encapsulation type to PPP for the data packets being transmitted and received. Cisco Secure Router 520 Series Software Configuration Guide 3-4 OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 41
    .255 dialer 0 Router(config)# Sets the IP route for the default gateway for the dialer 0 interface. For details about this command and additional parameters that can be set, see the Cisco IOS IP Command Reference, Volume 2; Routing Protocols. Configure Network Address Translation Network Address
  • Cisco ESW-520-24-K9 | Software Guide - Page 42
    can be set, as well as information about enabling static translation, see the Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and Services. Enables the configuration changes just made to the Ethernet interface. Cisco Secure Router 520 Series Software Configuration Guide 3-6 OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 43
    and additional parameters that can be set, as well as information about enabling static translation, see the Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and Services. Enables the configuration changes just made to the Ethernet interface. Step 10 exit Example: Router(config-if)# exit
  • Cisco ESW-520-24-K9 | Software Guide - Page 44
    # show ip nat statistics Total active translations: 0 (0 static, 0 dynamic; 0 extended) Outside interfaces: FastEthernet4 Inside interfaces: Vlan1 Hits: 0 Misses: 0 CEF Translated packets: 0, CEF Punted packets: 0 Expired translations: 0 Cisco Secure Router 520 Series Software Configuration Guide
  • Cisco ESW-520-24-K9 | Software Guide - Page 45
    Chapter 3 Configuring PPP over Ethernet with NAT Dynamic mappings: -- Inside Source [Id: 1] access-list 1 interface Dialer0 refcount 0 Queued Packets: 0 Configuration Example OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 3-9
  • Cisco ESW-520-24-K9 | Software Guide - Page 46
    Configuration Example Chapter 3 Configuring PPP over Ethernet with NAT 3-10 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 47
    Client-Cisco Secure Router 520 ADSL-over-POTS or Cisco Secure Router 520 ADSL-over-ISDN router 4 Point at which NAT occurs 5 ATM WAN interface (outside interface for NAT) 6 PPPoA session between the client and a PPPoA server at the ISP Cisco Secure Router 520 Series Software Configuration Guide 4-1
  • Cisco ESW-520-24-K9 | Software Guide - Page 48
    the dialer pool to use. It is also used for cloning virtual access. Multiple PPPoA client sessions can be configured on an ATM interface, but each session must use a separate dialer interface and a separate dialer pool. Cisco Secure Router 520 Series Software Configuration Guide 4-2 OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 49
    IP Control Protocol) address negotiation. Step 3 ip mtu bytes Example: Router(config-if)# ip mtu 1492 Router(config-if)# Sets the size of the IP maximum transmission unit (MTU). The default controls access to your router. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 4-3
  • Cisco ESW-520-24-K9 | Software Guide - Page 50
    about this command and additional parameters that can be set, see the Cisco IOS IP Command Reference, Volume 1 of 4: Routing Protocols. Repeat these steps for any additional dialer interfaces or dialer pools needed. Cisco Secure Router 520 Series Software Configuration Guide 4-4 OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 51
    with which the router communicates. Enters ATM virtual circuit configuration mode. When a PVC is defined, AAL5SNAP encapsulation is defined by default. Use the encapsulation command to change this, as the range of 1-255. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 4-5
  • Cisco ESW-520-24-K9 | Software Guide - Page 52
    ADSL-over-POTS routers support ADSL signaling over POTS and the Cisco Secure Router 520 ADSL-over-ISDN routers support ADSL signaling over ISDN. To configure the DSL signaling protocol, see the "Configuring ADSL" section on page 4-6. Configuring ADSL The default configuration for ADSL signaling is
  • Cisco ESW-520-24-K9 | Software Guide - Page 53
    , see the Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and Services. Enters configuration mode for the VLAN (on which the Fast Ethernet LAN interfaces [FE0-FE3] reside) to be the inside interface for NAT. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 4-7
  • Cisco ESW-520-24-K9 | Software Guide - Page 54
    parameters that can be set, as well as enabling static translation, see the Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and Services. Enables the configuration changes just made to the Ethernet interface. Cisco Secure Router 520 Series Software Configuration Guide 4-8 OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 55
    (default) ! interface ATM0 no ip address ip nat outside ip virtual-reassembly no atm ilmi-keepalive pvc 8/35 encapsulation aal5mux ppp dialer dialer pool-member 1 ! dsl operating-mode auto ! interface Dialer0 ip address negotiated OL-14210-01 Cisco Secure Router 520 Series Software Configuration
  • Cisco ESW-520-24-K9 | Software Guide - Page 56
    interfaces: Vlan1 Hits: 0 Misses: 0 CEF Translated packets: 0, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source [Id: 1] access-list 1 interface Dialer0 refcount 0 Queued Packets: 0 4-10 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 57
    a LAN with DHCP and VLANs The Cisco Secure Router 520 Series routers support clients on both physical LANs and virtual LANs (VLANs). The routers can use the Dynamic Host Configuration Protocol (DHCP) to enable automatic assignment of IP configurations for nodes on these networks. Figure 5-1 shows
  • Cisco ESW-520-24-K9 | Software Guide - Page 58
    server properties, you must reload the server with the configuration data from the Network Registrar database. VLANs The Cisco Secure Router 520 Series routers support four Fast Ethernet ports on which you can configure VLANs. VLANs enable networks to be segmented and formed into logical groups
  • Cisco ESW-520-24-K9 | Software Guide - Page 59
    DHCP client. Example: Router(dhcp-config)# domain-name cisco.com Router(dhcp-config)# Step 10 exit Example: Router(dhcp-config)# exit Router(config)# Exits DHCP configuration mode, and enters global configuration mode. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 5-3
  • Cisco ESW-520-24-K9 | Software Guide - Page 60
    bindings 0 Manual bindings 0 Expired bindings 0 Malformed messages 0 Secure arp entries 0 Message BOOTREQUEST DHCPDISCOVER DHCPREQUEST DHCPDECLINE DHCPRELEASE DHCPINFORM Received 0 0 0 0 0 0 Leased addresses 0 Cisco Secure Router 520 Series Software Configuration Guide 5-4 OL-14210
  • Cisco ESW-520-24-K9 | Software Guide - Page 61
    see the Cisco IOS Switching Services Command Reference. Step 3 exit Example: Router(vlan)# exit Router# Updates the VLAN database, propagates it throughout the administrative domain, and returns to privileged EXEC mode. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 5-5
  • Cisco ESW-520-24-K9 | Software Guide - Page 62
    : Ethernet VLAN 802.10 Id: 100001 State: Operational MTU: 1500 Translational Bridged VLAN: 1002 Translational Bridged VLAN: 1003 VLAN ISL Id: 2 Name: VLAN0002 Media Type: Ethernet VLAN 802.10 Id: 100002 State: Operational MTU: 1500 Cisco Secure Router 520 Series Software Configuration Guide 5-6 OL
  • Cisco ESW-520-24-K9 | Software Guide - Page 63
    : IBM Router# show vlan-switch VLAN Name Status Ports 1 default active Fa0, Fa1, Fa3 2 VLAN0002 active Fa2 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active Cisco Secure Router 520 Series Software Configuration Guide 5-7
  • Cisco ESW-520-24-K9 | Software Guide - Page 64
    Configure VLANs Chapter 5 Configuring a LAN with DHCP and VLANs VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 1 101004 1500 - - 1 ibm - 0 0 1005 trnet 101005 1500 - - 1 ibm - 0 0 Cisco Secure Router 520 Series Software Configuration Guide 5-8 OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 65
    6 C H A P T E R Configuring a VPN Using Easy VPN and an IPsec Tunnel The Cisco Secure Router 520 Series routers support the creation of Virtual Private Networks (VPNs). Cisco routers and other broadband devices provide high-performance connections to the Internet, but many applications also require
  • Cisco ESW-520-24-K9 | Software Guide - Page 66
    Cisco Easy VPN client feature can be configured in one of two modes-client mode or network extension mode. Client mode is the default configuration and been configured, a VPN connection can be created with minimal configuration on an IPsec client, such as a supported Cisco Secure Router 520 Series
  • Cisco ESW-520-24-K9 | Software Guide - Page 67
    Configuring PPP over ATM with NAT," and Chapter 5, "Configuring a LAN with DHCP and VLANs" as appropriate for your router. Note The examples shown in this chapter refer only to the endpoint configuration on the Cisco Secure Router 520 5 (MD5) algorithm. The default is Secure Hash standard (SHA-1).
  • Cisco ESW-520-24-K9 | Software Guide - Page 68
    Router(config-isakmp-group)# Specifies the primary Domain Name System (DNS) server for the group. Note You may also want to specify Windows Internet Naming Service (WINS) servers for the group by using the wins command. Cisco Secure Router 520 Series Software Configuration Guide 6-4 OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 69
    configuration address [initiate | respond] Configures the router to reply to mode configuration requests from remote clients. Example: Router(config)# crypto map dynmap client configuration address respond Router(config)# OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide
  • Cisco ESW-520-24-K9 | Software Guide - Page 70
    this. For details, see the Cisco IOS Security Configuration Guide and Cisco IOS Security Command Reference. aaa authorization {network | exec | commands Specifies AAA authorization of all level | reverse-access | configuration} {default | network-related service requests, including PPP, list-name
  • Cisco ESW-520-24-K9 | Software Guide - Page 71
    all the crypto map parameters (for example, IP address). Perform these steps to configure the IPsec crypto method, beginning in global configuration mode: Step 1 Command or Action Purpose Router(config-crypto-map)# OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 6-7
  • Cisco ESW-520-24-K9 | Software Guide - Page 72
    be applied to each interface through which IP Security (IPsec) traffic flows. Applying the crypto map to the physical interface instructs the router to evaluate all the traffic against the security associations database. With the default configurations, the router provides secure connectivity by
  • Cisco ESW-520-24-K9 | Software Guide - Page 73
    connection. Specifies the peer IP address or hostname for the VPN connection. Note A hostname can be specified only when the router has a DNS server available for hostname resolution. Specifies the VPN mode of operation. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 6-9
  • Cisco ESW-520-24-K9 | Software Guide - Page 74
    :ezvpnclient Inside interface list:vlan 1 Outside interface:fastethernet 4 Current State:IPSEC_ACTIVE Last Event:SOCKET_UP Address:8.0.0.5 Mask:255.255.255.255 Default Domain:cisco.com Configuration Example The following configuration example shows a portion of the configuration file for the VPN
  • Cisco ESW-520-24-K9 | Software Guide - Page 75
    -password mode client peer 192.168.100.1 ! interface fastethernet 4 crypto ipsec client ezvpn ezvpnclient outside crypto map static-map ! interface vlan 1 crypto ipsec client ezvpn ezvpnclient inside ! Configuration Example OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide
  • Cisco ESW-520-24-K9 | Software Guide - Page 76
    Configuration Example Chapter 6 Configuring a VPN Using Easy VPN and an IPsec Tunnel 6-12 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 77
    7 C H A P T E R Configuring VPNs Using an IPsec Tunnel and Generic Routing Encapsulation OL-14210-01 The Cisco Secure Router 520 Series routers support the creation of virtual private networks (VPNs). Cisco routers and other broadband devices provide high-performance connections to the Internet,
  • Cisco ESW-520-24-K9 | Software Guide - Page 78
    the IKE Policy • Configure Group Policy Information • Enable Policy Lookup • Configure IPsec Transforms and Protocols • Configure the IPsec Crypto Method and Parameters • Apply the Crypto Map to the Physical Interface Cisco Secure Router 520 Series Software Configuration Guide 7-2 OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 79
    policy. The example specifies the Message Digest 5 (MD5) algorithm. The default is Secure Hash standard (SHA-1). authentication {rsa-sig | rsa-encr Exits IKE policy configuration mode, and enters global configuration mode. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 7-3
  • Cisco ESW-520-24-K9 | Software Guide - Page 80
    ip local pool dynpool 30.30.30.20 30.30.30.30 Router(config)# Specifies a local address pool for the group. For details about this command and additional parameters that can be set, see the Cisco IOS Dial Technologies Command Reference. Cisco Secure Router 520 Series Software Configuration Guide
  • Cisco ESW-520-24-K9 | Software Guide - Page 81
    for this. See the Cisco IOS Security Configuration Guide and the Cisco IOS Security Command Reference for details. aaa authorization {network | exec | commands Specifies AAA authorization of all level | reverse-access | configuration} {default | network-related service requests, including PPP
  • Cisco ESW-520-24-K9 | Software Guide - Page 82
    the crypto map parameters (for example, IP address). Perform these steps to configure the IPsec crypto method, beginning in global configuration mode: Step 1 Command or Action Purpose -set vpn1 Router(config-crypto-map)# Cisco Secure Router 520 Series Software Configuration Guide 7-6 OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 83
    interface instructs the router to evaluate all the traffic against the security associations database. With the default configurations, the configuration mode for the interface to which you want to apply the crypto map. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide
  • Cisco ESW-520-24-K9 | Software Guide - Page 84
    the GRE tunnel. Step 4 tunnel destination default-gateway-ip-address Example: Router(config-if)# tunnel destination 192.168.101.1 Router(config-if)# Specifies the destination endpoint of the router for the GRE tunnel. Cisco Secure Router 520 Series Software Configuration Guide 7-8 OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 85
    . ! aaa new-model ! aaa authentication login rtr-remote local aaa authorization network rtr-remote local aaa session-id common ! username cisco password 0 cisco ! interface tunnel 1 ip address 10.62.1.193 255.255.255.252 OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 7-9
  • Cisco ESW-520-24-K9 | Software Guide - Page 86
    VLAN 1 is the internal interface. interface vlan 1 ip address 10.1.1.1 255.255.255.0 ip nat inside ip ip access-group 103 in ip nat outside no cdp enable crypto map to_corporate ! Applies the IPsec tunnel to the outside interface. 7-10 Cisco Secure Router 520 Series Software Configuration Guide
  • Cisco ESW-520-24-K9 | Software Guide - Page 87
    deny ip any any ! Prevents Internet-initiated traffic inbound. ! acl 105 matches addresses for the IPsec tunnel to or from the corporate network. access-list 105 permit ip 10.1.1.0 0.0.0.255 192.168.0.0 0.0.255.255 no cdp run OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide
  • Cisco ESW-520-24-K9 | Software Guide - Page 88
    Configuration Example Chapter 7 Configuring VPNs Using an IPsec Tunnel and Generic Routing Encapsulation 7-12 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 89
    Firewall The Cisco Secure Router 520 Series routers support network traffic filtering by means of access lists. The routers also support packet inspection and dynamic temporary access lists by means of Context-Based Access Control (CBAC). Basic traffic filtering is limited to configured access list
  • Cisco ESW-520-24-K9 | Software Guide - Page 90
    Lists • Configure Inspection Rules • Apply Access Lists and Inspection Rules to Interfaces A configuration example that shows the results of these configuration tasks is provided in the "Configuration Example" section on page 8-5. Cisco Secure Router 520 Series Software Configuration Guide 8-2 OL
  • Cisco ESW-520-24-K9 | Software Guide - Page 91
    permit ip 10.1.1.0 0.0.0.255 192.168.0.0 0.0.255.255 Router(config)# Creates an access list that allows network traffic to pass freely between the corporate network and the local networks through the configured VPN tunnel. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide
  • Cisco ESW-520-24-K9 | Software Guide - Page 92
    )# Purpose Enters interface configuration mode for the inside network interface on your router. Assigns the set of firewall inspection rules to the inside interface on the router. Returns to global configuration mode. Cisco Secure Router 520 Series Software Configuration Guide 8-4 OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 93
    4! FE4 is the outside or Internet-exposed interface. ! acl 103 permits IPsec traffic from the corp. router ! as well as denies Internet-initiated traffic inbound. ip access-group 103 in OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 8-5
  • Cisco ESW-520-24-K9 | Software Guide - Page 94
    103 deny ip any any ! Prevents Internet-initiated traffic inbound. ! acl 105 matches addresses for the ipsec tunnel to or from the corporate network. access-list 105 permit ip 10.1.1.0 0.0.0.255 192.168.0.0 0.0.255.255 no cdp run ! Cisco Secure Router 520 Series Software Configuration Guide 8-6 OL
  • Cisco ESW-520-24-K9 | Software Guide - Page 95
    520 Series router connected to the Internet 3 VLAN 1 4 VLAN 2 In the configuration example that follows, a remote user is accessing the Cisco Secure Router 520 Series router using a wireless connection. Each remote user has his own VLAN. Cisco Secure Router 520 Series Software Configuration Guide
  • Cisco ESW-520-24-K9 | Software Guide - Page 96
    [EAP-TLS], or Protected Extensible Authentication Protocol [PEAP]) can use the access point. Note This command is not supported on bridges. See the Cisco IOS Commands for Access Points and Bridges for more details. Cisco Secure Router 520 Series Software Configuration Guide 9-2 OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 97
    ciphers. Step 4 ssid name Example: Router(config-if)# ssid cisco Router(config-if-ssid)# Step 5 vlan number Creates a Service Set ID (SSID), the public name of a wireless network. Note the wireless LAN is unreachable. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 9-3
  • Cisco ESW-520-24-K9 | Software Guide - Page 98
    transmitter power level. See the Cisco Access Router Wireless Configuration Guide for available power level values configuration mode. We want to set up bridging on the VLANs, so the example enters the VLAN interface configuration mode. Cisco Secure Router 520 Series Software Configuration Guide
  • Cisco ESW-520-24-K9 | Software Guide - Page 99
    mode for the root station interface. Step 2 description string Example: Router(config-subif)# description Cisco open Router(config-subif)# Provides a description of the subinterface for the administrative user. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 9-5
  • Cisco ESW-520-24-K9 | Software Guide - Page 100
    The following configuration example shows a portion of the configuration file for the wireless LAN scenario described in the preceding sections. ! bridge irb ! interface Dot11Radio0 no ip address ! broadcast-key vlan 1 change 45 ! Cisco Secure Router 520 Series Software Configuration Guide 9-6 OL
  • Cisco ESW-520-24-K9 | Software Guide - Page 101
    group 3 source-learning no bridge-group 3 unicast-flooding ! interface Vlan1 no ip address bridge-group 1 bridge-group 1 spanning-disabled ! interface Vlan2 no ip address bridge-group 2 bridge-group 2 spanning-disabled ! interface Vlan3 Cisco Secure Router 520 Series Software Configuration Guide 9-7
  • Cisco ESW-520-24-K9 | Software Guide - Page 102
    spanning-disabled ! interface BVI1 ip address 10.0.1.1 255.255.255.0 ! interface BVI2 ip address 10.0.2.1 255.255.255.0 ! interface BVI3 ip address 10.0.3.1 255.255.255.0 ! Chapter 9 Configuring a Wireless LAN Connection Cisco Secure Router 520 Series Software Configuration Guide 9-8 OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 103
    PART 3 Configuring Additional Features and Troubleshooting
  • Cisco ESW-520-24-K9 | Software Guide - Page 104
  • Cisco ESW-520-24-K9 | Software Guide - Page 105
    of your configuration or troubleshooting needs. See the appropriate Cisco IOS configuration guides and command references cisco.com > Technical Support & Documentation > Tools & Resources with your Cisco username and password. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide
  • Cisco ESW-520-24-K9 | Software Guide - Page 106
    Chapter 10 Additional Configuration Options 10-2 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 107
    configured on the Cisco Secure Router 520 Series routers. Note Individual router models may not support every feature described throughout this guide. Features not supported authorization for each service, per-user account list and profile, user group support, and support of IP, Internetwork Packet
  • Cisco ESW-520-24-K9 | Software Guide - Page 108
    following sections of the Cisco IOS Security Configuration Guide: • Configuring Authentication • Configuring Authorization • Configuring Accounting • Configuring RADIUS • Configuring TACACS+ • Configuring Kerberos Configuring AutoSecure The AutoSecure feature disables common IP services that can be
  • Cisco ESW-520-24-K9 | Software Guide - Page 109
    Firewall," for a sample configuration. For additional information about configuring a CBAC firewall, see the "Configuring Context-Based Access Control" section of the Cisco IOS Release 12.3 Security Configuration Guide. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 11-3
  • Cisco ESW-520-24-K9 | Software Guide - Page 110
    IOS Release 12.3 Security Configuration Guide. Configuring VPNs A virtual private network (VPN) connection provides a secure connection between two networks over a public network such as the Internet. Cisco Secure Router 520 Series routers support site-to-site VPNs using IP security (IPsec) tunnels
  • Cisco ESW-520-24-K9 | Software Guide - Page 111
    agreement or warranty information • Type of software and version number • Date you received the hardware • Brief description of the problem • Brief description of the steps you have taken to isolate the problem OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 12-1
  • Cisco ESW-520-24-K9 | Software Guide - Page 112
    5, 53-byte end-to-end OAM echoes, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 400/401/404 ms 12-2 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 113
    12 Troubleshooting ATM Troubleshooting 255, txload 1/255, rxload 1/255 Encapsulation ATM, loopback not set Keepalive not supported Encapsulation(s):AAL5, PVC mode 10 maximum active VCs, 1 current VCCs VC idle disconnect OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 12-3
  • Cisco ESW-520-24-K9 | Software Guide - Page 114
    Troubleshooting the service provider). problems with the specified dialer interface, this can mean it is not operating, possibly because the interface has been brought down with the shutdown command, or the ADSL cable is disconnected. 12-4 Cisco Secure Router 520 Series Software Configuration Guide
  • Cisco ESW-520-24-K9 | Software Guide - Page 115
    to ensure appropriate results. • All debug commands are entered in privileged EXEC mode. • To view debugging messages on a console, enter the logging console debugging command. • Most debug commands take no arguments. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 12-5
  • Cisco ESW-520-24-K9 | Software Guide - Page 116
    it can render your router unusable. For this reason, use debug commands only to troubleshoot specific problems. The best time to use debug commands is during periods of low network traffic 00:02:57: DSL: Sent command 0x5 12-6 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 117
    Chapter 12 Troubleshooting ATM Troubleshooting Commands 00:03:00: DSL: 1: command 0x11 00:03:09: DSL: Received response: 0x61 00:03:09: DSL: Read firmware revision 0x1A04 00:03:09: DSL: Sent command 0x31 00:03:09: DSL: Received 01 Cisco Secure Router 520 Series Software Configuration Guide 12-7
  • Cisco ESW-520-24-K9 | Software Guide - Page 118
    Troubleshooting console port while in ROM monitor mode. • From ROM monitor mode, boot the router from a software image that is loaded on a TFTP server. To use this method, the TFTP server must be on the same LAN as the router. 12-8 Cisco Secure Router 520 Series Software Configuration Guide
  • Cisco ESW-520-24-K9 | Software Guide - Page 119
    the router through the console port. These procedures cannot be performed through a Telnet session. Tip See the "Hot Tips" section on Cisco.com for additional information on replacing enable secret passwords. Change the Configuration Register To change a configuration register, follow these steps
  • Cisco ESW-520-24-K9 | Software Guide - Page 120
    the system configuration dialog: --- System Configuration Dialog --- Enter no in response to the prompts until the following message is displayed: Press RETURN to get started! Press Return. The following prompt appears: Router> 12-10 Cisco Secure Router 520 Series Software Configuration Guide OL
  • Cisco ESW-520-24-K9 | Software Guide - Page 121
    configure terminal command to enter global configuration mode: Router# configure terminal Enter the configure register command and the original configuration register value that you recorded. Router(config)# config-reg value OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide
  • Cisco ESW-520-24-K9 | Software Guide - Page 122
    To return to the configuration being used before you recovered the lost enable password, do not save the configuration changes before rebooting the router. Step 4 Reboot the router, and enter the recovered password. 12-12 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 123
    PART 4 Reference Information
  • Cisco ESW-520-24-K9 | Software Guide - Page 124
  • Cisco ESW-520-24-K9 | Software Guide - Page 125
    Passwords and Enable Passwords • Entering Global Configuration Mode • Using Commands • Saving Configuration Changes • Summary • Where to Go Next If you are already familiar with Cisco IOS Windows software), ProComm Plus OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide A-1
  • Cisco ESW-520-24-K9 | Software Guide - Page 126
    No parity • 1 stop bit • No flow control These settings should match the default settings of your router. To change the router baud, data bits, parity, or including syntax, see the Cisco IOS Release 12.3 documentation set. Cisco Secure Router 520 Series Software Configuration Guide A-2 OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 127
    . and serial interfaces or • To exit to privileged subinterfaces. EXEC mode, enter the end command, or press Ctrl-Z. • To enter subinterface configuration mode, specify a subinterface with the interface command. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide A-3
  • Cisco ESW-520-24-K9 | Software Guide - Page 128
    Passwords and Enable Passwords By default, the router ships without password protection. Because many privileged EXEC commands are used to set operating parameters, you should password-protect these commands to prevent unauthorized use. Cisco Secure Router 520 Series Software Configuration Guide
  • Cisco ESW-520-24-K9 | Software Guide - Page 129
    mode: Router# configure terminal Router(config)# You can now make changes to your router configuration. Using Commands This section provides some tips about entering Cisco IOS commands at the command-line interface (CLI). OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide A-5
  • Cisco ESW-520-24-K9 | Software Guide - Page 130
    ) so that they are not lost if there is a system reload or power outage. This example shows how to use this command to save your changes: Router# copy running-config startup-config Destination filename [startup-config]? Cisco Secure Router 520 Series Software Configuration Guide A-6 OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 131
    ip routing. • Save your configuration changes to NVRAM so that they are not lost if there is a system reload or power outage. Where to Go Next To configure your router, go to Chapter 1, "Basic Router Configuration," and Chapter 2, "Sample Network Deployments." OL-14210-01 Cisco Secure Router 520
  • Cisco ESW-520-24-K9 | Software Guide - Page 132
    Where to Go Next Appendix A Cisco IOS Software Basic Skills Cisco Secure Router 520 Series Software Configuration Guide A-8 OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 133
    conceptual information that may be useful to Internet service providers or network administrators when they configure Cisco routers. To review some typical network scenarios, see Chapter 2, demand, and remote LAN access. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide B-1
  • Cisco ESW-520-24-K9 | Software Guide - Page 134
    can also configure triggered extensions to RIP so that routing updates are sent only when the routing database is updated. For more information on triggered extensions to RIP, see the Cisco IOS Release 12.3 documentation set. Cisco Secure Router 520 Series Software Configuration Guide B-2 OL-14210
  • Cisco ESW-520-24-K9 | Software Guide - Page 135
    configuration parameters and facilities. The current implementation of PPP supports two security authentication protocols to authenticate a PPP session: • Password frequency and timing of the authentication attempts. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide B-3
  • Cisco ESW-520-24-K9 | Software Guide - Page 136
    configured at individual routers. Network Interfaces This section describes the network interface protocols that Cisco Secure Router 520 Series routers support. The following network interface protocols are supported -speed multiplexing and switching protocol that supports multiple traffic types,
  • Cisco ESW-520-24-K9 | Software Guide - Page 137
    receiver. Cisco routers support the AAL5 format, which provides a streamlined data transport service that addresses (the nonregistered IP addresses assigned to hosts on the inside network) into globally unique IP addresses before sending Cisco Secure Router 520 Series Software Configuration Guide B-5
  • Cisco ESW-520-24-K9 | Software Guide - Page 138
    the need for the manual configuration of individual computers, printers, and shared file systems • Preventing the simultaneous use of the same IP address by two clients • Allowing configuration from a central site Cisco Secure Router 520 Series Software Configuration Guide B-6 OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 139
    the signaling used optionally. IP Precedence enables service classes to be established using existing network queuing mechanisms (such as class-based weighted fair queuing [CBWFQ]) with used for other best-effort traffic. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide B-7
  • Cisco ESW-520-24-K9 | Software Guide - Page 140
    use Resource Reservation Protocol (RSVP) or IP Precedence to give priority to voice packets. CBWFQ In general, class-based weighted fair queuing (CBWFQ) is used in data preferential treatment over other traffic. Cisco Secure Router 520 Series Software Configuration Guide B-8 OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 141
    packet therefore belongs to an established session.) This filter criterion would be part of an access list applied permanently to an interface. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide B-9
  • Cisco ESW-520-24-K9 | Software Guide - Page 142
    Access Lists Appendix B Concepts B-10 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 143
    is powered up or reset. The firmware helps to initialize the processor hardware and boot the operating system software. You can use the ROM monitor to perform certain configuration tasks, such as recovering a lost password or downloading software over the console port. If there is no Cisco IOS
  • Cisco ESW-520-24-K9 | Software Guide - Page 144
    Cisco IOS software. As long as the configuration value is 0x0, you must manually boot the operating system from the console display instruction stream serial download a download unset an alias unset a monitor variable x/ymodem image download Cisco Secure Router 520 Series Software Configuration Guide
  • Cisco ESW-520-24-K9 | Software Guide - Page 145
    -x do not launch on download completion -u upgrade ROMMON, System will reboot after upgrade Resets and initializes the router, similar to a power up. Lists the files on downloading a new software image to the router. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide C-3
  • Cisco ESW-520-24-K9 | Software Guide - Page 146
    default setting. 2-Detailed progress is displayed during the file download process; for example: • Initializing interface. • Interface link state up. • ARPing for 1.4.0.1 • ARP reply for 1.4.0.1 received. MAC address 00:00:0c:07:ac:01 Cisco Secure Router 520 Series Software Configuration Guide
  • Cisco ESW-520-24-K9 | Software Guide - Page 147
    operating system software. Within the ROM monitor, you can change the configuration register by entering the register value in hexadecimal format, or by allowing the ROM monitor to prompt you for the setting of each bit. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide C-5
  • Cisco ESW-520-24-K9 | Software Guide - Page 148
    = boot system [0]: 0 Configuration Summary enabled are: diagnostic mode console baud: 9600 boot: the ROM Monitor do you wish to change the configuration? y/n [n]: You must reset or power cycle for new config to take effect Cisco Secure Router 520 Series Software Configuration Guide C-6 OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 149
    access to a TFTP server. Note If you want to download a software image or a configuration file to the router over the console port, you must use the ROM monitor dnld command. Note If you are using a PC to download a Cisco IOS image over the router console port at 115,200 bps, ensure that the PC
  • Cisco ESW-520-24-K9 | Software Guide - Page 150
    Info: count: 19, reason: user break pc:0x801111b0, error address: 0x801111b0 Stack Trace: FP: 0x80005ea8, PC: 0x801111b0 FP: 0x80005eb4, PC: 0x80113694 FP: 0x80005f74, PC: 0x8010eb44 Cisco Secure Router 520 Series Software Configuration Guide C-8 OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 151
    or power cycle for new config to take effect: rommon 2 > boot The router will boot the Cisco IOS image in flash memory. The configuration register will change to 0x2101 the next time the router is reset or power cycled. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide C-9
  • Cisco ESW-520-24-K9 | Software Guide - Page 152
    Exiting the ROM Monitor Appendix C ROM Monitor C-10 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 153
    Protocol Time Resource Location Protocol Hostname server Who is Login Host Protocol Domain name server Bootstrap Protocol Server Bootstrap Protocol Client Trivial File Transfer Protocol Cisco Secure Router 520 Series Software Configuration Guide D-1
  • Cisco ESW-520-24-K9 | Software Guide - Page 154
    Protocol traps UNIX remote execution (control) TCP-UNIX remote login UDP-UNIX broadcast name service TCP-UNIX remote shell UDP-system log UNIX line printer remote spooling Routing Information Protocol Time server Cisco Secure Router 520 Series Software Configuration Guide D-2 OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 155
    intervals, RIP B-2 C CAR B-7 caution, defined i-xi CBAC firewall, configuring 11-3 CBWFQ B-7 CHAP B-3 Cisco IOS Firewall IDS 11-4 Cisco IOS queues B-8 class-based weighted fair queuing See CBWFQ command-line access to router Cisco Secure Router 520 Series Software Configuration Guide IN-1
  • Cisco ESW-520-24-K9 | Software Guide - Page 156
    show dsl interface atm 4-7 IN-2 Cisco Secure Router 520 Series Software Configuration Guide show interface 12-3 stack C-8 sysret C-8 tftpdnld C-3, C-5 undoing A-6 xmodem C-7 command variables listing A-4 TFTP download C-4 committed access rate See CAR configuration changes making A-5 saving 12-11
  • Cisco ESW-520-24-K9 | Software Guide - Page 157
    12-12 setting A-4 enable secret password recovering 12-12 setting A-4 encapsulation B-5 error messages, configuration A-6 error reporting, ROM monitor C-7 errors, ATM, displaying 12-6 Ethernet B-4 events, ATM, displaying 12-6 Cisco Secure Router 520 Series Software Configuration Guide IN-3
  • Cisco ESW-520-24-K9 | Software Guide - Page 158
    6-1, 7-1 crypto method 6-7, 7-6 transforms and protocols 6-6, 7-5 K k command C-8 L LAN with DHCP and VLANs, configuring 5-1 to 5-8 LCP B-3 LFQ B-8 line configuration mode A-4 Link Control Protocol See LCP LLC B-5 IN-4 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 159
    PPPoA, configuration example 4-9 PPPoE client 3-1 configuration example 3-8 configuring 3-1 verifying your configuration 3-8 prerequisites, for configuration 1-2 privileged EXEC commands, accessing A-5 privileged EXEC mode A-2, A-3 Cisco Secure Router 520 Series Software Configuration Guide IN-5
  • Cisco ESW-520-24-K9 | Software Guide - Page 160
    TCP port numbers D-1 to D-2 terminal emulation software A-1 tftpdnld command C-3, C-5 TFTP download C-3 to C-5 See also console download transform set, configuring 6-6 translation See NAT triggered extensions to RIP B-2 IN-6 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01
  • Cisco ESW-520-24-K9 | Software Guide - Page 161
    number, configuring 3-2 VPNs configuration example 6-10 configuration tasks 6-2, 7-2 configuring 6-1, 7-1, 11-4 W WAN interface, configuring 1-4, 3-3 wireless LAN configuration example 9-6 OL-14210-01 Index X xmodem command C-7 Cisco Secure Router 520 Series Software Configuration Guide IN-7
  • Cisco ESW-520-24-K9 | Software Guide - Page 162
    Index IN-8 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Cisco Secure Router 520 Series Software
Configuration Guide
Customer Order Number:
Text Part Number: OL-14210-01