Cisco 851W Configuration Guide

Cisco 851W - Integrated Services Router Manual

Get Cisco 851W - Integrated Services Router PDF manuals and user guides
UPC - 746320958071
View all Cisco 851W manuals
Add to My Manuals
Save this manual to your list of manuals

Cisco 851W manual content summary:

  • Cisco 851W | Configuration Guide - Page 1
    Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Text Part Number: OL-5332-01
  • Cisco 851W | Configuration Guide - Page 2
    are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0501R) Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide Copyright © 2005, Cisco Systems, Inc. All rights reserved.
  • Cisco 851W | Configuration Guide - Page 3
    a Service Request 14 Getting Started Basic Router Configuration 1 Interface Port Labels 1 Viewing the Default Configuration 2 Information Needed for Configuration 4 Configuring Basic Parameters 5 Configure Global Parameters 5 Configure Fast Ethernet LAN Interfaces 6 Configure WAN Interfaces
  • Cisco 851W | Configuration Guide - Page 4
    Your DHCP Configuration 4 Configure VLANs 5 Assign a Switch Port to a VLAN 6 Verify Your VLAN Configuration 6 6 C H A P T E R Configuring a VPN Using Easy VPN and an IPSec Tunnel 1 Configure the IKE Policy 4 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 4 OL
  • Cisco 851W | Configuration Guide - Page 5
    1 Configure the Root Radio Station 2 Configure Bridging on VLANs 4 Configure Radio Station Subinterfaces 6 Configuration Example 7 Sample Configuration 1 Configuring Additional Features and Troubleshooting OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
  • Cisco 851W | Configuration Guide - Page 6
    ISDN Peer Router 20 Troubleshooting 1 Getting Started 1 Before Contacting Cisco or Your Reseller 1 ADSL Troubleshooting 2 SHDSL Troubleshooting 2 ATM Troubleshooting Commands 2 ping atm interface Command 3 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6 OL-5332
  • Cisco 851W | Configuration Guide - Page 7
    Router 11 Reset the Password and Save Your Changes 12 Reset the Configuration Register Value 12 Managing Your Router with SDM 13 Reference Information Cisco IOS Software Basic Skills 1 Configuring the Router from a PC 1 Understanding Command Modes 2 Getting Help 4 Enable Secret Passwords and Enable
  • Cisco 851W | Configuration Guide - Page 8
    4 Required Variables 4 Optional Variables 5 Using the TFTP Download Command 5 Configuration Register 6 Changing the Configuration Register Manually 6 Changing the Configuration Register Using Prompts 6 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 8 OL-5332-01
  • Cisco 851W | Configuration Guide - Page 9
    D A P P E N D I X INDEX Console Download 7 Command Description 8 Error Reporting 8 Debug Commands 8 Exiting the ROM Monitor 10 Common Port Assignments 1 Contents OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 9
  • Cisco 851W | Configuration Guide - Page 10
    Contents Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 10 OL-5332-01
  • Cisco 851W | Configuration Guide - Page 11
    This software configuration guide provides instructions for using the Cisco command-line interface (CLI) to configure features of the following Cisco 800 series routers: • Cisco 850 Series Routers - Cisco 851 Ethernet Access Router - Cisco 857 DSL Access Router • Cisco 870 Series Routers - Cisco 871
  • Cisco 851W | Configuration Guide - Page 12
    "-Provides instructions on how to configure your Cisco router for dial backup and remote management. • Chapter 14, "Troubleshooting"-Provides information on identifying and solving problems with the ADSL line and the telephone interface. Also explains how to recover a lost software password. Part
  • Cisco 851W | Configuration Guide - Page 13
    . For example, when you read ^D or Ctrl-D, you should hold down the Control key while you press the D key. Examples of information displayed on the screen. Examples of information that you must enter. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 13
  • Cisco 851W | Configuration Guide - Page 14
    Series Access Routers Cabling and Setup Quick Start Guide • Cisco 850 Series and Cisco 870 Series Access Routers Hardware Installation Guide • Cisco Router and Security Device Manager (SDM) Quick Start Guide • Cisco Access Router Wireless Configuration Guide • Upgrading Memory in Cisco 800 Series
  • Cisco 851W | Configuration Guide - Page 15
    PART 1 Getting Started
  • Cisco 851W | Configuration Guide - Page 16
  • Cisco 851W | Configuration Guide - Page 17
    and Associated Port Labels by Cisco Router Router Cisco 851 Interface Fast Ethernet LAN Fast Ethernet WAN Wireless LAN Port Label LAN (top), FE0-FE3 (bottom) WAN (top), FE4 (bottom) (no label) OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 1-1
  • Cisco 851W | Configuration Guide - Page 18
    Viewing the Default Configuration Chapter 1 Basic Router Configuration Table 1-1 Supported Interfaces and Associated Port Labels by Cisco Router (continued) Router Cisco 871 Cisco 857 Cisco 876 Cisco 877 Cisco 878 Interface Fast Ethernet LAN Fast Ethernet WAN Wireless LAN USB Fast Ethernet LAN
  • Cisco 851W | Configuration Guide - Page 19
    modem enable transport preferred all transport output all line aux 0 transport preferred all transport output all line vty 0 4 login transport preferred all transport input all transport output all ! end OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
  • Cisco 851W | Configuration Guide - Page 20
    ) or Annex B (Europe). Once you have collected the appropriate information, you can perform a full configuration on your router, beginning with the tasks in the "Configuring Basic Parameters" section. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 1-4 OL-5332-01
  • Cisco 851W | Configuration Guide - Page 21
    Router(config)# hostname Router Router(config)# Step 3 enable secret password Example: Router(config)# enable secret cr1ny5ho Router(config)# Step 4 no ip domain-lookup Example: Router(config)# no ip domain-lookup Router(config)# Purpose Enters global configuration mode, when using the console port
  • Cisco 851W | Configuration Guide - Page 22
    interface. Enables the Ethernet interface, changing its state from administratively down to administratively up. Exits configuration mode for the Fast Ethernet interface and returns to global configuration mode. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
  • Cisco 851W | Configuration Guide - Page 23
    Enables the ATM 0 interface. Example: Router(config-int)# no shutdown Router(config-int)# Step 5 exit Example: Router(config-int)# exit Router(config)# Exits configuration mode for the ATM interface and returns to global configuration mode. Configure the Wireless Interface The wireless interface
  • Cisco 851W | Configuration Guide - Page 24
    provides default routing information. For complete information on the loopback commands, see the Cisco IOS Release 12.3 documentation set. Perform these steps to configure a loopback interface: Step 1 Command interface type number Example: Router(config)# interface Loopback 0 Router(config-int
  • Cisco 851W | Configuration Guide - Page 25
    Router(config)# Purpose Enters line configuration mode, and specifies the type of line. This example specifies a console terminal for access. Specifies a unique password for the console terminal line. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
  • Cisco 851W | Configuration Guide - Page 26
    session login. Exits line configuration mode, and returns to privileged EXEC mode. For complete information about the command line commands, see the Cisco IOS Release 12.3 documentation set. 1-10 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco 851W | Configuration Guide - Page 27
    and additional parameters that can be set, see the Cisco IOS IP Command Reference, Volume 2 of 4: Routing Protocols. Step 2 end Example: Router(config)# end Router# Exits router configuration mode, and enters privileged EXEC mode. For complete information on the static routing commands, see
  • Cisco 851W | Configuration Guide - Page 28
    interface to another device with an IP address of 10.10.10.2. Specifically, the packets are sent to the configured PVC. You do not need to enter the commands marked "(default)." These commands appear automatically in the configuration file generated when you use the show running-config command
  • Cisco 851W | Configuration Guide - Page 29
    to pass across classful network boundaries. Step 5 end Example: Router(config-router)# end Router# Exits router configuration mode, and enters privileged EXEC mode. For complete information on the dynamic routing commands, see the Cisco IOS Release 12.3 documentation set. For more general
  • Cisco 851W | Configuration Guide - Page 30
    109 Router(config)# Purpose Enters router configuration mode, and enables EIGRP on the router. The autonomous-system number identifies the route to other EIGRP routers and is used to tag the EIGRP information. 1-14 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
  • Cisco 851W | Configuration Guide - Page 31
    ." Configuration Example The following configuration example shows the EIGRP routing protocol enabled in IP networks 192.145.1.0 and 10.10.12.115. The EIGRP autonomous system number is 109. Execute the show running-config command from privileged EXEC mode to see this configuration. ! router eigrp
  • Cisco 851W | Configuration Guide - Page 32
    Configuring Enhanced IGRP Chapter 1 Basic Router Configuration 1-16 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco 851W | Configuration Guide - Page 33
    PART 2 Configuring Your Router for Ethernet and DSL Access
  • Cisco 851W | Configuration Guide - Page 34
  • Cisco 851W | Configuration Guide - Page 35
    your router for DSL-based networks. • Chapter 4, "Configuring PPP over ATM with NAT" • Chapter 5, "Configuring a LAN with DHCP and VLANs" • Chapter 6, "Configuring a VPN Using Easy VPN and an IPSec Tunnel" OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
  • Cisco 851W | Configuration Guide - Page 36
    Chapter 2 Sample Network Deployments • Chapter 7, "Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation" • Chapter 8, "Configuring a Simple Firewall" Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 2-2 OL-5332-01
  • Cisco 851W | Configuration Guide - Page 37
    WAN interface (outside interface for NAT) 121753 6 Cable modem or other server (for example, a Cisco 6400 server) that is connected to the Internet 7 PPPoE se1ssion between the client and a PPPoE server Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 3-1
  • Cisco 851W | Configuration Guide - Page 38
    vpdn enable Router(config)# Step 2 vpdn-group name Example: Router(config)# vpdn-group 1 Router(config-vpdn)# Purpose Enables VPDN on the router. Creates and associates a VPDN group with a customer or VPDN profile. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
  • Cisco 851W | Configuration Guide - Page 39
    dial-pool-number 1 Router(config-if)# Purpose Enters interface configuration mode for a Fast Ethernet WAN interface. Configures the PPPoE client and specifies the dialer interface to use for cloning. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 3-3
  • Cisco 851W | Configuration Guide - Page 40
    no shutdown Example: Router(config-if)# no shutdown Router(config-if)# Step 4 exit Example: Router(config-if)# exit Router(config)# Purpose Enables the Fast Ethernet interface and the configuration changes just made to it. Exits configuration mode for the Fast Ethernet interface and returns
  • Cisco 851W | Configuration Guide - Page 41
    route for the default gateway for the dialer 0 interface. For details about this command and additional parameters that can be set, see the Cisco IOS IP Command Reference, Volume 2; Routing Protocols. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 3-5
  • Cisco 851W | Configuration Guide - Page 42
    set, as well as information about enabling static translation, see the Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and Services. interface type number Example: Router(config)# interface vlan 1 Router(config-if)# Enters configuration mode for the VLAN (on which the Fast Ethernet LAN
  • Cisco 851W | Configuration Guide - Page 43
    as information about enabling static translation, see the Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and Services. Enables the configuration changes just made to the Ethernet interface. Step 10 exit Example: Router(config-if)# exit Router(config)# Exits configuration mode for the
  • Cisco 851W | Configuration Guide - Page 44
    a subnet mask of 255.255.255.0. NAT is configured for inside and outside Note Commands marked by "(default)" are generated automatically when you run the show running-config command. vpdn enable vpdn-group 1 request-dialin protocol pppoe ! interface vlan 1 ip address 192.168.1.1 255.255.255.0 no
  • Cisco 851W | Configuration Guide - Page 45
    Vlan1 Hits: 0 Misses: 0 CEF Translated packets: 0, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source [Id: 1] access-list 1 interface Dialer0 refcount 0 Queued Packets: 0 OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 3-9
  • Cisco 851W | Configuration Guide - Page 46
    Configuration Example Chapter 3 Configuring PPP over Ethernet with NAT 3-10 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco 851W | Configuration Guide - Page 47
    Client-Cisco 857, Cisco 876, Cisco 877, or Cisco 878 router 4 Point at which NAT occurs 7 5 ATM WAN interface (outside interface for NAT) 6 PPPoA session between the client and a PPPoA server at the ISP 1 121753 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
  • Cisco 851W | Configuration Guide - Page 48
    ATM WAN Interface • Configure DSL Signaling Protocol • Configure Network Address Translation An example showing the results of these configuration tasks is shown in the "Configuration Example" section on page 4-11. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
  • Cisco 851W | Configuration Guide - Page 49
    For details about this command and additional parameters that can be set, see the Cisco IOS Security Command Reference. Specifies the dialer pool to use to connect to a specific destination subnetwork. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 4-3
  • Cisco 851W | Configuration Guide - Page 50
    be set, see the Cisco IOS Dial Technologies Command Reference. Step 10 ip route prefix mask {interface-type interface-number} Example: Router(config)# ip route 10.10.25.2 0.255.255.255 dialer 0 Router(config)# Sets the IP route for the default gateway for the dialer 0 interface. For details about
  • Cisco 851W | Configuration Guide - Page 51
    Example: Router(config-if-atm-vc)# dialer pool-member 1 Router(config-if-atm-vc)# Specifies the ATM interface as a member of a dialer profile dialing pool. The pool number must be in the range of 1-255. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
  • Cisco 851W | Configuration Guide - Page 52
    Enables interface and configuration changes just made to the ATM interface. Exits configuration mode for the ATM interface. Configure DSL Signaling Protocol DSL signaling must be configured on the ATM interface for connection to your ISP. The Cisco 857 and Cisco 877 routers support ADSL signaling
  • Cisco 851W | Configuration Guide - Page 53
    mode. Step 5 line-mode {4-wire | 2-wire} Example: Specifies whether this DSL connection is operating in 2-wire or 4-wire mode. Router(config-controller)# line-mode 4-wire Router(config-controller)# OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
  • Cisco 851W | Configuration Guide - Page 54
    exit Example: Router(config-controller)# exit Router(config)# Chapter 4 Configuring PPP over ATM with NAT Purpose Specifies how long, 15 to 30 seconds, to ignore errors. Exits controller configuration mode, returning to global configuration mode. Note If you are integrating your Cisco router into
  • Cisco 851W | Configuration Guide - Page 55
    IOS IP Command Reference, Volume 1 of 4: Addressing and Services. Enters configuration mode for the VLAN (on which the Fast Ethernet LAN interfaces [FE0-FE3] reside) to be the inside interface for NAT. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
  • Cisco 851W | Configuration Guide - Page 56
    be set, as well as enabling static translation, see the Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and Services. Enables the configuration changes just made to the Ethernet interface. 4-10 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco 851W | Configuration Guide - Page 57
    (default) ! interface ATM0 no ip address ip nat outside ip virtual-reassembly no atm ilmi-keepalive pvc 8/35 encapsulation aal5mux ppp dialer dialer pool-member 1 ! dsl operating-mode auto ! OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 4-11
  • Cisco 851W | Configuration Guide - Page 58
    command in privileged EXEC mode to verify the PPPoA client with NAT configuration. You should see verification output similar to the following example: Router# show ip nat statistics Total active translations: 0 (0 static, 0 dynamic; 0 extended) Outside interfaces: ATM0 Inside interfaces: Vlan1 Hits
  • Cisco 851W | Configuration Guide - Page 59
    as a DHCP server, providing IP address assignment and other TCP/IP-oriented configuration information to your workstations. DHCP frees you from having to manually assign an IP address to each client. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 5-1
  • Cisco 851W | Configuration Guide - Page 60
    ...server-address6] Example: Specifies the address of one or more Domain Name System (DNS) servers to use for name and address resolution. Router(config)# ip name-server 192.168.11.12 Router(config)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 5-2 OL-5332
  • Cisco 851W | Configuration Guide - Page 61
    Router(config-dhcp)# Step 8 dns-server address [address2...address8] Example: Specifies up to 8 DNS servers available to a DHCP client. Router(config-dhcp)# dns-server 192.168.35.2 Router(config-dhcp)# OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
  • Cisco 851W | Configuration Guide - Page 62
    with DHCP and VLANs Command Step 9 domain-name domain Purpose Specifies the domain name for a DHCP client. Example: Router(config-dhcp)# domain-name cisco.com Router(config-dhcp)# Step 10 exit Example: Router(config-dhcp)# exit Router(config)# Exits DHCP configuration mode, and enters global
  • Cisco 851W | Configuration Guide - Page 63
    that can be set, see the Cisco IOS Switching Services Command Reference. Updates the VLAN database, propagates it throughout the administrative domain, and returns to global configuration mode. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 5-5
  • Cisco 851W | Configuration Guide - Page 64
    Step 2 switchport access vlan vlan-id Assigns a port to the VLAN. Example: Router(config-if)# switchport access vlan 2 Router(config-if)# Step 3 end Example: Router(config-if)# end Router# Exits interface mode and returns to privileged EXEC mode. Verify Your VLAN Configuration Use the following
  • Cisco 851W | Configuration Guide - Page 65
    vlan-switch VLAN Name Status Ports 1 default active Fa0, Fa1, Fa3 2 VLAN0002 active Fa2 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
  • Cisco 851W | Configuration Guide - Page 66
    Configure VLANs Chapter 5 Configuring a LAN with DHCP and VLANs VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 1 ibm - 0 0 1005 trnet 101005 1500 - - 1 ibm - 0 0 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 5-8 OL-5332-01
  • Cisco 851W | Configuration Guide - Page 67
    corporate network. Figure 6-1 shows a typical deployment scenario. Note The material in this chapter does not apply to Cisco 850 series routers. Cisco 850 series routers do not support Cisco Easy VPN. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-1
  • Cisco 851W | Configuration Guide - Page 68
    who are running Cisco Easy VPN Remote software on PCs. Easy VPN server-enabled devices allow remote routers to act as Easy VPN Remote nodes. The Cisco Easy VPN client feature can be configured in one of two modes-client mode or network extension mode. Client mode is the default configuration and
  • Cisco 851W | Configuration Guide - Page 69
    Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Note The Cisco Easy VPN client feature supports configuration of only one destination peer. If your application requires creation of multiple VPN tunnels, you must manually configure the IPSec VPN and Network Address Translation/Peer
  • Cisco 851W | Configuration Guide - Page 70
    , 60-86400 seconds, for an IKE security association (SA). Step 7 exit Example: Router(config-isakmp)# exit Router(config)# Exits IKE policy configuration mode, and enters global configuration mode. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-4 OL-5332-01
  • Cisco 851W | Configuration Guide - Page 71
    containing attributes to be downloaded to the remote client. Also enters the Internet Security Association Key and Management Protocol (ISAKMP) group policy configuration mode. Step 2 key name Example: Router(config-isakmp-group)# key secret-password Router(config-isakmp-group)# Specifies the
  • Cisco 851W | Configuration Guide - Page 72
    -remote Router(config)# Step 2 crypto map tag client configuration address [initiate | respond] Configures the router to reply to mode configuration requests from remote clients. Example: Router(config)# crypto map dynmap client configuration address respond Router(config)# Enable Policy Lookup
  • Cisco 851W | Configuration Guide - Page 73
    . For details, see the Cisco IOS Security Configuration Guide and Cisco IOS Security Command Reference. username name {nopassword | password password | password encryption-type encrypted-password} Example: Router(config)# username Cisco password 0 Cisco Router(config)# Establishes a username-based
  • Cisco 851W | Configuration Guide - Page 74
    map configuration mode. Example: Router(config)# crypto dynamic-map dynmap 1 Router(config-crypto-map)# See the Cisco IOS Security Example: Router(config-crypto-map)# set transform-set vpn1 Router(config-crypto-map)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
  • Cisco 851W | Configuration Guide - Page 75
    interface type number Example: Router(config)# interface fastethernet 4 Router(config-if)# Purpose Enters the interface configuration mode for the interface to which you want the crypto map applied. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
  • Cisco 851W | Configuration Guide - Page 76
    Router(config-if)# Step 3 exit Example: Router(config-crypto-map)# exit Router(config)# Purpose Applies the crypto map to the interface. See the Cisco IOS Security Command Reference for more detail about this command. Returns to global configuration mode. Create an Easy VPN Remote Configuration
  • Cisco 851W | Configuration Guide - Page 77
    ezvpn name [outside | inside] Example: Router(config-if)# crypto ipsec client ezvpn ezvpnclient outside Router(config-if)# Assigns the Cisco Easy VPN remote configuration to the WAN interface, causing the router to automatically create the NAT or port address translation (PAT) and access list
  • Cisco 851W | Configuration Guide - Page 78
    secret-password mode client peer 192.168.100.1 ! interface fastethernet 4 crypto ipsec client ezvpn ezvpnclient outside crypto map static-map ! interface vlan 1 crypto ipsec client ezvpn ezvpnclient inside ! 6-12 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL
  • Cisco 851W | Configuration Guide - Page 79
    VPN client-Another router, which controls access to the corporate network 7 LAN interface-Connects to the corporate network, with inside interface address of 10.1.1.1 8 Corporate office network 9 IPSec tunnel with GRE Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
  • Cisco 851W | Configuration Guide - Page 80
    Policy • Configure Group Policy Information • Enable Policy Lookup • Configure IPSec Transforms and Protocols • Configure the IPSec Crypto Method and Parameters • Apply the Crypto Map to the Physical Interface Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 7-2 OL
  • Cisco 851W | Configuration Guide - Page 81
    , 60-86400 seconds, for an IKE security association (SA). Step 7 exit Example: Router(config-isakmp)# exit Router(config)# Exits IKE policy configuration mode, and enters global configuration mode. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 7-3
  • Cisco 851W | Configuration Guide - Page 82
    group that contains attributes to be downloaded to the remote client. Also enters Internet Security Association Key Management Protocol (ISAKMP) policy configuration mode. Step 2 key name Example: Router(config-isakmp-group)# key secret-password Router(config-isakmp-group)# Specifies the IKE pre
  • Cisco 851W | Configuration Guide - Page 83
    . See the Cisco IOS Security Configuration Guide and the Cisco IOS Security Command Reference for details. username name {nopassword | password password | password encryption-type encrypted-password} Example: Router(config)# username cisco password 0 cisco Router(config)# Establishes a username
  • Cisco 851W | Configuration Guide - Page 84
    map configuration mode. Example: Router(config)# crypto dynamic-map dynmap 1 Router(config-crypto-map)# See the Cisco IOS Security Example: Router(config-crypto-map)# set transform-set vpn1 Router(config-crypto-map)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
  • Cisco 851W | Configuration Guide - Page 85
    Action interface type number Example: Router(config)# interface fastethernet 4 Router(config-if)# Purpose Enters interface configuration mode for the interface to which you want to apply the crypto map. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
  • Cisco 851W | Configuration Guide - Page 86
    Step 4 tunnel destination default-gateway-ip-address Example: Router(config-if)# tunnel destination 192.168.101.1 Router(config-if)# Specifies the destination endpoint of the router for the GRE tunnel. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 7-8 OL-5332
  • Cisco 851W | Configuration Guide - Page 87
    Router(config-acl)# Step 9 exit Example: Router(config-acl)# exit Router(config)# Purpose Assigns a crypto map to the tunnel. Note Dynamic routing or static routes to the tunnel interface must be configured to establish connectivity between the sites. See the Cisco IOS Security Configuration Guide
  • Cisco 851W | Configuration Guide - Page 88
    the corp. router as well as ! denies Internet-initiated traffic inbound. ip access-group 103 in ip nat outside no cdp enable crypto map to_corporate ! Applies the IPSec tunnel to the outside interface. 7-10 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332
  • Cisco 851W | Configuration Guide - Page 89
    matches addresses for the IPSec tunnel to or from the corporate network. access-list 105 permit ip 10.1.1.0 0.0.0.255 192.168.0.0 0.0.255.255 no cdp run OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 7-11
  • Cisco 851W | Configuration Guide - Page 90
    Configuration Example Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation 7-12 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco 851W | Configuration Guide - Page 91
    the Cisco IOS Security Configuration Guide, Release 12.3, for more detailed information on traffic filtering and firewalls. Figure 8-1 shows a network deployment using PPPoE or PPPoA with NAT and a firewall. Figure 8-1 Router with Firewall Configured 4 2 7 3 5 6 1 121781 OL-5332-01 Cisco
  • Cisco 851W | Configuration Guide - Page 92
    ) 3 PPPoE or PPPoA client and firewall implementation-Cisco 851/871 or Cisco 857/876/877/878 series access router, respectively 4 Point at which NAT occurs 5 Protected network 6 Unprotected network 7 Fast Ethernet or ATM WAN interface (the outside interface for NAT) In the configuration example that
  • Cisco 851W | Configuration Guide - Page 93
    Router(config)# ip inspect name firewall h323 Router(config)# ip inspect name firewall netshow Router(config)# ip inspect name firewall ftp Router(config)# ip inspect name firewall sqlnet Router(config)# OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
  • Cisco 851W | Configuration Guide - Page 94
    configuration mode: Step 1 Command interface type number Example: Router(config)# interface vlan 1 Router(config-if)# Step 2 ip inspect inspection-name {in | out} Example: Router(config-if)# ip inspect firewall in Router(config-if)# Step 3 exit Example: Router(config-if)# exit Router(config
  • Cisco 851W | Configuration Guide - Page 95
    matches addresses for the ipsec tunnel to or from the corporate network. access-list 105 permit ip 10.1.1.0 0.0.0.255 192.168.0.0 0.0.255.255 no cdp run ! OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 8-5
  • Cisco 851W | Configuration Guide - Page 96
    Configuration Example Chapter 8 Configuring a Simple Firewall Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 8-6 OL-5332-01
  • Cisco 851W | Configuration Guide - Page 97
    the Internet 3 VLAN 1 4 VLAN 2 In the configuration example that follows, a remote user is accessing the Cisco 850 or Cisco 870 series access router using a wireless connection. Each remote user has his own VLAN. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 9-1
  • Cisco 851W | Configuration Guide - Page 98
    for your wireless LAN, beginning in global configuration mode: Step 1 Command interface name number Example: Router(config)# interface dot11radio 0 Router(config-if)# Step 2 broadcast-key [vlan vlan-id] change seconds Example: Router(config-if)# broadcast-key vlan 1 change 45 Router(config-if
  • Cisco 851W | Configuration Guide - Page 99
    method, algorithm, and key used to access the wireless interface. The example uses the VLAN with optional encryption method of data ciphers. Step 4 ssid name Example: Router(config-if)# ssid cisco Router(config-if-ssid)# Step 5 vlan number Creates a Service Set ID (SSID), the public name of
  • Cisco 851W | Configuration Guide - Page 100
    of bridging. The example specifies integrated routing and bridging. Enters interface configuration mode. We want to set up bridging on the VLANs, so the example enters the VLAN interface configuration mode. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 9-4 OL
  • Cisco 851W | Configuration Guide - Page 101
    bridge interface. Specifies the protocol for the bridge group. Specifies the address for the virtual bridge interface. Repeat Step 2 through Step 7 above for each VLAN that requires a wireless interface. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
  • Cisco 851W | Configuration Guide - Page 102
    is used on the specified subinterface. Step 4 no cdp enable Example: Router(config-subif)# no cdp enable Router(config-subif)# Disables the Cisco Discovery Protocol (CDP) on the wireless interface. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 9-6 OL-5332-01
  • Cisco 851W | Configuration Guide - Page 103
    Example The following configuration example shows a portion of the configuration file for the wireless LAN scenario described in the preceding sections. ! bridge irb ! interface Dot11Radio0 no ip address ! broadcast-key vlan 1 change 45 ! ! encryption vlan 1 mode ciphers tkip ! ssid cisco vlan
  • Cisco 851W | Configuration Guide - Page 104
    bridge-group 3 bridge-group 3 spanning-disabled ! interface BVI1 ip address 10.0.1.1 255.255.255.0 ! interface BVI2 ip address 10.0.2.1 255.255.255.0 ! interface BVI3 ip address 10.0.3.1 255.255.255.0 ! Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 9-8 OL
  • Cisco 851W | Configuration Guide - Page 105
    VLAN, Easy VPN, and wireless interface configurations made in previous chapters. This allows you to view what a basic configuration provided by this guide looks like in a single sample, Example 10-1. Note Commands marked by "(default)" are generated automatically when you run the show running-config
  • Cisco 851W | Configuration Guide - Page 106
    ip access-group 103 in no cdp enable crypto ipsec client ezvpn ezvpnclient outside crypto map static-map ! crypto isakmp policy 1 encryption 3des authentication pre-share group 2 lifetime 480 ! 10-2 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco 851W | Configuration Guide - Page 107
    no cdp enable bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 10-3
  • Cisco 851W | Configuration Guide - Page 108
    user AMER\jsomeone nthash 7 0224550C29232E041C6A5D3C5633305D5D560C09027966167137233026580E0B0D ! radius-server host 10.0.1.1 auth-port 1812 acct-port 1813 key cisco123 ! control-plane ! 10-4 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco 851W | Configuration Guide - Page 109
    modem enable transport preferred all transport output all line aux 0 transport preferred all transport output all line vty 0 4 password cisco123 transport preferred all transport input all transport output all ! OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration
  • Cisco 851W | Configuration Guide - Page 110
    Chapter 10 Sample Configuration 10-6 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco 851W | Configuration Guide - Page 111
    PART 3 Configuring Additional Features and Troubleshooting
  • Cisco 851W | Configuration Guide - Page 112
  • Cisco 851W | Configuration Guide - Page 113
    do not describe all of your configuration or troubleshooting needs. See the appropriate Cisco IOS configuration guides and command references for additional details. Note To verify that a specific feature is compatible with your router, you can use the Software Advisor tool. You can access this
  • Cisco 851W | Configuration Guide - Page 114
    Chapter 11 Additional Configuration Options 11-2 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco 851W | Configuration Guide - Page 115
    Cisco IOS Firewall IDS • Configuring VPNs Each section includes a configuration example and verification steps, where available. Authentication, Authorization, and Accounting AAA network security services provide the primary framework through which you set up access control on your router
  • Cisco 851W | Configuration Guide - Page 116
    about configuring AAA services and supported security protocols, see the following sections of the Cisco IOS Security Configuration Guide: • Configuring Authentication • Configuring Authorization • Configuring Accounting • Configuring RADIUS • Configuring TACACS+ • Configuring Kerberos Configuring
  • Cisco 851W | Configuration Guide - Page 117
    configuration. For additional information about configuring a CBAC firewall, see the "Configuring Context-Based Access Control" section of the Cisco IOS Release 12.3 Security Configuration Guide. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 12
  • Cisco 851W | Configuration Guide - Page 118
    Configuration Guide. For information about additional VPN configurations supported by Cisco 850 and Cisco 870 series access routers, see the following feature documents: • EZVPN Server-Cisco 870 series routers can be configured to act as EZVPN servers, letting authorized EZVPN clients establish
  • Cisco 851W | Configuration Guide - Page 119
    the ISDN S/T port on the Cisco 876 and Cisco 878 routers Note The console port and the auxiliary port in the Cisco IOS software configuration are on the same physical RJ-45 port; therefore, both ports cannot be activated simultaneously, and the command-line interface (CLI) must be used to enable the
  • Cisco 851W | Configuration Guide - Page 120
    2 Step 3 Command interface type number Example: Router(config)# interface atm 0 Router(config-if)# backup interface interface-type interface-number Example: Router(config-if)# backup interface bri 0 Router(config-if)# exit Purpose Enters interface configuration mode for the interface for which you
  • Cisco 851W | Configuration Guide - Page 121
    0.0.0.0 0.0.0.0 192.168.2.2 150 Router(config)# Assigns the lower routing administrative distance value for the backup interface route. 192.168.2.2 is the peer IP address of the backup interface. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 13-3
  • Cisco 851W | Configuration Guide - Page 122
    -type Assigns the primary route. 22.0.0.2 is the peer IP interface-number [ip-address]} address of the primary interface. Example: Router(config)# ip route 0.0.0.0 0.0.0.0 22.0.0.2 Router(config)# 13-4 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco 851W | Configuration Guide - Page 123
    Type Cisco 851 or 871 PPPoE Dial Backup Possible? Yes Dial Backup Method Dialer watch Normal IP in cable No modem scenario Dialer watch Limitations Bridging is not supported across a slow interface, for example, an auxiliary port. The peer IP address of the ISP is needed to configure the
  • Cisco 851W | Configuration Guide - Page 124
    protocol does not need to be running in the router, if the IP address of the peer is known. If bridging is done through the WAN interface, it is not supported across the auxiliary port. Configuration Example The following three examples show sample configurations for the three dial backup methods
  • Cisco 851W | Configuration Guide - Page 125
    no ip address encapsulation ppp dialer pool-member 1 isdn switch-type basic-net3 ! interface ATM0 no ip address no atm ilmi-keepalive pvc 1/40 encapsulation aal5snap pppoe-client dial-pool-number 2 OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 13-7
  • Cisco 851W | Configuration Guide - Page 126
    no ip address encapsulation ppp dialer pool-member 1 isdn switch-type basic-net3 ! interface ATM0 no ip address no atm ilmi-keepalive pvc 1/40 encapsulation aal5snap pppoe-client dial-pool-number 2 13-8 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco 851W | Configuration Guide - Page 127
    route in case the primary line fails. Cisco 850 and Cisco 870 routers can use the auxiliary port for dial backup and remote management. Note The cable modem environment is currently not supported. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 13-9
  • Cisco 851W | Configuration Guide - Page 128
    to allow changes or updates to Cisco IOS configurations Configuration Tasks Perform these steps to configure dial backup and remote management for these routers, beginning in global configuration mode: Step 1 Command ip name-server server-address Example: Router(config)# ip name-server 192.168
  • Cisco 851W | Configuration Guide - Page 129
    group number for watch list. Example: Router(config-if)# dialer watch-group 1 Router(config-if)# Step 9 exit Enters global configuration mode. Example: Router(config-if)# exit Router(config)# OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 13-11
  • Cisco 851W | Configuration Guide - Page 130
    (config-line)# modem enable Router(config-line)# Switches the port from console to auxiliary port function. Step 16 exit Enters global configuration mode. Example: Router(config-line)# exit Router(config)# 13-12 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
  • Cisco 851W | Configuration Guide - Page 131
    or Auxiliary Port Step 17 Command line [aux | console | tty | vty] line-number [ending-line-number] Purpose Enters configuration mode for the auxiliary interface. Example: Router(config)# line aux 0 Router(config)# Step 18 flowcontrol {none | software [lock] [in | out] | Enables hardware signal
  • Cisco 851W | Configuration Guide - Page 132
    and Remote Management Configuring Dial Backup and Remote Management Through the Console or Auxiliary Port interface ATM0 mtu 1492 no ip address no atm ilmi-keepalive pvc 0/35 pppoe-client dial-pool-number 1 ! dsl operating-mode auto ! ! Primary WAN link. interface Dialer1 ip address negotiated
  • Cisco 851W | Configuration Guide - Page 133
    Dialout modem InOut modem autoconfigure discovery transport input all stopbits 1 speed 115200 flowcontrol hardware line vty 0 4 exec-timeout 0 0 password cisco login ! scheduler max-task-time 5000 end OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 13
  • Cisco 851W | Configuration Guide - Page 134
    line goes down C Administrator remote management through the ISDN interface when the primary DSL link is down; serves as dial-in access to allow changes or updates to Cisco IOS configuration -- 13-16 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco 851W | Configuration Guide - Page 135
    the ISDN interface when the primary DSL link is down; serves as dial-in access to allow changes or updates to Cisco IOS configuration Configuration Tasks Perform the following tasks to configure dial backup and remote management through the ISDN S/T port of your router: • Configure ISDN Settings
  • Cisco 851W | Configuration Guide - Page 136
    (config)# Step 7 interface dialer dialer-rotary-group-number Example: Router(config)# interface dialer 0 Router(config-if)# Creates a dialer interface (numbered 0-255) and enters interface configuration mode. 13-18 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
  • Cisco 851W | Configuration Guide - Page 137
    group. In the example, dialer-list 1 corresponds to dialer-group 1. For details about this command and additional parameters that can be set, see the Cisco IOS Dial Technologies Command Reference. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 13-19
  • Cisco 851W | Configuration Guide - Page 138
    communicate through a public ISDN network to reach your Cisco router ISDN interface. The ISDN peer router provides Internet access for your Cisco router during the ATM network downtime. ! This portion of the example configures the aggregator. vpdn enable no vpdn logging ! vpdn-group 1 accept-dialin
  • Cisco 851W | Configuration Guide - Page 139
    peer default ip address pool isdn ! ip local pool isdn 192.168.2.1 ip http server ip classless ip route 0.0.0.0 0.0.0.0 192.168.2.1 ip route 40.0.0.0 255.0.0.0 30.1.1.1 ! dialer-list 1 protocol ip permit ! OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
  • Cisco 851W | Configuration Guide - Page 140
    Configuring Dial Backup and Remote Management Through the ISDN S/T Port Chapter 13 Configuring Dial Backup and Remote Management 13-22 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco 851W | Configuration Guide - Page 141
    Troubleshooting • SHDSL Troubleshooting • ATM Troubleshooting Commands • Software Upgrade Methods • Recovering a Lost Password • Managing Your Router with SDM Getting Started Before troubleshooting a software problem, you must connect a terminal or PC to the router using the light-blue console port
  • Cisco 851W | Configuration Guide - Page 142
    the hardware installation guide specific for your router. • The correct Asynchronous Transfer Mode (ATM) virtual path identifier/virtual circuit identifier (VPI/VCI) is being used. • The DSLAM supports discrete multi-tone (DMT) Issue 2. • The ADSL cable that you connect to the Cisco router must be
  • Cisco 851W | Configuration Guide - Page 143
    all physical ports (Ethernet and ATM) and logical interfaces on the router. Table 14-1 describes messages in the command output. Example 14-2 Viewing Status of Selected Interfaces Router# show interface atm 0 ATM0 is up, line protocol is up Hardware is PQUICC_SAR (with Alcatel ADSL Module) Internet
  • Cisco 851W | Configuration Guide - Page 144
    correctly. Fast Ethernet n is up, line protocol is down The specified Fast Ethernet interface has been correctly configured and enabled, but the Ethernet cable might be disconnected from the LAN. 14-4 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco 851W | Configuration Guide - Page 145
    of AAL enabled. The Cisco 850 and Cisco 870 series access routers support AAL5. Maximum number of virtual connections this interface supports. Number of active virtual channel connections (VCCs). OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 14-5
  • Cisco 851W | Configuration Guide - Page 146
    only to troubleshoot specific problems. The best time to use debug commands is during periods of low network traffic so that other activity on the network is not adversely affected. You can find additional information and documentation about the debug commands in the Cisco IOS Debug Command
  • Cisco 851W | Configuration Guide - Page 147
    ADSL_OPEN command. 00:02:57: DSL: Using subfunction 0xA 00:02:57: DSL: Using subfunction 0xA 00:02:57: DSL: Sent command 0x5 00:03:00: DSL: 1: Modem state = 0x8 00:03:00: DSL: 1: Modem state = 0x8 OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 14-7
  • Cisco 851W | Configuration Guide - Page 148
    atm packet command output. Table 14-3 debug atm packet Command Output Description Field ATM0 (O) Description Interface that is generating the packet. Output packet. (I) would mean receive packet. 14-8 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco 851W | Configuration Guide - Page 149
    router through the console port. These procedures cannot be performed through a Telnet session. Tip See the "Hot Tips" section on Cisco.com for additional information on replacing enable secret passwords. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
  • Cisco 851W | Configuration Guide - Page 150
    Lost Password Chapter 14 Troubleshooting Change the Configuration Register To change a configuration register, follow these steps: Step 1 Step 2 Step 3 Step 4 Connect an ASCII terminal or a PC running a terminal emulation program to the CONSOLE port on the rear panel of the router. Configure the
  • Cisco 851W | Configuration Guide - Page 151
    mode: Router> enable The prompt changes to the privileged EXEC prompt: Router# Enter the show startup-config command to display an enable password in the configuration file: Router# show startup-config OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
  • Cisco 851W | Configuration Guide - Page 152
    : Router# configure terminal Enter the enable secret command to reset the enable secret password in the router: Router(config)# enable secret password Enter exit to exit global configuration mode: Router(config)# exit Save your configuration changes: Router# copy running-config startup-config Reset
  • Cisco 851W | Configuration Guide - Page 153
    14 Troubleshooting Managing Your Router with SDM Managing Your Router with SDM The Cisco SDM tool is a free software configuration utility, supporting the Cisco 850 and Cisco 870 series access routers. It includes a web-based GUI that offers the following features: • Simplified setup • Advanced
  • Cisco 851W | Configuration Guide - Page 154
    Managing Your Router with SDM Chapter 14 Troubleshooting 14-14 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco 851W | Configuration Guide - Page 155
    PART 4 Reference Information
  • Cisco 851W | Configuration Guide - Page 156
  • Cisco 851W | Configuration Guide - Page 157
    : • Configuring the Router from a PC • Understanding Command Modes • Getting Help • Enable Secret Passwords and Enable Passwords • Entering Global Configuration Mode • Using Commands • Saving Configuration Changes • Summary • Where to Go Next If you are already familiar with Cisco IOS software, go
  • Cisco 851W | Configuration Guide - Page 158
    specific Cisco IOS commands. For example, you can use the interface type number command only from global configuration mode. The following Cisco IOS command modes are hierarchical. When you begin a router session, you are in user EXEC mode. • User EXEC • Privileged EXEC • Global configuration Table
  • Cisco 851W | Configuration Guide - Page 159
    A Cisco IOS Software Basic Skills Understanding Command Modes Table A-2 Command Modes Summary Mode User EXEC Access Method Begin a session with your router. Prompt Router> Privileged EXEC Enter the enable command from user EXEC mode. Router# Global configuration Enter the configure command
  • Cisco 851W | Configuration Guide - Page 160
    Help Appendix A Cisco IOS Software Basic Skills Table A-2 Command Modes Summary (continued) Mode Router configuration Access Method Prompt Enter one of the router commands followed by the appropriate keyword, for example router rip, from global configuration mode. Router (configrouter)# Line
  • Cisco 851W | Configuration Guide - Page 161
    to your router configuration. Enter the configure terminal command to enter global configuration mode: Router# configure terminal Router(config)# You can now make changes to your router configuration. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide A-5
  • Cisco 851W | Configuration Guide - Page 162
    Enter a question mark (?) to incorrectly. The error occurred display all of the commands that where the caret mark (^) appears. are available in this particular command mode. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide A-6 OL-5332-01
  • Cisco 851W | Configuration Guide - Page 163
    following message appears: Building configuration... Router# Summary Now that you have reviewed some Cisco IOS software basics, you can begin to configure your router. Remember: • You can use the question mark (?) and arrow keys to help you enter commands. • Each command mode restricts you to a set
  • Cisco 851W | Configuration Guide - Page 164
    Where to Go Next Appendix A Cisco IOS Software Basic Skills Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide A-8 OL-5332-01
  • Cisco 851W | Configuration Guide - Page 165
    ADSL OL-5332-01 This appendix contains conceptual information that may be useful to Internet service providers or network administrators when they configure Cisco routers. To review • Network Interfaces • Dial Backup • NAT • Easy IP (Phase 1) • Easy IP (Phase 2) • QoS • Access Lists ADSL is a
  • Cisco 851W | Configuration Guide - Page 166
    service provider setup), makes SHDSL ideal for LAN access. Network Protocols Network protocols enable the network to pass data from its source to a specific destination over LAN or WAN links. Routing address tables Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
  • Cisco 851W | Configuration Guide - Page 167
    of the routing tables and the amount of routing information. PPP Authentication Protocols The Point-to-Point Protocol (PPP) encapsulates network layer protocol information over point-to-point links. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide B-3
  • Cisco 851W | Configuration Guide - Page 168
    to any single attack. • The corporate office router controls the frequency and timing of the authentication attempts. Note We recommend using CHAP because it is the more secure of the two protocols. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide B-4 OL-5332-01
  • Cisco 851W | Configuration Guide - Page 169
    ) facilities that are configured at individual routers. Network Interfaces This section describes the network interface protocols that Cisco 850 and Cisco 870 series routers support. The following network interface protocols are supported: • Ethernet • ATM for DSL Ethernet Ethernet is a baseband
  • Cisco 851W | Configuration Guide - Page 170
    downtime by allowing a user to configure a backup modem line connection. The following can be used to bring up the dial backup feature in Cisco IOS software: • Backup Interface • Floating Static Routes • Dialer Watch Backup Interface A backup interface is an interface that stays idle until certain
  • Cisco 851W | Configuration Guide - Page 171
    are forwarded onto the outside network. The translation function is compatible with standard routing; the feature is required only on the router connecting the inside network to the outside domain. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide B-7
  • Cisco 851W | Configuration Guide - Page 172
    for the manual configuration of individual computers, printers, and shared file systems • Preventing the simultaneous use of the same IP address by two clients • Allowing configuration from a central site Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide B-8 OL-5332
  • Cisco 851W | Configuration Guide - Page 173
    packets, enabling them to be transmitted earlier than other flows. Interleaving provides the delay bounds for delay-sensitive voice packets on a slow link that is used for other best-effort traffic. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide B-9
  • Cisco 851W | Configuration Guide - Page 174
    -sensitive data to be dequeued and sent first (before packets in other queues are dequeued), giving delay-sensitive data preferential treatment over other traffic. B-10 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco 851W | Configuration Guide - Page 175
    the session and the packet therefore belongs to an established session.) This filter criterion would be part of an access list applied permanently to an interface. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide B-11
  • Cisco 851W | Configuration Guide - Page 176
    Access Lists Appendix B Concepts B-12 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco 851W | Configuration Guide - Page 177
    lost password or downloading software over the console port. If there is no Cisco IOS software image loaded on the router, the ROM monitor runs the router. This appendix contains the following sections: • Entering the ROM Monitor • ROM Monitor Commands • Command Descriptions • Disaster Recovery with
  • Cisco 851W | Configuration Guide - Page 178
    configuration mode. Reboots the router with the new configuration register value. The router remains in ROM monitor and does not boot the Cisco IOS software. As long as the configuration value is 0x0, you must manually boot the operating system from the console instruction stream serial download
  • Cisco 851W | Configuration Guide - Page 179
    in flash memory. Disaster Recovery with TFTP Download The standard way to load new software on your router is to use the copy tftp flash privileged EXEC command from the Cisco IOS software command-line interface (CLI). However, if the router is unable to boot Cisco IOS software, you can load new
  • Cisco 851W | Configuration Guide - Page 180
    = ip_address IP address of the TFTP server from which the TFTP_SERVER= ip_address software will be downloaded. Name of the file that will be downloaded to TFTP_FILE= filename the router. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide C-4 OL-5332-01
  • Cisco 851W | Configuration Guide - Page 181
    this variable downloads and boots the new software but does not save the software to flash memory. You can then use the image that is in flash memory the next time you enter the reload command. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide C-5
  • Cisco 851W | Configuration Guide - Page 182
    the contents by describing the meaning of each bit. In either case, the new virtual configuration register value is written into NVRAM but does not take effect until you reset or reboot the router. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide C-6 OL-5332-01
  • Cisco 851W | Configuration Guide - Page 183
    asynchronous transmitter/receiver (UART). If the PC serial port is not using a 16550 UART, we recommend using a speed of 38,400 bps or less when downloading a Cisco IOS image over the console port. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide C-7
  • Cisco 851W | Configuration Guide - Page 184
    IOS software has crashed or is halted. If you enter a debugging command and Cisco IOS crash information is not available, you see the following error message: "xxx: kernel context state is invalid, can not proceed." Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
  • Cisco 851W | Configuration Guide - Page 185
    , and size of NVRAM; for example: rommon 9> meminfo Main memory size: 40 MB. Available main memory starts at 0x10000, size 40896KB IO (packet) memory size: 5 percent of main memory. NVRAM size: 32KB OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide C-9
  • Cisco 851W | Configuration Guide - Page 186
    for new config to take effect: rommon 2 > boot The router will boot the Cisco IOS image in flash memory. The configuration register will change to 0x2101 the next time the router is reset or power cycled. C-10 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL
  • Cisco 851W | Configuration Guide - Page 187
    User Datagram Protocol (UDP) uses the same numbers. Table D-1 Currently Assigned TCP and UDP Port Numbers Port Keyword 0 - 1-4 - 5 RJE 7 ECHO Client Trivial File Transfer Protocol Any private dial-out service Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
  • Cisco 851W | Configuration Guide - Page 188
    Common Port Assignments Table D-1 Currently Assigned TCP and UDP Port Numbers (continued) Port service TCP-UNIX remote shell UDP-system log UNIX line printer remote spooling Routing Information Protocol Time server Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
  • Cisco 851W | Configuration Guide - Page 189
    b command 3 b flash command 3 boot commands 3 bridging, configuring 9, 4 broadcast intervals, RIP 3 C CAR 9 caution, described 13 CBAC firewall, configuring 3 CBWFQ 9 CHAP 4 Cisco IOS Firewall IDS 4 OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide IN-1
  • Cisco 851W | Configuration Guide - Page 190
    and GRE 9 VPN with IPSec tunnel 11 wireless LAN 7 configuration prerequisites 4 configuration register changing 10 to 11 changing from ROM monitor 6 value, resetting 12 configuring ATM WAN interface 7 IN-2 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332
  • Cisco 851W | Configuration Guide - Page 191
    watch 4, 7 dir device command 3 disaster recovery 3 to 6 DSL signaling protocol 6 Dynamic Host Configuration Protocol See DHCP dynamic routes configuration example 14 configuring 12, 14 E Easy IP OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide IN-3
  • Cisco 851W | Configuration Guide - Page 192
    Index Phase 1 overview 8 Phase 2 overview 8 Easy VPN configuration tasks 3 remote configuration 10 verify configuration 11 EIGRP configuration example 15 configuring 14 overview 2, 3 enable password recovering 12 setting 5 enable secret password recovering 12 setting 5 encapsulation 6 Enhanced
  • Cisco 851W | Configuration Guide - Page 193
    6 loopback interface, configuring 8 to 9 low latency queuing See LFQ M meminfo command 9 metrics EIGRP 3 RIP 3 mode configuration, applying to crypto map 6 modes See command modes N NAT configuration example 8, 11 configuring with PPPoA 9 configuring with PPPoE 1, 6 overview 7 to 8 See also Easy IP
  • Cisco 851W | Configuration Guide - Page 194
    lookup, enabling 6, 4, 5 port assignments, common 1 to 2 port labels for interfaces 1 port numbers currently assigned 1 to 2 PPP authentication protocols 3 to 4 fragmentation 9 interleaving 9 overview 3 PPP/Internet Protocol Control Protocol See IPCP PPPoA, configuration example 11 PPPoE client
  • Cisco 851W | Configuration Guide - Page 195
    troubleshooting commands, ATM 2 to 9 U UDP port numbers 1 to 2 undoing commands 6 upgrading software, methods for 9 User Datagram Protocol See UDP user EXEC mode 2, 3 V variables, command listing 4 VC 6 verify DHCP server configuration 4 Easy VPN configuration 11 PPPoE with NAT configuration 9 VLAN
  • Cisco 851W | Configuration Guide - Page 196
    Index configuration example 11 configuration tasks 3, 2 configuring 1, 4 W WAN interface, configuring 6, 3 wireless LAN configuration example 7 X xmodem command 8 IN-8 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Cisco 850 Series and Cisco 870 Series
Access Routers Software
Configuration Guide
Text Part Number: OL-5332-01