Cisco CISCO878-K9 Configuration Guide

Cisco CISCO878-K9 - 878 G.shdsl Sec Router Manual

Get Cisco CISCO878-K9 - 878 G.shdsl Sec Router PDF manuals and user guides
UPC - 649528741325
View all Cisco CISCO878-K9 manuals
Add to My Manuals
Save this manual to your list of manuals

Cisco CISCO878-K9 manual content summary:

  • Cisco CISCO878-K9 | Configuration Guide - Page 1
    Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Text Part Number: OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 2
    INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF Cisco 870 Series Access Routers Software Configuration Guide Copyright © 2005, Cisco Systems, Inc. All rights reserved.
  • Cisco CISCO878-K9 | Configuration Guide - Page 3
    and Timesavers 13 Command Conventions 13 Related Documents 14 Obtaining Documentation and Submitting a Service Request 14 Getting Started Basic Router Configuration 1 Interface Port Labels 1 Viewing the 14 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 3
  • Cisco CISCO878-K9 | Configuration Guide - Page 4
    PPP over Ethernet with NAT 1 Configure the Virtual Private Dialup Network Group Number 2 Configure the Fast Ethernet WAN Interfaces 3 Configure the Dialer Interface 4 Configure the IKE Policy 4 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 4 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 5
    1 Configure the Root Radio Station 2 Configure Bridging on VLANs 4 Configure Radio Station Subinterfaces 6 Configuration Example 7 Sample Configuration 1 Configuring Additional Features and Troubleshooting OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration
  • Cisco CISCO878-K9 | Configuration Guide - Page 6
    Configure ISDN Settings 17 Configure the Aggregator and ISDN Peer Router 20 Troubleshooting 1 Getting Started 1 Before Contacting Cisco or Your Reseller 1 ADSL Troubleshooting 2 SHDSL Troubleshooting 2 ATM Troubleshooting Commands 2 ping atm interface Command 3 Cisco 850 Series and Cisco 870 Series
  • Cisco CISCO878-K9 | Configuration Guide - Page 7
    7 Summary 7 Where to Go Next 7 Concepts 1 ADSL 1 SHDSL 2 Network Protocols 2 IP 2 Routing Protocol Options 2 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 7
  • Cisco CISCO878-K9 | Configuration Guide - Page 8
    Command Variables 4 Required Variables 4 Optional Variables 5 Using the TFTP Download Command 5 Configuration Register 6 Changing the Configuration Register Manually 6 Changing the Configuration Register Using Prompts 6 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration
  • Cisco CISCO878-K9 | Configuration Guide - Page 9
    D A P P E N D I X INDEX Console Download 7 Command Description 8 Error Reporting 8 Debug Commands 8 Exiting the ROM Monitor 10 Common Port Assignments 1 Contents OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 9
  • Cisco CISCO878-K9 | Configuration Guide - Page 10
    Contents Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 10 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 11
    Preface This software configuration guide provides instructions for using the Cisco command-line interface (CLI) to Conventions • Related Documents • Obtaining Documentation and Submitting a Service Request Audience This guide is intended for network administrators whose backgrounds vary from having
  • Cisco CISCO878-K9 | Configuration Guide - Page 12
    you need to configure your router. Organization This guide contains the following information: Part 1: Getting Started instructions on how to configure your Cisco router for dial backup and remote management. • Chapter 14, "Troubleshooting"-Provides information on identifying and solving problems
  • Cisco CISCO878-K9 | Configuration Guide - Page 13
    (UDP) port numbers. • Index Conventions This guide uses the conventions described in the following sections for instructions and information. guide. Caution This caution symbol means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data
  • Cisco CISCO878-K9 | Configuration Guide - Page 14
    Hardware Installation Guide • Cisco Router and Security Device Manager (SDM) Quick Start Guide • Cisco Access Router Wireless Configuration Guide • using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0. Cisco 850 Series and Cisco 870 Series
  • Cisco CISCO878-K9 | Configuration Guide - Page 15
    PART 1 Getting Started
  • Cisco CISCO878-K9 | Configuration Guide - Page 16
  • Cisco CISCO878-K9 | Configuration Guide - Page 17
    access. It also describes the default configuration on startup. Note Individual router models may not support every feature described throughout this guide. Features not supported by a particular router are indicated whenever possible. This chapter contains the following sections: • Interface Port
  • Cisco CISCO878-K9 | Configuration Guide - Page 18
    Configuration Chapter 1 Basic Router Configuration Table 1-1 Supported Interfaces and Associated Port Labels by Cisco Router 1090 bytes ! version 12.3 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router !
  • Cisco CISCO878-K9 | Configuration Guide - Page 19
    0 4 login transport preferred all transport input all transport output all ! end OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 1-3
  • Cisco CISCO878-K9 | Configuration Guide - Page 20
    parameters. - Determine the number of PVCs that your service provider has given you, along with their VPIs and VCIs. - For each PVC determine the type of AAL5 encapsulation supported. It can be one of Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 1-4 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 21
    global parameter commands, see the Cisco IOS Release 12.3 documentation set. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 1-5
  • Cisco CISCO878-K9 | Configuration Guide - Page 22
    the Fast Ethernet interface, beginning in global configuration mode: Step 1 Command interface type number Example: Router(config)# interface fastethernet 4 Router(config-int)# Step 2 ip address ip 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 1-6 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 23
    atm Router(config-controller)# exit Router(config)# Step 2 interface type number Example: Router(config)# interface atm0 Router(config-int)# Identifies and enters Wireless LAN Connection," and the Cisco Access Router Wireless Configuration Guide. OL-5332-01 Cisco 850 Series and Cisco 870 Series
  • Cisco CISCO878-K9 | Configuration Guide - Page 24
    to configure a loopback interface: Step 1 Command interface type number Example: Router(config)# interface Loopback 0 Router(config-int)# interface in this sample configuration is used to support Network Address Translation (NAT) on the virtual- Software Configuration Guide 1-8 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 25
    queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 1 Command line [aux | console | tty | vty] line-number Example: Router(config)# line console 0 Router(config)# Step 2 Guide 1-9
  • Cisco CISCO878-K9 | Configuration Guide - Page 26
    )# exec-timeout 5 30 Router(config)# Step 5 line [aux | console | tty | vty] line-number Example: Router(config)# line vty 0 4 Router(config)# Step 6 password password Example: Router(config)# password Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 27
    Static routes provide fixed routing paths through the network. They are manually configured on the router. If the network topology changes, the static Command ip route prefix mask {ip-address | interface-type interface-number [ip-address]} Example: Router(config)# ip route 192.168.1.0 Guide 1-11
  • Cisco CISCO878-K9 | Configuration Guide - Page 28
    routes dynamically. You can configure either of these routing protocols on your router. 1-12 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 29
    .3 documentation set. For more general information on RIP, see Appendix B, "Concepts." OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 1-13
  • Cisco CISCO878-K9 | Configuration Guide - Page 30
    in global configuration mode: Step 1 Command router eigrp as-number Example: Router(config)# router eigrp 109 Router(config)# Purpose Enters router configuration mode, and enables EIGRP on the router. The autonomous-system number identifies the route to other EIGRP routers and is used to tag the
  • Cisco CISCO878-K9 | Configuration Guide - Page 31
    protocol enabled in IP networks 192.145.1.0 and 10.10.12.115. The EIGRP autonomous system number is 109. Execute the show running-config command from privileged EXEC mode to see this configuration /0 OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 1-15
  • Cisco CISCO878-K9 | Configuration Guide - Page 32
    Configuring Enhanced IGRP Chapter 1 Basic Router Configuration 1-16 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 33
    PART 2 Configuring Your Router for Ethernet and DSL Access
  • Cisco CISCO878-K9 | Configuration Guide - Page 34
  • Cisco CISCO878-K9 | Configuration Guide - Page 35
    2 Sample Network Deployments This part of the software configuration guide presents a variety of possible Ethernet- and Digital Subscriber Line tool. You can access this tool at www.cisco.com > Technical Support & Documentation > Tools & Resources with your Cisco username and password. For
  • Cisco CISCO878-K9 | Configuration Guide - Page 36
    Chapter 2 Sample Network Deployments • Chapter 7, "Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation" • Chapter 8, "Configuring a Simple Firewall" Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 2-2 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 37
    E R 3 Configuring PPP over Ethernet with NAT The Cisco 851 and Cisco 871access routers support Point-to-Point Protocol over Ethernet (PPPoE) clients and network address translation (NAT). Multiple PPPoE server Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 3-1
  • Cisco CISCO878-K9 | Configuration Guide - Page 38
    Virtual Private Dialup Network Group Number Chapter 3 Configuring PPP over Ethernet with NAT PPPoE The PPPoE Client feature on the router provides PPPoE client support on Ethernet interfaces. A . Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 3-2 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 39
    dial-pool-number 1 Router(config-if)# Purpose Enters interface configuration mode for a Fast Ethernet WAN interface. Configures the PPPoE client and specifies the dialer interface to use for cloning. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 3-3
  • Cisco CISCO878-K9 | Configuration Guide - Page 40
    1 Command interface dialer dialer-rotary-group-number Example: Router(config)# interface dialer 0 Router if)# Purpose Creates a dialer interface (numbered 0-255), and enters interface configuration mode PPP for the data packets being transmitted and received. Cisco 850 Series
  • Cisco CISCO878-K9 | Configuration Guide - Page 41
    , see the Cisco IOS Dial Technologies Command Reference. Step 10 ip route prefix mask {interface-type interface-number} Example: Router(config)# ip route 10.10.25.2 255.255.255.255 dialer 0 Router(config)# -01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 3-5
  • Cisco CISCO878-K9 | Configuration Guide - Page 42
    source {list access-list-number} Enables dynamic translation of addresses on the {interface type number | pool name} [ Reference, Volume 1 of 4: Addressing and Services. interface type number Example: Router(config)# interface vlan 1 Services. Cisco 850 Series and Cisco 870 Series
  • Cisco CISCO878-K9 | Configuration Guide - Page 43
    mode for the Fast Ethernet interface. Step 7 interface type number Example: Router(config)# interface fastethernet 4 Router(config-if)# IOS IP Command Reference, Volume 1 of 4: Addressing and Services. Enables the configuration changes just made to the Ethernet interface. Configuration Guide 3-7
  • Cisco CISCO878-K9 | Configuration Guide - Page 44
    no ip directed-broadcast (default) ip nat outside pppoe enable group global pppoe-client dial-pool-number 1 no sh ! interface dialer 1 ip address negotiated ip mtu 1492 encapsulation ppp ppp authentication 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 3-8 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 45
    mappings: -- Inside Source [Id: 1] access-list 1 interface Dialer0 refcount 0 Queued Packets: 0 OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 3-9
  • Cisco CISCO878-K9 | Configuration Guide - Page 46
    Configuration Example Chapter 3 Configuring PPP over Ethernet with NAT 3-10 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 47
    over ATM with NAT The Cisco 857, Cisco 876, Cisco 877, and Cisco 878 access routers support Point-to-Point Protocol over Asynchronous Transfer Mode (PPPoA) clients and network address translation (NAT). Multiple Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 4-1
  • Cisco CISCO878-K9 | Configuration Guide - Page 48
    services digital network (ISDN) using the Cisco 876 router • Single-pair high-speed digital subscriber line (G.SHDSL) using the Cisco 878 router The Fast Ethernet interface carries the data feature on the router provides PPPoA client support on ATM interfaces. A dialer interface Guide 4-2 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 49
    config-if)# Sets the encapsulation type to PPP for the data packets being transmitted and received. Step 5 Step 6 ppp Router(config-if)# ppp authentication chap Router(config-if)# dialer pool number Example: Router(config-if)# dialer pool 1 Router(config-if)# Software Configuration Guide 4-3
  • Cisco CISCO878-K9 | Configuration Guide - Page 50
    see the Cisco IOS Dial Technologies Command Reference. Step 10 ip route prefix mask {interface-type interface-number} Example: Router(config)# ip route 10.10.25.2 0.255.255.255 dialer 0 Router(config)# 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 4-4 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 51
    Cisco IOS Wide-Area Networking Command Reference. Step 4 dialer pool-member number Example: Router(config-if-atm-vc)# dialer pool-member 1 Router(config . The pool number must be in the range of 1-255. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 4-5
  • Cisco CISCO878-K9 | Configuration Guide - Page 52
    support ADSL signaling over POTS, the Cisco 876 supports ADSL signaling over ISDN, and the Cisco 878 supports mode Loss of margin Training log Description Default Value number of times a loss of margin may occur. - Toggles between enabling the training log and disabling the Disabled training
  • Cisco CISCO878-K9 | Configuration Guide - Page 53
    dsl operating-mode (from the ATM interface configuration mode) • dsl lom integer • dsl enable-training-log See the Cisco IOS Wide-Area Networking Command Reference for details of these commands. Verify the 5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 4-7
  • Cisco CISCO878-K9 | Configuration Guide - Page 54
    Signaling Protocol Step 6 Command ignore-error-duration number Example: Router(config-controller)# ignore-error- 15 min UAS Defect: 0 Line-0 status Chipset Version: 0 Firmware Version: A388 Modem Status: Data, Status 1 Last Fail Mode: No Failure status:0x0 Line rate: 2312 Kbps Framer Sync Status:
  • Cisco CISCO878-K9 | Configuration Guide - Page 55
    ip nat inside source {list access-list-number} {interface type number | pool name} [overload] Example 1: list acl1 pool pool1 interface type number Example: Router(config)# interface vlan Command Reference, Volume 1 of 4: Addressing and Services. Enters configuration mode for the VLAN (on which
  • Cisco CISCO878-K9 | Configuration Guide - Page 56
    (config-if)# exit Router(config)# Step 7 interface type number Example: Router(config)# interface atm 0 Router(config-if Volume 1 of 4: Addressing and Services. Enables the configuration changes just made Reference, Volume 1 of 4: Addressing and Services. Enables the configuration changes just made
  • Cisco CISCO878-K9 | Configuration Guide - Page 57
    the ATM interface. Example: Router(config-if)# exit Router(config)# Step 11 access-list access-list-number {deny | permit} source [source-wildcard] Example: Router(config)# access-list 1 permit 192.168.1.0 -01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 4-11
  • Cisco CISCO878-K9 | Configuration Guide - Page 58
    translations: 0 Dynamic mappings: -- Inside Source [Id: 1] access-list 1 interface Dialer0 refcount 0 Queued Packets: 0 4-12 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 59
    Configuring a LAN with DHCP and VLANs The Cisco 870 series routers support clients on both physical LANs and virtual LANs (VLANs). The -oriented configuration information to your workstations. DHCP frees you from having to manually assign an IP address to each client. OL-5332-01 Cisco 850 Series
  • Cisco CISCO878-K9 | Configuration Guide - Page 60
    , you must reload the server with the configuration data from the Network Registrar database. VLANs The Cisco 870 series access routers support four Fast Ethernet ports on which you can configure VLANs Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 5-2 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 61
    ] Example: Router(config-dhcp)# network 10.10.0.0 255.255.255.0 Router(config-dhcp)# Defines subnet number (IP) address for the DHCP address pool, optionally including the mask. Step 6 import all Example: 01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 5-3
  • Cisco CISCO878-K9 | Configuration Guide - Page 62
    DHCP address pools. • show ip dhcp server statistics-Displays the DHCP server statistics, such as the number of address pools, bindings, and so forth. Router# show ip dhcp import Address Pool Name: Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 5-4 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 63
    pools 1 Database agents 0 Automatic bindings 0 Manual bindings 0 Expired bindings 0 Malformed messages 0 Secure and additional parameters that can be set, see the Cisco IOS Switching Services Command Reference. Updates the VLAN database, propagates it throughout the administrative domain
  • Cisco CISCO878-K9 | Configuration Guide - Page 64
    : 2 Name: VLAN0002 Media Type: Ethernet VLAN 802.10 Id: 100002 State: Operational MTU: 1500 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 5-6 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 65
    : fddinet-default Media Type: FDDI Net VLAN 802.10 Id: 101004 State: Operational MTU: 1500 Bridge Type: SRB Bridge Number: 1 STP Type: IBM VLAN ISL Id: 1005 Name: trnet-default Media Type: Token Ring Net VLAN 802.10 Id 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 5-7
  • Cisco CISCO878-K9 | Configuration Guide - Page 66
    1500 1005 0 - - srb 1 1002 1004 fdnet 101004 1500 - - 1 ibm - 0 0 1005 trnet 101005 1500 - - 1 ibm - 0 0 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 5-8 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 67
    an IPSec Tunnel The Cisco 870 series routers support the creation of Virtual Private Networks (VPNs). which encrypt the data between two particular endpoints. Two types of VPNs are supported-site-to-site 850 series routers do not support Cisco Easy VPN. OL-5332-01 Cisco 850
  • Cisco CISCO878-K9 | Configuration Guide - Page 68
    configured, a VPN connection can be created with minimal configuration on an IPSec client, such as a supported Cisco 870 series access router. When the IPSec client initiates the VPN tunnel connection, the IPSec Series and Cisco 870 Series Access Routers Software Configuration Guide 6-2 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 69
    The Cisco Easy VPN client feature supports configuration of only one destination peer. If your application requires creation of multiple VPN tunnels, you must manually configure the IPSec VPN and Network Address Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-3
  • Cisco CISCO878-K9 | Configuration Guide - Page 70
    policy that is used during IKE negotiation. The priority is a number from 1 to 10000, with 1 being the highest. Also enters algorithm used in the IKE policy. The example specifies 168-bit data encryption standard (DES). Step 3 Step 4 hash {md5 | sha Software Configuration Guide 6-4 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 71
    System (DNS) server for the group. Note You may also want to specify Windows Internet Naming Service (WINS) servers for the group by using the wins command. domain name Specifies group domain membership. 5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-5
  • Cisco CISCO878-K9 | Configuration Guide - Page 72
    the method used. This example uses a local authentication database. You could also use a RADIUS server for this. For details, see the Cisco IOS Security Configuration Guide and Cisco IOS Security Command Reference. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration
  • Cisco CISCO878-K9 | Configuration Guide - Page 73
    | configuration} {default | network-related service requests, including PPP, list-name} [ details, see the Cisco IOS Security Configuration Guide and Cisco IOS Security Command Reference. agree to use a particular transform set for protecting data flow. During IKE negotiations, the peers search
  • Cisco CISCO878-K9 | Configuration Guide - Page 74
    86400 Router(config)# See the Cisco IOS Security Command Reference for details. Note With manually established security associations, there is no negotiation with the peer, and both sides must -map)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-8 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 75
    traffic flows. Applying the crypto map to the physical interface instructs the router to evaluate all the traffic against the security in global configuration mode: Step 1 Command or Action interface type number Example: Router(config)# interface fastethernet 4 Router(config-if)# Purpose
  • Cisco CISCO878-K9 | Configuration Guide - Page 76
    has a DNS server available for hostname resolution. Specifies the VPN mode of operation. 6-10 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 77
    . Example: Router(config-crypto-ezvpn)# exit Router(config)# Step 6 Step 7 interface type number Example: Router(config)# interface fastethernet 4 Router(config-if)# Enters the interface configuration mode for Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-11
  • Cisco CISCO878-K9 | Configuration Guide - Page 78
    outside crypto map static-map ! interface vlan 1 crypto ipsec client ezvpn ezvpnclient inside ! 6-12 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 79
    connections which perform a high level of authentication and which encrypt the data between two particular endpoints. Two types of VPNs are supported-site-to-site and remote access. Site-to-site VPNs are with GRE Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 7-1
  • Cisco CISCO878-K9 | Configuration Guide - Page 80
    to exchange routing updates over the tunnel, and to enable IP multicast traffic. Supported IP routing protocols include Enhanced Interior Gateway Routing Protocol (EIGRP), Routing Information Protocol Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 7-2 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 81
    policy that is used during IKE negotiation. The priority is a number from 1 to 10000, with 1 being the highest. Also enters the encryption algorithm used in the IKE policy. The example uses 168-bit Data Encryption Standard (DES). Step 3 Step 4 hash {md5 | sha} Software Configuration Guide 7-3
  • Cisco CISCO878-K9 | Configuration Guide - Page 82
    Router(config-isakmp-group)# Specifies the primary Domain Name Service (DNS) server for the group. Note You may also want to specify Windows Internet Naming Service (WINS) servers for the group by using the 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 7-4 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 83
    this. See the Cisco IOS Security Configuration Guide and the Cisco IOS Security Command Reference access | configuration} {default | network-related service requests, including PPP, list-name} [ to use a particular transform set for protecting data flow. During IKE negotiations, the peers search
  • Cisco CISCO878-K9 | Configuration Guide - Page 84
    86400 Router(config)# See the Cisco IOS Security Command Reference for details. Note With manually established security associations, there is no negotiation with the peer, and both sides must -map)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 7-6 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 85
    traffic flows. Applying the crypto map to the physical interface instructs the router to evaluate all the traffic against the security in global configuration mode: Step 1 Command or Action interface type number Example: Router(config)# interface fastethernet 4 Router(config-if)# Purpose
  • Cisco CISCO878-K9 | Configuration Guide - Page 86
    ip address 10.62.1.193 255.255.255.255 Router(config-if)# Step 3 tunnel source interface-type number Example: Router(config-if)# tunnel source fastethernet 0 Router(config-if)# Specifies the source endpoint of Series and Cisco 870 Series Access Routers Software Configuration Guide 7-8 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 87
    or static routes to the tunnel interface must be configured to establish connectivity between the sites. See the Cisco IOS Security Configuration Guide for details. Exits interface configuration mode, and returns to global configuration mode. Enters ACL configuration mode for the named ACL that is
  • Cisco CISCO878-K9 | Configuration Guide - Page 88
    cdp enable crypto map to_corporate ! Applies the IPSec tunnel to the outside interface. 7-10 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 89
    permit ip 10.1.1.0 0.0.0.255 192.168.0.0 0.0.255.255 no cdp run OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 7-11
  • Cisco CISCO878-K9 | Configuration Guide - Page 90
    Configuration Example Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation 7-12 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 91
    and Cisco 870 series routers support network traffic filtering by means of access lists. The routers also support packet inspection and dynamic temporary back through the firewall. See the Cisco IOS Security Configuration Guide, Release 12.3, for more detailed information on traffic filtering and
  • Cisco CISCO878-K9 | Configuration Guide - Page 92
    firewall is applied to the outside WAN interface (FE4) on the Cisco 851 or Cisco 871 and protects the Fast Ethernet LAN on FE0 by filtering and inspecting all traffic entering the router on the Fast Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 8-2 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 93
    in global configuration mode: Step 1 Command access-list access-list-number {deny | permit} protocol source source-wildcard [operator [port]] IOS IP Command Reference, Volume 1 of 4: Addressing and Services for details about this command. Configure Inspection Rules Perform these steps Guide 8-3
  • Cisco CISCO878-K9 | Configuration Guide - Page 94
    inspection rules to the network interfaces, beginning in global configuration mode: Step 1 Command interface type number Example: Router(config)# interface vlan 1 Router(config-if)# Step 2 ip inspect inspection-name and Cisco 870 Series Access Routers Software Configuration Guide 8-4 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 95
    permit ip 10.1.1.0 0.0.0.255 192.168.0.0 0.0.255.255 no cdp run ! OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 8-5
  • Cisco CISCO878-K9 | Configuration Guide - Page 96
    Configuration Example Chapter 8 Configuring a Simple Firewall Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 8-6 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 97
    a Wireless LAN Connection The Cisco 850 and Cisco 870 series routers support a secure, affordable, and easy-to-use wireless LAN solution that combines configuration mode. See the Cisco Access Router Wireless Configuration Guide for more detailed information about configuring these Cisco routers in
  • Cisco CISCO878-K9 | Configuration Guide - Page 98
    LAN, beginning in global configuration mode: Step 1 Command interface name number Example: Router(config)# interface dot11radio 0 Router(config-if)# Step 2 -TLS], or Protected Extensible Authentication Protocol [PEAP]) can use the access point. Note This command is not supported on bridges.
  • Cisco CISCO878-K9 | Configuration Guide - Page 99
    method of data ciphers. Step 4 ssid name Example: Router(config-if)# ssid cisco Router(config-if-ssid)# Step 5 vlan number Creates a Service Set ID (Optional) Specifies the Request to Send (RTS) threshold or the number of times to send a request before determining the wireless LAN is unreachable
  • Cisco CISCO878-K9 | Configuration Guide - Page 100
    -role root Router(config-if)# (Optional) Specifies the channel on which communication occurs. See the Cisco Access Router Wireless Configuration Guide for available channel numbers. (Optional) Specifies the role of this radio interface. You must specify at least one root interface. Step 13 exit
  • Cisco CISCO878-K9 | Configuration Guide - Page 101
    1 spanning-disabled Router(config)# Step 5 interface name number Example: Router(config)# interface bvi 1 Router(config)# Step 6 bridge number route protocol Example: Router (config) # bridge 1 route -5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 9-5
  • Cisco CISCO878-K9 | Configuration Guide - Page 102
    root station, beginning in global configuration mode: Step 1 Command interface type number Example: Router(config)# interface dot11radio 0.1 Router(config-subif)# Purpose Enters subinterface . Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 9-6 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 103
    Chapter 9 Configuring a Wireless LAN Connection Configuration Example Step 5 Command bridge-group number Example: Router(config-subif)# bridge-group 1 Router(config-subif)# Step 6 exit Example: OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 9-7
  • Cisco CISCO878-K9 | Configuration Guide - Page 104
    ip address 10.0.2.1 255.255.255.0 ! interface BVI3 ip address 10.0.3.1 255.255.255.0 ! Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 9-8 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 105
    chapters. This allows you to view what a basic configuration provided by this guide looks like in a single sample, Example 10-1. Note Commands marked by ! version 12.3 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname
  • Cisco CISCO878-K9 | Configuration Guide - Page 106
    static-map ! crypto isakmp policy 1 encryption 3des authentication pre-share group 2 lifetime 480 ! 10-2 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 107
    -group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 10-3
  • Cisco CISCO878-K9 | Configuration Guide - Page 108
    -server host 10.0.1.1 auth-port 1812 acct-port 1813 key cisco123 ! control-plane ! 10-4 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 109
    0 4 password cisco123 transport preferred all transport input all transport output all ! OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 10-5
  • Cisco CISCO878-K9 | Configuration Guide - Page 110
    Chapter 10 Sample Configuration 10-6 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 111
    PART 3 Configuring Additional Features and Troubleshooting
  • Cisco CISCO878-K9 | Configuration Guide - Page 112
  • Cisco CISCO878-K9 | Configuration Guide - Page 113
    troubleshooting needs. See the appropriate Cisco IOS configuration guides and command references for additional details. Note To verify that a specific feature is compatible with your router, you can use the Software Advisor tool. You can access this tool at www.cisco.com > Technical Support
  • Cisco CISCO878-K9 | Configuration Guide - Page 114
    Chapter 11 Additional Configuration Options 11-2 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 115
    may not support every feature described throughout this guide. Features not supported by a for each service, per-user account list and profile, user group support, and support of IP, stop times, executed commands (such as PPP), number of packets, and number of bytes. AAA uses protocols such as RADIUS
  • Cisco CISCO878-K9 | Configuration Guide - Page 116
    services and supported security protocols, see the following sections of the Cisco IOS Security Configuration Guide configure access lists. Table 12-1 Access List Configuration Commands ACL Type Numbered Standard Extended Named Standard Extended Configuration Commands access-list {1-99}{permit |
  • Cisco CISCO878-K9 | Configuration Guide - Page 117
    the following command: ip access-group {access-list-number | access-list-name}{in | out} where in the Cisco IOS Release 12.3 Security Configuration Guide. Configuring a CBAC Firewall Context-Based traffic can be made by examining application layer data, something static access lists cannot do. To
  • Cisco CISCO878-K9 | Configuration Guide - Page 118
    Intrusion Detection System (IDS) technology enhances perimeter firewall protection by taking appropriate action on packets and flows that the Cisco IOS Release 12.3 Security Configuration Guide. For information about additional VPN configurations supported by Cisco 850 and Cisco 870 series access
  • Cisco CISCO878-K9 | Configuration Guide - Page 119
    support dial-in (for remote management) and dial-out (for dial backup) capabilities. By allowing you to configure a backup modem line connection, the Cisco 800 series access routers provide protection OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 13-1
  • Cisco CISCO878-K9 | Configuration Guide - Page 120
    Command interface type number Example: Router(config)# interface atm 0 Router(config-if)# backup interface interface-type interface-number Example: Router( Relay circuits because the line protocol may not go down if the data-link connection identifier (DLCI) is inactive. Floating static routes are
  • Cisco CISCO878-K9 | Configuration Guide - Page 121
    value of the primary interface. Step 5 ip route prefix mask {ip-address | interface-type interface-number [ip-address]} [distance] Example: Router(config)# ip route 0.0.0.0 0.0.0.0 192.168.2.2 150 Router -01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 13-3
  • Cisco CISCO878-K9 | Configuration Guide - Page 122
    dialer watch method only supports the Extended Interior Gateway Step 1 Command interface type number Example: Router(config)# 2 dialerwatch-group group-number Specifies the group number for the watch list. . 22.0.0.2 is the peer IP interface-number [ip-address]} address of the primary interface
  • Cisco CISCO878-K9 | Configuration Guide - Page 123
    number list group-number {ip supported over console or supported. • Dial backup support support and limitations for the Cisco 800 series access routers. Table 13-1 Dial Backup Feature Support not supported supported. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access
  • Cisco CISCO878-K9 | Configuration Guide - Page 124
    Management Table 13-1 Dial Backup Feature Support and Limitations Summary (continued) WAN Encapsulation done through the WAN interface, it is not supported across the auxiliary port. Configuration Example The following three -pool-number 2 13-6 Cisco 850 Series and Cisco 870
  • Cisco CISCO878-K9 | Configuration Guide - Page 125
    dialer pool-member 1 isdn switch-type basic-net3 ! interface ATM0 no ip address no atm ilmi-keepalive pvc 1/40 encapsulation aal5snap pppoe-client dial-pool-number 2 OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration
  • Cisco CISCO878-K9 | Configuration Guide - Page 126
    dialer pool-member 1 isdn switch-type basic-net3 ! interface ATM0 no ip address no atm ilmi-keepalive pvc 1/40 encapsulation aal5snap pppoe-client dial-pool-number 2 13-8 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration
  • Cisco CISCO878-K9 | Configuration Guide - Page 127
    . Cisco 850 and Cisco 870 routers can use the auxiliary port for dial backup and remote management. Note The cable modem environment is currently not supported. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration
  • Cisco CISCO878-K9 | Configuration Guide - Page 128
    PSTN 3 C 2 82269 1 Cisco 850 or Cisco 870 A Main WAN link; primary connection to Internet service provider series router 2 Modem B Dial backup; serves as a failover link for Cisco 870 routers when primary 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 129
    the group number for watch list. Example: Router(config-if)# dialer watch-group 1 Router(config-if)# Step 9 exit Enters global configuration mode. Example: Router(config-if)# exit Router(config)# OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 13
  • Cisco CISCO878-K9 | Configuration Guide - Page 130
    Router(config)# access-list 1 permit 192.168.0.0 0.0.255.255 any Step 13 dialerwatch-list group-number {ip ip-address address-mask | delay route-check initial seconds} Evaluates the status of the 12 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 131
    network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 ! ! Need to use your own correct ISP phone number. modemcap entry MY-USER_MODEM:MSC=&F1S0=1 chat-script Dialout ABORT ERROR ABORT BUSY "" "AT" OK "ATDT 5555102\T" and Cisco 870 Series Access Routers Software Configuration Guide 13-13
  • Cisco CISCO878-K9 | Configuration Guide - Page 132
    Port interface ATM0 mtu 1492 no ip address no atm ilmi-keepalive pvc 0/35 pppoe-client dial-pool-number 1 ! dsl operating-mode auto ! ! Primary WAN link. interface Dialer1 ip address negotiated ip 13-14 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 133
    0 4 exec-timeout 0 0 password cisco login ! scheduler max-task-time 5000 end OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 13-15
  • Cisco CISCO878-K9 | Configuration Guide - Page 134
    dial-in access to allow changes or updates to Cisco IOS configuration -- 13-16 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 135
    needed for the dialer watch to activate the backup ISDN line. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 13-17
  • Cisco CISCO878-K9 | Configuration Guide - Page 136
    types supported, see the Cisco IOS Dial Technologies Command Reference. interface type number Example: -if)# Step 4 dialer pool-member number Specifies the dialer pool membership. Example: number Example: Router(config)# interface dialer 0 Router(config-if)# Creates a dialer interface (numbered
  • Cisco CISCO878-K9 | Configuration Guide - Page 137
    ppp Router(config-if)# Sets the encapsulation type to PPP for the interface. Step 10 dialer pool number Example: Router(config-if)# dialer pool 1 Router(config-if)# Specifies the dialer pool to be used 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 13-19
  • Cisco CISCO878-K9 | Configuration Guide - Page 138
    ip address encapsulation ppp dialer pool-member 1 isdn switch-type basic-net3 ! 13-20 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 139
    .168.2.1 ip route 40.0.0.0 255.0.0.0 30.1.1.1 ! dialer-list 1 protocol ip permit ! OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 13-21
  • Cisco CISCO878-K9 | Configuration Guide - Page 140
    Configuring Dial Backup and Remote Management Through the ISDN S/T Port Chapter 13 Configuring Dial Backup and Remote Management 13-22 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 141
    troubleshooting a software problem, enter commands to troubleshoot a problem. You can also source of a problem, contact your local reseller number • Maintenance agreement or warranty information • Type of software and version number • Date you received the hardware • Brief description of the problem
  • Cisco CISCO878-K9 | Configuration Guide - Page 142
    For more information on the ADSL LEDs, see the hardware installation guide specific for your router. • The correct Asynchronous Transfer Mode ( Troubleshooting Symmetrical high-data-rate digital subscriber line (SHDSL) is available on Cisco 878 and Cisco 1803 router models. If you experience trouble
  • Cisco CISCO878-K9 | Configuration Guide - Page 143
    not supported sec, 0 packets/sec 512 packets input, 59780 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 1024 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
  • Cisco CISCO878-K9 | Configuration Guide - Page 144
    Commands Chapter 14 Troubleshooting 426 packets output 1/255 Encapsulation PPP, loopback not set Keepalive set (10 sec) DTR is pulsed for 5 seconds on reset LCP Closed the ATM line has been disconnected (by the service provider). For Fast Ethernet Interfaces Fast Ethernet n Guide OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 145
    Troubleshooting ATM Troubleshooting . or • If you are having problems with the specified dialer interface, this can enabled Maximum VCs Current VCCs Description Interface number. Always 0 for the Cisco 850 routers support AAL5. Maximum number of virtual connections this interface supports. Number of
  • Cisco CISCO878-K9 | Configuration Guide - Page 146
    number of transmit channels. Configured maximum number of bytes in the largest datagram. Physical layer interface module (PLIM) type. debug atm Commands Use the debug commands to troubleshoot configuration problems Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 147
    Troubleshooting ATM Troubleshooting Commands 01:32:08:ATM(ATM0.2):VC(3) Bad SAP received 4500 01:32:10:ATM(ATM0.2):VC(3) Bad SAP received 4500 debug atm events Command Use the debug atm events command to display events that occur on the ATM interface processor and to diagnose problems training
  • Cisco CISCO878-K9 | Configuration Guide - Page 148
    14 Troubleshooting 00:03 number [vcd vcd-number][vc vpi/vci number]] no debug atm packet [interface atm number [vcd vcd-number][vc vpi/vci number]] where the keywords are defined as follows: interface atm number (Optional) ATM interface or subinterface number. vcd vcd-number (Optional) Number
  • Cisco CISCO878-K9 | Configuration Guide - Page 149
    Chapter 14 Troubleshooting Software Upgrade Methods Table 14-3 debug atm packet Command Output Description (continued) Field VCD: 0xn VPI: 0xn DM: 0xn Length: on replacing enable secret passwords. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 14-9
  • Cisco CISCO878-K9 | Configuration Guide - Page 150
    Password Chapter 14 Troubleshooting Change the the router. Configure the terminal to operate at 9600 baud, 8 data bits, no parity, and 1 stop bit. If you still Processor board ID MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10 4 FastEthernet interfaces 1 ATM interface Guide OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 151
    Chapter 14 Troubleshooting Recovering a Lost Password Step 5 Step 6 If your keyboard does not have a Break key, see the documentation that came with the terminal for instructions on how to send a break. Step 2 Step 3 Step 4 Step 5 Step 6 Step Access Routers Software Configuration Guide 14-11
  • Cisco CISCO878-K9 | Configuration Guide - Page 152
    Recovering a Lost Password Chapter 14 Troubleshooting If you are recovering an enable password, do not perform the steps in the following "Reset the Password and , and enter the recovered password. 14-12 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 153
    Chapter 14 Troubleshooting Managing Your Router with SDM Managing Your Router with SDM The Cisco SDM tool is a free software configuration utility, supporting the Cisco 850 and Cisco 870 series access 5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 14-13
  • Cisco CISCO878-K9 | Configuration Guide - Page 154
    Managing Your Router with SDM Chapter 14 Troubleshooting 14-14 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 155
    PART 4 Reference Information
  • Cisco CISCO878-K9 | Configuration Guide - Page 156
  • Cisco CISCO878-K9 | Configuration Guide - Page 157
    , which are based on the type of PC you are using. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide A-1
  • Cisco CISCO878-K9 | Configuration Guide - Page 158
    settings so that your PC can communicate with your router: • 9600 baud • 8 data bits • No parity • 1 stop bit • No flow control These settings should command mode supports specific Cisco IOS commands. For example, you can use the interface type number command only Configuration Guide A-2 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 159
    configuration mode, enter the configure • Perform the verification steps shown in this guide. command. To prevent unauthorized changes to your router configuration, access to this mode should be protected with a password as described in "Enable Secret Passwords and Enable Passwords" later
  • Cisco CISCO878-K9 | Configuration Guide - Page 160
    configuration mode. Router (configrouter)# Line configuration Enter the line command with the desired line number and optional line type, for example, line 0, from global configuration mode. Router ( Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide A-4 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 161
    without password protection. Because many privileged EXEC commands are used to set operating parameters, you should password-protect these enable password can contain any number of uppercase and lowercase alphanumeric characters. In both cases, a number cannot be the first character Guide A-5
  • Cisco CISCO878-K9 | Configuration Guide - Page 162
    commands that where the caret mark (^) appears. are available in this particular command mode. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide A-6 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 163
    , go to Chapter 1, "Basic Router Configuration," and Chapter 2, "Sample Network Deployments." OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide A-7
  • Cisco CISCO878-K9 | Configuration Guide - Page 164
    Where to Go Next Appendix A Cisco IOS Software Basic Skills Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide A-8 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 165
    IP (Phase 2) • QoS • Access Lists ADSL is a technology that allows both data and voice to be transmitted over the same line. It is a packet-based pair copper wire on the local loop ("last mile") between a network service provider (NSP) central office and the customer site, or on local Guide B-1
  • Cisco CISCO878-K9 | Configuration Guide - Page 166
    both data and voice to be transmitted over the same line. SHDSL is a packet-based network technology that allows high-speed transmission over twisted-pair copper wire between a network service provider Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide B-2 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 167
    distance (hop count) as its metric for route selection. Hop count is the number of routers that a packet must traverse to reach its destination. For example, if changed and sends an incremental update. Because Enhanced IGRP supports IP, you can use one routing protocol for multiprotocol Guide B-3
  • Cisco CISCO878-K9 | Configuration Guide - Page 168
    as network-layer address negotiation and data-compression negotiation. PPP supports these functions by providing an extensible in clear text (not scrambled or encrypted). • PAP provides no protection from playback or repeated trial-and-error attacks. • The remote office Guide B-4 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 169
    services, such as event logging. User passwords are administered in a central database rather than in individual routers. TACACS+ also provides support high-speed multiplexing and switching protocol that supports multiple traffic types, including voice, data, video, and imaging. ATM is Guide B-5
  • Cisco CISCO878-K9 | Configuration Guide - Page 170
    receiver. Cisco routers support the AAL5 format, which provides a streamlined data transport service that functions with less and applied dynamically as needed. Dial Backup Dial backup provides protection against WAN downtime by allowing a user to configure a backup Guide B-6 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 171
    on the router connecting the inside network to the outside domain. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide B-7
  • Cisco CISCO878-K9 | Configuration Guide - Page 172
    type of configuration, relatively few external addresses are required to support many internal hosts, thus conserving IP addresses. Because the increased automation and fewer network administration problems by: • Eliminating the need for the manual configuration of individual computers, printers,
  • Cisco CISCO878-K9 | Configuration Guide - Page 173
    of both edge and backbone routers in your network. QoS software enables complex networks to control and predictably service a variety of networked applications and traffic types. Almost any network can take advantage of QoS for optimum efficiency, whether it is a small corporate network, an Internet
  • Cisco CISCO878-K9 | Configuration Guide - Page 174
    interleaving and CBWFQ to define how data is managed; use Resource Reservation Protocol is used with multilink PPP to define how data is managed; RSVP or IP Precedence is and that traffic gets predictable service. Low-volume traffic streams are delay-sensitive data to be dequeued and sent
  • Cisco CISCO878-K9 | Configuration Guide - Page 175
    be part of an access list applied permanently to an interface. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide B-11
  • Cisco CISCO878-K9 | Configuration Guide - Page 176
    Access Lists Appendix B Concepts B-12 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 177
    password if prompted. Enters global configuration mode. Resets the configuration register. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide C-1
  • Cisco CISCO878-K9 | Configuration Guide - Page 178
    long as the configuration value is 0x0, you must manually boot the operating system from the console. See the , it is in ROM monitor mode. The number in the prompt increments with each new line. directories-dir display instruction stream serial download a program Guide C-2 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 179
    boot commands, see the Cisco IOS Configuration Fundamentals and Network Management Guide. b Boots the first image in flash memory. b flash: the tftpdnld command only for disaster recovery, because it erases all existing data in flash memory before downloading a new software image to the router.
  • Cisco CISCO878-K9 | Configuration Guide - Page 180
    downloaded. Name of the file that will be downloaded to TFTP_FILE= filename the router. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide C-4 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 181
    for 1.4.0.1 • ARP reply for 1.4.0.1 received. MAC address 00:00:0c:07:ac:01 TFTP_VERBOSE= setting Number of times the router attempts ARP and TFTP_RETRY_COUNT= TFTP download. The default is 7. retry_times Length of 850 Series and Cisco 870 Series Access Routers Software Configuration Guide C-5
  • Cisco CISCO878-K9 | Configuration Guide - Page 182
    you for the setting of each bit. Changing the Configuration Register Manually To change the virtual configuration register from the ROM monitor manually, enter the confreg command followed by the new value of the Series and Cisco 870 Series Access Routers Software Configuration Guide C-6 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 183
    or less when downloading a Cisco IOS image over the console port. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide C-7
  • Cisco CISCO878-K9 | Configuration Guide - Page 184
    that the software is being downloaded from, this function might not be supported by Xmodem. r Optional. Image is loaded into DRAM for execution. the data transfer, when an error occurs during a data transfer, error messages are only displayed on the console once the data Guide C-8 OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 185
    IO (packet) memory size: 5 percent of main memory. NVRAM size: 32KB OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide C-9
  • Cisco CISCO878-K9 | Configuration Guide - Page 186
    change to 0x2101 the next time the router is reset or power cycled. C-10 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 187
    numbers. Table D-1 Currently Assigned TCP and UDP Port Numbers Port Keyword 0 - 1-4 - 5 RJE 7 ECHO 9 DISCARD 11 USERS 13 DAYTIME 15 NETSTAT 17 QUOTE 19 CHARGEN 20 FTP-DATA generator File Transfer Protocol (data) File Transfer Protocol service Cisco 850 Series and
  • Cisco CISCO878-K9 | Configuration Guide - Page 188
    and UDP Port Numbers (continued) Port Service Access Point (TSAP) X400 X400-SND Sun Microsystems Remote Procedure Call Authentication service UNIX-to-UNIX Copy Protocol (UUCP) Path Service service NetBIOS datagram service NetBIOS session service UDP-UNIX broadcast name service TCP-UNIX remote shell
  • Cisco CISCO878-K9 | Configuration Guide - Page 189
    configuring 6 ordering 4 overview 1 troubleshooting 2 aggregator, configuring 20 ARP encapsulation types 6 queues 10 troubleshooting commands 2 to 9 ATM adaptation commands 3 bridging, configuring 9, 4 broadcast intervals, RIP 3 C CAR 9 caution, described 13 CBAC firewall, configuring 3 CBWFQ 9 CHAP
  • Cisco CISCO878-K9 | Configuration Guide - Page 190
    2 to 4 commands -? 3 ? 4 abbreviating 6 access list 2 ATM troubleshooting 2 to 9 b 3 b flash 3 boot 3 completing 4 confreg 6 command variables listing 4 TFTP download 4 committed access rate See CAR configuration changes making 5 saving 12, 7 configuration examples command-line Guide OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 191
    to 9 NAT 9 PPPoE with NAT 1, 2 RIP 13 router from PC 1 static routes 11 VLANs 1 VPDN group number 2 VPNs 1, 2 WAN interface 6 your network, preparing for 4 confreg command 6 connections, setting up 4 console download 7 850 Series and Cisco 870 Series Access Routers Software Configuration Guide IN-3
  • Cisco CISCO878-K9 | Configuration Guide - Page 192
    commands 4 hop count, defined 3 I i command 3 IKE policy, configuring 4, 3 inspection rules applying to interfaces 4 IN-4 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 193
    See NVRAM note, described 13 NVRAM, saving changes to 7 O overloading, defined 8 OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide IN-5
  • Cisco CISCO878-K9 | Configuration Guide - Page 194
    setting up global 5 Password Authentication Protocol See PAP password protection 5 passwords recovery 9 to 12 resetting 12 setting 5 , common 1 to 2 port labels for interfaces 1 port numbers currently assigned 1 to 2 PPP authentication protocols 3 to Software Configuration Guide OL-5332-01
  • Cisco CISCO878-K9 | Configuration Guide - Page 195
    overview 2 troubleshooting 2 show atm data-rate digital subscriber line See G.SHDSL sysret command 9 T TACACS+ 5 TCP/IP-oriented configuration 1 TCP port numbers troubleshooting commands, ATM 2 to 9 U UDP port numbers number, configuring 2 VLANs configuring 1 verify configuration 6 VPDN group number
  • Cisco CISCO878-K9 | Configuration Guide - Page 196
    Index configuration example 11 configuration tasks 3, 2 configuring 1, 4 W WAN interface, configuring 6, 3 wireless LAN configuration example 7 X xmodem command 8 IN-8 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Cisco 850 Series and Cisco 870 Series
Access Routers Software
Configuration Guide
Text Part Number: OL-5332-01