Cisco Systems C819GUK9, C819HG4GVK9 manual Create a Cisco Easy VPN Remote Configuration

Page 6

Contents

Configuring AutoSecure		9-2
Configuring Access Lists		9-2
Access Groups	9-3
Configuring Cisco IOS Firewall			9-3
Configuring Cisco IOS IPS		9-4
URL Filtering 9-4
Configuring VPN 9-4
Remote Access VPN		9-5
Site-to-Site VPN	9-6
Configuration Examples			9-7
Configure a VPN over an IPSec Tunnel				9-7
Configure the IKE Policy 9-7
Configure Group Policy Information				9-9
Apply Mode Configuration to the Crypto Map					9-10
Enable Policy Lookup			9-11
Configure IPSec Transforms and Protocols 9-12
Configure the IPSec Crypto Method and Parameters 9-12
Apply the Crypto Map to the Physical Interface					9-14
Where to Go Next			9-14

				Create a Cisco Easy VPN Remote Configuration 9-15
				Configuration Example			9-16
				Configure a Site-to-Site GRE Tunnel 9-17
				Configuration Example			9-19
				Configuring the Ethernet Switches 10-1
C H A P T E R 10				Configuring the Ethernet Switches 10-1
				Switch Port Numbering and Naming				10-1
				Restrictions for the FE Switch			10-1
				Information About Ethernet Switches				10-2
				VLANs and VLAN Trunk Protocol				10-2
				Layer 2 Ethernet Switching			10-2
				802.1x Authentication		10-2
				Spanning Tree Protocol		10-2
				Cisco Discovery Protocol			10-2
				Switched Port Analyzer		10-3
				IGMP Snooping	10-3
				Storm Control 10-3
				Fallback Bridging	10-3
				Overview of SNMP MIBs		10-3
				BRIDGE-MIB for Layer 2 Ethernet Switching 10-4
			Cisco 819 Series Integrated Services Routers Software Configuration Guide


	4							OL-23590-02
	4							OL-23590-02

Image 6

Contents Americas Headquarters Text Part Number OL-23590-02 September 2Page N T E N T S Data Account Provisioning Configuring a Cellular Interface Specifying a Synchronous Serial Interface Create a Cisco Easy VPN Remote Configuration NAT Getting Help TACACS+ OL-23590-02 Product Overview General Description1shows the Cisco 819HG ISR New Features 3G FeaturesSKU Information Wlan Features Platform FeaturesSecurity Features Wireless Device Overview ScanSafeTftp support with Ethernet WAN interface LEDsColor Description Rssi Router# show controllers cellular Wireless Local Area Network Wlan FeaturesDual-Radio Dynamic Frequency Selection CleanAir TechnologyImages Supported LEDsWlan LED OL-23590-02 4G LTE Wireless WAN OL-23590-02 Basic Router Configuration Default Configuration Interface PortsRouter Interface Port Label Information Needed for Configuration OL-23590-02 Configuring Command-Line Access Line aux console tty vty line-number Password password LoginCommand Purpose ExampleExits line configuration mode and returns to Enables password checking at the virtual terminalSession login Privileged Exec modeConfiguring Global Parameters Configuring WAN Interfaces Configuring a Gigabit Ethernet WAN InterfaceNo shutdown Exit Configuring the Cellular Wireless WAN Interface ExamplePrerequisites for Configuring the 3G Wireless Interface Restrictions for Configuring the Cellular Wireless InterfaceCommand or Action Purpose Data Account ProvisioningDetails about the command parameters Shows the radio signal strengthSignal strength, the network security, and so on Displays the cellular gps informationManual Activation 2lists the modem data profile parametersActivation and Provisioning Process Carrier Cellular unit cdma activate manual mdn msid mslActivating with Over-the-Air Service Provisioning Cellular cdma activate iotaRouter # cellular 0 cdma activate otasp phonenumber Configuring a Cellular Interface Configuring DDR Interface cellular Dialer string stringSpecifies the number of the dialer access group to Enters global configuration modeEnables DDR and configures the specified serial Enters the global configuration modeExits line configuration mode Specifies the line configuration mode. It is alwaysSpecifies a default modem chat script Configures this line for GSMExamples for Configuring Cellular Wireless Interfaces This section provides the following configuration examplesTunnel over Cellular Interface Configuration Following shows how to configure an HSPA+ modemConfiguring Dual SIM for Cellular Networks Command Syntax DescriptionCellular GSM SIM Perform the following commands to manually switch the SIMFollowing command forces the modem to connect to SIM1 Locks or unlocks the SIMOutput When Button Is Not Pushed Example Output When Button Is Pushed ExampleRommon Behavior IOS Behavior Configuring a Loopback Interface Configuring the Fast Ethernet LAN InterfacesPush Button in Wlan AP Verifying Configuration Router# show interface loopbackConfiguring Static Routes Another way to verify the loopback interface is to ping itConfiguring Dynamic Routes Verifying ConfigurationExample Router rip Version 1 Configuring Routing Information ProtocolCommand Task No auto-summary EndConfiguring Enhanced Interior Gateway Routing Protocol Router eigrp as-numberEigrp on the router. The autonomous-system Enters router configuration mode and enablesBe applied, using the IP address of the network Number identifies the route to other Eigrp routersOL-23590-02 Configuring Backup Data Lines and Remote Management Configuring Backup Interfaces819 Yes Assigns an interface as the secondary or backup Enters interface configuration mode forInterface for which you want to configure backup Be configured to back up a serial 0 interfaceConfigure terminal Configuring Cellular Dial-on-Demand Routing BackupConfiguring DDR Backup Using Dialer Watch Dialer watch group group-numberUsing the chat script command Enables dialer watch on the backup interfaceDo not use the access list permit all command to Specifies the interfaceConfiguring DDR Backup Using Floating Static Route No aaa new-model Source-interface Dialer2 Line vty 0 4 login Scheduler max-task-time Webvpn cef end Dial Backup and Remote Management Through the Auxiliary Port Ip name-server server-address Ip dhcp pool name Exit Sample commands that you can use in Dhcp Enters Dhcp pool configuration mode. The nameConfigure the Dhcp address pool. For Pool configuration mode, see the ExampleEnters configuration mode for the line interface Enters configuration mode for the auxiliary Switches the port from console to auxiliary portExits the configure interface mode Enables hardware signal flow controlPpp authentication pap callin PC IP address behind CPE OL-23590-02 Environmental and Power Management Router# show environmentEnvironmental and Power Management Cisco EnergyWise Support Cisco EnergyWise SupportConfiguring the Serial Interface WAN ConcentrationConfiguring Serial Interfaces Product Number Cable Type Length Connector TypeLegacy Protocol Transport Information About Configuring Serial Interfaces Cisco Hdlc EncapsulationPPP Encapsulation Keepalive Timer Multilink PPPFrame Relay Encapsulation LMI on Frame Relay Interfaces How to Configure Serial InterfacesConfiguring a Synchronous Serial Interface This section contains the following tasksConfigures synchronous serial encapsulation Specifying a Synchronous Serial InterfaceSpecifying Synchronous Serial Encapsulation Configuring PPP Configures an Sdlc interface for half-duplex modeSignals Encapsulation hdlc Compress stac Configuring Compression of Hdlc DataUsing the Nrzi Line-Coding Format Nrzi-encodingTransmit-clock-internal Inverting the Transmit Clock SignalEnabling the Internal Clock Invert txclock Invert rxclockSetting Transmit Delay Configuring DTR Signal PulsingIgnoring DCD and Monitoring DSR as Line Up/Down Indicator Specifying the Serial Network Interface Module Timing Dce-terminal-timing enableConfigures the DCE to use Scte from the DTE Ignore-dcdSpecifies timing configuration to invert TXC clock Dte-invert-txcConfiguring Low-Speed Serial Interfaces Understanding Half-Duplex DTE and DCE State MachinesHalf-Duplex DCE State Machines Half-Duplex DCE Transmit State Machine Constant-carrier mode No half-duplex controlled-carrierPlaces a low-speed serial interface Sdlc cts-delay Sdlc rts-timeout Changing Between Synchronous and Asynchronous ModesPhysical-layer sync async Returns the interface to its default mode, which is Configuration ExamplesInterface Enablement Configuration Examples No physical-layerSynchronous or Asynchronous Mode Examples Half-Duplex Timers ExampleLow-Speed Serial Interface Examples Configuring Security Features Authentication, Authorization, and AccountingConfiguration Commands Configuring AutoSecureConfiguring Access Lists ACL TypeConfiguring Cisco IOS Firewall Access GroupsConfiguring Cisco IOS IPS Configuring VPNURL Filtering Remote Access VPN VPN client-Cisco 819 ISR Site-to-Site VPNBranch office containing multiple LANs and VLANs Corporate office networkConfiguration Examples Configure a VPN over an IPSec TunnelConfigure the IKE Policy Command or Action Purpose Configure Group Policy Information Domain name ExitFor details about this command and additional Apply Mode Configuration to the Crypto MapExits IKE group policy configuration mode Specifies a local address pool for the groupEnable Policy Lookup Configure IPSec Transforms and Protocols Configure the IPSec Crypto Method and ParametersCrypto ipsec profile profile-name See Cisco IOS Security Command Reference for Where to Go Next Apply the Crypto Map to the Physical InterfaceCrypto map map-name Exit Create a Cisco Easy VPN Remote Configuration Crypto ipsec client ezvpn nameCrypto ipsec client ezvpn name outside inside Exit Configuration Example Configure a Site-to-Site GRE Tunnel Creates a tunnel interface and enters interface Returns to global configuration mode No cdp run Restrictions for the FE Switch Configuring the Ethernet SwitchesSwitch Port Numbering and Naming 10-1Information About Ethernet Switches Igmp Snooping Switched Port AnalyzerOverview of Snmp MIBs Storm ControlMIBs MIBs Link BRIDGE-MIB for Layer 2 Ethernet SwitchingRouterconfig#snmp-server community public RW 10-4MAC Address Notification 10-5VLANs on the FE Ports How to Configure Ethernet SwitchesConfiguring VLANs 10-6VLANs on the GE Port Configuring Layer 2 InterfacesSwitchport mode dynamic desirable Comand PurposeConfiguring 802.1x Authentication Configuring Spanning Tree Protocol10-8 Port Security Configuring MAC Table ManipulationConfiguring Cisco Discovery Protocol 10-9Configuring Igmp Snooping Configuring the Switched Port AnalyzerConfiguring IP Multicast Layer 3 Switching Configuring Per-Port Storm ControlConfiguring Fallback Bridging 10-11Managing the Switch 10-12Configuring PPP over Ethernet with NAT 11-1PPPoE Configuration TasksConfigure the Virtual Private Dialup Network Group Number 11-2Configure the Fast Ethernet WAN Interfaces 11-3Configure the Dialer Interface 11-4Ip address negotiated Ip mtu bytes 11-5Configure Network Address Translation 11-6Ip nat inside outside No shutdown Exit 11-711-8 Configuration Example 11-911-10 Verifying Your Configuration 11-1111-12 Configuring a LAN with Dhcp and VLANs 12-1Configure Dhcp VLANs12-2 Detailed Steps 12-3Verify Your Dhcp Configuration 12-4Configure VLANs Vlan ?12-5 Example Assign a Switch Port to a VlanSwitchport access vlan vlan-id End 12-6Verify Your Vlan Configuration 12-712-8 Router# vlan databaseRouter# show vlan-switch 12-912-10 Configuring a VPN Using Easy VPN and an IPSec Tunnel 13-1VPN client-Cisco 819 ISRs Cisco Easy VPNRemote, networked users VPN server-Easy VPN serverConfigure the IKE Policy 13-3Lifetime seconds Exit For the group by using the wins command Configure Group Policy InformationInternet Naming Service Wins servers 13-5Apply Mode Configuration to the Crypto Map 13-6Enable Policy Lookup Login, and specifies the method used13-7 Configure IPSec Transforms and Protocols Configure the IPSec Crypto Method and Parameters13-8 13-9 Create an Easy VPN Remote Configuration Apply the Crypto Map to the Physical Interface13-10 Mode client network-extension network extension plus Exit 13-11Verifying Your Easy VPN Configuration Following example verifies your easy vpn connection13-12 13-13 13-14 Configuring the Router from a PC Cisco IOS Software Basic SkillsUnderstanding Command Modes PC Operating System Terminal Emulation SoftwareUser Exec Begin a session with To exit to user Exec Use this mode toGlobal Enter the configure As interface atmRouter Enter one of the router Configuration mode Routing protocol AppropriateGetting Help Router rip-fromEnable Secret Passwords and Enable Passwords Entering Global Configuration ModeYou can now make changes to your router configuration Undoing Commands Using CommandsAbbreviating Commands Command-Line Error MessagesSaving Configuration Changes Where to Go NextSummary OL-18906-02 Concepts Network ProtocolsProtocol Ideal Topology Metric Routing Updates Routing Protocol OptionsPPP Authentication Protocols Enhanced IgrpEthernet ChapFloating Static Routes Dial BackupBackup Interface Dialer WatchEasy IP Phase QoS IP Precedence PPP Fragmentation and InterleavingAccess Lists Low Latency QueuingOL-18906-02 ROM Monitor Configure terminal Enters global configuration modeConfig-reg Resets the configuration register Entering the ROM MonitorReload ROM Monitor CommandsExits global configuration mode Prompt increments with each new lineCommand Descriptions Disaster Recovery with Tftp DownloadCommand Description Tftp Download Command Variables Variable CommandRequired Variables Using the Tftp Download Command Configures how the router displays fileOptional Variables Examples You will see an output similar to the followingType Embedded AP s Appendix C ROM Monitor Configuration Register Appendix C ROM Monitor Configuration RegisterChanging the Configuration Register Manually Changing the Configuration Register Using PromptsCommand Description Console DownloadDebug Commands Error ReportingContext-Displays processor context for example Exiting the ROM Monitor Appendix C ROM Monitor Exiting the ROM MonitorCommon Port Assignments Port Keyword DescriptionProcedure Call Any private RJE serviceISO-Transport Service Access Point Authentication service

Related manuals

Manual 84 pages 8.63 Kb