Americas Headquarters
Cisco Secure Router 520 Series Software Configuration Guide
Page
Iii
N T E N T S
Verify the Configuration
Additional Configuration Options
Reference Information
Vii
Rsvp
Viii
Using the Tftp Download Command C-5
Audience
Preface
Objective
Part 3 Configuring Additional Features and Troubleshooting
Part 2 Configuring Your Router for Ethernet and DSL Access
Organization
Part 1 Getting Started
Appendix D, Common Port Assignments
Conventions
Avvertenza Importanti Istruzioni Sulla Sicurezza
Warnung Wichtige Sicherheitshinweise
Aviso Instruções Importantes DE Segurança
Xii
Xiii
Guarde Estas Instrucciones
Xiv
GEM Disse Anvisninger
Page
Cisco Secure Router 520 Series Hardware Installation Guide
Cisco Regulatory Compliance and Safety Information Roadmap
Related Documentation
Xvi
Xvii
Obtaining Documentation and Submitting a Service Request
Xviii
Getting Started
Page
Basic Router Configuration
Information Needed for Customizing the Default Parameters
Viewing the Default Configuration
Router Interface Port Label
Configuring Basic Parameters
Interface Port Labels
Configure Fast Ethernet LAN Interfaces
Configure Global Parameters
Configure WAN Interfaces
Command Purpose
Routerconfig-if# ip address 255.255.255.0
Routerconfig# interface fastethernet
Interface type number
No shutdown
Configuring a Loopback Interface
Configure the Wireless Interface
Enables the ATM 0 interface
Exits configuration mode for the ATM interface
Interface and returns to global configuration mode
Exits configuration mode for the loopback
Loopback interface
Router# show interface loopback
Password password
Configuring Command-Line Access to the Router
Login
Exec-timeoutminutes seconds
End
Verifying Your Configuration
Configuring Static Routes
Configuration Example
Configuring RIP
Configuring Dynamic Routes
Command Task
Router rip
No auto-summary
Configuring Your Router for Ethernet and DSL Access
Page
For DSL-Based Network Deployments
Sample Network Deployments
For Ethernet-Based Network Deployments
Sample Network Deployments
PPPoE session between the client and a PPPoE server
Configuring PPP over Ethernet with NAT
Command or Action Purpose
Configuration Tasks
Vpdn enable
PPPoE
Configures the PPPoE client and specifies
Configure the Fast Ethernet WAN Interfaces
Request-dialin
Protocol l2tp pppoe
Configure the Dialer Interface
Ppp authentication protocol1 protocol2
Configure Network Address Translation
Dialer pool number
Dialer-group group-number
By the access list 1 to be translated to one
Enables dynamic translation of addresses on
Permitted by access list acl1 to be translated to one
Enables the configuration changes just made to
Routerconfig# access-list 1 permit
Access-list access-list-number deny permit
Ip nat inside outside
Source source-wildcard
Router# show ip nat statistics
Configuration Example
Id 1 access-list 1 interface Dialer0 refcount Queued Packets
OL-14210-01
PPP over ATM with NAT
Configuring PPP over ATM with NAT
PPPoA
Authentication Protocol Chap
Sets the PPP authentication method
Using a dialer group controls access to
Specifies that the IP address for the dialer
Command Reference, Volume 1 of 4 Routing
Configure the ATM WAN Interface
Configuring Adsl
Configure DSL Signaling Protocol
Attribute Description Default Value
Dsl lom integer Dsl enable-training-log
Pool1
Permitted by access list acl1 to be translated to
One of the addresses specified in the NAT pool
Reference, Volume 1 of 4 Addressing
0.255
ATM0
Dhcp
Configuring a LAN with Dhcp and VLANs
Dotted-decimal domain name
Configure Dhcp
VLANs
Exits Dhcp configuration mode, and enters
Enters Dhcp pool configuration mode. The name
Global configuration mode
Creates a Dhcp address pool on the router
Router# show ip dhcp import
Verify Your Dhcp Configuration
Ip dhcp pool
Server statistics
Vlan vlan-id media type name vlan-name
Configure VLANs
Vlan database
Verify Your Vlan Configuration
Assign a Switch Port to a Vlan
Exits interface mode and returns to privileged
Exec mode
Vlan
Router# show vlan-switch
Said MTU
Remote Access VPN Using IPsec Tunnel
Configuring a VPN Using Easy VPN and an IPsec Tunnel
Cisco Easy VPN
Configure the IKE Policy
Configure Group Policy Information
Apply Mode Configuration to the Crypto Map
Configure IPsec Transforms and Protocols
Enable Policy Lookup
Configure the IPsec Crypto Method and Parameters
Reverse-route
Apply the Crypto Map to the Physical Interface
Crypto map map-name seq-num ipsec-isakmp
Dynamic dynamic-map-name discover
Crypto map map-name
Create an Easy VPN Remote Configuration
Crypto ipsec client ezvpn name outside inside
Verifying Your Easy VPN Configuration
Ezvpn ezvpnclient outside
Router# show crypto ipsec client ezvpn
Crypto ipsec client ezvpn ezvpnclient connect auto
OL-14210-01
Site-to-Site VPN Using an IPsec Tunnel and GRE
VPNs
Configure a VPN
GRE Tunnels
Configure the IKE Policy
Ip local pool default poolname
Configure Group Policy Information
Domain name
Low-ip-address high-ip-address
Configure IPsec Transforms and Protocols
Enable Policy Lookup
Creates a dynamic crypto map entry, and enters
Configure the IPsec Crypto Method and Parameters
Specifies global lifetime values used when
Map
Apply the Crypto Map to the Physical Interface
192.168.101.1
Configure a GRE Tunnel
Exits interface configuration mode, and returns to
Tunnel interface must be configured to
Enters ACL configuration mode for the named
Access-list-name ACL that is used by the crypto map
Set transform-set set1 match address
No cdp run
OL-14210-01
Configuring a Simple Firewall
Fast Ethernet LAN interface the inside interface for NAT
Creates an access list which prevents Internet
Configure Access Lists
Details about this command
Creates an access list that allows network traffic
Apply Access Lists and Inspection Rules to Interfaces
Configure Inspection Rules
Routerconfig-if# ip access-group 103
Ip nat outside no cdp enable
1shows a wireless network deployment
Configuring a Wireless LAN Connection
For clients
Configure the Root Radio Station
Equivalent Privacy WEP cannot use
Bridges for more details
Name of a wireless network
Creates a Service Set ID SSID, the public
Sets the permitted authentication methods for a
User attempting access to the wireless LAN
Configure Bridging on VLANs
Bridge-group parameter
Configure Radio Station Subinterfaces
Bridge-group number
On the wireless interface
Disables the Cisco Discovery Protocol CDP
Enabled, the following commands are
Automatically enabled, and cannot be
No bridge-group 2 unicast-flooding
No ip address bridge-group
Configuring Additional Features and Troubleshooting
Page
10-1
Additional Configuration Options
10-2
11-1
Configuring Security Features
Authentication, Authorization, and Accounting
Configuring Access Lists
Configuring AutoSecure
Configuration Commands
ACL Type
Access Groups
Configuring a Cbac Firewall
Ip access-groupaccess-list-number access-list-nameinout
Ip inspect name inspection-name protocol timeout seconds
11-4
Configuring Cisco IOS Firewall IDS
Configuring VPNs
Getting Started
Troubleshooting
Before Contacting Cisco or Your Reseller
12-1
ATM Troubleshooting Commands
Adsl Troubleshooting
Ping atm interface Command
12-2
12-3
Show interface Command
12-4
Shutdown command
Output Cause
Debug atm Commands
Show atm interface Command
Field Description
12-5
Router# debug atm events Router#
Router# debug atm errors ATM errors debugging is on Router#
12-6
Example 12-6 Viewing ATM Interface Processor Events-Failure
12-7
Router# debug atm packet Router# 012348ATM0O
Software Upgrade Methods
12-8
Change the Configuration Register
Recovering a Lost Password
12-9
Router# show version
Rommon 2 confreg
12-10
Reset the Configuration Register Value
Reset the Password and Save Your Changes
Router# show startup-config
Router# copy running-config startup-config
12-12
Reference Information
Page
PC Operating System Software
Configuring the Router from a PC
Cisco IOS Software Basic Skills
Understanding Command Modes
Ctrl-Z
As interface atm
Router rip, from
Enable Secret Passwords and Enable Passwords
Getting Help
Using Commands
Entering Global Configuration Mode
Abbreviating Commands
Saving Configuration Changes
Undoing Commands
Command-Line Error Messages
Summary
Where to Go Next
OL-14210-01
Adsl
Concepts
Routing Protocol Options
Network Protocols
PAP
PPP Authentication Protocols
ATM for DSL
Network Interfaces
Ethernet
PVC
Dialer Interface
Easy IP Phase
PPP Fragmentation and Interleaving
QoS
IP Precedence
Low Latency Queuing
Cbwfq
Access Lists
OL-14210-01
Config-reg Resets the configuration register
Configure terminal Enters global configuration mode
ROM Monitor
Entering the ROM Monitor
Reload
ROM Monitor Commands
Command Description
Command Descriptions
Disaster Recovery with Tftp Download
Variable Command
Tftp Download Command Variables
Using the Tftp Download Command
Configuration Register
TFTPTIMEOUT= time
Retrytimes
Rommon 1 confreg
Changing the Configuration Register Manually
Changing the Configuration Register Using Prompts
Xmodem -cyrxdestinationfilename
Command Description
Console Download
Error Reporting
Debug Commands
Appendix C ROM Monitor Exiting the ROM Monitor
Exiting the ROM Monitor
OL-14210-01
Port Keyword Description
Common Port Assignments
Finger
See Adsl
See ARP
See AAL
See ATM
IN-2
See CAR
IN-3
See Dhcp
IN-4
See LCP
IN-5
IN-6
See RIP
See NAT
IN-7
IN-8
