Americas Headquarters
Cisco Secure Router 520 Series Software Configuration Guide
Page
Iii
N T E N T S
Verify the Configuration
Additional Configuration Options
Reference Information
Vii
Rsvp
Viii
Using the Tftp Download Command C-5
Objective
Preface
Audience
Part 1 Getting Started
Part 2 Configuring Your Router for Ethernet and DSL Access
Part 3 Configuring Additional Features and Troubleshooting
Organization
Appendix D, Common Port Assignments
Conventions
Xii
Warnung Wichtige Sicherheitshinweise
Avvertenza Importanti Istruzioni Sulla Sicurezza
Aviso Instruções Importantes DE Segurança
Xiii
Guarde Estas Instrucciones
Xiv
GEM Disse Anvisninger
Page
Xvi
Cisco Regulatory Compliance and Safety Information Roadmap
Cisco Secure Router 520 Series Hardware Installation Guide
Related Documentation
Xvii
Obtaining Documentation and Submitting a Service Request
Xviii
Getting Started
Page
Basic Router Configuration
Information Needed for Customizing the Default Parameters
Viewing the Default Configuration
Interface Port Labels
Configuring Basic Parameters
Router Interface Port Label
Command Purpose
Configure Global Parameters
Configure Fast Ethernet LAN Interfaces
Configure WAN Interfaces
No shutdown
Routerconfig# interface fastethernet
Routerconfig-if# ip address 255.255.255.0
Interface type number
Exits configuration mode for the ATM interface
Configure the Wireless Interface
Configuring a Loopback Interface
Enables the ATM 0 interface
Router# show interface loopback
Exits configuration mode for the loopback
Interface and returns to global configuration mode
Loopback interface
Exec-timeoutminutes seconds
Configuring Command-Line Access to the Router
Password password
Login
End
Configuration Example
Configuring Static Routes
Verifying Your Configuration
Router rip
Configuring Dynamic Routes
Configuring RIP
Command Task
No auto-summary
Configuring Your Router for Ethernet and DSL Access
Page
For Ethernet-Based Network Deployments
Sample Network Deployments
For DSL-Based Network Deployments
Sample Network Deployments
PPPoE session between the client and a PPPoE server
Configuring PPP over Ethernet with NAT
PPPoE
Configuration Tasks
Command or Action Purpose
Vpdn enable
Protocol l2tp pppoe
Configure the Fast Ethernet WAN Interfaces
Configures the PPPoE client and specifies
Request-dialin
Configure the Dialer Interface
Dialer-group group-number
Configure Network Address Translation
Ppp authentication protocol1 protocol2
Dialer pool number
Enables the configuration changes just made to
Enables dynamic translation of addresses on
By the access list 1 to be translated to one
Permitted by access list acl1 to be translated to one
Source source-wildcard
Access-list access-list-number deny permit
Routerconfig# access-list 1 permit
Ip nat inside outside
Router# show ip nat statistics
Configuration Example
Id 1 access-list 1 interface Dialer0 refcount Queued Packets
OL-14210-01
PPP over ATM with NAT
Configuring PPP over ATM with NAT
PPPoA
Specifies that the IP address for the dialer
Sets the PPP authentication method
Authentication Protocol Chap
Using a dialer group controls access to
Command Reference, Volume 1 of 4 Routing
Configure the ATM WAN Interface
Dsl lom integer Dsl enable-training-log
Configure DSL Signaling Protocol
Configuring Adsl
Attribute Description Default Value
One of the addresses specified in the NAT pool
Permitted by access list acl1 to be translated to
Pool1
Reference, Volume 1 of 4 Addressing
0.255
ATM0
Dhcp
Configuring a LAN with Dhcp and VLANs
VLANs
Configure Dhcp
Dotted-decimal domain name
Creates a Dhcp address pool on the router
Enters Dhcp pool configuration mode. The name
Exits Dhcp configuration mode, and enters
Global configuration mode
Server statistics
Verify Your Dhcp Configuration
Router# show ip dhcp import
Ip dhcp pool
Vlan database
Configure VLANs
Vlan vlan-id media type name vlan-name
Exec mode
Assign a Switch Port to a Vlan
Verify Your Vlan Configuration
Exits interface mode and returns to privileged
Vlan
Router# show vlan-switch
Said MTU
Remote Access VPN Using IPsec Tunnel
Configuring a VPN Using Easy VPN and an IPsec Tunnel
Cisco Easy VPN
Configure the IKE Policy
Configure Group Policy Information
Apply Mode Configuration to the Crypto Map
Configure IPsec Transforms and Protocols
Enable Policy Lookup
Configure the IPsec Crypto Method and Parameters
Dynamic dynamic-map-name discover
Apply the Crypto Map to the Physical Interface
Reverse-route
Crypto map map-name seq-num ipsec-isakmp
Crypto map map-name
Create an Easy VPN Remote Configuration
Router# show crypto ipsec client ezvpn
Verifying Your Easy VPN Configuration
Crypto ipsec client ezvpn name outside inside
Ezvpn ezvpnclient outside
Crypto ipsec client ezvpn ezvpnclient connect auto
OL-14210-01
Site-to-Site VPN Using an IPsec Tunnel and GRE
GRE Tunnels
Configure a VPN
VPNs
Configure the IKE Policy
Low-ip-address high-ip-address
Configure Group Policy Information
Ip local pool default poolname
Domain name
Configure IPsec Transforms and Protocols
Enable Policy Lookup
Specifies global lifetime values used when
Configure the IPsec Crypto Method and Parameters
Creates a dynamic crypto map entry, and enters
Map
Apply the Crypto Map to the Physical Interface
192.168.101.1
Configure a GRE Tunnel
Access-list-name ACL that is used by the crypto map
Tunnel interface must be configured to
Exits interface configuration mode, and returns to
Enters ACL configuration mode for the named
Set transform-set set1 match address
No cdp run
OL-14210-01
Configuring a Simple Firewall
Fast Ethernet LAN interface the inside interface for NAT
Creates an access list that allows network traffic
Configure Access Lists
Creates an access list which prevents Internet
Details about this command
Apply Access Lists and Inspection Rules to Interfaces
Configure Inspection Rules
Routerconfig-if# ip access-group 103
Ip nat outside no cdp enable
1shows a wireless network deployment
Configuring a Wireless LAN Connection
Bridges for more details
Configure the Root Radio Station
For clients
Equivalent Privacy WEP cannot use
User attempting access to the wireless LAN
Creates a Service Set ID SSID, the public
Name of a wireless network
Sets the permitted authentication methods for a
Configure Bridging on VLANs
Bridge-group number
Configure Radio Station Subinterfaces
Bridge-group parameter
Automatically enabled, and cannot be
Disables the Cisco Discovery Protocol CDP
On the wireless interface
Enabled, the following commands are
No bridge-group 2 unicast-flooding
No ip address bridge-group
Configuring Additional Features and Troubleshooting
Page
10-1
Additional Configuration Options
10-2
Authentication, Authorization, and Accounting
Configuring Security Features
11-1
ACL Type
Configuring AutoSecure
Configuring Access Lists
Configuration Commands
Ip inspect name inspection-name protocol timeout seconds
Configuring a Cbac Firewall
Access Groups
Ip access-groupaccess-list-number access-list-nameinout
Configuring VPNs
Configuring Cisco IOS Firewall IDS
11-4
12-1
Troubleshooting
Getting Started
Before Contacting Cisco or Your Reseller
12-2
Adsl Troubleshooting
ATM Troubleshooting Commands
Ping atm interface Command
12-3
Show interface Command
Output Cause
Shutdown command
12-4
12-5
Show atm interface Command
Debug atm Commands
Field Description
12-6
Router# debug atm errors ATM errors debugging is on Router#
Router# debug atm events Router#
Example 12-6 Viewing ATM Interface Processor Events-Failure
12-7
12-8
Software Upgrade Methods
Router# debug atm packet Router# 012348ATM0O
Router# show version
Recovering a Lost Password
Change the Configuration Register
12-9
Rommon 2 confreg
12-10
Router# copy running-config startup-config
Reset the Password and Save Your Changes
Reset the Configuration Register Value
Router# show startup-config
12-12
Reference Information
Page
Cisco IOS Software Basic Skills
Configuring the Router from a PC
PC Operating System Software
Understanding Command Modes
Ctrl-Z
As interface atm
Getting Help
Enable Secret Passwords and Enable Passwords
Router rip, from
Using Commands
Entering Global Configuration Mode
Command-Line Error Messages
Saving Configuration Changes
Abbreviating Commands
Undoing Commands
Summary
Where to Go Next
OL-14210-01
Adsl
Concepts
Routing Protocol Options
Network Protocols
PAP
PPP Authentication Protocols
Ethernet
Network Interfaces
ATM for DSL
PVC
Dialer Interface
Easy IP Phase
IP Precedence
QoS
PPP Fragmentation and Interleaving
Low Latency Queuing
Cbwfq
Access Lists
OL-14210-01
Entering the ROM Monitor
Configure terminal Enters global configuration mode
Config-reg Resets the configuration register
ROM Monitor
Reload
ROM Monitor Commands
Disaster Recovery with Tftp Download
Command Descriptions
Command Description
Variable Command
Tftp Download Command Variables
Retrytimes
Configuration Register
Using the Tftp Download Command
TFTPTIMEOUT= time
Changing the Configuration Register Using Prompts
Changing the Configuration Register Manually
Rommon 1 confreg
Console Download
Command Description
Xmodem -cyrxdestinationfilename
Error Reporting
Debug Commands
Appendix C ROM Monitor Exiting the ROM Monitor
Exiting the ROM Monitor
OL-14210-01
Port Keyword Description
Common Port Assignments
Finger
See ATM
See ARP
See Adsl
See AAL
IN-2
See CAR
IN-3
See Dhcp
IN-4
See LCP
IN-5
See NAT
See RIP
IN-6
IN-7
IN-8
