Cisco Secure Router 520 Series Software Configuration Guide
Americas Headquarters
Page
N T E N T S
Iii
Verify the Configuration
Additional Configuration Options
Reference Information
Rsvp
Vii
Using the Tftp Download Command C-5
Viii
Objective
Preface
Audience
Organization
Part 2 Configuring Your Router for Ethernet and DSL Access
Part 3 Configuring Additional Features and Troubleshooting
Part 1 Getting Started
Conventions
Appendix D, Common Port Assignments
Aviso Instruções Importantes DE Segurança
Warnung Wichtige Sicherheitshinweise
Avvertenza Importanti Istruzioni Sulla Sicurezza
Xii
Guarde Estas Instrucciones
Xiii
GEM Disse Anvisninger
Xiv
Page
Related Documentation
Cisco Regulatory Compliance and Safety Information Roadmap
Cisco Secure Router 520 Series Hardware Installation Guide
Xvi
Obtaining Documentation and Submitting a Service Request
Xvii
Xviii
Getting Started
Page
Basic Router Configuration
Viewing the Default Configuration
Information Needed for Customizing the Default Parameters
Interface Port Labels
Configuring Basic Parameters
Router Interface Port Label
Configure WAN Interfaces
Configure Global Parameters
Configure Fast Ethernet LAN Interfaces
Command Purpose
Interface type number
Routerconfig# interface fastethernet
Routerconfig-if# ip address 255.255.255.0
No shutdown
Enables the ATM 0 interface
Configure the Wireless Interface
Configuring a Loopback Interface
Exits configuration mode for the ATM interface
Loopback interface
Exits configuration mode for the loopback
Interface and returns to global configuration mode
Router# show interface loopback
Login
Configuring Command-Line Access to the Router
Password password
Exec-timeoutminutes seconds
End
Configuration Example
Configuring Static Routes
Verifying Your Configuration
Command Task
Configuring Dynamic Routes
Configuring RIP
Router rip
No auto-summary
Configuring Your Router for Ethernet and DSL Access
Page
For Ethernet-Based Network Deployments
Sample Network Deployments
For DSL-Based Network Deployments
Sample Network Deployments
Configuring PPP over Ethernet with NAT
PPPoE session between the client and a PPPoE server
Vpdn enable
Configuration Tasks
Command or Action Purpose
PPPoE
Request-dialin
Configure the Fast Ethernet WAN Interfaces
Configures the PPPoE client and specifies
Protocol l2tp pppoe
Configure the Dialer Interface
Dialer pool number
Configure Network Address Translation
Ppp authentication protocol1 protocol2
Dialer-group group-number
Permitted by access list acl1 to be translated to one
Enables dynamic translation of addresses on
By the access list 1 to be translated to one
Enables the configuration changes just made to
Ip nat inside outside
Access-list access-list-number deny permit
Routerconfig# access-list 1 permit
Source source-wildcard
Configuration Example
Router# show ip nat statistics
Id 1 access-list 1 interface Dialer0 refcount Queued Packets
OL-14210-01
Configuring PPP over ATM with NAT
PPP over ATM with NAT
PPPoA
Using a dialer group controls access to
Sets the PPP authentication method
Authentication Protocol Chap
Specifies that the IP address for the dialer
Command Reference, Volume 1 of 4 Routing
Configure the ATM WAN Interface
Attribute Description Default Value
Configure DSL Signaling Protocol
Configuring Adsl
Dsl lom integer Dsl enable-training-log
One of the addresses specified in the NAT pool
Permitted by access list acl1 to be translated to
Pool1
Reference, Volume 1 of 4 Addressing
0.255
ATM0
Configuring a LAN with Dhcp and VLANs
Dhcp
VLANs
Configure Dhcp
Dotted-decimal domain name
Global configuration mode
Enters Dhcp pool configuration mode. The name
Exits Dhcp configuration mode, and enters
Creates a Dhcp address pool on the router
Ip dhcp pool
Verify Your Dhcp Configuration
Router# show ip dhcp import
Server statistics
Vlan database
Configure VLANs
Vlan vlan-id media type name vlan-name
Exits interface mode and returns to privileged
Assign a Switch Port to a Vlan
Verify Your Vlan Configuration
Exec mode
Router# show vlan-switch
Vlan
Said MTU
Configuring a VPN Using Easy VPN and an IPsec Tunnel
Remote Access VPN Using IPsec Tunnel
Cisco Easy VPN
Configure the IKE Policy
Configure Group Policy Information
Apply Mode Configuration to the Crypto Map
Enable Policy Lookup
Configure IPsec Transforms and Protocols
Configure the IPsec Crypto Method and Parameters
Crypto map map-name seq-num ipsec-isakmp
Apply the Crypto Map to the Physical Interface
Reverse-route
Dynamic dynamic-map-name discover
Create an Easy VPN Remote Configuration
Crypto map map-name
Ezvpn ezvpnclient outside
Verifying Your Easy VPN Configuration
Crypto ipsec client ezvpn name outside inside
Router# show crypto ipsec client ezvpn
Crypto ipsec client ezvpn ezvpnclient connect auto
OL-14210-01
Site-to-Site VPN Using an IPsec Tunnel and GRE
GRE Tunnels
Configure a VPN
VPNs
Configure the IKE Policy
Domain name
Configure Group Policy Information
Ip local pool default poolname
Low-ip-address high-ip-address
Enable Policy Lookup
Configure IPsec Transforms and Protocols
Specifies global lifetime values used when
Configure the IPsec Crypto Method and Parameters
Creates a dynamic crypto map entry, and enters
Apply the Crypto Map to the Physical Interface
Map
Configure a GRE Tunnel
192.168.101.1
Enters ACL configuration mode for the named
Tunnel interface must be configured to
Exits interface configuration mode, and returns to
Access-list-name ACL that is used by the crypto map
Set transform-set set1 match address
No cdp run
OL-14210-01
Configuring a Simple Firewall
Fast Ethernet LAN interface the inside interface for NAT
Details about this command
Configure Access Lists
Creates an access list which prevents Internet
Creates an access list that allows network traffic
Configure Inspection Rules
Apply Access Lists and Inspection Rules to Interfaces
Routerconfig-if# ip access-group 103
Ip nat outside no cdp enable
Configuring a Wireless LAN Connection
1shows a wireless network deployment
Equivalent Privacy WEP cannot use
Configure the Root Radio Station
For clients
Bridges for more details
Sets the permitted authentication methods for a
Creates a Service Set ID SSID, the public
Name of a wireless network
User attempting access to the wireless LAN
Configure Bridging on VLANs
Bridge-group number
Configure Radio Station Subinterfaces
Bridge-group parameter
Enabled, the following commands are
Disables the Cisco Discovery Protocol CDP
On the wireless interface
Automatically enabled, and cannot be
No bridge-group 2 unicast-flooding
No ip address bridge-group
Configuring Additional Features and Troubleshooting
Page
Additional Configuration Options
10-1
10-2
Authentication, Authorization, and Accounting
Configuring Security Features
11-1
Configuration Commands
Configuring AutoSecure
Configuring Access Lists
ACL Type
Ip access-groupaccess-list-number access-list-nameinout
Configuring a Cbac Firewall
Access Groups
Ip inspect name inspection-name protocol timeout seconds
Configuring VPNs
Configuring Cisco IOS Firewall IDS
11-4
Before Contacting Cisco or Your Reseller
Troubleshooting
Getting Started
12-1
Ping atm interface Command
Adsl Troubleshooting
ATM Troubleshooting Commands
12-2
Show interface Command
12-3
Output Cause
Shutdown command
12-4
Field Description
Show atm interface Command
Debug atm Commands
12-5
12-6
Router# debug atm errors ATM errors debugging is on Router#
Router# debug atm events Router#
12-7
Example 12-6 Viewing ATM Interface Processor Events-Failure
12-8
Software Upgrade Methods
Router# debug atm packet Router# 012348ATM0O
12-9
Recovering a Lost Password
Change the Configuration Register
Router# show version
12-10
Rommon 2 confreg
Router# show startup-config
Reset the Password and Save Your Changes
Reset the Configuration Register Value
Router# copy running-config startup-config
12-12
Reference Information
Page
Cisco IOS Software Basic Skills
Configuring the Router from a PC
PC Operating System Software
Understanding Command Modes
As interface atm
Ctrl-Z
Getting Help
Enable Secret Passwords and Enable Passwords
Router rip, from
Entering Global Configuration Mode
Using Commands
Undoing Commands
Saving Configuration Changes
Abbreviating Commands
Command-Line Error Messages
Where to Go Next
Summary
OL-14210-01
Concepts
Adsl
Network Protocols
Routing Protocol Options
PPP Authentication Protocols
PAP
Ethernet
Network Interfaces
ATM for DSL
Dialer Interface
PVC
Easy IP Phase
IP Precedence
QoS
PPP Fragmentation and Interleaving
Cbwfq
Low Latency Queuing
Access Lists
OL-14210-01
ROM Monitor
Configure terminal Enters global configuration mode
Config-reg Resets the configuration register
Entering the ROM Monitor
ROM Monitor Commands
Reload
Disaster Recovery with Tftp Download
Command Descriptions
Command Description
Tftp Download Command Variables
Variable Command
TFTPTIMEOUT= time
Configuration Register
Using the Tftp Download Command
Retrytimes
Changing the Configuration Register Using Prompts
Changing the Configuration Register Manually
Rommon 1 confreg
Console Download
Command Description
Xmodem -cyrxdestinationfilename
Debug Commands
Error Reporting
Exiting the ROM Monitor
Appendix C ROM Monitor Exiting the ROM Monitor
OL-14210-01
Common Port Assignments
Port Keyword Description
Finger
See AAL
See ARP
See Adsl
See ATM
See CAR
IN-2
See Dhcp
IN-3
See LCP
IN-4
IN-5
See NAT
See RIP
IN-6
IN-7
IN-8
