Cisco Systems, Inc 170 West Tasman Drive San Jose, CA
Americas Headquarters
800 553-NETS Fax 408
Text Part Number OL-23590-02 September 2
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS
New Features
Information Needed for Configuration
WLAN Features
Wireless Device Overview
Prerequisites for Configuring the 3G Wireless Interface
Configuring a Cellular Interface
Configuring DDR
Verifying Configuration
Configuration Examples
Ignoring DCD and Monitoring DSR as Line Up/Down Indicator
Interface Enablement Configuration Examples
Configuring Security Features
Create a Cisco Easy VPN Remote Configuration
Configure the IKE Policy
Configure a Site-to-Site GRE Tunnel
Configuring the Ethernet Switches
Configuring VLANs
Configure the Virtual Private Dialup Network Group Number
Configuring 802.1x Authentication
Configuration Tasks
Configure the IKE Policy
Entering Global Configuration Mode A-5
Configure Group Policy Information
Understanding Command Modes
Changing the Configuration Register Using Prompts C-11
Changing the Configuration Register Manually C-11
Backup Interface
ROM Monitor Commands
OL-23590-02
Contents
Product Overview
General Description, page SKU Information, page New Features, page
General Description
C H A P T E R
Figure 1-2 Cisco 819HGW Integrated Services Router
Figure 1-1 Cisco 819HG Integrated Services Router
Chapter 1 Product Overview General Description
OL-23590-02
3G Features
New Features
3G Features, page WLAN Features, page 4G LTE Features, page
Platform Features, page Security Features, page
Security Features
WLAN Features
Platform Features
ScanSafe
Wireless Device Overview
ScanSafe, page TFTP support with Ethernet WAN interface, page
LEDs, page
LEDs
TFTP support with Ethernet WAN interface
Color
Description
Color
show platform led for all LEDs show controller cellular 0 for 3G LEDs
Description
3G LED Descriptions continued
router# show controllers cellular
Chapter 2 Wireless Device Overview LEDs
WLAN Features
Wireless Local Area Network
Dual-Radio, page Images Supported, page CleanAir Technology, page
Dual-Radio
Images Supported
CleanAir Technology
Dynamic Frequency Selection
LEDs
Color
WLAN LED
Description
WLAN LED Descriptions
OL-23590-02
Chapter 3 Wireless Local Area Network WLAN Features
C H A P T E R
4G LTE Wireless WAN
OL-23590-02
Chapter 4 4G LTE Wireless WAN
Interface Ports, page Default Configuration, page
Basic Router Configuration
Information Needed for Configuration, page
Configuring Command-Line Access, page
Interface Ports
Default Configuration
Router
Interface
Information Needed for Configuration
If you are setting up IP routing
3G-ACC-OUT-LA-See Cisco 3G Lightning Arrestor 3G-ACC-OUT-LA
1. line aux console tty vty line-number 2. password password
Configuring Command-Line Access
3. login
4. exec-timeout minutes seconds
DETAILED STEPS
Command
Purpose
Example
Command
Example
Purpose
Example
configure terminal
Configuring Global Parameters
enable secret password
hostname name
Configuring a Gigabit Ethernet WAN Interface
Configuring WAN Interfaces
Configuring a Gigabit Ethernet WAN Interface, page
Configuring the Cellular Wireless WAN Interface, page
Command
Configuring the Cellular Wireless WAN Interface
Enters the configuration mode for a Gigabit
Enables the Ethernet interface, changing its
5-11
Prerequisites for Configuring the 3G Wireless Interface
Restrictions for Configuring the Cellular Wireless Interface
Verifying Signal Strength and Service Availability, page
Verifying Signal Strength and Service Availability
Configuring a GSM Modem Data Profile, page
Command or Action
5-13
Configuring a GSM Modem Data Profile
Command or Action
Command or Action
Type of authentication, for example, CHAP, PAP
authentication
Username provided by your service provider
Password
cellular cdma activate iota
Activating with Over-the-Air Service Provisioning
router # cellular 0 cdma activate otasp phonenumber
5-15
1. configure terminal 2. interface cellular 3. encapsulation ppp
Configuring a Cellular Interface
4. ppp chap hostname hostname 5. ppp chap password 0 password
6. asynchronous mode interactive 7. ip address negotiated
1. configure terminal 2. interface cellular 3. dialer in-band
Configuring DDR
4. dialer idle-timeout seconds 5. dialer string string
9. ip access-list access list number permit ip source address
Command or Action
5-18
DETAILED STEPS
Purpose
Command or Action
5-19
Purpose
Example
Basic Cellular Interface Configuration
Examples for Configuring Cellular Wireless Interfaces
Basic Cellular Interface Configuration, page
Tunnel over Cellular Interface Configuration, page
Configuration for 8705 modem
Tunnel over Cellular Interface Configuration
5-21
Chapter 5 Basic Router Configuration Configuring WAN Interfaces
Syntax
Configuring Dual SIM for Cellular Networks
5-22
Command
5-23
Configuring Router for Image and Config Recovery Using Push Button
Command
Syntax
Output When Button Is Pushed Example
Output When Button Is Not Pushed Example
ROMMON Behavior
IOS Behavior
Configuring the Fast Ethernet LAN Interfaces
Configuring a Loopback Interface
Push Button in WLAN AP
3. exit
Enters configuration mode for the loopback
Verifying Configuration
Exits configuration mode for the loopback
interface and returns to global configuration
For details about this command and about
Configuring Static Routes
IOS IP Routing Protocol-Independent Command
Exits router configuration mode and enters
Verifying Configuration
Configuring Dynamic Routes
Configuring Routing Information Protocol, page
Configuring Enhanced Interior Gateway Routing Protocol, page
router rip
Configuring Routing Information Protocol
2. version 1
3. network ip-address
1. router eigrp as-number
Configuring Enhanced Interior Gateway Routing Protocol
2. network ip-address
3. end
Verifying Configuration
5-31
Command
Example
OL-23590-02
5-32
Chapter 5 Basic Router Configuration Configuring Dynamic Routes
Configuring Backup Interfaces
Configuring Backup Data Lines and Remote Management
Configuring Backup Interfaces, page
Configuring Cellular Dial-on-Demand Routing Backup, page
1. interface type number
2. backup interface interface-type interface-number
Command
SUMMARY STEPS
Configuring DDR Backup Using Dialer Watch
Configuring Cellular Dial-on-Demand Routing Backup
1. configure terminal
6. ip access-list access list number permit ip source address
DETAILED STEPS
Command or Action
Purpose
Example
Cellular Wireless Modem as Backup with NAT and IPsec Configuration
Configuring DDR Backup Using Floating Static Route
1. configure terminal
Command or Action
no aaa new-model
Chapter 6 Configuring Backup Data Lines and Remote Management
Configuring Cellular Dial-on-Demand Routing Backup
OL-23590-02
Chapter 6 Configuring Backup Data Lines and Remote Management
Configuring Cellular Dial-on-Demand Routing Backup
exec-timeout 0 0 script dialer gsm login
line con no modem enable line aux 0 line
line vty 0 4 login
route-map track-primary-if permit 10 match ip address
Cisco 819 router
1 A
1. ip name-server server-address 2. ip dhcp pool name 3. exit
15. modem enable 16. exit
4. chat-script script-name expect-send 5. interface type number
6. exit
6-11
section on page
Command
DETAILED STEPS
Enables dynamic translation of addresses on the
Exits the interface configuration mode
a default gateway
Defines an extended access list that indicates
Command
6-13
Chapter 6 Configuring Backup Data Lines and Remote Management
modem enable
Chapter 6 Configuring Backup Data Lines and Remote Management
6-14
Chapter 6 Configuring Backup Data Lines and Remote Management
6-15
no ip http server ip pim bidir-enable
OL-23590-02
OL-23590-02
6-16
Chapter 6 Configuring Backup Data Lines and Remote Management
C H A P T E R
Environmental and Power Management
Cisco EnergyWise Support
Legacy Protocol Transport, page Configuring Serial Interfaces, page
Configuring the Serial Interface
Information About Configuring Serial Interfaces, page
How to Configure Serial Interfaces, page Configuration Examples, page
Connector Type
Configuring Serial Interfaces
Legacy Protocol Transport
Product Number
Keepalive Timer, page Frame Relay Encapsulation, page
Information About Configuring Serial Interfaces
Cisco HDLC Encapsulation
PPP Encapsulation
Multilink PPP
Keepalive Timer
Chapter 8 Configuring the Serial Interface
Frame Relay Encapsulation
Information About Configuring Serial Interfaces
OL-23590-02
Configuring a Synchronous Serial Interface
How to Configure Serial Interfaces
Configuring a Synchronous Serial Interface, page
Configuring Low-Speed Serial Interfaces, page
Using the NRZI Line-Coding Format, page 8-9 Optional
Configuring Compression of HDLC Data, page 8-9 Optional
Inverting the Transmit Clock Signal, page 8-10 Optional
Setting Transmit Delay, page 8-11 Optional
Configuring Bisync
Configuring PPP
Command
Command
Using the NRZI Line-Coding Format
Configuring Compression of HDLC Data
1. encapsulation hdlc 2. compress stac
1. nrzi-encoding
Enabling the Internal Clock
Inverting the Transmit Clock Signal
1. transmit-clock-internal
1. invert txclock 2. invert rxclock
Configuring DTR Signal Pulsing
Setting Transmit Delay
Ignoring DCD and Monitoring DSR as Line Up/Down Indicator
8-11
Configures the DCE to use SCTE from the DTE
1. dce-terminal-timing enable
Specifying the Serial Network Interface Module Timing
1. ignore-dcd
8-13
1. dte-invert-txc
Command or Action
Chapter 8 Configuring the Serial Interface
Understanding Half-Duplex DTE and DCE State Machines
Configuring Low-Speed Serial Interfaces
Half-Duplex DTE State Machines
Understanding Half-Duplex DTE and DCE State Machines, page
Half-Duplex DTE Receive State Machine
Half-Duplex DCE State Machines
8-15
Half-Duplex DCE Transmit State Machine
8-16
1. no half-duplex controlled-carrier
Placing a Low-Speed Serial Interface in Constant-Carrier Mode
8-17
Command or Action
sdlc cts-delay sdlc rts-timeout
Tuning Half-Duplex Timers
Changing Between Synchronous and Asynchronous Modes
1. physical-layer sync async
Interface Enablement Configuration Examples
Configuration Examples
1. no physical-layer
8-19
Half-Duplex Timers Example, page
Half-Duplex Timers Example
Low-Speed Serial Interface Examples
Synchronous or Asynchronous Mode Examples
Authentication, Authorization, and Accounting
Configuring Security Features
Authentication, Authorization, and Accounting, page
Configuring AutoSecure, page Configuring Access Lists, page
Configuring Access Lists
Configuring AutoSecure
Configuration Commands
access-list 1-99permit deny source-addr source-mask
ip inspect name inspection-name protocol timeout seconds
Configuring Cisco IOS Firewall
Access Groups
Configuring VPN
Configuring Cisco IOS IPS
Remote Access VPN, page Site-to-Site VPN, page
Configuration Examples, page
Remote Access VPN
Library, Cisco IOS Release 12.4T
Site-to-Site VPN
Configure a VPN over an IPSec Tunnel
Configuration Examples
Configure the IKE Policy
Configure the IKE Policy, page
MD5 algorithm. The default is Secure Hash
Command or Action
Specifies the authentication method used in the
Exits IKE policy configuration mode and enters
1. crypto isakmp client configuration group group-name default
Configure Group Policy Information
6. ip local pool default poolname low-ip-address high-ip-address
2. key name
Technologies Command Reference
Apply Mode Configuration to the Crypto Map
1. crypto map map-name isakmp authorization list list-name
2. crypto map tag client configuration address initiate respond
2. aaa authentication login default list-name method1 method2
Enable Policy Lookup
details, see Securing User Services Configuration
IOS Security Command Reference
Configure the IPSec Crypto Method and Parameters
Configure IPSec Transforms and Protocols
Configures IPSec profile to apply protection on
See Secure Connectivity Configuration Guide
See Cisco IOS Security Command Reference for
crypto map configuration mode
more details about this command
Returns to global configuration mode
Enters the interface configuration mode for the
Where to Go Next
Apply the Crypto Map to the Physical Interface
2. crypto map map-name 3. exit
Creates a Cisco Easy VPN remote configuration
Create a Cisco Easy VPN Remote Configuration
and enters Cisco Easy VPN remote configuration
hostname resolution
9-16
Configuration Example
Command or Action
Purpose
4. tunnel destination default-gateway-ip-address
Configure a Site-to-Site GRE Tunnel
7. ip access-list standard extended access-list-name
3. tunnel source interface-type number
Exits interface configuration mode and returns to
tunnel interface must be configured to
Enters ACL configuration mode for the named
Creates a tunnel interface and enters interface
Specifies that only GRE traffic is permitted on the
Returns to global configuration mode
outbound interface
9-19
hash md5 authentication pre-share crypto isakmp key cisco123 address
9-20
Chapter 9 Configuring Security Features Configuring VPN
Switch Port Numbering and Naming
Configuring the Ethernet Switches
Restrictions for the FE Switch
Switch Port Numbering and Naming, page
Layer 2 Ethernet Switching
Information About Ethernet Switches
802.1x Authentication
VLANs and VLAN Trunk Protocol, page Layer 2 Ethernet Switching, page
Overview of SNMP MIBs
Switched Port Analyzer
IGMP Snooping
Storm Control
Routerconfig#snmp-server community public RW
BRIDGE-MIB for Layer 2 Ethernet Switching
MIBs
MIBs Link
10-5
MAC Address Notification
Routerconfig#Routersnmp-server group public v2c context bridge-group
Routerconfig#snmp-server community public RW
Configuring VLANs
How to Configure Ethernet Switches
Configuring VLANs, page Configuring Layer 2 Interfaces, page
Configuring 802.1x Authentication, page
switchport mode dynamic desirable
Configuring Layer 2 Interfaces
VLANs on the GE Port
Comand
10-8
Configuring 802.1x Authentication
Configuring Spanning Tree Protocol
Configuring Cisco Discovery Protocol
Configuring MAC Table Manipulation
Manipulation
Port Security
Configuring IP Multicast Layer 3 Switching
Configuring the Switched Port Analyzer
Configuring IGMP Snooping
Configuring Per-Port Storm Control
10-11
Configuring Fallback Bridging
10-12
Managing the Switch
C H A P T E R
Configuring PPP over Ethernet with NAT
11-1
Configure the Virtual Private Dialup Network Group Number
Configuration Tasks
Configure the Virtual Private Dialup Network Group Number, page
Configure the Fast Ethernet WAN Interfaces, page
11-3
Configure the Fast Ethernet WAN Interfaces
Command or Action
DETAILED STEPS
Enters interface configuration mode for a
Configure the Dialer Interface
Configures the PPPoE client and specifies the
Enables the Fast Ethernet interface and the
Command Reference
5. ppp authentication protocol1 protocol2 6. dialer pool number
1. interface dialer dialer-rotary-group-number
2. ip address negotiated 3. ip mtu bytes
Using a dialer group controls access to
Configure Network Address Translation
Exits the dialer 0 interface configuration
For details about this command and additional
4. ip nat inside outside 5. no shutdown 6. exit
3. interface type number
8. ip nat inside outside 9. no shutdown 10. exit
11-7
permitted by access list acl1 to be translated to one
by the access list 1 to be translated to one of the
Command Reference, Volume 1 of 4 Addressing
and Services
Enters configuration mode for the Fast Ethernet
Configuration Example
Defines a standard access list indicating which
WAN interface FE4 to be the outside interface
Chapter 11 Configuring PPP over Ethernet with NAT
11-10
Configuration Example
vpdn enable vpdn-group 1 request-dialin protocol pppoe
11-11
Verifying Your Configuration
Chapter 11 Configuring PPP over Ethernet with NAT
Configuration Example
Chapter 11 Configuring PPP over Ethernet with NAT
11-12
Configuration Example
OL-23590-02
DHCP
Configuring a LAN with DHCP and VLANs
12-1
C H A P T E R
Configure DHCP, page Configure VLANs, page
Configure DHCP
7. default-router address address2...address8
VLANs
resolution
Identifies the default domain that the router uses to
enters DHCP pool configuration mode. The name
Specifies up to eight default routers for a DHCP
Exits DHCP configuration mode and enters global
Verify Your DHCP Configuration
Specifies up to eight DNS servers available to a
DHCP client
1. vlan ? 2. ISL VLAN ID 3. exit
Configure VLANs
12-5
Chapter 12 Configuring a LAN with DHCP and VLANs Configuration Tasks
Services Command Reference
Assign a Switch Port to a VLAN
1. interface switch port id
2. switchport access vlan vlan-id 3. end
Specifies the switch port that you want to assign
Verify Your VLAN Configuration
to the VLAN
Assigns a port to the VLAN
Chapter 12 Configuring a LAN with DHCP and VLANs Configuration Tasks
12-8
Cisco 819 Integrated Services Routers Software Configuration Guide
Router# vlan database
Chapter 12 Configuring a LAN with DHCP and VLANs Configuration Tasks
12-9
Router# show vlan-switch
OL-23590-02
Chapter 12 Configuring a LAN with DHCP and VLANs Configuration Tasks
12-10
Cisco 819 Integrated Services Routers Software Configuration Guide
OL-23590-02
C H A P T E R
Configuring a VPN Using Easy VPN and an IPSec Tunnel
13-1
Figure 13-1 Remote Access VPN Using IPSec Tunnel
Cisco Easy VPN
13-2
Create an Easy VPN Remote Configuration, page
Configure the IKE Policy
13-3
Configuration Tasks
standard SHA-1
The example specifies 168-bit data encryption
The example specifies a pre-shared key
Specifies the Diffie-Hellman group to be used in
13-5
Configure Group Policy Information
1. crypto isakmp client configuration group group-name default
6. ip local pool default poolname low-ip-address high-ip-address
13-6
Apply Mode Configuration to the Crypto Map
Command or Action
Technologies Command Reference
13-7
Enable Policy Lookup
2. aaa authentication login default list-name method1 method2
Command or Action
Configure the IPSec Crypto Method and Parameters
Configure IPSec Transforms and Protocols
13-8
Command or Action
Command or Action
13-9
crypto map configuration mode
See Cisco IOS Security Command Reference for
Apply the Crypto Map to the Physical Interface
Create an Easy VPN Remote Configuration
2. group group-name key group-key 3. peer ipaddress hostname
13-10
this command would be interface atm
remote configuration applied
6. interface type number
7. crypto ipsec client ezvpn name outside inside 8. exit
13-12
Verifying Your Easy VPN Configuration
Configuration Example
Command or Action
Chapter 13 Configuring a VPN Using Easy VPN and an IPSec Tunnel
13-13
Configuration Example
OL-23590-02
Chapter 13 Configuring a VPN Using Easy VPN and an IPSec Tunnel
13-14
Configuration Example
Cisco 819 Integrated Services Routers Software Configuration Guide
Configuring the Router from a PC, page A-1
Configuring the Router from a PC
Understanding Command Modes, page A-2 Getting Help, page A-4
Enable Secret Passwords and Enable Passwords, page A-5
Terminal Emulation Software
Understanding Command Modes
PC Operating System
the “Enable Secret Passwords and
Access Method
Enable Passwords” procedure on
Mode
router rip-from
Getting Help
Access Method
Mode
Entering Global Configuration Mode
Enable Secret Passwords and Enable Passwords
Abbreviating Commands
Using Commands
Undoing Commands
Command-Line Error Messages
Summary
Saving Configuration Changes
Where to Go Next
OL-18906-02
Appendix A Cisco IOS Software Basic Skills Where to Go Next
Cisco 819 Integrated Services Routers Software Configuration Guide
Ethernet, page B-4 Dial Backup, page B-5 NAT, page B-6
PPP Authentication Protocols, page B-3 TACACS+, page B-4
Easy IP Phase 1, page B-6 Easy IP Phase 2, page B-7 QoS, page B-7
Access Lists, page B-9
Routing Protocol Options
Routing Updates
Protocol
Ideal Topology
Enhanced IGRP
PPP Authentication Protocols
CHAP
TACACS+
Ethernet
Backup Interface
Dial Backup
Backup Interface, page B-5 Floating Static Routes, page B-5
Floating Static Routes
Easy IP Phase
Easy IP Phase
IP Precedence, page B-8 PPP Fragmentation and Interleaving, page B-8
CBWFQ, page B-8 RSVP, page B-8 Low Latency Queuing, page B-9
PPP Fragmentation and Interleaving
IP Precedence
CBWFQ
RSVP
Low Latency Queuing
Access Lists
OL-18906-02
B-10
Appendix B Concepts Access Lists
Command Descriptions, page C-3
Entering the ROM Monitor, page C-1 ROM Monitor Commands, page C-2
Disaster Recovery with TFTP Download, page C-3
Configuration Register, page C-10 Console Download, page C-12
exit
ROM Monitor Commands
reload
Descriptions” section on page C-3
Disaster Recovery with TFTP Download
Command Descriptions
reset or
Configuration Fundamentals and Network Management Guide
Required Variables
TFTP Download Command Variables
Variable
Command
Optional Variables
Using the TFTP Download Command
Command
Variable
Examples
OL-18906-02
Appendix C ROM Monitor Disaster Recovery with TFTP Download
Cisco 819 Integrated Services Routers Software Configuration Guide
Cisco 819 Integrated Services Routers Software Configuration Guide
Appendix C ROM Monitor Disaster Recovery with TFTP Download
OL-18906-02
Disaster Recovery with TFTP Download
Appendix C ROM Monitor
C-10
Configuration Register
Appendix C ROM Monitor Configuration Register
Cisco 819 Integrated Services Routers Software Configuration Guide
C-11
Changing the Configuration Register Manually
Changing the Configuration Register Using Prompts
recognize it, the name of the configuration file must be routerconfg
Command Description
Console Download
xmodem -cyrx destinationfilename
C-13
Debug Commands
Error Reporting
C-14
Exiting the ROM Monitor
A P P E N D I X D
Common Port Assignments
Port
Keyword
Keyword
Port
Description
Table D-1