Cisco Systems, Inc
Page
N T E N T S
Configuring Your Router for Ethernet and DSL Access
802.1x Authentication
Configure the IPSec Crypto Method and Parameters
Configuring Backup Interfaces
Chap
Configuration Register C-6
OL-6426-02
Preface
Audience
Chapter Title Description
Organization
VPN
Command Conventions
Conventions
Convention Description
Boldface
Obtaining Documentation
Related Documents
Cisco.com
Documentation Feedback
Cisco Product Security Overview
Documentation DVD
Ordering Documentation
Reporting Security Problems in Cisco Products
Obtaining Technical Assistance
Cisco Technical Support Website
An emergency, you can also reach Psirt by telephone 877 408
Submitting a Service Request
Definitions of Service Request Severity
Obtaining Additional Publications and Information
Getting Started
Page
Interface Port Labels
Basic Router Configuration
Router Interface Port Label
Viewing the Default Configuration
ADSLoISDN
ATM WAN Shdsl
USB Modem
Example 1-1 Cisco 1812 Default Configuration on Startup
Information Needed for Configuration
Configuring Basic Parameters
To configure the router, perform one or more of these tasks
Configure Global Parameters
Configure Fast Ethernet LAN Interfaces
Command Purpose
Example
Configure WAN Interfaces
Configure the Fast Ethernet WAN Interface
Configure the ATM WAN Interface
Mode atm Exit
Controller dsl
No shutdown
Configuring a Loopback Interface
Configure the Wireless Interface
Configuration Example
Configuring Command-Line Access to the Router
Verifying Your Configuration
Password password
Line aux console tty vty line-number
Exec-timeout minutes seconds
Login
End
Configuring Static Routes
Exits router configuration mode, and enters
Privileged Exec mode
Parameters that can be set, see the Cisco IOS IP
Configuration Example
Configuring Dynamic Routes
Verifying Your Configuration
Configuring RIP
Command Task
Router rip
Version 1
Configuring Enhanced Igrp
Enters router configuration mode, and enables
Eigrp on the router. The autonomous-system
Number identifies the route to other Eigrp routers
Routerconfig# network
Be applied, using the IP address of the network
Specifies a list of networks on which Eigrp is to
Configuring Your Router for Ethernet and DSL Access
Page
For Ethernet-Based Network Deployments
Sample Network Deployments
For DSL-Based Network Deployments
OL-6426-02
Configuring PPP over Ethernet with NAT
Configuration Tasks
Command or Action Purpose
Vpdn enable
PPPoE
Configure the Fast Ethernet WAN Interfaces
Request-dialin
Initiate to ip ip-address
Protocol l2f l2tp pppoe any
Cisco 1800 integrated services routers have
These steps to configure one or both of them
Configures the PPPoE client and specifies
Enables the Fast Ethernet interface
Configure the Dialer Interface
Using a dialer group controls access to
Exits the dialer 0 interface configuration
Assigns the dialer interface to a dialer group
Your router
Configure Network Address Translation
Ip nat inside outside
Access-list access-list-number deny permit
Source source-wildcard
Configuration Example
Router# show ip nat statistics
Configuring PPP over ATM with NAT
PPP over ATM with NAT
PPPoA
Sets the PPP authentication method
Authentication Protocol Chap
Specifies that the IP address for the dialer
Interface is obtained through PPP/IPCP IP
Command Reference, Volume 1 of 4 Routing
Configure the ATM WAN Interface
Configuring Adsl
Configure DSL Signaling Protocol
Attribute Description Default Value
Verify the Configuration
Configuring Shdsl
Dsl lom integer Dsl enable-training-log
Wire
Line-mode 4-wire enhanced 4-wire standard
Ignore-error-duration number
Configure Network Address Translation
Enables the configuration changes just made to
About enabling static translation, see the Cisco
FE2-FE9 reside to be the inside interface
For NAT
Static translation, see the Cisco IOS IP Command
Exits configuration mode for the ATM interface
Defines a standard access list permitting addresses
Identifies the specified WAN interface as the NAT
ATM0
Vlan
Configuring a LAN with Dhcp and VLANs
VLANs
Configure Dhcp
Default-router address address2 ...address8
Import all
Dns-server address address2 ...address8
Domain-name domain
Router# show ip dhcp import
Verify Your Dhcp Configuration
Ip dhcp pool
Configure VLANs
Verify Your Vlan Configuration
Vlan ?
Example
Router# show vlan-switch
Vlan
Switch Port Configurations
802.1x Authentication
Vlan Trunking Protocol VTP
Maximum Switched Virtual Interfaces SVIs
Switched Port Analyzer Span
IP Multicast Switching
Layer 2 Interfaces
Per-Port Storm Control
Fallback Bridging
Separate Voice and Data Subnets
Igmp Snooping
Configuring a VPN Using Easy VPN and an IPSec Tunnel
Internet
Cisco Easy VPN
Configure the IKE Policy
Configure Group Policy Information
Crypto isakmp client configuration group
Group-name default
Key name
Apply Mode Configuration to the Crypto Map
Ip local pool default poolname
Enable Policy Lookup
Configure IPSec Transforms and Protocols
Configure the IPSec Crypto Method and Parameters
Apply the Crypto Map to the Physical Interface
Reverse-route
Crypto map map-name seq-num ipsec-isakmp
Dynamic dynamic-map-name discover
Create an Easy VPN Remote Configuration
Crypto map map-name
Verifying Your Easy VPN Configuration
Crypto ipsec client ezvpn name outside inside
Crypto ipsec client ezvpn ezvpnclient connect auto
Beta Draft Cisco Confidential
Site-to-Site VPN Using an IPSec Tunnel and GRE
GRE Tunnels
VPNs
Configure a VPN
Configure the IKE Policy
Also enters Internet Security Association Key
Example uses 168-bit Data Encryption
Group 1 2
Configure Group Policy Information
Lifetime seconds
Enable Policy Lookup
Exits IKE group policy configuration mode,
Enters global configuration mode
Specifies group domain membership
Configure IPSec Transforms and Protocols
Method used to do so
Specifies global lifetime values used when
Negotiating IPSec security associations
Configure the IPSec Crypto Method and Parameters
Creates a dynamic crypto map entry, and enters
Creates source proxy information for the crypto
Map entry
Configure a GRE Tunnel
Apply the Crypto Map to the Physical Interface
Map
Applies the crypto map to the interface
Tunnel interface must be configured to
Exits interface configuration mode, and returns to
Enters ACL configuration mode for the named
Access-list-name ACL that is used by the crypto map
Configuration Example
Ip nat outside no cdp enable
Beta Draft Cisco Confidential
Configuring a Simple Firewall
Router with Firewall Configured
Series integrated services router, respectively
Fast Ethernet LAN interface the inside interface for NAT
Protected network
Unprotected network
Configure Access Lists
Configure Inspection Rules
Creates an access list which prevents Internet
Details about this command
Assigns the set of firewall inspection rules to
Apply Access Lists and Inspection Rules to Interfaces
Inside interface on the router
Configuring a Simple Firewall Configuration Example
Beta Draft Cisco Confidential
Configuring a Wireless LAN Connection
1shows a wireless network deployment
Configuring a Wireless LAN Connection
Configure the Root Radio Station
Sets the permitted authentication methods for a
User attempting access to the wireless LAN
Exits Ssid configuration mode, and enters
Interface configuration mode for the wireless
Configure Bridging on VLANs
Station-role repeater root
Bridge number crb irb mac-address-table
Bridge-group number
Enables Ieee 802.1q encapsulation on
Configure Radio Station Subinterfaces
Specified subinterface
Exits subinterface configuration mode,
Assigns a bridge group to the subinterface
No bridge-group 3 unicast-flooding Interface Vlan1
Router# show running-config
Sample Configuration
10-1
10-2
Ip dhcp pool vlan3
10-3
10-4
10-5
10-6
Additional Configuration Options
11-1
11-2
Configuring Additional Features and Troubleshooting
Page
Authentication, Authorization, and Accounting
Configuring Security Features
12-1
Configuring AutoSecure
Configuring Access Lists
Configuration Commands
ACL Type
Configuring a Cbac Firewall
Access Groups
Guidelines for Creating Access Groups
Ip access-group number name in out
Configuring VPNs
Configuring Cisco IOS Firewall IDS
12-4
Configuring Dial Backup and Remote Management
Dial Backup Feature Activation Methods
Backup Interfaces
13-1
Floating Static Routes
Configuring Backup Interfaces
13-2
Enables RIP routing
Configuring Floating Static Routes
13-3
Configuring Dialer Watch
Dialer Watch
Specifies the group number for the watch list
13-4
Dial Backup Type Possible? Dial Backup Method Limitations
Dial Backup Feature Limitations
13-5
13-6
13-7
Example 13-3 Configuring Dial Backup Using Dialer Watch
13-8
Configure Isdn Settings
13-9
13-10
Access-group
Ip address negotiated
Dialer pool number
Dialer-group group-number
For your Cisco router during the ATM network downtime
Configure the Aggregator and Isdn Peer Router
13-12
Asynchronous Interface Configuration
13-13
13-14
Line Configuration
13-15
13-16
Troubleshooting
Getting Started
Before Contacting Cisco or Your Reseller
14-1
Adsl Troubleshooting
Shdsl Troubleshooting
PortFast Troubleshooting
14-2
ATM Troubleshooting Commands
Ping atm interface Command
Show interface Command
14-3
Output Cause
Shutdown command
14-4
14-5
Show atm interface Command
Router# show atm interface atm
Debug atm Commands
Guidelines for Using Debug Commands
Debug atm errors Command
Field Description
Debug atm events Command
Router# debug atm errors ATM errors debugging is on Router#
14-7
Router# debug atm events Router#
Debug atm packet Command
Where the keywords are defined as follows
Optional ATM interface or subinterface number
Example 14-7shows a sample output
Software Upgrade Methods
Recovering a Lost Password
ATM0
14-9
14-10
Change the Configuration Register
Router# show version
Reset the Router
Router# show startup-config
Press Return. The following prompt appears
Prompt changes to the privileged Exec prompt
Reset the Configuration Register Value
Reset the Password and Save Your Changes
14-12
Managing Your Router with SDM
14-13
14-14
Reference Information
Page
Configuring the Router from a PC
One of the configuration topic chapters in this guide
Cisco IOS Software Basic Skills
PC Operating System Software
Understanding Command Modes
As interface atm
Exec
Ctrl-Z
Configuration mode Routing protocol Appropriate
Getting Help
Router Enter one of the router
Router rip, from
Entering Global Configuration Mode
Enable Secret Passwords and Enable Passwords
You can now make changes to your router configuration
Using Commands
Abbreviating Commands
Undoing Commands
Command-Line Error Messages
Where to Go Next
Saving Configuration Changes
Summary
OL-6426-02
Concepts
Adsl
Network Protocols
Routing Protocol Options
PPP Authentication Protocols
Protocol Ideal Topology Metric Routing Updates
Enhanced Igrp
RIP
PAP
Network Interfaces
Ethernet
Backup Interface
Dial Backup
Dialer Interface
NAT
Easy IP Phase
IP Precedence
QoS
PPP Fragmentation and Interleaving
Cbwfq
Low Latency Queuing
Access Lists
OL-6426-02
Enable
Config-reg
Resets the configuration register
ROM Monitor
ROM Monitor Commands
Exits global configuration mode
Reload
Descriptions section in this appendix
Command Descriptions
Disaster Recovery with Tftp Download
Tftp Download Command Variables
Command Description
Required Variables
Variable Command
Optional Variables
Using the Tftp Download Command
TFTPTIMEOUT= time
TFTPCHECKSUM= setting
Retrytimes
Configuration Register
Changing the Configuration Register Manually
Changing the Configuration Register Using Prompts
Rommon 1 confreg
Command Description
Console Download
Debug Commands
Error Reporting
Context-Displays processor context for example
Frame-Displays an individual stack frame
Exiting the ROM Monitor
OL-6426-02
Common Port Assignments
Port Keyword Description
NETBIOS-NS
NETBIOS-DGM
NETBIOS-SSN
Finger
See ARP
See AAL
See ATM
IN-1
See CAR
See Chap
IN-2
Dhcp
IN-3
Experience, user Extended access list Overview B-11
See also examples
Ethernet B-5 Events, ATM, displaying
GRE
See NCP
See LCP
IN-5
See PAP
See PVC
See PPP
See Ipcp
See NAT
See RIP
IN-7
See UDP
Upgrading software, methods for 14-9User Datagram Protocol
IN-8
