Cisco Systems, Inc
Page
N T E N T S
Configuring Your Router for Ethernet and DSL Access
802.1x Authentication
Configure the IPSec Crypto Method and Parameters
Configuring Backup Interfaces
Chap
Configuration Register C-6
OL-6426-02
Audience
Preface
Chapter Title Description
Organization
VPN
Conventions
Command Conventions
Convention Description
Boldface
Obtaining Documentation
Related Documents
Cisco.com
Cisco Product Security Overview
Documentation Feedback
Documentation DVD
Ordering Documentation
Obtaining Technical Assistance
Reporting Security Problems in Cisco Products
Cisco Technical Support Website
An emergency, you can also reach Psirt by telephone 877 408
Definitions of Service Request Severity
Submitting a Service Request
Obtaining Additional Publications and Information
Getting Started
Page
Interface Port Labels
Basic Router Configuration
Router Interface Port Label
ADSLoISDN
Viewing the Default Configuration
ATM WAN Shdsl
USB Modem
Example 1-1 Cisco 1812 Default Configuration on Startup
Information Needed for Configuration
To configure the router, perform one or more of these tasks
Configuring Basic Parameters
Configure Fast Ethernet LAN Interfaces
Configure Global Parameters
Command Purpose
Example
Configure the Fast Ethernet WAN Interface
Configure WAN Interfaces
Mode atm Exit
Configure the ATM WAN Interface
Controller dsl
No shutdown
Configuring a Loopback Interface
Configure the Wireless Interface
Configuration Example
Verifying Your Configuration
Configuring Command-Line Access to the Router
Password password
Line aux console tty vty line-number
Exec-timeout minutes seconds
Login
End
Exits router configuration mode, and enters
Configuring Static Routes
Privileged Exec mode
Parameters that can be set, see the Cisco IOS IP
Configuration Example
Configuring Dynamic Routes
Verifying Your Configuration
Command Task
Configuring RIP
Router rip
Version 1
Enters router configuration mode, and enables
Configuring Enhanced Igrp
Eigrp on the router. The autonomous-system
Number identifies the route to other Eigrp routers
Routerconfig# network
Be applied, using the IP address of the network
Specifies a list of networks on which Eigrp is to
Configuring Your Router for Ethernet and DSL Access
Page
For Ethernet-Based Network Deployments
Sample Network Deployments
For DSL-Based Network Deployments
OL-6426-02
Configuring PPP over Ethernet with NAT
Command or Action Purpose
Configuration Tasks
Vpdn enable
PPPoE
Request-dialin
Configure the Fast Ethernet WAN Interfaces
Initiate to ip ip-address
Protocol l2f l2tp pppoe any
These steps to configure one or both of them
Cisco 1800 integrated services routers have
Configures the PPPoE client and specifies
Enables the Fast Ethernet interface
Configure the Dialer Interface
Exits the dialer 0 interface configuration
Using a dialer group controls access to
Assigns the dialer interface to a dialer group
Your router
Configure Network Address Translation
Ip nat inside outside
Access-list access-list-number deny permit
Source source-wildcard
Configuration Example
Router# show ip nat statistics
PPP over ATM with NAT
Configuring PPP over ATM with NAT
PPPoA
Authentication Protocol Chap
Sets the PPP authentication method
Specifies that the IP address for the dialer
Interface is obtained through PPP/IPCP IP
Command Reference, Volume 1 of 4 Routing
Configure the ATM WAN Interface
Configuring Adsl
Configure DSL Signaling Protocol
Attribute Description Default Value
Verify the Configuration
Configuring Shdsl
Dsl lom integer Dsl enable-training-log
Wire
Line-mode 4-wire enhanced 4-wire standard
Ignore-error-duration number
Configure Network Address Translation
About enabling static translation, see the Cisco
Enables the configuration changes just made to
FE2-FE9 reside to be the inside interface
For NAT
Exits configuration mode for the ATM interface
Static translation, see the Cisco IOS IP Command
Defines a standard access list permitting addresses
Identifies the specified WAN interface as the NAT
ATM0
Vlan
Configuring a LAN with Dhcp and VLANs
VLANs
Configure Dhcp
Import all
Default-router address address2 ...address8
Dns-server address address2 ...address8
Domain-name domain
Router# show ip dhcp import
Verify Your Dhcp Configuration
Ip dhcp pool
Verify Your Vlan Configuration
Configure VLANs
Vlan ?
Example
Vlan
Router# show vlan-switch
Switch Port Configurations
Vlan Trunking Protocol VTP
802.1x Authentication
Switched Port Analyzer Span
Maximum Switched Virtual Interfaces SVIs
IP Multicast Switching
Layer 2 Interfaces
Fallback Bridging
Per-Port Storm Control
Separate Voice and Data Subnets
Igmp Snooping
Internet
Configuring a VPN Using Easy VPN and an IPSec Tunnel
Cisco Easy VPN
Configure the IKE Policy
Crypto isakmp client configuration group
Configure Group Policy Information
Group-name default
Key name
Ip local pool default poolname
Apply Mode Configuration to the Crypto Map
Configure IPSec Transforms and Protocols
Enable Policy Lookup
Configure the IPSec Crypto Method and Parameters
Reverse-route
Apply the Crypto Map to the Physical Interface
Crypto map map-name seq-num ipsec-isakmp
Dynamic dynamic-map-name discover
Crypto map map-name
Create an Easy VPN Remote Configuration
Crypto ipsec client ezvpn name outside inside
Verifying Your Easy VPN Configuration
Crypto ipsec client ezvpn ezvpnclient connect auto
Beta Draft Cisco Confidential
Site-to-Site VPN Using an IPSec Tunnel and GRE
VPNs
GRE Tunnels
Configure the IKE Policy
Configure a VPN
Also enters Internet Security Association Key
Example uses 168-bit Data Encryption
Group 1 2
Configure Group Policy Information
Lifetime seconds
Exits IKE group policy configuration mode,
Enable Policy Lookup
Enters global configuration mode
Specifies group domain membership
Method used to do so
Configure IPSec Transforms and Protocols
Specifies global lifetime values used when
Negotiating IPSec security associations
Creates a dynamic crypto map entry, and enters
Configure the IPSec Crypto Method and Parameters
Creates source proxy information for the crypto
Map entry
Apply the Crypto Map to the Physical Interface
Configure a GRE Tunnel
Map
Applies the crypto map to the interface
Exits interface configuration mode, and returns to
Tunnel interface must be configured to
Enters ACL configuration mode for the named
Access-list-name ACL that is used by the crypto map
Configuration Example
Ip nat outside no cdp enable
Beta Draft Cisco Confidential
Router with Firewall Configured
Configuring a Simple Firewall
Fast Ethernet LAN interface the inside interface for NAT
Series integrated services router, respectively
Protected network
Unprotected network
Configure Inspection Rules
Configure Access Lists
Creates an access list which prevents Internet
Details about this command
Assigns the set of firewall inspection rules to
Apply Access Lists and Inspection Rules to Interfaces
Inside interface on the router
Configuring a Simple Firewall Configuration Example
Beta Draft Cisco Confidential
1shows a wireless network deployment
Configuring a Wireless LAN Connection
Configuring a Wireless LAN Connection
Configure the Root Radio Station
User attempting access to the wireless LAN
Sets the permitted authentication methods for a
Exits Ssid configuration mode, and enters
Interface configuration mode for the wireless
Station-role repeater root
Configure Bridging on VLANs
Bridge number crb irb mac-address-table
Bridge-group number
Enables Ieee 802.1q encapsulation on
Configure Radio Station Subinterfaces
Specified subinterface
Assigns a bridge group to the subinterface
Exits subinterface configuration mode,
No bridge-group 3 unicast-flooding Interface Vlan1
Router# show running-config
Sample Configuration
10-1
Ip dhcp pool vlan3
10-2
10-3
10-4
10-5
10-6
11-1
Additional Configuration Options
11-2
Configuring Additional Features and Troubleshooting
Page
Authentication, Authorization, and Accounting
Configuring Security Features
12-1
Configuring Access Lists
Configuring AutoSecure
Configuration Commands
ACL Type
Access Groups
Configuring a Cbac Firewall
Guidelines for Creating Access Groups
Ip access-group number name in out
Configuring VPNs
Configuring Cisco IOS Firewall IDS
12-4
Dial Backup Feature Activation Methods
Configuring Dial Backup and Remote Management
Backup Interfaces
13-1
Floating Static Routes
Configuring Backup Interfaces
13-2
Enables RIP routing
Configuring Floating Static Routes
13-3
Dialer Watch
Configuring Dialer Watch
Specifies the group number for the watch list
13-4
Dial Backup Type Possible? Dial Backup Method Limitations
Dial Backup Feature Limitations
13-5
13-6
13-7
13-8
Example 13-3 Configuring Dial Backup Using Dialer Watch
13-9
Configure Isdn Settings
13-10
Ip address negotiated
Access-group
Dialer pool number
Dialer-group group-number
For your Cisco router during the ATM network downtime
Configure the Aggregator and Isdn Peer Router
13-12
13-13
Asynchronous Interface Configuration
13-14
13-15
Line Configuration
13-16
Getting Started
Troubleshooting
Before Contacting Cisco or Your Reseller
14-1
Shdsl Troubleshooting
Adsl Troubleshooting
PortFast Troubleshooting
14-2
Ping atm interface Command
ATM Troubleshooting Commands
Show interface Command
14-3
Output Cause
Shutdown command
14-4
14-5
Show atm interface Command
Router# show atm interface atm
Guidelines for Using Debug Commands
Debug atm Commands
Debug atm errors Command
Field Description
Router# debug atm errors ATM errors debugging is on Router#
Debug atm events Command
14-7
Router# debug atm events Router#
Where the keywords are defined as follows
Debug atm packet Command
Optional ATM interface or subinterface number
Example 14-7shows a sample output
Recovering a Lost Password
Software Upgrade Methods
ATM0
14-9
14-10
Change the Configuration Register
Router# show version
Router# show startup-config
Reset the Router
Press Return. The following prompt appears
Prompt changes to the privileged Exec prompt
Reset the Configuration Register Value
Reset the Password and Save Your Changes
14-12
14-13
Managing Your Router with SDM
14-14
Reference Information
Page
One of the configuration topic chapters in this guide
Configuring the Router from a PC
Cisco IOS Software Basic Skills
PC Operating System Software
Understanding Command Modes
As interface atm
Exec
Ctrl-Z
Getting Help
Configuration mode Routing protocol Appropriate
Router Enter one of the router
Router rip, from
Entering Global Configuration Mode
Enable Secret Passwords and Enable Passwords
You can now make changes to your router configuration
Abbreviating Commands
Using Commands
Undoing Commands
Command-Line Error Messages
Where to Go Next
Saving Configuration Changes
Summary
OL-6426-02
Adsl
Concepts
Routing Protocol Options
Network Protocols
Protocol Ideal Topology Metric Routing Updates
PPP Authentication Protocols
Enhanced Igrp
RIP
PAP
Ethernet
Network Interfaces
Backup Interface
Dial Backup
Dialer Interface
NAT
Easy IP Phase
IP Precedence
QoS
PPP Fragmentation and Interleaving
Low Latency Queuing
Cbwfq
Access Lists
OL-6426-02
Config-reg
Enable
Resets the configuration register
ROM Monitor
Exits global configuration mode
ROM Monitor Commands
Reload
Descriptions section in this appendix
Disaster Recovery with Tftp Download
Command Descriptions
Tftp Download Command Variables
Command Description
Required Variables
Variable Command
Optional Variables
TFTPTIMEOUT= time
Using the Tftp Download Command
TFTPCHECKSUM= setting
Retrytimes
Changing the Configuration Register Manually
Configuration Register
Changing the Configuration Register Using Prompts
Rommon 1 confreg
Console Download
Command Description
Error Reporting
Debug Commands
Context-Displays processor context for example
Frame-Displays an individual stack frame
Exiting the ROM Monitor
OL-6426-02
Port Keyword Description
Common Port Assignments
NETBIOS-DGM
NETBIOS-NS
NETBIOS-SSN
Finger
See AAL
See ARP
See ATM
IN-1
See CAR
See Chap
IN-2
IN-3
Dhcp
See also examples
Experience, user Extended access list Overview B-11
Ethernet B-5 Events, ATM, displaying
GRE
See NCP
See LCP
IN-5
See PVC
See PAP
See PPP
See Ipcp
See NAT
See RIP
IN-7
See UDP
Upgrading software, methods for 14-9User Datagram Protocol
IN-8
