Cisco Systems, Inc
Page
N T E N T S
Configuring Your Router for Ethernet and DSL Access
802.1x Authentication
Configure the IPSec Crypto Method and Parameters
Configuring Backup Interfaces
Chap
Configuration Register C-6
OL-6426-02
Audience
Preface
Organization
Chapter Title Description
VPN
Boldface
Command Conventions
Conventions
Convention Description
Related Documents
Obtaining Documentation
Cisco.com
Ordering Documentation
Documentation Feedback
Cisco Product Security Overview
Documentation DVD
An emergency, you can also reach Psirt by telephone 877 408
Reporting Security Problems in Cisco Products
Obtaining Technical Assistance
Cisco Technical Support Website
Definitions of Service Request Severity
Submitting a Service Request
Obtaining Additional Publications and Information
Getting Started
Page
Basic Router Configuration
Interface Port Labels
Router Interface Port Label
USB Modem
Viewing the Default Configuration
ADSLoISDN
ATM WAN Shdsl
Example 1-1 Cisco 1812 Default Configuration on Startup
Information Needed for Configuration
To configure the router, perform one or more of these tasks
Configuring Basic Parameters
Example
Configure Global Parameters
Configure Fast Ethernet LAN Interfaces
Command Purpose
Configure the Fast Ethernet WAN Interface
Configure WAN Interfaces
No shutdown
Configure the ATM WAN Interface
Mode atm Exit
Controller dsl
Configure the Wireless Interface
Configuring a Loopback Interface
Configuration Example
Line aux console tty vty line-number
Configuring Command-Line Access to the Router
Verifying Your Configuration
Password password
Login
Exec-timeout minutes seconds
End
Parameters that can be set, see the Cisco IOS IP
Configuring Static Routes
Exits router configuration mode, and enters
Privileged Exec mode
Configuring Dynamic Routes
Configuration Example
Verifying Your Configuration
Version 1
Configuring RIP
Command Task
Router rip
Number identifies the route to other Eigrp routers
Configuring Enhanced Igrp
Enters router configuration mode, and enables
Eigrp on the router. The autonomous-system
Be applied, using the IP address of the network
Routerconfig# network
Specifies a list of networks on which Eigrp is to
Configuring Your Router for Ethernet and DSL Access
Page
Sample Network Deployments
For Ethernet-Based Network Deployments
For DSL-Based Network Deployments
OL-6426-02
Configuring PPP over Ethernet with NAT
PPPoE
Configuration Tasks
Command or Action Purpose
Vpdn enable
Protocol l2f l2tp pppoe any
Configure the Fast Ethernet WAN Interfaces
Request-dialin
Initiate to ip ip-address
Enables the Fast Ethernet interface
Cisco 1800 integrated services routers have
These steps to configure one or both of them
Configures the PPPoE client and specifies
Configure the Dialer Interface
Your router
Using a dialer group controls access to
Exits the dialer 0 interface configuration
Assigns the dialer interface to a dialer group
Configure Network Address Translation
Access-list access-list-number deny permit
Ip nat inside outside
Source source-wildcard
Configuration Example
Router# show ip nat statistics
PPP over ATM with NAT
Configuring PPP over ATM with NAT
PPPoA
Interface is obtained through PPP/IPCP IP
Sets the PPP authentication method
Authentication Protocol Chap
Specifies that the IP address for the dialer
Command Reference, Volume 1 of 4 Routing
Configure the ATM WAN Interface
Configure DSL Signaling Protocol
Configuring Adsl
Attribute Description Default Value
Configuring Shdsl
Verify the Configuration
Dsl lom integer Dsl enable-training-log
Line-mode 4-wire enhanced 4-wire standard
Wire
Ignore-error-duration number
Configure Network Address Translation
For NAT
Enables the configuration changes just made to
About enabling static translation, see the Cisco
FE2-FE9 reside to be the inside interface
Identifies the specified WAN interface as the NAT
Static translation, see the Cisco IOS IP Command
Exits configuration mode for the ATM interface
Defines a standard access list permitting addresses
ATM0
Configuring a LAN with Dhcp and VLANs
Vlan
VLANs
Configure Dhcp
Domain-name domain
Default-router address address2 ...address8
Import all
Dns-server address address2 ...address8
Verify Your Dhcp Configuration
Router# show ip dhcp import
Ip dhcp pool
Example
Configure VLANs
Verify Your Vlan Configuration
Vlan ?
Vlan
Router# show vlan-switch
Switch Port Configurations
Vlan Trunking Protocol VTP
802.1x Authentication
Layer 2 Interfaces
Maximum Switched Virtual Interfaces SVIs
Switched Port Analyzer Span
IP Multicast Switching
Igmp Snooping
Per-Port Storm Control
Fallback Bridging
Separate Voice and Data Subnets
Internet
Configuring a VPN Using Easy VPN and an IPSec Tunnel
Cisco Easy VPN
Configure the IKE Policy
Key name
Configure Group Policy Information
Crypto isakmp client configuration group
Group-name default
Ip local pool default poolname
Apply Mode Configuration to the Crypto Map
Configure IPSec Transforms and Protocols
Enable Policy Lookup
Configure the IPSec Crypto Method and Parameters
Dynamic dynamic-map-name discover
Apply the Crypto Map to the Physical Interface
Reverse-route
Crypto map map-name seq-num ipsec-isakmp
Crypto map map-name
Create an Easy VPN Remote Configuration
Crypto ipsec client ezvpn name outside inside
Verifying Your Easy VPN Configuration
Crypto ipsec client ezvpn ezvpnclient connect auto
Beta Draft Cisco Confidential
Site-to-Site VPN Using an IPSec Tunnel and GRE
VPNs
GRE Tunnels
Example uses 168-bit Data Encryption
Configure a VPN
Configure the IKE Policy
Also enters Internet Security Association Key
Configure Group Policy Information
Group 1 2
Lifetime seconds
Specifies group domain membership
Enable Policy Lookup
Exits IKE group policy configuration mode,
Enters global configuration mode
Negotiating IPSec security associations
Configure IPSec Transforms and Protocols
Method used to do so
Specifies global lifetime values used when
Map entry
Configure the IPSec Crypto Method and Parameters
Creates a dynamic crypto map entry, and enters
Creates source proxy information for the crypto
Applies the crypto map to the interface
Configure a GRE Tunnel
Apply the Crypto Map to the Physical Interface
Map
Access-list-name ACL that is used by the crypto map
Tunnel interface must be configured to
Exits interface configuration mode, and returns to
Enters ACL configuration mode for the named
Configuration Example
Ip nat outside no cdp enable
Beta Draft Cisco Confidential
Router with Firewall Configured
Configuring a Simple Firewall
Unprotected network
Series integrated services router, respectively
Fast Ethernet LAN interface the inside interface for NAT
Protected network
Details about this command
Configure Access Lists
Configure Inspection Rules
Creates an access list which prevents Internet
Apply Access Lists and Inspection Rules to Interfaces
Assigns the set of firewall inspection rules to
Inside interface on the router
Configuring a Simple Firewall Configuration Example
Beta Draft Cisco Confidential
1shows a wireless network deployment
Configuring a Wireless LAN Connection
Configuring a Wireless LAN Connection
Configure the Root Radio Station
Interface configuration mode for the wireless
Sets the permitted authentication methods for a
User attempting access to the wireless LAN
Exits Ssid configuration mode, and enters
Bridge-group number
Configure Bridging on VLANs
Station-role repeater root
Bridge number crb irb mac-address-table
Configure Radio Station Subinterfaces
Enables Ieee 802.1q encapsulation on
Specified subinterface
Assigns a bridge group to the subinterface
Exits subinterface configuration mode,
No bridge-group 3 unicast-flooding Interface Vlan1
Sample Configuration
Router# show running-config
10-1
Ip dhcp pool vlan3
10-2
10-3
10-4
10-5
10-6
11-1
Additional Configuration Options
11-2
Configuring Additional Features and Troubleshooting
Page
Configuring Security Features
Authentication, Authorization, and Accounting
12-1
ACL Type
Configuring AutoSecure
Configuring Access Lists
Configuration Commands
Ip access-group number name in out
Configuring a Cbac Firewall
Access Groups
Guidelines for Creating Access Groups
Configuring Cisco IOS Firewall IDS
Configuring VPNs
12-4
13-1
Configuring Dial Backup and Remote Management
Dial Backup Feature Activation Methods
Backup Interfaces
Configuring Backup Interfaces
Floating Static Routes
13-2
Configuring Floating Static Routes
Enables RIP routing
13-3
13-4
Configuring Dialer Watch
Dialer Watch
Specifies the group number for the watch list
Dial Backup Feature Limitations
Dial Backup Type Possible? Dial Backup Method Limitations
13-5
13-6
13-7
13-8
Example 13-3 Configuring Dial Backup Using Dialer Watch
13-9
Configure Isdn Settings
13-10
Dialer-group group-number
Access-group
Ip address negotiated
Dialer pool number
Configure the Aggregator and Isdn Peer Router
For your Cisco router during the ATM network downtime
13-12
13-13
Asynchronous Interface Configuration
13-14
13-15
Line Configuration
13-16
14-1
Troubleshooting
Getting Started
Before Contacting Cisco or Your Reseller
14-2
Adsl Troubleshooting
Shdsl Troubleshooting
PortFast Troubleshooting
14-3
ATM Troubleshooting Commands
Ping atm interface Command
Show interface Command
Shutdown command
Output Cause
14-4
Show atm interface Command
14-5
Router# show atm interface atm
Field Description
Debug atm Commands
Guidelines for Using Debug Commands
Debug atm errors Command
Router# debug atm events Router#
Debug atm events Command
Router# debug atm errors ATM errors debugging is on Router#
14-7
Example 14-7shows a sample output
Debug atm packet Command
Where the keywords are defined as follows
Optional ATM interface or subinterface number
14-9
Software Upgrade Methods
Recovering a Lost Password
ATM0
Change the Configuration Register
14-10
Router# show version
Prompt changes to the privileged Exec prompt
Reset the Router
Router# show startup-config
Press Return. The following prompt appears
Reset the Password and Save Your Changes
Reset the Configuration Register Value
14-12
14-13
Managing Your Router with SDM
14-14
Reference Information
Page
PC Operating System Software
Configuring the Router from a PC
One of the configuration topic chapters in this guide
Cisco IOS Software Basic Skills
Understanding Command Modes
Exec
As interface atm
Ctrl-Z
Router rip, from
Configuration mode Routing protocol Appropriate
Getting Help
Router Enter one of the router
Enable Secret Passwords and Enable Passwords
Entering Global Configuration Mode
You can now make changes to your router configuration
Command-Line Error Messages
Using Commands
Abbreviating Commands
Undoing Commands
Saving Configuration Changes
Where to Go Next
Summary
OL-6426-02
Adsl
Concepts
Routing Protocol Options
Network Protocols
RIP
PPP Authentication Protocols
Protocol Ideal Topology Metric Routing Updates
Enhanced Igrp
PAP
Ethernet
Network Interfaces
Dial Backup
Backup Interface
Dialer Interface
NAT
Easy IP Phase
QoS
IP Precedence
PPP Fragmentation and Interleaving
Low Latency Queuing
Cbwfq
Access Lists
OL-6426-02
ROM Monitor
Enable
Config-reg
Resets the configuration register
Descriptions section in this appendix
ROM Monitor Commands
Exits global configuration mode
Reload
Command Description
Command Descriptions
Disaster Recovery with Tftp Download
Tftp Download Command Variables
Variable Command
Required Variables
Optional Variables
Retrytimes
Using the Tftp Download Command
TFTPTIMEOUT= time
TFTPCHECKSUM= setting
Rommon 1 confreg
Configuration Register
Changing the Configuration Register Manually
Changing the Configuration Register Using Prompts
Console Download
Command Description
Frame-Displays an individual stack frame
Debug Commands
Error Reporting
Context-Displays processor context for example
Exiting the ROM Monitor
OL-6426-02
Port Keyword Description
Common Port Assignments
Finger
NETBIOS-NS
NETBIOS-DGM
NETBIOS-SSN
IN-1
See ARP
See AAL
See ATM
See Chap
See CAR
IN-2
IN-3
Dhcp
GRE
Experience, user Extended access list Overview B-11
See also examples
Ethernet B-5 Events, ATM, displaying
See LCP
See NCP
IN-5
See Ipcp
See PAP
See PVC
See PPP
See RIP
See NAT
IN-7
Upgrading software, methods for 14-9User Datagram Protocol
See UDP
IN-8
