Cisco Systems, Inc
Page
N T E N T S
Configuring Your Router for Ethernet and DSL Access
802.1x Authentication
Configure the IPSec Crypto Method and Parameters
Configuring Backup Interfaces
Chap
Configuration Register C-6
OL-6426-02
Preface
Audience
Organization
Chapter Title Description
VPN
Command Conventions
Conventions
Convention Description
Boldface
Related Documents
Obtaining Documentation
Cisco.com
Documentation Feedback
Cisco Product Security Overview
Documentation DVD
Ordering Documentation
Reporting Security Problems in Cisco Products
Obtaining Technical Assistance
Cisco Technical Support Website
An emergency, you can also reach Psirt by telephone 877 408
Submitting a Service Request
Definitions of Service Request Severity
Obtaining Additional Publications and Information
Getting Started
Page
Basic Router Configuration
Interface Port Labels
Router Interface Port Label
Viewing the Default Configuration
ADSLoISDN
ATM WAN Shdsl
USB Modem
Example 1-1 Cisco 1812 Default Configuration on Startup
Information Needed for Configuration
Configuring Basic Parameters
To configure the router, perform one or more of these tasks
Configure Global Parameters
Configure Fast Ethernet LAN Interfaces
Command Purpose
Example
Configure WAN Interfaces
Configure the Fast Ethernet WAN Interface
Configure the ATM WAN Interface
Mode atm Exit
Controller dsl
No shutdown
Configure the Wireless Interface
Configuring a Loopback Interface
Configuration Example
Configuring Command-Line Access to the Router
Verifying Your Configuration
Password password
Line aux console tty vty line-number
Login
Exec-timeout minutes seconds
End
Configuring Static Routes
Exits router configuration mode, and enters
Privileged Exec mode
Parameters that can be set, see the Cisco IOS IP
Configuring Dynamic Routes
Configuration Example
Verifying Your Configuration
Configuring RIP
Command Task
Router rip
Version 1
Configuring Enhanced Igrp
Enters router configuration mode, and enables
Eigrp on the router. The autonomous-system
Number identifies the route to other Eigrp routers
Be applied, using the IP address of the network
Routerconfig# network
Specifies a list of networks on which Eigrp is to
Configuring Your Router for Ethernet and DSL Access
Page
Sample Network Deployments
For Ethernet-Based Network Deployments
For DSL-Based Network Deployments
OL-6426-02
Configuring PPP over Ethernet with NAT
Configuration Tasks
Command or Action Purpose
Vpdn enable
PPPoE
Configure the Fast Ethernet WAN Interfaces
Request-dialin
Initiate to ip ip-address
Protocol l2f l2tp pppoe any
Cisco 1800 integrated services routers have
These steps to configure one or both of them
Configures the PPPoE client and specifies
Enables the Fast Ethernet interface
Configure the Dialer Interface
Using a dialer group controls access to
Exits the dialer 0 interface configuration
Assigns the dialer interface to a dialer group
Your router
Configure Network Address Translation
Access-list access-list-number deny permit
Ip nat inside outside
Source source-wildcard
Configuration Example
Router# show ip nat statistics
Configuring PPP over ATM with NAT
PPP over ATM with NAT
PPPoA
Sets the PPP authentication method
Authentication Protocol Chap
Specifies that the IP address for the dialer
Interface is obtained through PPP/IPCP IP
Command Reference, Volume 1 of 4 Routing
Configure the ATM WAN Interface
Configure DSL Signaling Protocol
Configuring Adsl
Attribute Description Default Value
Configuring Shdsl
Verify the Configuration
Dsl lom integer Dsl enable-training-log
Line-mode 4-wire enhanced 4-wire standard
Wire
Ignore-error-duration number
Configure Network Address Translation
Enables the configuration changes just made to
About enabling static translation, see the Cisco
FE2-FE9 reside to be the inside interface
For NAT
Static translation, see the Cisco IOS IP Command
Exits configuration mode for the ATM interface
Defines a standard access list permitting addresses
Identifies the specified WAN interface as the NAT
ATM0
Configuring a LAN with Dhcp and VLANs
Vlan
VLANs
Configure Dhcp
Default-router address address2 ...address8
Import all
Dns-server address address2 ...address8
Domain-name domain
Verify Your Dhcp Configuration
Router# show ip dhcp import
Ip dhcp pool
Configure VLANs
Verify Your Vlan Configuration
Vlan ?
Example
Router# show vlan-switch
Vlan
Switch Port Configurations
802.1x Authentication
Vlan Trunking Protocol VTP
Maximum Switched Virtual Interfaces SVIs
Switched Port Analyzer Span
IP Multicast Switching
Layer 2 Interfaces
Per-Port Storm Control
Fallback Bridging
Separate Voice and Data Subnets
Igmp Snooping
Configuring a VPN Using Easy VPN and an IPSec Tunnel
Internet
Cisco Easy VPN
Configure the IKE Policy
Configure Group Policy Information
Crypto isakmp client configuration group
Group-name default
Key name
Apply Mode Configuration to the Crypto Map
Ip local pool default poolname
Enable Policy Lookup
Configure IPSec Transforms and Protocols
Configure the IPSec Crypto Method and Parameters
Apply the Crypto Map to the Physical Interface
Reverse-route
Crypto map map-name seq-num ipsec-isakmp
Dynamic dynamic-map-name discover
Create an Easy VPN Remote Configuration
Crypto map map-name
Verifying Your Easy VPN Configuration
Crypto ipsec client ezvpn name outside inside
Crypto ipsec client ezvpn ezvpnclient connect auto
Beta Draft Cisco Confidential
Site-to-Site VPN Using an IPSec Tunnel and GRE
GRE Tunnels
VPNs
Configure a VPN
Configure the IKE Policy
Also enters Internet Security Association Key
Example uses 168-bit Data Encryption
Configure Group Policy Information
Group 1 2
Lifetime seconds
Enable Policy Lookup
Exits IKE group policy configuration mode,
Enters global configuration mode
Specifies group domain membership
Configure IPSec Transforms and Protocols
Method used to do so
Specifies global lifetime values used when
Negotiating IPSec security associations
Configure the IPSec Crypto Method and Parameters
Creates a dynamic crypto map entry, and enters
Creates source proxy information for the crypto
Map entry
Configure a GRE Tunnel
Apply the Crypto Map to the Physical Interface
Map
Applies the crypto map to the interface
Tunnel interface must be configured to
Exits interface configuration mode, and returns to
Enters ACL configuration mode for the named
Access-list-name ACL that is used by the crypto map
Configuration Example
Ip nat outside no cdp enable
Beta Draft Cisco Confidential
Configuring a Simple Firewall
Router with Firewall Configured
Series integrated services router, respectively
Fast Ethernet LAN interface the inside interface for NAT
Protected network
Unprotected network
Configure Access Lists
Configure Inspection Rules
Creates an access list which prevents Internet
Details about this command
Apply Access Lists and Inspection Rules to Interfaces
Assigns the set of firewall inspection rules to
Inside interface on the router
Configuring a Simple Firewall Configuration Example
Beta Draft Cisco Confidential
Configuring a Wireless LAN Connection
1shows a wireless network deployment
Configuring a Wireless LAN Connection
Configure the Root Radio Station
Sets the permitted authentication methods for a
User attempting access to the wireless LAN
Exits Ssid configuration mode, and enters
Interface configuration mode for the wireless
Configure Bridging on VLANs
Station-role repeater root
Bridge number crb irb mac-address-table
Bridge-group number
Configure Radio Station Subinterfaces
Enables Ieee 802.1q encapsulation on
Specified subinterface
Exits subinterface configuration mode,
Assigns a bridge group to the subinterface
No bridge-group 3 unicast-flooding Interface Vlan1
Sample Configuration
Router# show running-config
10-1
10-2
Ip dhcp pool vlan3
10-3
10-4
10-5
10-6
Additional Configuration Options
11-1
11-2
Configuring Additional Features and Troubleshooting
Page
Configuring Security Features
Authentication, Authorization, and Accounting
12-1
Configuring AutoSecure
Configuring Access Lists
Configuration Commands
ACL Type
Configuring a Cbac Firewall
Access Groups
Guidelines for Creating Access Groups
Ip access-group number name in out
Configuring Cisco IOS Firewall IDS
Configuring VPNs
12-4
Configuring Dial Backup and Remote Management
Dial Backup Feature Activation Methods
Backup Interfaces
13-1
Configuring Backup Interfaces
Floating Static Routes
13-2
Configuring Floating Static Routes
Enables RIP routing
13-3
Configuring Dialer Watch
Dialer Watch
Specifies the group number for the watch list
13-4
Dial Backup Feature Limitations
Dial Backup Type Possible? Dial Backup Method Limitations
13-5
13-6
13-7
Example 13-3 Configuring Dial Backup Using Dialer Watch
13-8
Configure Isdn Settings
13-9
13-10
Access-group
Ip address negotiated
Dialer pool number
Dialer-group group-number
Configure the Aggregator and Isdn Peer Router
For your Cisco router during the ATM network downtime
13-12
Asynchronous Interface Configuration
13-13
13-14
Line Configuration
13-15
13-16
Troubleshooting
Getting Started
Before Contacting Cisco or Your Reseller
14-1
Adsl Troubleshooting
Shdsl Troubleshooting
PortFast Troubleshooting
14-2
ATM Troubleshooting Commands
Ping atm interface Command
Show interface Command
14-3
Shutdown command
Output Cause
14-4
Show atm interface Command
14-5
Router# show atm interface atm
Debug atm Commands
Guidelines for Using Debug Commands
Debug atm errors Command
Field Description
Debug atm events Command
Router# debug atm errors ATM errors debugging is on Router#
14-7
Router# debug atm events Router#
Debug atm packet Command
Where the keywords are defined as follows
Optional ATM interface or subinterface number
Example 14-7shows a sample output
Software Upgrade Methods
Recovering a Lost Password
ATM0
14-9
Change the Configuration Register
14-10
Router# show version
Reset the Router
Router# show startup-config
Press Return. The following prompt appears
Prompt changes to the privileged Exec prompt
Reset the Password and Save Your Changes
Reset the Configuration Register Value
14-12
Managing Your Router with SDM
14-13
14-14
Reference Information
Page
Configuring the Router from a PC
One of the configuration topic chapters in this guide
Cisco IOS Software Basic Skills
PC Operating System Software
Understanding Command Modes
Exec
As interface atm
Ctrl-Z
Configuration mode Routing protocol Appropriate
Getting Help
Router Enter one of the router
Router rip, from
Enable Secret Passwords and Enable Passwords
Entering Global Configuration Mode
You can now make changes to your router configuration
Using Commands
Abbreviating Commands
Undoing Commands
Command-Line Error Messages
Saving Configuration Changes
Where to Go Next
Summary
OL-6426-02
Concepts
Adsl
Network Protocols
Routing Protocol Options
PPP Authentication Protocols
Protocol Ideal Topology Metric Routing Updates
Enhanced Igrp
RIP
PAP
Network Interfaces
Ethernet
Dial Backup
Backup Interface
Dialer Interface
NAT
Easy IP Phase
QoS
IP Precedence
PPP Fragmentation and Interleaving
Cbwfq
Low Latency Queuing
Access Lists
OL-6426-02
Enable
Config-reg
Resets the configuration register
ROM Monitor
ROM Monitor Commands
Exits global configuration mode
Reload
Descriptions section in this appendix
Command Descriptions
Disaster Recovery with Tftp Download
Tftp Download Command Variables
Command Description
Variable Command
Required Variables
Optional Variables
Using the Tftp Download Command
TFTPTIMEOUT= time
TFTPCHECKSUM= setting
Retrytimes
Configuration Register
Changing the Configuration Register Manually
Changing the Configuration Register Using Prompts
Rommon 1 confreg
Command Description
Console Download
Debug Commands
Error Reporting
Context-Displays processor context for example
Frame-Displays an individual stack frame
Exiting the ROM Monitor
OL-6426-02
Common Port Assignments
Port Keyword Description
NETBIOS-NS
NETBIOS-DGM
NETBIOS-SSN
Finger
See ARP
See AAL
See ATM
IN-1
See Chap
See CAR
IN-2
Dhcp
IN-3
Experience, user Extended access list Overview B-11
See also examples
Ethernet B-5 Events, ATM, displaying
GRE
See LCP
See NCP
IN-5
See PAP
See PVC
See PPP
See Ipcp
See RIP
See NAT
IN-7
Upgrading software, methods for 14-9User Datagram Protocol
See UDP
IN-8
