Cisco Systems, Inc
Page
N T E N T S
Configuring Your Router for Ethernet and DSL Access
802.1x Authentication
Configure the IPSec Crypto Method and Parameters
Configuring Backup Interfaces
Chap
Configuration Register C-6
OL-6426-02
Preface
Audience
Organization
Chapter Title Description
VPN
Convention Description
Command Conventions
Conventions
Boldface
Related Documents
Obtaining Documentation
Cisco.com
Documentation DVD
Documentation Feedback
Cisco Product Security Overview
Ordering Documentation
Cisco Technical Support Website
Reporting Security Problems in Cisco Products
Obtaining Technical Assistance
An emergency, you can also reach Psirt by telephone 877 408
Submitting a Service Request
Definitions of Service Request Severity
Obtaining Additional Publications and Information
Getting Started
Page
Basic Router Configuration
Interface Port Labels
Router Interface Port Label
ATM WAN Shdsl
Viewing the Default Configuration
ADSLoISDN
USB Modem
Example 1-1 Cisco 1812 Default Configuration on Startup
Information Needed for Configuration
Configuring Basic Parameters
To configure the router, perform one or more of these tasks
Command Purpose
Configure Global Parameters
Configure Fast Ethernet LAN Interfaces
Example
Configure WAN Interfaces
Configure the Fast Ethernet WAN Interface
Controller dsl
Configure the ATM WAN Interface
Mode atm Exit
No shutdown
Configure the Wireless Interface
Configuring a Loopback Interface
Configuration Example
Password password
Configuring Command-Line Access to the Router
Verifying Your Configuration
Line aux console tty vty line-number
Login
Exec-timeout minutes seconds
End
Privileged Exec mode
Configuring Static Routes
Exits router configuration mode, and enters
Parameters that can be set, see the Cisco IOS IP
Configuring Dynamic Routes
Configuration Example
Verifying Your Configuration
Router rip
Configuring RIP
Command Task
Version 1
Eigrp on the router. The autonomous-system
Configuring Enhanced Igrp
Enters router configuration mode, and enables
Number identifies the route to other Eigrp routers
Be applied, using the IP address of the network
Routerconfig# network
Specifies a list of networks on which Eigrp is to
Configuring Your Router for Ethernet and DSL Access
Page
Sample Network Deployments
For Ethernet-Based Network Deployments
For DSL-Based Network Deployments
OL-6426-02
Configuring PPP over Ethernet with NAT
Vpdn enable
Configuration Tasks
Command or Action Purpose
PPPoE
Initiate to ip ip-address
Configure the Fast Ethernet WAN Interfaces
Request-dialin
Protocol l2f l2tp pppoe any
Configures the PPPoE client and specifies
Cisco 1800 integrated services routers have
These steps to configure one or both of them
Enables the Fast Ethernet interface
Configure the Dialer Interface
Assigns the dialer interface to a dialer group
Using a dialer group controls access to
Exits the dialer 0 interface configuration
Your router
Configure Network Address Translation
Access-list access-list-number deny permit
Ip nat inside outside
Source source-wildcard
Configuration Example
Router# show ip nat statistics
Configuring PPP over ATM with NAT
PPP over ATM with NAT
PPPoA
Specifies that the IP address for the dialer
Sets the PPP authentication method
Authentication Protocol Chap
Interface is obtained through PPP/IPCP IP
Command Reference, Volume 1 of 4 Routing
Configure the ATM WAN Interface
Configure DSL Signaling Protocol
Configuring Adsl
Attribute Description Default Value
Configuring Shdsl
Verify the Configuration
Dsl lom integer Dsl enable-training-log
Line-mode 4-wire enhanced 4-wire standard
Wire
Ignore-error-duration number
Configure Network Address Translation
FE2-FE9 reside to be the inside interface
Enables the configuration changes just made to
About enabling static translation, see the Cisco
For NAT
Defines a standard access list permitting addresses
Static translation, see the Cisco IOS IP Command
Exits configuration mode for the ATM interface
Identifies the specified WAN interface as the NAT
ATM0
Configuring a LAN with Dhcp and VLANs
Vlan
VLANs
Configure Dhcp
Dns-server address address2 ...address8
Default-router address address2 ...address8
Import all
Domain-name domain
Verify Your Dhcp Configuration
Router# show ip dhcp import
Ip dhcp pool
Vlan ?
Configure VLANs
Verify Your Vlan Configuration
Example
Router# show vlan-switch
Vlan
Switch Port Configurations
802.1x Authentication
Vlan Trunking Protocol VTP
IP Multicast Switching
Maximum Switched Virtual Interfaces SVIs
Switched Port Analyzer Span
Layer 2 Interfaces
Separate Voice and Data Subnets
Per-Port Storm Control
Fallback Bridging
Igmp Snooping
Configuring a VPN Using Easy VPN and an IPSec Tunnel
Internet
Cisco Easy VPN
Configure the IKE Policy
Group-name default
Configure Group Policy Information
Crypto isakmp client configuration group
Key name
Apply Mode Configuration to the Crypto Map
Ip local pool default poolname
Enable Policy Lookup
Configure IPSec Transforms and Protocols
Configure the IPSec Crypto Method and Parameters
Crypto map map-name seq-num ipsec-isakmp
Apply the Crypto Map to the Physical Interface
Reverse-route
Dynamic dynamic-map-name discover
Create an Easy VPN Remote Configuration
Crypto map map-name
Verifying Your Easy VPN Configuration
Crypto ipsec client ezvpn name outside inside
Crypto ipsec client ezvpn ezvpnclient connect auto
Beta Draft Cisco Confidential
Site-to-Site VPN Using an IPSec Tunnel and GRE
GRE Tunnels
VPNs
Also enters Internet Security Association Key
Configure a VPN
Configure the IKE Policy
Example uses 168-bit Data Encryption
Configure Group Policy Information
Group 1 2
Lifetime seconds
Enters global configuration mode
Enable Policy Lookup
Exits IKE group policy configuration mode,
Specifies group domain membership
Specifies global lifetime values used when
Configure IPSec Transforms and Protocols
Method used to do so
Negotiating IPSec security associations
Creates source proxy information for the crypto
Configure the IPSec Crypto Method and Parameters
Creates a dynamic crypto map entry, and enters
Map entry
Map
Configure a GRE Tunnel
Apply the Crypto Map to the Physical Interface
Applies the crypto map to the interface
Enters ACL configuration mode for the named
Tunnel interface must be configured to
Exits interface configuration mode, and returns to
Access-list-name ACL that is used by the crypto map
Configuration Example
Ip nat outside no cdp enable
Beta Draft Cisco Confidential
Configuring a Simple Firewall
Router with Firewall Configured
Protected network
Series integrated services router, respectively
Fast Ethernet LAN interface the inside interface for NAT
Unprotected network
Creates an access list which prevents Internet
Configure Access Lists
Configure Inspection Rules
Details about this command
Apply Access Lists and Inspection Rules to Interfaces
Assigns the set of firewall inspection rules to
Inside interface on the router
Configuring a Simple Firewall Configuration Example
Beta Draft Cisco Confidential
Configuring a Wireless LAN Connection
1shows a wireless network deployment
Configuring a Wireless LAN Connection
Configure the Root Radio Station
Exits Ssid configuration mode, and enters
Sets the permitted authentication methods for a
User attempting access to the wireless LAN
Interface configuration mode for the wireless
Bridge number crb irb mac-address-table
Configure Bridging on VLANs
Station-role repeater root
Bridge-group number
Configure Radio Station Subinterfaces
Enables Ieee 802.1q encapsulation on
Specified subinterface
Exits subinterface configuration mode,
Assigns a bridge group to the subinterface
No bridge-group 3 unicast-flooding Interface Vlan1
Sample Configuration
Router# show running-config
10-1
10-2
Ip dhcp pool vlan3
10-3
10-4
10-5
10-6
Additional Configuration Options
11-1
11-2
Configuring Additional Features and Troubleshooting
Page
Configuring Security Features
Authentication, Authorization, and Accounting
12-1
Configuration Commands
Configuring AutoSecure
Configuring Access Lists
ACL Type
Guidelines for Creating Access Groups
Configuring a Cbac Firewall
Access Groups
Ip access-group number name in out
Configuring Cisco IOS Firewall IDS
Configuring VPNs
12-4
Backup Interfaces
Configuring Dial Backup and Remote Management
Dial Backup Feature Activation Methods
13-1
Configuring Backup Interfaces
Floating Static Routes
13-2
Configuring Floating Static Routes
Enables RIP routing
13-3
Specifies the group number for the watch list
Configuring Dialer Watch
Dialer Watch
13-4
Dial Backup Feature Limitations
Dial Backup Type Possible? Dial Backup Method Limitations
13-5
13-6
13-7
Example 13-3 Configuring Dial Backup Using Dialer Watch
13-8
Configure Isdn Settings
13-9
13-10
Dialer pool number
Access-group
Ip address negotiated
Dialer-group group-number
Configure the Aggregator and Isdn Peer Router
For your Cisco router during the ATM network downtime
13-12
Asynchronous Interface Configuration
13-13
13-14
Line Configuration
13-15
13-16
Before Contacting Cisco or Your Reseller
Troubleshooting
Getting Started
14-1
PortFast Troubleshooting
Adsl Troubleshooting
Shdsl Troubleshooting
14-2
Show interface Command
ATM Troubleshooting Commands
Ping atm interface Command
14-3
Shutdown command
Output Cause
14-4
Show atm interface Command
14-5
Router# show atm interface atm
Debug atm errors Command
Debug atm Commands
Guidelines for Using Debug Commands
Field Description
14-7
Debug atm events Command
Router# debug atm errors ATM errors debugging is on Router#
Router# debug atm events Router#
Optional ATM interface or subinterface number
Debug atm packet Command
Where the keywords are defined as follows
Example 14-7shows a sample output
ATM0
Software Upgrade Methods
Recovering a Lost Password
14-9
Change the Configuration Register
14-10
Router# show version
Press Return. The following prompt appears
Reset the Router
Router# show startup-config
Prompt changes to the privileged Exec prompt
Reset the Password and Save Your Changes
Reset the Configuration Register Value
14-12
Managing Your Router with SDM
14-13
14-14
Reference Information
Page
Cisco IOS Software Basic Skills
Configuring the Router from a PC
One of the configuration topic chapters in this guide
PC Operating System Software
Understanding Command Modes
Exec
As interface atm
Ctrl-Z
Router Enter one of the router
Configuration mode Routing protocol Appropriate
Getting Help
Router rip, from
Enable Secret Passwords and Enable Passwords
Entering Global Configuration Mode
You can now make changes to your router configuration
Undoing Commands
Using Commands
Abbreviating Commands
Command-Line Error Messages
Saving Configuration Changes
Where to Go Next
Summary
OL-6426-02
Concepts
Adsl
Network Protocols
Routing Protocol Options
Enhanced Igrp
PPP Authentication Protocols
Protocol Ideal Topology Metric Routing Updates
RIP
PAP
Network Interfaces
Ethernet
Dial Backup
Backup Interface
Dialer Interface
NAT
Easy IP Phase
QoS
IP Precedence
PPP Fragmentation and Interleaving
Cbwfq
Low Latency Queuing
Access Lists
OL-6426-02
Resets the configuration register
Enable
Config-reg
ROM Monitor
Reload
ROM Monitor Commands
Exits global configuration mode
Descriptions section in this appendix
Tftp Download Command Variables
Command Descriptions
Disaster Recovery with Tftp Download
Command Description
Variable Command
Required Variables
Optional Variables
TFTPCHECKSUM= setting
Using the Tftp Download Command
TFTPTIMEOUT= time
Retrytimes
Changing the Configuration Register Using Prompts
Configuration Register
Changing the Configuration Register Manually
Rommon 1 confreg
Command Description
Console Download
Context-Displays processor context for example
Debug Commands
Error Reporting
Frame-Displays an individual stack frame
Exiting the ROM Monitor
OL-6426-02
Common Port Assignments
Port Keyword Description
NETBIOS-SSN
NETBIOS-NS
NETBIOS-DGM
Finger
See ATM
See ARP
See AAL
IN-1
See Chap
See CAR
IN-2
Dhcp
IN-3
Ethernet B-5 Events, ATM, displaying
Experience, user Extended access list Overview B-11
See also examples
GRE
See LCP
See NCP
IN-5
See PPP
See PAP
See PVC
See Ipcp
See RIP
See NAT
IN-7
Upgrading software, methods for 14-9User Datagram Protocol
See UDP
IN-8